Go Linux set up FTP on Ubuntu

Linux set up FTP on Ubuntu

Http://www.blogjava.net/stonestyle/articles/369104.html

Operating system: Ubuntu (Gnu/linux)

In order to set up an FTP server on the machine, we need to install the FTP server software. The representative FTP Server software under Linux has Wu-ftp,proftp and vsftp.
Wu-ftp (Washington University FTP) was developed by the University of Washington, USA. It's powerful and configuration is more replicated. Because the development time is very early, the application is very extensive, also therefore becomes the hacker's main attack target.
PROFTP has been developed for the weaknesses of WU-FTP and has been improved in terms of security, and has provided some WU-FTP features that greatly simplify the task of erecting and managing FTP servers.
Vsftp has a good performance in 3 aspects of safety, high performance and stability. Its main features include virtual IP settings, virtual users, standalone (daemon, which can be started by itself), inetd operation mode (managed by a special Super Daemon), powerful single-user provisioning capabilities, and bandwidth throttling. Next we'll focus on how to set up vsftpd on Ubuntu.

Installation of VSFTPD:
The sudo apt-get install vsftpd can be installed directly via apt in Ubuntu

After installation, check whether the VSFTPD process has started, can view the process or view the listening port
Ps-eaf|grep vsftpd

VSFTPD process is turned on

Netstat-tnl|grep:21

Port 21 is being monitored.

Configuration file for vsftpd:
In Ubuntu, VSFTPD's main profile is distributed as follows:
/etc/vsftpd.conf configuration file for VSFTPD server
/USR/SBIN/VSFTPD process files for VSFTPD server
/ETC/PAM.D/VSFTPD Pam Interface configuration file for VSFTPD server
/VAR/FTP vsftpd Server Anonymous user's working directory

To configure the VSFTPD server:
The VSFTPD server configuration file and the parameters represent the following meanings:
/etc/vsftpd.conf

vsftpd.confListen=yes
Listen_ipv6=yes # Listen=yes and Listen_ipv6=yes are set to YES to indicate that they will run in a separate way (daemon that can be started independently), which listens to IPv4, which listens to IPv6, but both cannot be set in a configuration file at the same time
Anonymous_enable=yes # Indicates that anonymous users are allowed to log on to the FTP server
Anon_world_readable_only=no # As long as the FTP user has Read permission in the operating system, you can download the file
Anon_root=/var/ftp/anonymous # Anonymous users log in to the/var/ftp/anonymous directory and can download files in that directory
Anon_uploads_enable=yes # Anonymous users can upload files
Anon_mkdir_write_enable=yes # Anonymous users can create directories on the server
Anon_other_write_enable=yes # Anonymous users can name, delete, and write on the server

Local_enable=yes # indicates a local user account is allowed to log on
LOCAL_UMASK=022 # represents the initial permission value for a local user when a new file is created. 022 indicates that the initial permission value is the creator has full permissions, other users (including group users, other users) only read and Execute permissions, 077 indicates that the initial creator has full permissions, other users do not have permissions

Write_enable=yes # indicates that the server receives control commands related to writes

Dirmessage_enable=yes # indicates that users will be prompted for the first time they enter a new directory
Use_localtime=yes # indicates that the server displays the local time zone, by default it displays GMT time


Xferlog_enable=yes # Allow log generation
Xferlog_std_format=yes # Logs in standard xferlog format
xferlog_file=/var/log/vsftpd.log# log files and the directory in which they reside

Connect_from_port_20=yes # using port 20 as the source port when the data connection is established

PAM_SERVICE_NAME=VSFTPD # Specifies the name of the PAM service configuration file, in/ETC/PAM.D

Chown_uploads=yes # These two options are a pair of related configurations that represent the files that are uploaded by anonymous users, so the user becomes whoever, which is configured for security purposes
Chown_username=whoever # After a file owner becomes another user, anonymous users will no longer be able to delete files or even read operations, such as jobs handing over FTP

idle_session_timeout=600 # Indicates a timeout value of 600 seconds for the control connection
DATA_CONNECTION_TIMEOUT=120 # Indicates the timeout value for the data connection is 120 seconds

Nopriv_user=ftpsecure # indicates that the user identity used when the VSFTPD process is in a non-privileged running state is ftpsecure

Async_abor_enable=no # indicates that VSFTPD supports the "Async Abor" ftp command, which affects VSFTPD security and generally uses the default NO setting

Ascii_upload_enable=yes
Ascii_download_enable=yes # indicates that ASCII mode is really allowed when uploading a download file. Some FTP servers are prone to Dos attacks when implementing ACSII transfer mode. To avoid this, vsftpd can pretend to allow AXSCII mode when responding to the client, but actually uses binary mode, which is achieved by setting the two values to No.
Ftpd_banner=welcome to stone FTP service. # indicates that when the user logs in, the Welcome to Stone FTP Service information will be displayed, and when this option is not available, the name and version information of the VSFTPD server will be displayed with security issues, so this is done to hide this information

Deny_email_enable=yes # Anonymous user if you enter [email protected] As login password, it will be rejected, the main purpose is to prevent some automatic login tool to log in.
Banned_email_file=/etc/vsftpd.banned_emails # deny_mail file specified

Chroot_list_enable=yes # These two options make a list of users, which is placed in the/etc/vsftpd/chroot_list file. When Chroot_local_user
Chroot_list_file=/etc/vsftpd/chroot_list # After these users log on to the FTP server, they see the root directory is their own personal directory, that is, although in the actual file system, The ancestors of these user's personal directories also have directories, but cannot switch to these parent directories

Chroot_local_user=yes # When Chroot_local_user is set to YES, the above list of users will not be restricted to the personal directory and can be further transferred to another directory

Ls_recurse_enable=yes # indicates that the client can add the-r parameter when using the LS command, and the-R parameter indicates that the LS command can list the contents of the entire directory tree, requiring some processing time, which is more severe when there is a malicious user in particular.

Anon_max_rate=0 # is used to set the maximum rate at which an anonymous user client can reach, whose value is a number in b/s,0 for unlimited
Local_max_rate=0 # This option limits the rate of local users
Max_clients=0 # VSFTPD The maximum number of client connections that can be received
Max_per_ip=5 # Limit the number of clients each host can connect to, and users may open many client connections in order to speed up the download, affecting the normal use of other users

Anonymous User Configuration:
Configure anonymous users so that
1 FTP Server support anonymous User (account: anonymous password: any) login
2 files can be downloaded as long as the FTP user (operating system user) has read access to the operating system
3 When an anonymous user logs in to the/var/ftp/anonymous directory, you can download the files in that directory
4 You can upload files to the directory/var/ftp/anonymous/upload directory, but you cannot download or delete files in this directory

Using Vim to modify vsftpd.conf files
Anonymous_enable=yes
Anon_world_readable_only=no
Anon_root=/var/ftp/anonymous
Anon_upload_enable=yes
Chown_uploads=yes

Create a new directory under the/var directory anonymous, so root, create a new directory under the/var/anonymous directory upload, the owner is FTP

Restarting the VSFTPD process
sudo killall-hup vsftpd

Testing anonymous Users
Log on to the local FTP server as an anonymous user (127.0.0.1)

List directories, download files
Go to upload directory, upload files, list directories

Test complete

Configuration of the virtual host:
What is a virtual host? VSFTPD Virtual host refers to the configuration of multiple VSFTPD services on a single host, each VSFTPD service can be configured differently, giving the user the feeling as if these vsftpd services are running on different hosts. The VSFTPD virtual host is based on an IP address. Since it is based on IP address, then you may ask me only one network adapter how to configure a virtual host?
At this point, we can use the Linux logical network card to implement different IP.
Example of a virtual host configuration:
1 Add the logical network card, my current IP address is 192.168.1.100, add the logical network card IP to 192.168.1.101
sudo ifconfig eth0:1 192.168.1.101 netmask 255.255.255.0 up

2 Stop VSFTPD Service
sudo killall vsftpd

3 Modify vsftpd.conf configuration, add the following column
listen_address=192.168.1.100

4 Restart VSFTPD Service & Show background run
Sudo/usr/sbin/vsftpd/etc/vsftpd.conf &

5 for the second VSFTPD server to establish an anonymous user corresponding to the local account and personal directory, parameter-D specify a personal directory, you need to establish,-s specify login Shell,/sbin/nologin is a kind of not login shell
sudo useradd-d/var/ftp/myftp-s/sbin/nologin myftp

6 Create the/var/ftp/myftp directory, change the owner of the/var/ftp/myftp (default is root), in order to make MYFTP users have no write permission to it
sudo mkdir/var/ftp/myftp
sudo chown root/var/ftp/myftp

7 copy vsftpd.conf, named myvsftpd.conf in/etc directory
sudo cp/etc/vsftpd.conf/etc/myvsftpd.conf

8 Modifying myvsftp.conf
Ftpd_banner=welcome to my virtual FTP server
Ftp_username=myftp
Listen=yes
Listen_address=192.168.1.101

9 Start a second vsftpd
Sudo/usr/sbin/vsftpd/etc/vsftpd/myvsftpd.conf

To test a virtual host:
Login 192.168.1.100 and 192.168.1.101

Test complete

configuration of the virtual user:
There are 3 types of users in VSFTPD. Anonymous user, local user. Another is the virtual user that is introduced next, the user cannot log on to your operating system, but can log on to the FTP server, and when there are many virtual users, you do not need to create a non-logged on the operating system for each virtual user of a local user, only need one. And there is a more powerful usage, we can create a profile for each virtual account to different virtual account permissions, directory, which will be very convenient for us to manage FTP users.

1 Create a new user.txt, enter the following, indicating that there are 2 virtual users, XUNI1 (password Pass1), Xuni2 (password Pass2)

user.txtxuni1
Pass1
Xuni2
Pass2

2 Next we need to build the virtual account database, first install the DB Library tool
sudo apt-get install Db4.8-util

Create a new directory under/etc/ETC/VSFTPD
sudo mkdir/etc/vsftpd

Import the database file into the directory you just created
sudo db4.8_load-t-t hash-f/home/stone/user.txt/etc/vsftpd/vsftpd_login.db

Set the database file permissions to 600, do not need to be read by other users, modify
sudo chmod 600/etc/vsftpd/vsftpd_login.db

3 Create a new/etc/pam.d/vsftpd_login file, enter the following

vsftpd_loginauth required/lib/i386-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/vsftp_login
Account required/lib/i386-linux-gnu/security/pam_userdb.so Db=/etc/vsftpd/vsftp_login

All PAM-enabled programs have a configuration file that interfaces with Pam, which are stored in/etc/ PAM.D directory, VSFTPD and Pam docking configuration file name can be specified by the Pam_service_name option in vsftpd.conf file, the default is PAM_SERVICE_NAME=VSFTPD, when authenticating local users later, according to/etc The configuration content of the/PAM.D/VSFTPD file is certified.

4 Establish the operating system account used by all FTP virtual user accounts, we need to create a new directory, and set the permissions of the account working directory, the owner (seemingly can be modified to make it automatically new directory)
sudo useradd-d/home/ftpsite-s/ Sbin/nologin ftp_virt
sudo mkdir/home/ftpsite
sudo chown ftp_virt/home/ftpsite
sudo chgrp ftp_virt/home/ Ftpsite
sudo chmod 700/home/ftpsite

5 Add the configuration for the virtual account user in the vsftpd.conf configuration file
Guest_enable=yes
Guest_ Username=ftp_virt
Pam_service_name=vsftpd_login

The last item will conflict with the original default value, you can comment out the original item, after restarting VSFTPD, You will find that the local user cannot log in to VSFTPD

6 To set permissions for the virtual user, and we can specify the directory location where the user profile is placed by adding the following line/etc/vsftpd
user_config_dir=/etc/ VSFTPD

Explains the effect of this, after adding this item, when we log on VSFTPD as a virtual user, the server will look for a configuration file with the same virtual user name as the/ETC/VSFTPD directory to determine the properties of the virtual user's permissions. This facilitates our management of FTP virtual users.

7 Configure the Virtual user Profile
under/ETC/VSFTPD, we create a new file Xuni1, enter the following

xuni1local_root=/home/ftpsite

New file Xuni2, enter the following:

xuni2local_root=/home/ftpsite
Anon_mkdir_write_enable=yes
Anon_other_write_enable=yes
Anon_upload_enable=yes
Anon_world_readable_only=yes
Write_enable=yes

8 then restart VSFTPD
Close first
sudo killall vsftpd
Start
Sudo/usr/sbin/vsftpd/etc/vsftpd.conf &

Test

Virtual user specific permissions, the directory configuration method will be configurable by various methods, no longer described here.

Go Linux set up FTP on Ubuntu