Go to: Introduction to the simple application of the FTP service and the FTP server configuration tool vfstpd in Linux

Source: Internet
Author: User
Tags ftp connection ftp client file transfer protocol

From: http://blog.chinaunix.net/space.php? Uid = 26069663 & Do = Blog & id = 2200929
Today, we will introduce the most common application of file sharing, ftp. This is a very old file transfer protocol based on TCP. It was born for 40 years. It is full name: file transfer protocol, it is used to transmit control files over the Internet in two directions. It is also a service system with a C/S architecture. different operating systems have different FTP applications, this Protocol is the same as other earlier protocols and is transmitted in plain text at the beginning of the design!
The following is a brief introduction to this Protocol!
I. FTP connection:

Command command connection: listening on port 21, as long as the FTP service is enabled, it remains active

Data connection: the connection is enabled only when files are downloaded or uploaded. There are two data connection modes:


Active mode (standard in some places ):
In this mode, the FTP client first establishes a connection with the TCP port 21 of the server to send commands. When the client needs to receive data, it sends the PORT command through this channel. The PORT command contains the port used by the client to receive data. When transmitting data, the server connects to the specified port of the client through its TCP port 20 to send data. The FTP server must establish a new connection with the client to transmit data. Generally, Port 20 of the server must establish a new connection with Port 1 of the client sending the request.
For example, the client sends a command request to port 21 of the server to establish a connection through port 7000, during data transmission, a new connection is established between Port 20 on the server and port 7001 on the client to transmit data.

Passive passive mode:The establishment of a control channel is similar to the active mode, but the PASV command is sent after the connection is established. After the server receives the PASV command, it opens a temporary port (the port number is greater than 1023 and less than 65535) and notifies the client to send data on this port. The client connects to this port of the FTP server, the FTP server then transmits data through this port.

The two transmission modes are used to protect data security. in passive mode, the port for data transmission on the server is temporarily opened and cannot be eavesdropped, however, the FTP server is usually located behind the firewall. This mode is complicated during access control, while the firewall setting in active mode is much simpler.  Ii. FTP user type: Anonymous user:This is what we often call anonymous logon. When an FTP server supports anonymous logon, FTP and anoymous users can be used for anonymous logon. Local User:This type of user means that the FTP service has an account, account name, and password information stored in the passwd and shadow files. When such users log on to the FTP server, their default home directory is the directory named by their account. However, it can also be changed to other directories. Such as the main directory of the system, which is very dangerous. We will introduce vsftp later! Virtual users (also called guest users in some places ):Using an independent account/password data file, this account has a feature that it can only access its own home directory. In this way, the server ensures the security of other files on the FTP service. Such accounts are called guest users in vsftpd. Accounts with such users can only access the directories in their home directories, rather than files other than the home directories. Iii. Common FTP server programs: Windows: IIS, Serv-U Linux: wu-ftpd ProFTPD vsftpdVsftpd is the default FTP server program provided by red hat. It is full name: Very sceure FTP dacmon, which provides complete FTP services with outstanding security performance, to put it down, ProFTPD is a very powerful FTP server program that can meet various customization and needs!
4. Common FTP client programs: FTP command CuteFTP, flashfxp (known as the fastest FTP client), LeapFTP, filezilla Gftp and kuftp Of course, we can also directly log on to the FTP server through IE and other browsers, but all of the above are professional ftpftp client service programs. I will not explain it here. To avoid the impact of SELinux on subsequent operations, we use setenforce 0 to temporarily disable SELinux.  The following describes the vsftpd server program:We directly install this package through Yum: Yum-y install vsftpdWould you be surprised to find that this installation package is only kb in size! Install in this way, The main program file is installed in/usr/sbin/vsftpd, And the configuration file is in/etc/vsftpd:There are 3 files: Ftpusers configuration: List of FTP users prohibited from logging on User_list defines some user lists. Whether these users can log on depends on the settings in the main configuration file. The main configuration file of vsftpd. conf is the configuration file of this program. All the settings are defined here, and many options can be defined in it.
If you are interested, you can take a look at the following common options (For details, refer to encyclopedia or other materials ):

1. Default Configuration:

Anonymous_enable = yes # Allow anonymous users to access

Local_enable = yes # Allow access by local users

Write_enable = yes # Write Permission

Local_umask = 022 # mask of the file or directory created by the local user

Connect_from_port_20 = yes # enable port 20

2. Anonymous Users are allowed to write (upload/create directories)

  Add the following content in the default configuration:

Anon_upload_enable = Yes

Anon_mkdir_write_enable = Yes

Anon_world_readable_only = No. allows anonymous accounts to write directories that require all permissions.

3. Shield all local users from accessing other directories (except home directories, anonymous users can only access Home Directories)

Add the following content in the default configuration:

Chroot_local_user = yes4. Block the permission of some local users to browse other directories.

  Add the following content in the default configuration:

Chroot_local_user = No

Chroot_list_enable = Yes

Chroot_list_file =/etc/vsftpd. chroot_list

 In addition, create the file/etc/vsftpd. chroot_list and add the user to be blocked.
Related commands are very simple and commonly used, which are basically the same as other services that can be called by the Service:Service vsftpd start/stop/restart/reload

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.