Linux is the future of the operating system, most of the current domestic operating system, and even Android system is inseparable from the relationship between Linux. Among them, ftp as a means of sharing has been a long time, we today to see how to build a simple FTP server it.
FTP is the abbreviation for File Transfer Protocol (Transfer Protocol). As the name suggests, FTP is used for file transfer between computers over a network. You can transfer files between computer accounts via FTP, transfer files between accounts and desktop computers, or access the online software archive. However, it is important to note that most FTP sites have very high usage rates and may require multiple reconnection to connect.
Today, in the RHEL5 under the use of VSFTPD to build an FTP server, before building the first to consider their own work environment, I build ftp what the company's specific requirements, and then according to the company's needs to implement the specific. The following is the concrete experimental steps to build:
First, determine the system has installed the VSFTPD software package, you can use the following command to view and install:
liwei@linux# Rpm-qa|grep vsftpd (if there is a second line to execute, if not installed, you can use the following command to install)
liwei@linux# Mount/dev/cdrom/media//Mount CD to System
liwei@linux# rpm-vih/media/server/vsftpd-Version number//installation VSFTPD
Second, the installation of the VSFTPD package, and then to the server to configure a static IP address, of course, dynamic can also, but the general server is best to use static IP. To configure the IP address as follows, I configure the 192.168.0.1 address as an example:
liwei@linux# Vi/etc/sysconfig/network-scritps/ifcfg-eth0
To modify in an open configuration file:
Copy Code code as follows:
Device=eth0
Bootproto=static
Hawaddr=00:0c:29:a2:8b:b8
Onboot=yes
ipaddr=192.168.0.1
netmask=255.255.255.0
gateway=192.168.0.1
Third, configure the IP address, then you can according to your own requirements to modify the VSFTPD configuration file to achieve your goal, VSFTPD's main configuration file for/etc/vsftpd/vsftpd.conf. Here are a few examples to illustrate the role of VSFTPD's various configuration options.
1. Anonymous User Configuration:
In the vsftpd.conf configuration file, the default is to allow anonymous users to log on to the FTP server, but not to upload files, not to allow the creation of directories on the server, we can modify the following configuration items to meet their requirements:
Copy Code code as follows:
Anonymous_enable=yes//Accept anonymous users
No_anon_password=yes//Anonymous user does not ask for password when logged in
anon_root= directory path//anonymous user login location, can be modified according to their actual needs
Write_enable=yes//Can be uploaded (global control)
file_open_mode=0666//Upload file permission, cooperate with Umask use
Anon_upload_enable=no//anonymous users can upload
Anon_mkdir_write_enable=yes//Anonymous users can create a directory
Anon_other_write_enable=yes//Anonymous users can name, delete, and other permissions
Anon_world_readable_only=yes//If set to YES, anonymous user login will be allowed to download the readable document
Chown_uploads=yes//All files that are anonymously uploaded will be changed to Chown_username
User name of Chown_username=user//anonymous upload file
In addition to the above options for anonymous users, we can add some public options for setting up the FTP server, which allows you to set up some different welcome information for the FTP server.
Copy Code code as follows:
Ftpd_banner=welcom to my FTP Server!!! Welcome information displayed at logon
Dirmessage_enable=yes//allows display of information for directory configuration, displaying the contents of Message_file files under each directory
Setproctitle_enable=yes//Display session state information
Here's an example to illustrate the application of anonymous users:
For the company's employees to work conveniently, the company decided to build an FTP server, to achieve the following functions:
1. Allow any employee of the company to keep some of their documents on the FTP server for the next use,
2. Allow employees to create their own catalogs
3. Show welcome information after successful employee login
If you want to achieve the above requirements only need to modify the following options in the vsftpd.conf configuration file OK, if the default does not have some options, you can manually add:
Copy Code code as follows:
Anonymous_enable=yes
Write_enable=yes
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Ftpd_banner=welcom to my FTP Server!!!
Note: If you set the Anon_upload_enable=yes only, but the option WRITE_ENABL is not set (or set to No), the anonymous user still cannot upload the file. Also, do not forget to modify the permissions of the folder where FTP is made.
After modifying the above configuration file, use the command service vsftpd Restart restart the VSFTPD service and then the test is OK, in fact, this example is very unsafe, I just give an example, if the actual use, you can use the other two methods mentioned below can be.
2. Local User Configuration:
Copy Code code as follows:
Local_enable=yes//Enable Local Users
local_umask=022//local user upload file permissions, you can refer to the Linux Permissions section to understand
local_root= directory path//directory where local users log on to the FTP server
Chroot_local_user=yes//Limit the local user's root directory to its own home directory
Chroot_list_enable=yes//If this feature is started, all users listed in Chroot_list_file cannot change the root directory
File path for chroot_list_file= restricted users
There are usually many local users on the FTP server, so sometimes we want some users to log on to the FTP server, and some users we do not want them to log in, how to solve this situation? You can use the following options to implement some features:
Copy Code code as follows:
Userlist_enable=yes//Enable UserList function module
Userlist_deny=yes//Reject users listed in the UserList file to log on to the FTP server
The path to the Userlist_file=userlist file
The above option means that if we don't want some people to log on to the FTP server, we can write a file to add the user to the file, then open the above function and point to the location of the file in the Userlist_file option. This allows users in this file to be unable to log on to the FTP server. On the contrary, if we userlist_deny set to No, it means that the user in the file Userlist_file points to can log on to the FTP server and other users cannot log on to the FTP server.
The application of local users is relatively simple, as long as the system can log in to the user to login to the FTP server, direct input system username and password can be logged in, the default login is in their own home directory, that is,/home/user folder. The control of permissions is to modify the permissions of this directory to control the OK. If you want to control that some users are prohibited from logging in, you can follow the UserList function above to limit the line.
In addition to some of the above anonymous and local user parameters, there are network and connection parameters and the log feature configuration mentioned below.
Four, network and connection parameter configuration,
The following are some common network and connection parameters:
Copy Code code as follows:
max_clients=1000//acceptable maximum number of connections, can be modified according to their actual situation
Max_per_ip=5//The maximum number of connections per IP address, can be modified according to their actual situation
Bandwidth of anon_max_rate=51200//anonymous users (b/s)
local_max_rate=5120000//local user's bandwidth (b/s)
IDLE_SESSION_TIMEOUT=600//Idle connection timeout
DATA_CONNECTION_TIMEOUT=120//Data transfer timeout
accept_timeout=60//pavs Request Timeout
connect_timeout=60//port Mode Connection Timeout
Connect_from_port_20=yes//Use standard 20 port to connect FTP
listen_address= address or network segment//bound to an IP or network segment, other IP can not access the FTP
listen_port=2121//bound to a port
ftp_data_port=2020//Data transfer port
The upper bound of the port range can be used when pasv_max_port=0//PASV connection mode, and 0 indicates arbitrary.
Pasv_min_port=0//PASV Connection mode allows you to use the lower bound of the port range, and 0 indicates arbitrary.
All the above options are explained, there is a need to be able to add their own circumstances, here is no longer detailed. The port mode is the active mode in the FTP working mode, and the PASV mode is the passive mode in the FTP working mode.
Five, log function configuration
VSFTPD enables logging, so that the file upload and download information will be fully recorded in the log file set by the Xferlog_file option, and the options for setting the log function are as follows:
Copy Code code as follows:
Xferlog_enable=yes//Turn on log function
xferlog_file= where file path//log files are stored
Xferlog_std_format=yes//Use standard format log
VSFTPD Private Log mode configuration option:
Copy Code code as follows:
Dual_log_enable=yes//Using VSFTPD's own dedicated logging method
Log_ftp_enable=yes//Log all FTP command logs
vsftpd_log_file= file path//Specify location of vsftpd log file
When both of these log functions are set to No, you can also use the System log to log FTP logs, setting the following options:
Syslog_enable=yes//enabled, default log is written to/var/log/messages
Although you can use this method to record FTP logs, it is recommended that you use the top two, because it is more clear to view the log and easier to analyze the log.
Vi. Other common option settings
Copy Code code as follows:
Ascii_upload_enable=yes//Upload in ASCII mode,
Ascii_download_enable=yes//Download in ASCII mode
Dirmessage_enable=yes//Set welcome information for each subdirectory.
banner_file= file path//Set Welcome information file
Ls_recurse_enable=yes//Allow users to use the LS-R command
PAM_SERVICE_NAME=VSFTPD//Defines the name used by Pam, default to VSFTPD
Guest_enable=yes//Treat all non-anonymous users as guest, enabling virtual users
Guest_username=virtual//define guest's user name
Well, here's the article, the next is "the establishment of VSFTPD services based on virtual users."