Nowadays, more and more people choose the open-source Linux operating system, its performance and approachable price is the best reason for people to choose it, and Red Hat Linux 9 is the most widely used one in Linux operating system. With its simple configuration and user-familiar graphical interface, Red Hat Linux 9 provides a rich set of internet services for people, and FTP is one of its services. In many network applications, FTP has a very important position, the Internet in a variety of software resources are placed in the FTP server. Like most Internet services, FTP is also a client/server system. I would like to give you a brief introduction of how to set up an FTP server under red Hat Linux 9.
1. Installing the VSFTPD server
VSFTPD is currently one of the best FTP Server tools, and the VS is "Very secure" (very safe) abbreviation, it can be seen that the biggest advantage is security, in addition, it also has small size, can be customized strong, high efficiency advantages.
If you choose to install Red Hat Linux 9.0 completely, the VSFTPD server is installed by default. We can verify this by entering the following command in the Terminal command window:
[[email protected] root] rpm-qagrep vsftpd
If the results are displayed as "Vsftpd-1.1.3-8", the system already has the VSFTPD server installed. If you did not select the VSFTPD server when you installed red Hat Linux 9.0, you can click the main menu → system settings → add Delete application menu item in the graphics environment, make sure the FTP server option is selected in the Package Management dialog box that appears, and then click the Update button. Follow the onscreen prompts to insert the 3rd installation disc to start the installation.
Alternatively, you can insert the 3rd installation CD directly, navigate to the VSFTPD-1.1.3-8.I386.RPM installation package under/redhat/rpms, and then run the following command in the Terminal Command window to start the installation process:
[[email protected] RPMS] RPM-IVH vsftpd-1.1.3-8.i386.rpm
2. Start/restart/stop VSFTPD service
Starting with red Hat Linux 9.0, VSFTPD starts the VSFTPD service by default only standalone, by running the following command in a Terminal command window:
[[email protected] root]/etc/rc.d/init.d/vsftpd start
Restart the VSFTPD service:
[[email protected] root]/etc/rc.d/init.d/vsftpd restart
To close the VSFTPD service:
[[email protected] root]/etc/rc.d/init.d/vsftpd stop
After confirming that the VSFTPD service has been started, we can enter "FTP Ftpaddres" (using the Actual FTP server IP address or domain name instead of ftpaddres) in the DOS command window of any Windows host, notice the user name, Passwords are FTP (FTP is a mapped user account for anonymous users), as described below:
Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
F:/peter>ftp ftpaddress
Connected to FTPAddress
(vsFTPd 1.1.3)//vsftpd response Request
User (FTPAddress: (None)): ftp//Login FTP
331 Specify the password.
password://Enter password FTP
Successful Login. Has fun.
Ftp>
Configuration of 3.vsftpd
There are 3 profiles for vsftpd in red Hat Linux 9.0, respectively:
Vsftpd.ftpusers: Located in the/etc directory. It specifies which user accounts cannot access the FTP server, such as root.
Vsftpd.user_list: Located in the/etc directory. The user account in this file cannot access the FTP server by default, only allow access if the USERLIST_ENABLE=NO option is enabled in the VSFTPD. conf configuration file.
Vsftpd.conf: Located in the/ETC/VSFTPD directory. It is a text file that we can modify with a text editing tool such as Kate and VI to customize the configuration of the FTP server such as user Login control, user Rights control, timeout settings, server function options, server performance options, server response messages, and so on.
(1) User Login control
Anonymous_enable=yes, allowing anonymous users to log on.
No_anon_password=yes, anonymous users do not need to enter a password when they log on.
Local_enable=yes, allowing local users to log on.
Deny_email_enable=yes, you can create a file to save the blacklist of some anonymous emails to prevent these people from using Dos attacks.
Banned_email_file=/etc/vsftpd.banned_emails, when the deny_email_enable feature is enabled, the desired email blacklist save path (default =/etc/vsftpd.banned_ Emails).
(2) User Rights control
Write_enable=yes, turn on global upload permissions.
local_umask=022, the umask of the local user's upload file is set to 022 (the system defaults to 077, which is generally changed to 022).
Anon_upload_enable=yes (This step of the configuration is very important or will not be found through the FTP software to Linux upload files, can download)Allow anonymous users to have upload permissions, it is clear that Write_enable=yes must be enabled before you can use this item. We also have to create a directory that allows FTP users to read and write (previously, FTP is a mapped user account for anonymous users).
Anon_mkdir_write_enable=yes, allows anonymous users to have the right to create directories.
Chown_uploads=yes, enable this, the owner of the anonymous upload file will be changed to another user account, note that this is not recommended here to specify the root account is the owner of the anonymous upload file!
Chown_username=whoever, when Chown_uploads=yes is enabled, the designated master user account, whoever in this case will naturally be replaced with the appropriate user account.
Chroot_list_enable=yes, you can use a list to limit which local users can only be active in their own directory, if Chroot_local_user=yes, then the user specified in this column is unrestricted.
Chroot_list_file=/etc/vsftpd.chroot_list, if Chroot_local_user=yes, specifies the save path for the list (Chroot_local_user) (the default is/etc/ Vsftpd.chroot_list).
Nopriv_user=ftpsecure, specify a secure user account that allows the FTP server to be used as a standalone user with full isolation and no privileges. This is the VSFTPD system recommendation option.
Async_abor_enable=yes, it is strongly recommended not to enable this option, or it may result in an error!
Ascii_upload_enable=yes;ascii_download_enable=yes, by default the server pretends to accept Ascⅱ mode requests but actually ignores such requests. Enabling the two options above allows the server to truly implement Ascⅱ mode transfer.
Note: Enabling the ascii_download_enable option allows a malicious remote user to consume the FTP server's I/O resources in Ascⅱ mode with instructions such as Size/big/file.
The setup options for these Ascⅱ modes are divided into two uploads and downloads, so that we can allow Ascⅱ mode uploads (which can prevent a crash by uploading malicious files such as scripts) without the risk of denial-of-service attacks.
(3) User connection and timeout options
idle_session_timeout=600, the default idle timeout can be set, and the user will be kicked out of the server for more than this period of time.
DATA_CONNECTION_TIMEOUT=120, set the default data connection time-out.
(4) Server logs and welcome information
Dirmessage_enable=yes, which allows you to configure display information for the directory to display the contents of the Message_file file under each directory.
Ftpd_banner=welcome to blah FTP service, you can customize the welcome information that FTP users see when they log on to the server. |
