In Linux, the FTP server is used for configuration and application.

Source: Internet
Author: User
I. FTP Introduction: Ftp: filetransferprotocol (file transfer protocol) is a protocol used to transfer files in two or more different operating systems. It has been 40 years since the birth of FPT. This year is its 40-year anniversary. So it naturally became one of the oldest protocols in the world. Ii. How FTP works

1. FTP introduction:

Ftp:File TrAnsfer protoCol(File transfer protocol) is a protocol used to transfer files in two or more different operating systems. It has been 40 years since the birth of FPT. This year is its 40-year anniversary. So it naturally became one of the oldest protocols in the world. 

Ii. How FTP works

FTP is based on the TCP protocol.

The most common port is also the most commonly used Port:

Port 21: YesCommand. (After verification, we execute someLsAnd other commands are transmitted through this port)

Port 20: implements data transmission. 

The server has two data transmission modes:

1. Active mode.

2. Passive mode.

The active and passive modes are for servers. Whether the active mode or passive mode is used during the operation is determined by the client. In active mode, both the client and the server are required to open and listen to a port to create a connection. In this case, the client may have some problems due to the firewall installation. Therefore, the passive mode is created. In passive mode, the server is only required to generate a process that listens to the corresponding port, so that the firewall can be installed on the client. 

Implementation of the Active Mode:

A. Open a random port on the client (the port number is greater than 1024. Here, we call it x), and an FTP process connects to port 21 on the server. At this time, the tCpThe source port of the connection is the random port x specified by the client, and the destination port (remote port) is port 21 on the server.

B. the client starts listening to port (x + 1) and sends a PORT command to the server (through port 21 of the server ), this command tells the Server Client the port number being monitored and is ready to receive data from this port. This port is the data port we know.

C. The server opens port 20 and creates a connection with the client data port. In this case, the source port is 20 and the remote data (destination) port is (x + 1 ).

D. The client creates a connection with Port 20 through the local data port, and then sends a response to the server, telling the server that a connection has been created.

Iii. FTP user/server type:

1) FTP servers support three main user types.

1. anonymous Users: anonymous orFtp

Anonymous Users are generally used.

2. Local Users:

The account name, password, and other information are stored inPasswdAnd shadow files

3. Virtual users:

Use an independent account/password data file.

It can be a db database, mysql, or a file.

2) Common FTP servers:

IIS Serv-U (commonly used on windows)

Wu-ftpd (the oldest one ),

Proftpd (ftp software with very powerful functions can be developed according to your needs)

Pureftpd (powerful ftp software)

Vsftpd (REdHat is the most commonly used. Its lightweight model is only 140 KB, but it is very secure)

 

3) Common FTP clients:

Ftp command

Lftp command

Gftp (linxu-based ftp tool)

CuteFTP

FlashFTP (known as the fastest FTP ),

Ftps uses ssl encryption.

 

Iv. vsftpd Server

We will explain how to implement the vsftpd server architecture.ArchitectureAn FTP server

First, we need to know that the vsftpd server runs as an ftp user. Vsftpd is controlled by selinux, so selinux should be disabled first. 

1. Install vsftpd:

  1. Yum install vsftpd

After installation, we can see that the vsfptd command is installed in the/usr/sbin directory named vsftpd

The configuration file is saved in the/etc/vsftpd directory.

All its files are stored in/var/ftp. 

2. How to configure vsftpd

First, go to the/etc/vsftpd directory.

① Ftpusers file:

This is a definition file that defines users who are not allowed to log on.

② User_list file:

The list in this file provides an FTP user list, which defines whether user logon is disabled and whether the file takes effect depends on the settings in the main configuration file.

③/Etc/vsftpd. conf

The main configuration file defines all the rules in detail:

Let's take a look at common rules:

Local _Enable= YES: whether to allow access as a local user

By default, local users log on to the default home directory through ftp.

Write_ Enable: Can a local user be writable after logon? (Only create files)

Anon _Mkdir_ Write_enable = YES allows a local user to create a folder after logon.

Anon_upload_enable = YES whether anonymous users are allowed to upload data

Chown_ Upload = YES: automatically changes the owner of files uploaded by anonymous users.

Chown_username = root defines the owner of the change

DiRmEssage_enable = YES to add a welcome message to the current directory

Message_file =. message: Location of your welcome file.

Xferlog_enable = YES whether to enable log information

Xferlog_file =/var/log/vsftpd. log where to configure the log file

IdLe_session _TimeOut = 600 session Response Time

Data_connection_timeout = 120 data Response Time

Ftpd_banner = Welcome to bash FTPservice. FTP.

Chroot_list_enable = YES is used to determine whether to lock the user in its home directory.

This is very dangerous if it is not enabled. If the user is not restricted, a user may run all sorts of tasks and modify files. When this feature is enabled, log on to the directory and usePwdThe command does not show where you are.

Chroot_list_file =/etc/vsftpd/chroot_list through this table, you can define which users are restricted.

Listen = YES Let FTP run on our machine as an independent process.

If it is changed to NO, it is used as a non-independent process. It becomes a sub-process of init.

Pam_service_name = vsftpd pub-based authentication

Userlist_enable = YES whether to enable the list control user_list file:

Userlist_deny = YES, which is rejected by default. If you want to go in, the request will be rejected immediately. If we change to NO, we can only access the list of users.

Lftp-u student 172.16.100.1 can be verified

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.