1. sudo apt-Get install vsftpd
2. Use netstat-tnl to check whether port 21 is enabled.
TCP 0 0 0.0.0.0: 21 0.0.0.0: * listen
3. Access it in a browser.
FTP: // 10.45.7.25
After installation, anonymous users can access FTP
============================================
The following are some simple FTP configurations that allow users to log on and upload files.
First, modify the vsftpd. conf configuration file. You must have the administrator privilege.
VI/etc/vsftpd. conf
# Example config file/etc/vsftpd. conf
#
# The default compiled in settings are fairly paranoid. This sample file
# Loosens things up a bit, to make the FTP daemon more usable.
# Please see vsftpd. CONF.5 for all compiled in defaults.
#
# Read this: this example file is not an exhaustive list of vsftpd options.
# Please read the vsftpd. CONF.5 manual page to get a full idea of vsftpd's
# Capabilities.
#
#
# Run standalone? Vsftpd can run either from an inetd or as a standalone
# Daemon started from an initscript.
Listen = Yes
#
# Run standalone with IPv6?
# Like the listen parameter, parameter t vsftpd will listen on an IPv6 socket
# Instead of an IPv4 one. This parameter and the listen parameter are mutually
# Exclusive.
# Listen_ipv6 = Yes
#
# Allow Anonymous FTP? (Beware-allowed by default if you comment this out ).
Anonymous_enable = Yes
#
# Uncomment this to allow local users to log in.
Local_enable = Yes
#
# Uncomment this to enable any form of FTP write command.
Write_enable = Yes
#
# Default umask for local users is 077. You may wish to change this to 022,
# If your users CT that (022 is used by most other ftpd's)
Local_umask = 022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# Has an effect if the above global write enable is activated. Also, you will
# Obviously need to create a Directory Writable By the FTP user.
Anon_upload_enable = Yes
#
# Uncomment this if you want the anonymous FTP user to be able to create
# New directories.
Anon_mkdir_write_enable = Yes
#
Anon_umask = 022
#
# Activate directory messages-messages given to remote users when they
# Go into a certain directory.
Dirmessage_enable = Yes
#
# If enabled, vsftpd will display directory listings with the time
# In your local time zone. The default is to display GMT.
# Times returned by the mdtm ftp command are also affected by this
# Option.
Use_localtime = Yes
#
# Activate logging of uploads/downloads.
Xferlog_enable = Yes
#
# Make sure port transfer connections originate from Port 20 (ftp-data ).
Connect_from_port_20 = Yes
#
# If you want, you can arrange for uploaded anonymous files to be owned
# A different user. Note! Using "root" for uploaded files is not
# Recommended!
# Chown_uploads = Yes
# Chown_username = whoever
#
# You may override where the log file goes if you like. The default is shown
# Below.
# Xferlog_file =/var/log/vsftpd. Log
#
# If you want, you can have your log file in standard ftpd xferlog format.
# Note that the default log file location is/var/log/xferlog in this case.
# Xferlog_std_format = Yes
#
# You may change the default value for timing out an idle session.
# Idle_session_timeout = 600
#
# You may change the default value for timing out a data connection.
# Data_connection_timeout = 120
#
# It is recommended that you define on your system a unique user which
# Ftp server can use as a totally isolated and unprivileged user.
# Nopriv_user = ft1_cure
#
# Enable this and the server will recognize asynchronous Abor requests. Not
# Recommended for Security (the code is non-trivial). Not enabling it,
# However, may confuse older FTP clients.
# Async_abor_enable = Yes
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# The request. Turn on the below options to have the server actually do ASCII
# Mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a Denial of Service
# Attack (DOS) via the command "size/big/file" in ASCII mode. vsftpd
# Predicted this attack and has always been safe, reporting the size of
# Raw file.
# ASCII mangling is a horrible feature of the Protocol.
# Ascii_upload_enable = Yes
# Ascii_download_enable = Yes
#
# You may fully customise the login banner string:
# Ftpd_banner = welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# Useful for combatting certain DoS attacks.
# Deny_email_enable = Yes
# (Default follows)
# Banned_email_file =/etc/vsftpd. banned_emails
#
# You may restrict local users to their home directories. See the FAQ
# The possible risks in this before using chroot_local_user or
# Chroot_list_enable below.
# Chroot_local_user = Yes
#
# You may specify an explicit list of local users to chroot () to their home
# Directory. If chroot_local_user is yes, then this list becomes a list
# Users to not chroot ().
# Chroot_local_user = Yes
# Chroot_list_enable = Yes
# (Default follows)
# Chroot_list_file =/etc/vsftpd. chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled
# Default to avoid remote users being able to cause excessive I/O on large
# Sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# The presence of the "-R" option, so there is a strong case for enabling it.
# Ls_recurse_enable = Yes
#
#
# Debian Customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout
# Default. these settings are more Debian-friendly.
#
# This option shoshould be the name of a directory which is empty. Also,
# Directory shocould not be writable by the FTP user. This directory is used
# As a secure chroot () jail at times vsftpd does not require filesystem
# Access.
Secure_chroot_dir =/var/run/vsftpd/empty
#
Local_root =/srv/ftp
#
# This string is the name of the PAM service vsftpd will use.
Pam_service_name = vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# Encrypted connections.
Rsa_cert_file =/etc/SSL/certs/ssl-cert-snakeoil.pem
The above is my vsftpd. conf configuration file (Note: Back up before modification to prevent errors. Run the sudo CP/etc/vsftpd. CONF/etc/vsftpd. conf. Old command )!
Permission Configuration:
Create a directory pub under/srv/FTP (the name can be obtained randomly, but Chinese characters may contain garbled characters. Some Chinese codes can be recognized in windows, but cannot be recognized in Linux! The pub directory is created for users to upload and download files)
Modify FTP folder permissions: chmod 755/srv/ftp
Modify pub folder permissions: chmod 777/srv/FTP/pub
You can use gedit/etc/vsftpd. conf to edit vsftpd. conf (you can also use the vim command, but install Vim ).
By the way, do not forget to restart the FTP service after changing the configuration.
Sudo/etc/init. d/vsftpd restart
In addition, the command to enable or disable the service
Sudo/etc/init. d/vsftpd start
Sudo/etc/init. d/vsftpd stop
If you are not a Super User, add sudo before the command! The red font is changed by me! In this way, you can upload and download files (including anonymous users ).
The following is an example for reference (do not try it when you look at the instance, first look at your own situation ):
Why vsftp anonymous users cannot download and resolve
Recently, in the group, I encountered the above problems when I did my exercises, and I did not find a definite answer on the search network; later, I checked a large number of related articles and materials. Now I have analyzed and solved this problem for the reference of many new vsftp learners: (this problem has nothing to do with firewall, disable iptables)
Parameters related to anonymous users in vsftp:
1) Main configuration file:/etc/vsftpd. conf
--------------------------------------------------
[Root @ station ~] # Cat/etc/vsftpd. conf | grep-V ^ #
Anonymous_enable = Yes
Local_enable = Yes
Write_enable = Yes
Local_umask = 022 // umask value of the File Uploaded by the local user.
Anon_upload_enable = Yes // anonymous upload is allowed
Anon_mkdir_write_enable = Yes // anonymous users can perform write operations on directories.
Dirmessage_enable = Yes
Xferlog_enable = Yes
Connect_from_port_20 = Yes
Xferlog_std_format = Yes
Listen = Yes
Pam_service_name = vsftpd
Userlist_enable = Yes
Tcp_wrappers = Yes
---------------------------------------------------
2) Check related SELinux settings:
---------------------------------------------------
[Root @ station ~] # Getsebool-A | grep FTP
Allow_ftpd_anon_write --> On // write permission for anonymous users. Enable
Allow_ftpd_full_access --> On // to upload files to anonymous users, enable
Allow_ftpd_use_cifs --> off
Allow_ftpd_use_nfs --> off
Allow_tftp_anon_write --> off
Ftp_home_dir --> On // local user's home directory
Ftpd_disable_trans --> off // disable the influence of SELinux on the FTP service
Ftpd_is_daemon --> on
Httpd_enable_ftp_server --> off
Tftpd_disable_trans --> off
------------------------------------------------------
Follow the settings above to restart the service. Most of the articles that newcomers see are basically configured in this way, but the problems we encounter arise.
Symptom: anonymous users can log on to the FTP server (either a Linux client or a Windows client). They can use a Linux client to upload files and create directories. They can use a Windows client to upload files, you cannot change the name of a Created directory. You can only create a folder with a new folder ......
Analysis:
1. Permission issues must be identified.
2. Disable SELinux testing. The problem persists. The description is irrelevant to SELinux.
3. Let's take a look at the files we uploaded:
1) permission for the target directory:
------------------------------------------------------
[Root @ station booleans] # ll/var/FTP/
Total 16
Drwxr-XR-x 2 root Root 4096 2007-12-13 pub
Drwxrwxrwx 2 root Root 4096 09-15 test // 777 permission OK
------------------------------------------------------
2) permissions for uploaded files:
------------------------------------------------------
Lftp 192.168.1.10:/test> put/root/install. log ./
27001 bytes transferred
Lftp 192.168.1.10:/test> ls
-RW ------- 1 14 50 27001 Sep 15 install. Log
------------------------------------------------------
Pay attention to the permission 600, which is the main reason why we cannot download it.
Solution:
In/etc/vsftpd. conf, only local_umask = 022 is available. It determines the File Upload permission after a month. The default file permission is 666, And the directory permission is 777. However, the permission of the files uploaded by our anonymous users is not specified. What is the umask value of the default vsftp service for anonymous users? According to our test, it should be 066. So we need to modify the umask value of anonymous users so that we can perform some related operations, add anon_umask = 022, restart the service, and then test whether vsftp can be downloaded?
-----------------------------------------------------
Lftp localhost:/test> put/root/install. Log
27001 bytes transferred
Lftp localhost:/test> ls
-RW-r -- 1 14 50 27001 Sep 15 install. Log
-----------------------------------------------------
What is the directory permission? Test by yourself. Pay attention to data security and set a proper umask value.
This article from "study hard, every day up" blog, please be sure to keep this source http://iminmin.blog.51cto.com/689308/201607
Appendix:
By the way, do not forget to restart the FTP service after changing the configuration.
Sudo/etc/init. d/vsftpd restart
In addition, the command to enable or disable the service
Sudo/etc/init. d/vsftpd start
Sudo/etc/init. d/vsftpd stop
Anonymous_enable = Yes (anonymous login allowed)
Dirmessage_enable = Yes (The. Message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on FTP, default: 077)
Connect_form_port_20 = Yes (enable data connection on the FTP data port )*
Xferlog_enable = Yes (enable upload and download logs)
Xferlog_std_format = Yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsftpd (Verification Method )*
Listen = Yes (independent vsftpd server )*
Function: You can only connect to the FTP server, but cannot upload or download files.
Note: All links related to log welcome information are optional. If an asterisk is used, all accounts must be added. This is a basic FTP option.
Enable Anonymous FTP Server Upload permission
Add the following information to the configuration file:
Anon_upload_enable = Yes (Open upload permission)
Anon_mkdir_write_enable = Yes (you can create a directory and upload files to it)
Write_enable = Yes (grant write permission to local users)
Anon_other_write_enable = Yes (anonymous accounts can have the permission to delete)
Enable the permission for downloading an anonymous server
Anon_world_readable_only = No
Note: Pay attention to the folder attributes. An anonymous account is another (other) user who wants to enable its read and write permissions.
(R) read ----- download (w) Write ---- upload (x) execute ---- if FTP directory is not enabled
Local_enble = Yes (the local account can log on)
Write_enable = No (You are not authorized to delete or modify files after logging on to the local account)
Function: You can use a local account to log on to the vsftpd server and have the permission to download and upload files.
Note: The anonymous server can log on but cannot upload or download the information that disables Anonymous logon.
User Login is restricted to other directories, but only to its main directory
Set all local users to execute chroot
Chroot_local_user = Yes (all local accounts can only be in their own directories)
Set the specified user to execute chroot
Chroot_list_enable = Yes (the list in the file can be called)
Chroot_list_file =/any specified path/vsftpd. chroot_list
Note: vsftpd. chroot_list is not created and needs to be added by yourself. To control the account, add the account directly in the file.
Restrict access to FTP by local users
Userlist_enable = Yes (use userlistlai to restrict user access)
Userlist_deny = No (users in the list are not allowed to access)
Userlist_file =/Specify the path where the file is stored/(the path where the file is stored)
Note: Enabling userlist_enable = yes for anonymous accounts cannot log on
Security Options
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (BITE) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (BITE) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000 (change the client's data connection port
Pasv_max_port = 60000 between and)
Max_clients = 200 (maximum number of FTP connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)
Check who logged on to FTP and killed the FTP process.
PS-XF | grep FTP
Kill process number
By the way, there is a small lock in the upper right corner of the file when the file is uploaded anonymously! In addition, when the file is a Chinese name, photos and documents cannot be viewed directly in the browser!