Installation brief and typical application of Linux FTP file service

Introduction to FTP

FTP is the abbreviation for file Transfer Protocol (document Transfer Protocol), and Chinese is called "Interfax protocol". Used for two-way transmission of control files on the Internet. At the same time, it is also an application (application). There are different FTP applications based on different operating systems, and all of these applications follow the same protocol to transfer files. In the use of FTP, users often encounter two concepts: "Download" (Download) and "Upload" (Upload). A "Download" file is a copy of a file from a remote host to its own computer; the "upload" file is a copy of the file from your computer to a remote host. In the Internet language, users can upload (download) files to (from) a remote host through a client program.

There are many softwares for implementing FTP service under Linux, the most common ones are vsftpd,wu-ftpd and proftp. VSFTPD is installed by default in Red Hat Enterprise Linux. Access to the FTP server needs to be verified, only after the relevant authentication of the FTP server, the user can access and transfer files.

VSFTPD Login Form

(1) Anonymous (anonymous account)

Using Anonymous is an extensive application of an FTP server. If the user does not have an account on the FTP server, the user can log in with their own e-mail address as the user name Anonymous. When an anonymous user logs on to an FTP server, its logon directory is the root directory of the anonymous FTP server/VAR/FTP. In order to reduce the load on the FTP server, it is generally necessary to turn off the upload function for anonymous accounts.

(2) Real (real account)

Real, also known as a local account, is to log in with a real user name and password, but only if the user has his or her own account on the FTP server. After logging in with a real account, the login directory is the user's own directory, which is created automatically when the system establishes an account.

(3) Guest (virtual account)

If the user has an account on the FTP server, but this account can only be used for the file transfer service, then the account is Guest,guest is a form of real accounts, the difference is that geust log on to the FTP server, you cannot access the content other than the host directory.

VSFTPD Installation and Configuration

Installation:

Yum-y Install VSFTPD

Configuration:

The configuration file has/etc/vsftpd/vsftpd.conf,/etc/vsftpd.ftpusers,/etc/vsftpd.user_list, when configuring the FTP server, the main is to modify the relevant statements in these files.

1.vsftpd.conf File Description

# Example Config file/etc/vsftpd/vsftpd.conf

#

# The default compiled in Settings is fairly paranoid. Thissample file

# loosens things up a bit, to make the FTP daemon more usable.

# vsftpd.conf.5 See the compiled in defaults.

#

# READ This:this Example file is a exhaustive list ofvsftpd options.

# Please read the VSFTPD.CONF.5 manual page to get a full ideaof vsftpd ' s

# capabilities.

#

# Allow anonymous FTP? (beware-allowed by default if youcomment this out).

Anonymous_enable=yes//Whether to allow anonymous to log on to the FTP server is allowed by default.

#

# Uncomment this to allow local users to log in.

Local_enable=yes//Whether to allow local users to log on to the FTP server, by default is allowed

#

# Uncomment this to enable any form of FTP write command.

Write_enable=yes//Whether to allow users to have write permissions in the FTP server file, the default is to allow

#

# Default Umask for Local Users is 077. wish to ChangeThis to 022,

# If your users expect that (022 was used by the most other ftpd ' s)

local_umask=022//Set local user's file generation mask to 022, default is 077

#

# Uncomment the anonymous FTP user to Uploadfiles. This only

# has a effect if the above global write enable is activated. Also, you'll

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable =yes

#

# Uncomment this if you want the anonymous FTP user to be Ableto create

# New directories.

#anon_mkdir_write_enable =yes//Whether anonymous accounts are allowed to create directories in the FTP server

#

# Activate Directory messages-messages given to remote Userswhen they

# go into a certain directory.

Dirmessage_enable=yes//Activate directory information when a remote user changes the directory, a prompt message appears

#

# Activate logging of Uploads/downloads.

Xferlog_enable=yes//enable upload and download log function

#

# Make sure port transfer connections originate from port (ftp-data).

Connect_from_port_20=yes//Enable connection requests for FTP data ports

#

# If you want, you can arrange for uploaded anonymous files tobe owned by

# a different user. note! Using "root" for uploadedfiles are not

# recommended!

#chown_uploads =yes

#chown_username =whoever

#

# you could override where the log file goes if you like. Thedefault is shown

# below.

#xferlog_file =/var/log/vsftpd.log//Set the file name and storage path of the log file, which is the default

#

# If you want, you can have the your log file in the standard ftpdxferlog format

xferlog_std_format=yes//whether to use the standard ftpd xferlog log file format

#

# You could change the default value of timing out of an idlesession.

#idle_session_timeout = 600//Set Idle user session interrupt Time, default is 10 minutes

#

# The default value for timing out a dataconnection.

#data_connection_timeout =120//Set the data connection time-out, which is 120 seconds by default.

#

# It is recommended this define on your system a unique Userwhich the

# FTP server can use as a totally isolated and unprivilegeduser.

#nopriv_user =ftpsecure

#

# Enable This and the server would recognise asynchronous aborrequests. Not

# Recommended for security (the code is non-trivial). Notenabling it,

# However, may confuse older FTP clients.

#async_abor_enable =yes

#

# By default the server would pretend to allow ASCII mode but infact ignore

# the request. Turn on the below options to has the serveractually do ASCII

# mangling on files while in ASCII mode.

# beware that turning on ascii_download_enable enables maliciousremote parties

# to consume your I/O resources, by issuing the command ' Size/big/file ' in

# ASCII mode.

# These ASCII options is split into upload and download becauseyou may wish

# to enable ASCII uploads (to prevent uploaded scripts etc. frombreaking),

# without the DoS risk of SIZE and ASCII downloads. Asciimangling should be

# on the client anyway.

#ascii_upload_enable =yes

#ascii_download_enable =yes//whether to allow uploading and downloading of files using ASCII format

#

# fully customise the login banner string:

#ftpd_banner =welcome to blah FTP service.//set the Welcome login information in the FTP server.

#

# You may specify a file of disallowed anonymous e-mailaddresses. Apparently

# Useful for combatting certain DoS attacks.

#deny_email_enable =yes

# (default follows)

#banned_email_file =/etc/vsftpd.banned_emails

#

# Specify an explicit list of the Local users to Chroot () Totheir Home

# directory. If Chroot_local_user is YES and then this list Becomesa list of

# users to not Chroot ().

#chroot_list_enable =yes//If you want the user to log in and not be able to switch to a directory other than their own directory, you need to set this key, if set Chroot_list_enable=yes, then only allow/etc/vsftpd.chroot_ The user listed in the list has this feature. If you want all local users to be chroot, you can add one line: Chroot_local_user=yes

# (default follows)

#chroot_list_file =/etc/vsftpd.chroot_list

#

# You may activate the "-r" option to the builtin LS. This was disabled by

# default to avoid remote users being able to cause excessivei/o on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# The presence of the "-r" option, so there are astrong case for enabling it.

#ls_recurse_enable =yes

PAM_SERVICE_NAME=VSFTPD//Set the profile name of the PAM Authentication Service, which is stored in the/etc/pam.d/directory.

Userlist_enable=yes//Whether users in the user list are allowed to log on to the FTP server, default is not allowed

#enable for Standalone mode

Listen=yes//Make VSFTPD in standalone boot mode

Tcp_wrappers=yes//using Tcp_wrqppers as host access control mode

2.vsftpd.ftpusers File Description

This file is used to record "Do not allow" users to log on to the FTP server, usually some system default users.

The following is the default list of logins that are not allowed in this file:

# Users that is not a allowed to login via FTP

Root//By default, root and users below it are not allowed to log on to the FTP server. Users who are not allowed to log on can be added here. But keep in mind that each user takes a single row.

Bin

Daemon

cd/

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

operator

Games

Nobody

3.vsftpd.user_list File Description

In fact, its content is the same as the above file content, only in the system to detect the file vsftpd.conf, will detect "Userlist_deny=yes", so this file must exist. Here is the content of this file.

# vsftpd UserList

# If Userlist_deny=no, only allow users in the this file

# If Userlist_deny=yes (default), never allow users in Thisfile, and

# do not even prompt for a password.

# Note that the default Vsftpd Pam Config also checks/etc/vsftpd.ftpusers

# for users, that is denied.

Root

Bin

Daemon

cd/

Lp

Sync

Shutdown

Halt

Mail

News

Uucp

operator

Games

Nobody

Start Services and use

Start: Service vsftpd start

STOP: Service vsftpd stop

Restart: Service vsftpd restart

Create User and Login:

vi/etc/vsftpd/vsftpd.conf Modify the two items inside:

Chroot_local_user=yes (to be added)

Chroot_list_enable=no

Allow_writeable_chroot=yes

Groupadd Longmaster

Useradd longmaster-g longmaster-d/ftp-s/sbin/nologin

passwd Longmaster

/usr/sbin/setsebool-p Ftp_home_dir 1

Service Vsftpdrestart

Installation brief and typical application of the Linux FTP file service