Introduction to Linux FTP

FTP mode of operation with active and passive two types

Anonymous user and System User Configuration

1. Installation

[[email protected] pam.d]# yum install vsftpd[[email protected] pam.d]# rpm -qc vsftpd/etc/logrotate.d/vsftpd/etc/pam.d/vsftpd/etc/vsftpd/ftpusers/etc/vsftpd/user_list/etc/vsftpd/vsftpd.conf#更多查看[[email protected] pam.d]# rpm -ql vsftpd#家目录[[email protected] pam.d]# grep ‘ftp‘ /etc/passwdftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

2. Start

[[email protected] pam.d]# systemctl start vsftpd[[email protected] pam.d]# ps -ef|grep vsftpdroot       3090      1  0 14:19 ?        00:00:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf[[email protected] pam.d]# ss -antup|grep vstcp    LISTEN     0      32       :::21                   :::*                   users:(("vsftpd",pid=3090,fd=3))

3. Client Installation Anonymous Login

[[email protected] test]# yum install lftp#vsftpd以ftp用户的身份运行进程，默认认用户即为ftp用户，匿名用户的默认路径即ftp用户的家目录/var/ftp #    ftp, anonymous#匿名[[email protected] test]# lftp -u ftp 172.16.86.202Password:lftp [email protected]:~> lsdrwxr-xr-x    2 0        0               6 Aug 03  2017 pub#匿名[[email protected] test]# lftp -u anonymous 172.16.86.202Password:lftp [email protected]:~>

LFTP Command Introduction

4. Authentication method View default System user authentication method

[[email protected] ~]# cat /etc/pam.d/vsftpd#%PAM-1.0session    optional     pam_keyinit.so    force revokeauth       required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed #黑名单，由于报文是明文。防止root等用户登入auth       required pam_shells.soauth       include  password-auth   #cat /etc/pam.d/password-auth   跟服务器账号登入认证同一个account    include  password-authsession    required     pam_loginuid.sosession    include  password-auth

[[email protected] ~]# useradd zander[[email protected] ~]# echo ‘zander‘|passwd zander --stdin[[email protected] test]# lftp -u zander 172.16.86.202Password:lftp [email protected]:~> ls -adrwx------    2 1000     1000           62 May 20 06:59 .drwxr-xr-x    3 0        0              20 May 20 06:59 ..-rw-r--r--    1 1000     1000           18 Aug 02  2017 .bash_logout-rw-r--r--    1 1000     1000          193 Aug 02  2017 .bash_profile-rw-r--r--    1 1000     1000          231 Aug 02  2017 .bashrclftp zan[email protected]:~> pwdftp://[email protected]/%2Fhome/zanderlftp [email protected]:~> put a.txt838 bytes transferred

5. Configuration Files

[[email protected] ~]# man vsftpd.conf[[email protected] pam.d]# cp/etc/vsftpd/vsftpd.conf{,.bak}[[email  protected] pam.d]# vim/etc/vsftpd/vsftpd.conf# Anonymous use method ______________________________________________________ ____________________________#[[email protected] ftp]# ll-d/var/ftp# Anonymous login In this directory, this directory belongs to root. Cannot modify permissions, if you want to read and write anonymously, create subdirectories under this directory #drwxr-xr-x 4 root root 28 May 15:19/var/ftp #[[email protected] ftp]# mkdir/var/ft P/ftp#[[email protected] ftp]# chown ftp.ftp/var/ftp/ftp #配合下面设置anonymous_enable =yes # Whether to enable anonymous account login after download # Anon_upload_enable=yes # Upload file #anon_mkdir_write_enable=yes # Create upload directory #anon_other_write_enable=yes # Delete file directory # system Unified User Configuration __________________________________________________________________________________local_enable=yes #  Whether to enable local user Write_enable=yes #写权限包含所有读写删local_umask =022 chroot_local_user=yes #禁锢所有本地用户 in their home directory, you need to remove the user's write permission to the directory; The following two items cannot be used in conjunction with [[email protected] ftp]# chmod a-w/home/zander If the lock function is not minus write permission, loginFailed # Two items above do not use #chroot_list_enable=yes #禁锢局部 #chroot_list_file =/etc/vsftpd/chroot_list# to define the blacklist #/etc/vsftpd/ Ftpusers the system user under this file is not logged in because the FTP message transmission is plaintext #[[email protected] ftp]# cat/etc/vsftpd/ftpusers# users that is not Allowed to login via ftp#root#bin#. #定义白名单 # Enable the/etc/vsftpd/user_list file to control the logged-in user; userlist_enable=yesuserlist_deny= Yes the default is blacklist yes: This means it is blacklisted; NO: Whitelist; #上传下载速率__________________________________________________________________________ ________ anon_max_rate=0 local_max_rate=0# Number of concurrent connections limit _______________________________________________________________ ___________________ max_clients=2000 max_per_ip=50

Virtual User Configuration

1. Compiling pam_mysql

[[email protected] pam_mysql-0.7rc1]# yum-y install pam-devel[[email protected] packages]# wget/HTTP/ Prdownloads.sourceforge.net/pam-mysql/pam_mysql-0.7rc1.tar.gz[[email protected] packages]# Tar XF pam_ Mysql-0.7rc1.tar.gz[[email protected] pam_mysql-0.7rc1]#./configure--with-pam=/usr--with-mysql=/www/server /mysql--with-pam-mods-dir=/usr/lib64/security[[email protected] pam_mysql-0.7rc1]# make && make Install[[email protected] vuser]# head/var/log/securemay 20:42:19 localhost vsftpd[24322]: PAM Unable to Dlopen ( /usr/lib64/security/pam_mysql.so):/usr/lib64/security/pam_mysql.so:undefined symbol:make_scrambled_password# There is a problem with the above website package [[email protected] pam_mysql-0.7rc1]# wget HTTP://REPO.IOTTI.BIZ/CENTOS/7/X86_64/PAM_ Mysql-0.8.1-0.22.el7.lux.x86_64.rpm[[email protected] pam_mysql-0.7rc1]# Yum install PAM_ Mysql-0.8.1-0.22.el7.lux.x86_64.rpm[[email protected] pam_mysql-0.7rc1]# ls/usr/lib64/security/pam_mysql.so /usr/lib64/securIty/pam_mysql.so 

2. Initialize the database

mysql> create database vsftpd;mysql> create table users (id int AUTO_INCREMENT NOT NULL,name char(100)  NOT NULL,password char(100)  NOT NULL,unique key(name),primary key(id));mysql> insert into users (name,password) values(‘tom‘,PASSWORD(‘tom‘)),(‘jack‘,PASSWORD(‘jack‘));mysql> grant select on vsftpd.* to [email protected]‘127.0.0.1‘ identified by ‘111111‘;mysql> FLUSH PRIVILEGES;mysql> select * from users;+----+------+-------------------------------------------+| id | name | password                                  |+----+------+-------------------------------------------+|  1 | tom  | *71FF744436C7EA1B954F6276121DB5D2BF68FC07 ||  2 | jack | *9BCDC990E611B8D852EFAF1E3919AB6AC8C8A9F0 |+----+------+-------------------------------------------+2 rows in set (0.00 sec)

3. Create a Virtual user mapping

[[email protected] ~]# mkdir /ftproot[[email protected] ~]# useradd -d /ftproot/vuser vuser[[email protected] ~]# mkdir /ftproot/vuser/pub[[email protected] ~]# chown vuser.vuser /ftproot/vuser/pub[[email protected] mysql]# chmod a-w /ftproot/vuser#注意vuser目录下是没有写权限的，只能在这个目录下建立能写的目录

4. Configuration files

[[email protected] ~]# vim /etc/pam.d/vsftpd.vusersauth required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=111111 host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2account required /usr/lib64/security/pam_mysql.so user=vsftpd passwd=111111 host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2[[email protected] vsftpd]# vim vsftpd.confpam_service_name=vsftpd.vusersguest_enable=YESguest_username=vuser  #映射上面创建的用户user_config_dir=/etc/vsftpd/vusers_config/[[email protected] vuser]# mkdir /etc/vsftpd/vusers_config/[[email protected] vuser]# vim /etc/vsftpd/vusers_config/tomanon_upload_enable=YESanon_mkdir_write_enable=YES

Introduction to Linux FTP