Content:
1. FTP protocol
2, the construction and configuration of VSFTPD
First, the FTP protocol
1. FTP protocol:
FTP is the abbreviation for file Transfer Protocol (document Transfer Protocol), and Chinese is called "Interfax protocol". Works on the seventh tier and transmits data based on the TCP protocol.
FTP works in some different ways than other application protocols. It is used to communicate with two ports. A port is used for command interaction. This port is maintained after the user has been connected, while the other port is only opened at the time of data transmission (such as: Upload files, download files, get server file list), in the data transmission has two different modes, one is the user to open this data port, this mode is called active mode, the second is the server provides an interface, This mode is called passive mode.
2. FTP Transfer data:
There are two ways to transfer ftp: ASCII transfer mode and binary data transfer mode.
(1), ASCII transmission mode: Assume that the user is copying the file contains simple ASCII code text, if the remote machine is not running UNIX, when the file transfer FTP will usually automatically adjust the contents of the file in order to interpret the file as another computer to store the text file format. However, there are often cases where users are transmitting files that contain not text files, which may be programs, databases, word processing files, or compressed files (although the word processing file contains mostly text, which also contains non-printable characters that indicate page size, font, and so on). Before copying any non-text files, use binary command to tell FTP verbatim copy, do not handle these files, this is also the following binary transmission.
(2), binary transmission mode: in the binary transmission, the file is saved in order, so that the original and copy is a bit-by-point correspondence. Even files that contain bit sequences on the destination machine are meaningless. For example, the Macintosh transmits the executable file to the Windows system in binary mode, and the file cannot be executed on the other system. If you transfer binary files in ASCII mode, they will be translated even if they are not required. This causes the transmission to be slightly slower, and it can corrupt the data, making the file useless. (on most computers, the ASCII approach generally assumes that the first significant bit of each character is meaningless, because the ASCII character combination does not use it.) If you transfer binary files, all the bits are important. If you know that the two machines are the same, the binary method is valid for both the text file and the data file.
3. How FTP Works
FTP supports two modes, one is called standard (that is, port mode, active mode), one is Passive (that is, PASV, passive mode). The standard mode FTP client sends the PORT command to the FTP server. The passive mode FTP client sends the PASV command to the FTP Server.
How these two methods work:
The Port mode FTP client first establishes a connection to the FTP server's TCP 21 port, which sends commands through this channel, sending the port command on this channel when the client needs to receive the data. The port command contains what ports the client uses to receive data. When transmitting data, the server connects to the client's specified port via its TCP 20 port to send the data. The FTP server must establish a new connection with the client to transfer the data.
The passive mode is similar to standard mode when establishing a control channel, but it is not the port command that is sent after the connection is established, but the PASV command. After the FTP server receives the PASV command, randomly opens a high-end port (with a port number greater than 1024) and notifies the client of the request to transmit data on this port, the client connects to this port on the FTP server, and then the FTP server transmits the data through this port, this time the FTP The server no longer needs to establish a new and client connection.
Note: Many firewalls are not allowed to accept externally initiated connections when they are set up, so many FTP servers behind the firewall or intranet do not support PASV mode because the client cannot open the high-end port of the FTP server through the firewall , and many intranet clients cannot log on to the FTP server in port mode, because TCP 20 from the server cannot establish a new connection to the internal network client, resulting in a failure to work.
Second, the construction and configuration of VSFTPD
1, VSFTPD Introduction
VSFTPD is the abbreviation for "very secure FTP daemon", and security is one of its greatest features. VSFTPD is the name of a server running on a UNIX-like operating system that can run on systems such as Linux, BSD, Solaris, Hp-unix, and is a completely free, open-source FTP server software that supports many other FTP Features that are not supported by the server. For example: Very high security requirements, bandwidth constraints, good scalability, can create virtual users, support IPV6, high rate.
VSFTPD is the most respected FTP server program in the Linux distribution. Features are small and light, safe and easy to use.
2, VSFTP installation and use of the configuration
Vsftpd
Program Environment:
Configuration file:/etc/vsftpd/vsftpd.conf
Main program:/USR/SBIN/VSFTPD
File path mapping:/var/ftp
Mapping of the user's home directory: Access to FTP must be a system user's identity, the user's home directory is the document directory;
Anonymous User: Anonymous, to map to a system user, the default is FTP;
Type of User:
Anonymous users:
System users: Users who can log in to the system, users in/etc/passwd
Virtual User: Not a logged on user of the system
3, Configuration vsftpd:
Configuration file: vsftpd.conf
Directive=value
Note: You cannot have any characters before directive;
Note: Any configured permission modification also incorporates file permissions for the filesystem, such as allowing anonymous users to download files in the configuration file, but cannot be downloaded if the file itself has insufficient permissions.
Anonymous users:
Anonymous_enable=yes: Allow anonymous users to log on
Anon_upload_enable=yes: Allow anonymous users to upload files
Anon_mkdir_write_enable=yes: Allow anonymous users to create directories
Anon_other_write_enable=yes : Allow anonymous users other write permissions such as delete directories, etc.
Note: If you allow anonymous users to upload, the default upload permission is 600, because the umask of the anonymous upload file is 077, to be modified to add: anon_umask=022;
System users:
Local_enable=yes: Allow local users to log on
Write_enable=yes: Allow local users to write permissions
Secondary authentication Profile/etc/vsftpd/ftpusers:
PAM-Certified configuration file:/etc/pam.d/vsftpd
Chroot_local_users=yes
Imprison all local users in their home directory, but need to remove the user's write permission to the directory;
Chroot_list_enable=yes
Chroot_list_file=/etc/vsftpd/chroot_list
Imprison the user in the specified file list in their home directory, but need to remove the user's write permission to the directory in advance, (these two instructions are generally enabled or not enabled)
Data transfer log:
Xferlog_std_format=yes
Xferlog_enable=yes
Xferlog_file=/var/log/xferlog
Control the list of users who can log in to the VSFTPD service:
Userlist_enable=yes: Whether to enable the/etc/vsftpd/user_list file to be able to log on users;
Userlist_deny={yes|no}
YES: Blacklist
NO: White list
4, the meaning of the FTP digital code
110 reboot Tag answer.
120 How long is the service available?
125 Data Link port open, ready to transmit.
150 file status OK, open the data connection port.
200 command execution succeeded.
202 command execution failed.
211 System status or system help response.
212 The status of the catalog.
The status of the 213 file.
214 message for help.
215 Name System type.
220 new online Services ready.
221 The control connection port of the service is off and can be logged off.
225 data connection is turned on, but no transfer action.
226 The data connection port is closed and the requested file operation succeeds.
227 Enter passive mode.
230 users log in.
250 The requested file operation is complete.
257 Displays the current path name.
331 the user name is correct and a password is required.
332 Login required account information.
350 The requested operation requires a command in the next section.
421 Unable to provide service, close control link.
425 The data link cannot be turned on.
426 Close the connection and terminate the transfer.
450 The requested operation was not performed.
451 Command termination: There is a local error.
452 command not executed: insufficient disk space.
500 format error, command not recognized.
501 parameter syntax error.
502 command execution failed.
503 Command sequence error.
The 504 command received an incorrect parameter.
530 not logged in.
532 Storage file requires account login.
550 the requested operation was not performed.
551 The requested command terminates, the type is unknown.
552 the requested file terminates and the storage bit overflows.
553 The requested command is not executed, the name is incorrect.
This article from the "6638225" blog, reproduced please contact the author!
Linux Architecture Learning FTP protocol for the 28th day and the use of VSFTPD