Linux Network Service 04--ftp file transfer service

Linux Network Service -FTP File transfer service I.FTP Connection and transfer mode

1, control connection:TCP, for sending FTP command Information

2, data connection:TCP, for uploading, downloading data

3, the type of data connection establishment:

(1) Active mode: Server actively initiates data connection

The FTP Control Connection is first established by the client to the port on the server . When data needs to be transferred, the client notifies the server with the Port command "I have opened a port, you come to me", and the budget server sends a request to the client's port from port one and establishes a data connection.

(2) Passive mode: Server passively waits for data connection

Passive mode is typically used if the firewall of the client's network prohibits active mode connections.

first, the client wants the server's port to establish the FTP control connection. When the data needs to be transferred, the server notifies the client with the PASV command "I have opened a port, you come to me", and the client sends the request to the server's port (not a) and establishes a data connection.

4. Transmission mode

When transferring files, it is divided into text mode and binary mode according to whether character conversion is performed.

(1) text mode: Also known as ASCII(American Standard Code for information interchange U.S. Information Interchange Standard code mode, which uses ASCII standard character sequences when transferring files, typically used only for the transmission of plain text files.

(2) binary mode: Also known as binary mode , this mode does not convert the characters in the file sequence, more suitable for transmitting programs, pictures and other non-plain text characters of the file.

using binary mode is more efficient than text mode, and most The FTP Client tool can automatically select the file transfer mode based on the file type.

two ,FTP user type

1, anonymous User: The user name is ftp or anonymous, provide any password (including blank password) can be verified by the server. Generally used for the download of public files, such as the provision of some free software, learning materials to download the site.

2, Local Users: Directly using the Local System user account for verification.

3, Virtual User: Through a separate user database file for login verification, the FTP account and Linux System Account Association to the minimum, to provide better security for the system.

iii. types of FTP server software

1.Windows system:FileZilla Server,serv-u , etc.

2.Linux/unix system:vsftpd(Very Secure FTP Daemon)

Four , types of FTP client Tools

1 windows system: ftp command, cuteftp , FLASHFXP , leapftp , filezilla flashget Span style= "Font-family:calibri" >wget ftp client tool.

2.Linux/unix system:FTP command

Five , to build anonymous access FTP Service

1. Install FTP Service software

2.prepare directory for anonymous FTP Access

3. Open Anonymous User Configuration and start vsftpd service

4. Test anonymous FTP Server

Install on client FTP Client

Test Summary: Anonymous user has new directory, upload files, delete files permissions, new directory default permissions 755, upload file default permissions 644.

Six , build Local User-authenticated FTP Service

1. Create a local user

2, modify the configuration file, restart the FTP service.

Client Testing

Test Summary: Local users have new directory, upload file permissions, new directory default permissions ,upload file default permissions .

3 . Use of ftpusers and user_list user list

(1)ftpusers file: blacklist in FTP server with priority higher than user_list file

(2)user_list file: This user list is also blacklisted by default, that is, users in this user list are not accessible to the FTP server, but can be changes to the vsftpd.conf Master profile change this list to whitelist and are accessible only to users in this list.

(3) Example:

1> the test1 user into the ftpusers file, the other configuration files are not modified, try to use the test1 User Login

Customer Testing

2> Remove the test1 ftpusers file and place the test2 into the user_list in the list of users, the default provisioning file is used before the client tries to access the FTP server with Test2. After modifying the configuration file, Change The user_list to whitelist, and then use Test1,test2 on the client respectively. Attempt to access.

Client Testing

The server modifies the master configuration file and restarts the service

[Email protected] vsftpd]# vim vsftpd.conf

The client tests again

Test Summary: The default user_list user list in the configuration file is blacklisted and defaults to userlist_deny=yeswhen adding userlist_deny=no ,theuser_list user list is whitelisted, and only users in this list can access the FTP server.

Seven , build Virtual user authentication. FTP Service

1. Establish the Virtual user account database

The VSFTPD service uses a database file in the Berkeley DB format to hold the virtual user account and use the db_load tool to generate the database files. (If not installed, the installation package is installed on CD 1 , the software is named db4-utils)

Note:db_load Command

-T: Allow non- Berkeley programs to use the database

-T: Specify Algorithm (hash: hash, hashing)

-F: Specify source file

Note: The resulting database file must be in the ". DB" format

2. Add virtual Map account to modify permissions for FTP root directory

3. Increase PAM Certification

4, modify the vsftpd.conf configuration file, restart the service

5. Client Testing

6, the realization of each virtual user different root directory, different permissions of the control

(1) Create a user-controlled directory and create a configuration file with the same name as the virtual

Modify The Zhangsan configuration file so that it can upload, create directories, delete files, rename files, maximum transfer rate 1 bytes per second, Root directory is /var/zhangsan

Modify The Lisi configuration file so that it can only download uploads, do not open other permissions, do not limit the transfer rate, and the root directory is /var/lisi

Wangwu configuration files are not modified, their permissions are the default permissions in the configuration file, the root directory is /var/ftproot, can only be downloaded and cannot be uploaded.

(2) Modify the vsftpd.conf master configuration file and restart the service

[Email protected] vsftpd]# vim vsftpd.conf

(3) client testing

Verify Zhangsan

Verify Lisi

Verify Wangwu

"Extracurricular knowledge" establishes log files for VSFTPD services.

Other configurations:

Listen=yes

listen_address=192.168.1.108

listen_port=2121// Setting the listening port

Pasv_enable=yes// whether to turn on Passive mode

PASV_MIN_PORT=24500// Passive mode port lower limit

pasv_max_port=24600// Passive mode port upper limit

max_clients=2000// max 15000, maximum number of customer connections, not generally limited

max_per_ip=2// per IP limit open a few client tools, generally without limiting

anon_max_rate=50000// Anonymous Maximum transfer rate, general unrestricted

local_max_rate=20000// local User maximum transfer rate, generally unlimited

Linux Network Service 04--ftp file transfer service