LINUX FTP Service Configuration documentation

First, the FTP Active Passive mode introduction

Before you begin, you need to understand what the control plane is and what the data plane is. The control plane is the connection established before the data transfer, such as the TCP three handshake is the control plane, the establishment of a good connection after the start of transmission data, then belong to the data transmission plane.

1, the active mode: The client initiates a connection to the server, randomly generates a port of greater than 1024 x, the service end with Port 21st to establish a control plane connection, establish a good connection to perform the upload download command. When the data needs to be transferred, the client will open a port greater than 1024 y and send the port information to the server via the previously established control plane connection, at which point the server initiates a connection to the client, the data plane connection is established, and the data transfer begins.

2, Passive mode: The client randomly generates a port greater than 1024 and the server port 21 to establish a connection, the establishment of a good connection can be executed upload download command. When data needs to be transferred, the client requests a data plane connection to the server via a previously established control plane channel, which receives a random port number Y and sends the port information to the client through the previously established channel. The client then randomly generates a port number Z, initiates a connection to the server's Y port, establishes the connection at the data plane, and begins transmitting the data.

There is a passive mode, because of the limitations of the enterprise firewall, if the FTP server in the firewall backend, using the active mode when the service side to initiate connection request to the client, the general policy will be set to not allow untrust to trust, resulting in FTP cannot establish a connection, so there is a passive mode.

Second, configure the FTP server

1. Environment: CentOS 6.6 X64

2. Installation steps:

1) Install with Yum using VSFTPD

#yum-y Install vsftpd

2) Start the FTP service and set the boot up

Service VSFTPD Start

Chkconfig--add vsftpd

#让vsftpd成为系统服务, Boot automatically

Chkconfig--level 2345 vsftpd on

# Put VSFTPD on (open) state at Run Level 2, 3, 4, 5

2) Once the FTP user and set the password, so that they can not log on the system

Useradd mingyongxing-s/sbin/nologin

passwd mingyongxing

3) Set permissions for the user by modifying the master configuration file

The default vsftp allows anonymous users to log in, the default login directory is:/var/ftp/pub anonymous users only download permissions

The default normal user logs in their home directory after landing. /home/$name

The corresponding parameters can be modified by VSFTP's main configuration file as follows

4) The following are the common parameters of the vsftp configuration file

Vim/etc/vsftpd/vsftpd.conf//ftp's master configuration file

Anonymous_enable=yes//Whether to allow anonymous login

Local_enable=yes//Whether Local users are allowed to log on to the FTP server

Write_enable=yes//Local User login ftp have write permission

local_umask=022//file or directory mask, similar to subnet mask in the network, the larger the mask, the smaller the permissions

#022代表777减去022 = 755:

7 is obtained by adding up the array 4 2 1, 4 means can read 2 represents can write 1 represents the executable

755 means: Master: 7 Genus Group: 5 Others:5

Anon_upload_enable=yes//Whether anonymous users are allowed to create folders

Anon_mkdir_write_enable=yes//Enable welcome message

Ftpd_banner=welcome to blah FTP service. Set up a welcome message

Dirmessage_enable=yes//enable log information log in/var/log/vsftpd.log

Chown_uploads=yes//is allowed to change the owner (the owner of the modified file after uploading a file)

chown_username=mingyongxing//Change owner to Mingyongxing

(Parameter: "Whoever" on behalf of any person, that is, the uploaded file belongs to any user)

Xferlog_file=/var/log/vsftpd.log//Modify log file path

Userlist_enable=yes//Enable user restricted login function

Userlist_deny=no//Set whether to allow users in userlist to log in to FTP No to allow only accounts in the User_list to login Yes to deny User_list account login If the configuration file does not write Userlist_deny, However, if Userlist_enable=yes is turned on, the account in User_list is only rejected by default.

Chroot_list_enable=yes//Whether to allow users to switch directories YES to allow only in their own directory not allowed to switch

Chroot_list_file=/etc/vsftpd/chroot_list//Do not allow user list files to switch directories to add users to files

5) Some other parameters of the configuration file

/etc/vsftpd/vsftpd.conf

① limit concurrency and transfer rate setting to 0 means no limit

max_client=100//Limit 100 users to log in to FTP at the same time

MAX_PER_IP=10//Set the same IP maximum number of connections

local_max_rate=500000//Set Local user transfer rate to 500KB/S unit B/S

ano_max_rate=500000//Set anonymous user transfer rate to 500KB/S unit B/S

listen_port=4449//Modify the default listening port number,

6) FTP Configuration file directory

/var/log/xferlog log files for vsftpd

/ETC/RC.D/INIT.D/VSFTPD Startup scripts

directory where the/etc/vsftpd vsftpd configuration file is stored

/etc/vsftpd/ftpusers prohibit the use of VSFTPD user list files

/etc/vsftpd/user_list prohibit or allow the use of VSFTPD user list files

/ETC/VSFTPD/VSFTPD.CONF Master configuration file

Attached: FTP Status code

When logged in with the command line or FTP client, a status code is prompted

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/A5/D0/wKioL1nDmqnjv-Y9AAAcR3KRUEU417.png-wh_500x0-wm_ 3-wmp_4-s_2975897156.png "style=" Float:none; "title=" 1.png "alt=" Wkiol1ndmqnjv-y9aaacr3krueu417.png-wh_50 "/>

650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/07/1F/wKiom1nDmt-RiHwiAACuGTczPxI482.png-wh_500x0-wm_ 3-wmp_4-s_1988958436.png "style=" Float:none; "title=" 2.png "alt=" Wkiom1ndmt-rihwiaacugtczpxi482.png-wh_50 "/>

Reference Documents: http://www.jb51.net/article/94223.htm

LINUX FTP Service Configuration documentation