First, the FTP service
Definition of 1.FTP
ftp://File Transfer Protocol
software provided by the 2.FTP protocol
In the rhel7.2:
Vsftpd
3. Deploy the FTP serviceServices
Vim/etc/yum.repos.d/***.repo #设置yum源
figure: Settings for the Yum source
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/e07a3d895315b30b43ebb53314bb9ff8.png-wh_500x0-wm_3 -wmp_4-s_2622294593.png "title=" screenshot from 2017-11-08 17-59-16.png "alt=" E07a3d895315b30b43ebb53314bb9ff8.png-wh_ "/>
Yum Clean All
Yum Install Vsftpd-y
diagram: Installing VSFTPD
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/b6ddd97bc3321c9be3abc78e8851a663.png-wh_500x0-wm_3 -wmp_4-s_119132493.png "title=" screenshot from 2017-11-08 18-27-29.png "alt=" B6ddd97bc3321c9be3abc78e8851a663.png-wh_ "/>
Systemctl Start VSFTPD
Systemctl Enable VSFTPD
diagram: Open reload vsftpd
650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/08/bdc4d8d7b44d84af596c5f8dcf2d62cd.png-wh_500x0-wm_3 -wmp_4-s_2986696194.png "title=" screenshot from 2017-11-08 18-31-52.png "alt=" Bdc4d8d7b44d84af596c5f8dcf2d62cd.png-wh_ "/>
Firewall-cmd--permanent--add-service=ftp # #增加服务ftp
Firewall-cmd--reload # #重新加载防火墙
diagram: Reload
650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/08/787e7b642af3b8a2f57ca6dda526e142.png-wh_500x0-wm_3 -wmp_4-s_1396386303.png "title=" screenshot from 2017-11-08 18-33-47.png "alt=" 787e7b642af3b8a2f57ca6dda526e142.png-wh_ "/>
[Email protected] desktop]$ lftp 172.25.254.2
LFTP 172.25.254.2:~> ls
Drwxr-xr-x 2 0 0 6 Geneva Pub
basic information about the **FTP service
Software installation package: VSFTPD
Default Publish directory:/var/ftp
Protocol interface: 21/TCP
Service configuration file:/etc/vsftpd/vsftpd.conf
4. Basic Configuration of FTP
1> Basic Settings
Vim/etc/vsftpd/vsftpd.conf# #修改配置文件
Systemctl Restart VSFTPD# #每次修改配置文件都得重启服务
Anonymous User
Anonymous_enable=yes | NO# #匿名用户是否可以登陆
icon: Anonymous user can not login
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/49977f97f7e809f4ac835356a7f6e2ef.png-wh_500x0-wm_3 -wmp_4-s_3682732431.png "title=" screenshot from 2017-11-08 18-51-28.png "alt=" 49977f97f7e809f4ac835356a7f6e2ef.png-wh_ "/>
Local User
Vim/etc/vsftpd/vsftpd.conf
Local_enable=yes | NO# #本地用户是否可以登陆
Write_enable=yes | NO# #ftp是否对登陆用户可写
Systemctl Restart VSFTPD
Illustration: Local Users cannot log in
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/c5108b030cd60af622f5daaf3b85ccbb.png-wh_500x0-wm_3 -wmp_4-s_2702046364.png "title=" screenshot from 2017-11-08 19-05-39.png "alt=" C5108b030cd60af622f5daaf3b85ccbb.png-wh_ "/>
icon: Local user login is not writable
650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/08/973382fcf92b9e48654b14338c6a56ae.png-wh_500x0-wm_3 -wmp_4-s_3723226733.png "title=" screenshot from 2017-11-08 19-09-38.png "alt=" 973382fcf92b9e48654b14338c6a56ae.png-wh_ "/>
2> upload of anonymous users
Vim/etc/vsftpd/vsftpd.conf
Write_enable=yes
Anon_upload_enable=yes | NO# #匿名用户上传 (29 lines)
Chgrp ftp/var/ftp/pub
chmod 775/var/ftp/pub
Illustration: Anonymous users can upload
650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/08/81c9ac5e453b949045c0142d2ed42ee2.png-wh_500x0-wm_3 -wmp_4-s_132907761.png "title=" screenshot from 2017-11-08 19-15-47.png "alt=" 81c9ac5e453b949045c0142d2ed42ee2.png-wh_ "/>
3> Modification of anonymous user home directory
Anon_root=/westos
Diagram: Modify
650 "this.width=650;" src= "https://s3.51cto.com/ Oss/201711/08/a3dae9f9b24848314c1c70cbf00369de.png-wh_500x0-wm_3-wmp_4-s_4100759627.png "title=" Screenshot from 2017-11-08 19-20-39.png "alt=" A3dae9f9b24848314c1c70cbf00369de.png-wh_ "/>
4> Anonymous user upload file default permissions modify
30 anon_umask=***
Diagram: Anonymous user rights modified to 022
650) this.width=650; "Src=" https://s3.51cto.com/oss/201711/08/ 9292d946d4fd8877621d9df5e5e3598d.png-wh_500x0-wm_3-wmp_4-s_1517128623.png "title=" Screenshot from 2017-11-08 19-24-40.png "alt=" 9292d946d4fd8877621d9df5e5e3598d.png-wh_ "/>
5> Anonymous user established directory
34 Anon_mkdir_write_enable=yes
diagram: Allow directory creation
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/a69f03d113cd17fb86bfd5f3cae59965.png-wh_500x0-wm_3 -wmp_4-s_980828678.png "title=" screenshot from 2017-11-08 19-26-59.png "alt=" A69f03d113cd17fb86bfd5f3cae59965.png-wh_ "/>
6> anonymous user download
Anon_world_readable_only=yes |no# #设定参数为no表示匿名用户可以下载
Illustration: Anonymous users are not allowed to download
650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/08/12350e02fd874c2dbe853ef28da2f7cb.png-wh_500x0-wm_3 -wmp_4-s_4245737640.png "title=" screenshot from 2017-11-08 19-29-46.png "alt=" 12350e02fd874c2dbe853ef28da2f7cb.png-wh_ "/>
7> Anonymous User deletion
Approx. anon_other_write_enable=yes
diagram: Allow anonymous users to delete
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/fbbd129dedc80f2a1ca1bf947839cdff.png-wh_500x0-wm_3 -wmp_4-s_2808963054.png "title=" screenshot from 2017-11-08 19-31-35.png "alt=" Fbbd129dedc80f2a1ca1bf947839cdff.png-wh_ "/>
8> identity Modifications used by anonymous users
Wuyi Chown_uploads=yes
Chown_username=student
Figure: Anonymous user identity is student
9> Max upload rate
anon_max_rate=2048000
figure: Max upload rate
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/8a27b0a339809039ac1b85394d7fea25.png-wh_500x0-wm_3 -wmp_4-s_1634623451.png "title=" screenshot from 2017-11-08 19-50-20.png "alt=" 8a27b0a339809039ac1b85394d7fea25.png-wh_ "/>
10> Maximum number of links
max_clients=2
figure: Maximum number of links
650) this.width=650; "Src=" Https://s1.51cto.com/oss/201711/08/a59a4806030e0a2b7c0da032177d4c57.png-wh_500x0-wm_3 -wmp_4-s_592691453.png "title=" screenshot from 2017-11-08 19-50-20.png "alt=" A59a4806030e0a2b7c0da032177d4c57.png-wh_ "/>
Second, the local user's settings
Local_enable=yes | On
Write_enable=yes | On
1> Local User Home directory modification
Local_root=/directory
Diagram: Modifying parameters
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/c6c6d8c7a10f0aa5c4c9464a3cf0ee6f.png-wh_500x0-wm_3 -wmp_4-s_2892254842.png "title=" screenshot from 2017-11-08 20-31-31.png "alt=" C6c6d8c7a10f0aa5c4c9464a3cf0ee6f.png-wh_ "/>
2> Local Users to upload file permissions
local_umask=022
Diagram: Permissions for uploads
650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/08/8dcc50c847a5596705ac78391f091c0e.png-wh_500x0-wm_3 -wmp_4-s_1390415983.png "title=" screenshot from 2017-11-08 20-31-31.png "alt=" 8dcc50c847a5596705ac78391f091c0e.png-wh_ "/>
3> restricting Local users to browse directories
All users are locked into their home directory
Chroot_local_user=yes
chmod u-w/home/*
Diagram: Modify the configuration source file
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/ce15412fddf1c16018716944158a1a94.png-wh_500x0-wm_3 -wmp_4-s_1468937883.png "title=" screenshot from 2017-11-08 20-33-14.png "alt=" Ce15412fddf1c16018716944158a1a94.png-wh_ "/>
* User blacklist establishment
105chroot Local User=no
106 Chroot_list_enable=yes
108 Chroot_list_file=/etc/vsftpd/chroot_list
Diagram: Modify the configuration source file
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/c4b67657e2460036f1a1c6921233f819.png-wh_500x0-wm_3 -wmp_4-s_3899041065.png "title=" screenshot from 2017-11-08 20-35-12.png "alt=" C4b67657e2460036f1a1c6921233f819.png-wh_ "/>
* User Whitelist established
105chroot Local User=yes
106 Chroot_list_enable=yes
108 Chroot_list_file=/etc/vsftpd/chroot_list
Diagram: Modify the configuration source file
650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/08/af38cab30acad57179c8b3238552e5a1.png-wh_500x0-wm_3 -wmp_4-s_2115344635.png "title=" screenshot from 2017-11-08 20-35-12.png "alt=" Af38cab30acad57179c8b3238552e5a1.png-wh_ "/>
4> restricting local User login
Vim/etc/vsftpd/ftpusers # #用户黑名单
Vim/etc/vsftpd//user_list # #用户临时黑名单
Diagram:ftpusers file Modification
650) this.width=650; "Src=" Https://s3.51cto.com/oss/201711/08/5b6e9d9c91f8a4ec3b3e9eb8bfde9097.png-wh_500x0-wm_3 -wmp_4-s_2959203999.png "title=" screenshot from 2017-11-08 20-46-17.png "alt=" 5b6e9d9c91f8a4ec3b3e9eb8bfde9097.png-wh_ "/>
Diagram: User_list file modification
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/48da70ba0f7f2841cdacf4510b604d88.png-wh_500x0-wm_3 -wmp_4-s_3758945655.png "title=" screenshot from 2017-11-08 20-47-02.png "alt=" 48da70ba0f7f2841cdacf4510b604d88.png-wh_ "/>
Diagram: Test
Temporary blacklist user Lee
650) this.width=650; "Src=" Https://s4.51cto.com/oss/201711/08/a719468db789a2cbcba10eab98874472.png-wh_500x0-wm_3 -wmp_4-s_695963860.png "title=" screenshot from 2017-11-08 21-19-23.png "alt=" A719468db789a2cbcba10eab98874472.png-wh_ "/>
User White list settings
109 Userlist_deny=no
/etc/vsftpd/user_list # #参数设定, this file becomes a user whitelist, only the user who appears in the list can log in to FTP
Diagram: Configuration file modification
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/7c99a574e5f7272a05154b36ac543415.png-wh_500x0-wm_3 -wmp_4-s_2868487499.png "title=" screenshot from 2017-11-08 21-29-29.png "alt=" 7c99a574e5f7272a05154b36ac543415.png-wh_ "/>
Diagram: Test
Other users are not allowed to log in unless they are whitelisted.
650) this.width=650; "Src=" Https://s2.51cto.com/oss/201711/08/ac536292ab0b666424f92db8a320513a.png-wh_500x0-wm_3 -wmp_4-s_1234318753.png "title=" screenshot from 2017-11-08 21-36-38.png "alt=" Ac536292ab0b666424f92db8a320513a.png-wh_ "/>
Third, the FTP virtual user's settings
Create a virtual account identity)
Vim/etc/vsftpd/loginusers # #文件名称任意
Pam_service_name=westos
Guest_enable=yes
Guest_username=ftp
Userlist_enable=yes
Tcp_wrappers=yes
Diagram:vsftpd file Modification
650) this.width=650; "Src=" Https://s5.51cto.com/oss/201711/08/6b35bb1bcf611422861ba77dbd8ee6dd.png-wh_500x0-wm_3 -wmp_4-s_3981418677.png "title=" screenshot from 2017-11-08 21-11-49.png "alt=" 6b35bb1bcf611422861ba77dbd8ee6dd.png-wh_ "/>
Virtual account Identity)
This article is from the "13342594" blog, please be sure to keep this source http://13352594.blog.51cto.com/13342594/1980115
Linux--ftp Set-up