Linux networking entry: FTP server [resend] -- Linux Enterprise Application-Linux server application information. For details, see the following. Among many network applications, FTP (File Transfer Protocol) plays an important role. Software resources are a very important resource on the Internet. Most of the various software resources are stored on the FTP server. FTP and WEB services occupy more than 80% of Internet applications.
You can see the following content only after replying to the post:
====================================
Linux networking entry (2): FTP Server
Original 02-04-17 2050 p fjxufeng
Among many network applications, FTP (File Transfer Protocol) plays an important role. Software resources are a very important resource on the Internet. Most of the various software resources are stored on the FTP server. FTP and WEB services occupy more than 80% of Internet applications.
The FTP service can be divided into two categories based on different service objects: one is the system FTP Server, which only allows valid users on the system to use; the other is the Anonymous FTP Server, Anonymous FTP Server, it can be used by anyone to log on to the FTP server to obtain files.
5.1 select and install FTP server software
If you select "ftpd" when selecting to start the process during LINUX installation, after installing the LINUX system, it has installed a default FTP server to the system. We can use it to implement the functions of the system FTP server. We only need to customize the settings based on our needs.
Washington University FTP is used in most LINUX releases. It is a famous FTP server software, generally referred to as wu-ftp. It is powerful and can run well on many UNIX operating systems, such as ibm aix, FreeBSD, HP-UX, NeXTstep, Dynix, SunOS, and Solaris. More than half of FTP servers on the Internet use it.
Wu-ftp has many powerful functions and is suitable for the management requirements of FTP servers with high throughput:
1) The user can automatically compress or decompress the file while downloading the file;
2) Different access restrictions can be imposed on machines on different networks;
3) records the upload and download times of files;
4) information about transmission can be displayed, so that you can understand the current transmission status in a timely manner;
5) You can set the maximum number of connections to improve efficiency and effectively control the load.
5.2 Composition of wu-ftp
After wu-ftp is installed, you will see the following five executable files in the/bin directory:
Ftpd FTP server program
Ftpshut is used to close FTP server programs
Ftpcount shows current online users
Ftpwho: view the current FTP server connection status
Ckconfig check if FTP server settings are correct
In addition to these executable files, it also generates seven configuration files under the/etc and/var directories:
/Etc/ftpusers
/Etc/ftpaccess
/Var/run/ftp. pids
/Etc/ftpconversions
/Var/log/xferlog
/Etc/ftpgroups
/Etc/ftphosts
After wu-ftp is installed, a special user ftp is created and an ftpd directory is created under the/home directory. When you log on anonymously, will be automatically located in this directory. In this directory, several subdirectories are usually created.
/Home/ftpd/bin: stores executable files for FTP users.
/Home/ftpd/etc: stores configuration files for FTP users.
/Home/ftpd/pub: stores the information for download.
/Home/ftpd/incoming: space for uploading information
5.3 wu-ftp Configuration
5.3.1 view and modify the/etc/inetd. conf file
The/etc/inetd. conf file is the configuration file of the LINUX super server inetd. It monitors multiple TCP/IP ports. When it receives the request, it derives a corresponding server based on the configuration file. By using super servers, other services can be derived only when needed, thus greatly saving system resources.
However, wu-ftp uses the superpolar server inetd to listen for requests. When the super server inetd receives the FTP request from the client, it opens an FTP service process according to the configuration file. Therefore, to use wu-ftp, you must confirm that the configuration file inetd. conf of the super server contains the following sentence:
Ftp stream tcp nowait root/usr/sbin/tcpd wu. ftpd
This allows the super server to derive a wu-FTP ftp service process when receiving an FTP request. (Note: To confirm whether there is such a line, you can use the File Content SEARCH Command to confirm:
Cat/etc/inetd. conf | if grep ftp does not exist, manually add or modify it.
5.3.2 Command Options for wu-ftpd
Wu-ftpd is the service process of wu-ftp. It can be executed without parameters or parameters. The following describes the execution parameters of wu-ftpd.
-D when an error occurs on the FTP server, the error is sent to the system syslog;
-L connect each FTP client to the syslog of the system;
-T set the FTP client to be connected for several minutes. If no operation is performed, the connection is closed;
-A enables wu-ftp to use the/etc/ftpaccess setting;
-A: Disable/etc/ftpaccess settings for wu-ftp;
-L records the programs executed after connecting the FTP client to the system syslog;
-I records the logs of files uploaded by the FTP client in the/usr/adm. xferlog file;
-O records the FTP client download file logs in the/usr/adm/xferlog file.
Through understanding the above parameters, we recommend that you change the default configuration during system installation:
Ftp stream tcp nowait root/usr/sbin/tcpd wu. ftpd? A? I
5.3.3 automatic compression and decompression
If you want the FTP server to have the automatic compression and decompression functions, you must first copy the compressed and decompressed command files, such as tar, gzip, gunzip, compress, and uncompress, to the/home/ftpd/bin directory.
5.3.4 setting of/etc/ftpaccess
This configuration file is the most important configuration file on the FTP server. It is directly related to whether your FTP server can work normally and has many permission settings. The following is a typical configuration instance.
Loginfails 3
Class local real *
Class remote anonymous guest *
Limit remote 100 Any/etc/ftpd/toostrap.
Msgmessage/etc/ftpd/welcome. msg login
Compress yes local remote
Tar yes local remote
Private yes
Passwd-check rfc822 warn
Log commands real
Log transfer anonymous guest inbound outbound
Log transfer real inbound
Shutdown/etc/ftpd/shut. msg
Delete no anonymous, guest
Overwrite no anonymous, guest
Rename no anonymous
Chmod no anonymous, guest
Umask no anonymous
Upload/home/ftpd * no
Upload/home/ftpd/bin no
Upload/home/ftpd/etc no
Upload/home/ftpd/pub yes real 0644 dirs
Upload/home/ftpd/incoming yes real guest anonymous 0644 dirs
Alias in/incoming
Email [EMAIL = "guest@xxx.net"] guest@xxx.net [/EMAIL]
Email [EMAIL = "guest@yyy.net"] guest@yyy.net [/EMAIL]
Deny * .com.tw/etc/ftpd/deny. msg
Next, we will explain each setting one by one and give the meaning of each setting so that you can bypass the settings and make reasonable settings based on the specific circumstances of your FTP server.
1. Format: loginfails [times]
Function: sets the number of times a user can enter the wrong password when logging on to the FTP server.
Instance: loginfails 3: If the password is entered incorrectly three times, the connection is disconnected.
2. Format: class [class name] [real/guest/anonymous] [IP address]
Function: sets the user category on the FTP server. You can also restrict the IP addresses of the client to allow access from some or all IP addresses. Users on the FTP server can basically be divided into the following three types:
Real users with valid accounts on the FTP server;
Anonymous Users with records in guest;
Anonymous users with the lowest anonymous permissions
Instance: class local real *: defines a class named local, which contains real users logging on anywhere (* representing all IP addresses.
Class remote anonymous guest *: defines a class named remote, which contains anonymous users and guest users logging on anywhere.
3. Format: limit [category] [number of people] [time] [file name]
Function: This command sets the maximum number of users allowed to connect to a specified category within the specified time. When the maximum number of users is reached, the content of the specified file is displayed.
Instance: limit remote 100 Any/etc/ftpd/toostrap. msg: at any time, when the number of remote users reaches 100, no new connections are allowed. When the number of 101st users wants to connect, the connection will fail, the user can present the file/etc/ftpd/too.pdf. msg content.
4. Format: message [file name] [command]
Function: when a user executes a specified command, the system displays the specified file content.
Instance: message/etc/ftpd/welcome. msg login: When you execute the login command, that is, when you log on to the FTP server, the system displays the file/etc/ftpd/welcome. msg content.
5. Format: compress [yes/no] [category]
Function: sets which category users can use the compress function.
Instance: compress yes local remote: allows both local and remote users to use the compress function.
6. Format: tar [yes/no] [category]
Function: sets the type of user to use the tar (archive) function.
Instance: tar yes local remote: allows both local and remote users to use the tar function.
7. Format: private [yes/no]
Function: sets whether a group can access files.
Instance: private yes: supports group access to files.
8. Format: passwd-check [none/trivial/rfc822] [enforce/warn]
Function: sets the password usage method for anonymous users.
None indicates that password verification is not performed, and any password can be logged on;
Trival indicates that you can log on as long as the entered password contains the "@" character;
Rfc822 indicates that the password must comply with the E-Mail format specified in RFC822 before logon;
Enfore indicates that the entered password is not allowed to log on if it does not conform to the preceding format;
Warn indicates that only warning information is displayed when the password does not comply with the regulations, and you can still log on.
Instance: passwd-check rfc822 warn: You want to obtain a qualified email as the password, but if not, you can also log on.
9. Format: log command [real/guest/anonymous]
Function: set which users log on to the/usr/adm/xferlog file.
Instance: log command real: when a real user logs on, his operations are recorded. Because the permissions of other users are low, operations do not cause too many security risks. Therefore, you only need to write down the operations of real users.
10. Format: log transfers [real/guest/anonymous] [inbound/outbound]
Function: Set the user's upload (inbound) and download (outbound) operations for logs.
Instance: log transfer anonymous guest inbound outbound: anonymous Users must pay more attention to their file operations, so they must record all upload and download operations.
Log transfer real inbound: only its upload records are recorded for valid users.
11. Format: shutdown [file name]
Function: the time when the FTP server is disabled can be set in the file specified later. Once the set time is reached, you cannot log on to the FTP server. To restore the server, delete the file. This file must be generated by the command/bin/ftpshut.
Instance: shutdown/etc/ftpd/shut. msg
12. Format: delete [yes/no] [real/anonymous/guest]
Function: sets whether to allow a specified user to use the delete command to delete objects. The default value is allow.
Example: delete no anonymous, guest: to better manage the FTP server, anonymous users are generally not allowed to execute the delete command.
13. Format: overwrite [yes/no] [real/anonymous/guest]
Function: sets whether to allow a specified user to overwrite files of the same name. The default value is allow.
Instance: overwrite no anonymous, guest: to better manage the FTP server, we generally do not allow anonymous users to overwrite files of the same name.
14. Format: rename [yes/no] [real/anonymous/guest]
Function: sets whether to allow a specified user to rename a file using the rename Command. The default value is allow.
Instance: delete no anonymous: to better manage the FTP server, anonymous users are not allowed to execute the rename command to change the file name. However, anonymous users with records should be appropriately relaxed to allow them to use the renamed command.
15. Format: chmod [yes/no] [real/anonymous/guest]
Function: sets whether to allow the specified user to use the chmod command to change the File Permission. The default value is allow.
Instance: delete no anonymous, guest: to better manage the FTP server, anonymous users are generally not allowed to execute the chmod command to change the file permissions.
16. Format: umask [yes/no] [real/anonymous/guest]
Function: sets whether to allow the specified user to use the umask command. The default value is allow.
Instance: delete no anonymous: to better manage the FTP server, anonymous users are generally not allowed to execute the umask command.
17. Format: upload [root directory] [upload Directory] [yes/no] [user] [permission] [dirs/nodirs]
Function: provides more detailed settings for directories that can be uploaded.
Instance: upload/home/ftpd * no: indicates that uploading is not allowed in sub-directories/home/ftpd; upload/home/ftpd/bin no: uploading is not allowed under/home/ftpd/bin; upload/home/ftpd/etc no: Indicates uploading is not allowed under/home/ftpd/etc; upload/home/ftpd/pub yes real 0644 dirs: allow Valid users on the server to upload files with a permission of 0644 (that is,-rw-r --) in the/home/ftpd/pub directory, in addition, you can create a subdirectory in this directory. Upload/home/ftpd/incoming yes real guest anonymous 0644 dirs: allows all users to upload files with 0644 permissions under/home/ftpd/incoming, in addition, you can create a subdirectory in this directory.
18. Format: alias [directory alias] [directory name]
Function: sets an alias for a specified directory. You can use a short directory alias when switching a directory.
Instance: alias inc:/incoming: sets an alias for the subdirectory incoming. inc :.
19. Format: email [guest's email address]
Function: as long as some e-mail addresses are set in this place, the identity of these users when they log on to the FTP server will be guest, and the permission is generally lower than real, higher than anonymous.
Example: email [EMAIL = "guest@xxx.net"] guest@xxx.net [/EMAIL] email [EMAIL = "guest@yyy.net"] guest@yyy.net [/EMAIL]: Here is only one example, in fact, it can contain multiple compliant email addresses.
20. Format: deny [IP Address/domain name] [description file]
Function: This setting limits which IP addresses or domain names cannot log on to the FTP server.
Instance: deny * .com.tw/etc/ftpd/deny. msg: access is prohibited for all domain names ending with ".com.tw. The/etc/ftpd/deny. msg content is displayed to the user.
5.3.5 set/etc/ftpuser to disable logon by some users
Sometimes we need to disable some users from using the FTP service. In fact, this setting is very simple. You only need to write the banned user account to the file/etc/ftpuser. In terms of system security, we generally do not want users with excessive permissions or users with the same command name to access the FTP server. Therefore, in the default configuration, the following users are generally blacklisted ".
Root uucp news bin adm nobody lp sync shutdown halt mail
5.3.6 set/etc/ftphosts to disable certain logins from specified machines
To deny logon from some hosts, set the deny command in/etc/ftpaccess, another simpler method is to write the IP address or domain name of the host you want to disable in/etc/ftphosts.
5.3.7 make the new configuration take effect
So far, we have been able to modify and adjust the FTP server configuration as needed. After the configuration is reconfigured, it must take effect. Generally, the configuration of/etc/ftpaccess directly acts on the next FTP service process after the setting. Others need to restart the inetd process.
5.4 use of other ftp-related commands
5.4.1 Number of connections statistics command ftpcount
You can use the ftpcount command to clearly count the number of users currently connected to the FTP server and list the upper limit. The command output is as follows:
Service class local 0 Users (20 maximum)
Service class remote 5 Users (100 maximum)
5.4.2 online user viewing command ftpwho
You can use the ftpwho command to clearly list the details of the current connected users.
5.4.2 ftpshut
We can use the ftpshut command to generate a shut. msg file set in/etc/ftpaccess for shutdown setting. The format of the ftpshut command is:
Ftpshut <-l min> <-d min> time <说明>
-L this parameter sets the number of minutes before the FTP server function is disabled;
-D sets the number of minutes before the FTP server function is disabled;
Time specifies the time when the FTP server is shut down. For example, write 0620;
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.