Linux (radhat) Basic Learning-ftp Service

Last Update:2018-08-04 Source: Internet

Author: User

Tags ftp connection ftp access

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Launch of the FTP service 1.FTP service under Redhat

1. Edit file: Vim/etc/sysconfig/selinux
Line 6th selinux=disabled

Save exit.
Reboot the host.

2. Installing VSFTPD

yum install vsftpd -y

Installation Complete:

To open the FTP service:

systmctl start vsftpdsystemctl enable vsftpd

3. Firewall allows FTP connection

firewall-cmd --permanent --add-service=ftp   ##允许ftp连接firewall-cmd --reload   ##重启火墙使设置生效

4. Test: FTP access to this host ftp://172.25.254.157

Basic information for 2.FTP

Access Data port: 21
Data transfer port: >1024 Random Port

Default Publish directory:/var/ftp/
Access method:

    lftp ip地址   ##匿名登陆

    lftp ip地址 -u username   ##用户登陆

Configuration file for ftp:/etc/vsftpd/vsftpd.conf

Secure deployment of 3.FTP

Edit Profile: vim/etc/vsftpd/vsftpd.conf

(1)anonymous_enable=YES|NO：匿名用户是否可登陆(2)local_enable=YES|NO：本地用户是否可以登陆(3)write_enable=YES|NO：本地用户是否可写文件(4)设置匿名用户可写：    a.改变目录权限，使用户组有可写权限：chmod 775 /var/ftp/pub    b.目录的所有组改成ftp组：chgrp ftp /var/ftp/pub（匿名登陆用户属于ftp组）编辑文件/etc/vsftpd/vsftpd.conf第29行，改为YES(5)anon_upload_enable=YES|NO:匿名用户可上传(6)anon_world_readable_only=YES|NO：匿名用户可下载（NO表示可下载）(7)anon_mkdir_write_enable=YES|NO：匿名用户建立目录(8)anon_other_write_enable=YES|NO：匿名用户删除和重命名(9)anon_root=目录:匿名用户家目录修改(10)anon_umask=xxx：匿名用户上传文件默认权限修改(11)匿名用户的身份修改：    chown_uploads=YES    chown_username=student（修改为student身份）(12)anon_max_rate=102400：最大上传速率(13)max_clients=5：最大连接数

Each time you change the/etc/vsftpd/vsftpd.conf file, you need to restart the service for the changes to take effect:

systemctl restart vsftpd

1. Create a user whitelist:

Users in the list can log in and other users cannot login.

(1)编辑白名单文件：vim /etc/vsftpd/chroot_list写入允许登陆的用户帐号(2)更改配置文件：vim /etc/vsftpd/vsftpd.conf

Write the contents of the file again:

chroot_local_user=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list

2. Restrict local User Login

编辑黑名单文件：vim /etc/vsftpd/ftpusers    ##用户永久黑名单写入拒绝登陆的用户帐号

vim /etc/vsftpd/user_list   ##用户临时黑名单写入拒绝登陆的用户帐号

Temporary blacklist, and in some cases it can become a whitelist, as shown below:

3. Second user whitelist setting

编辑文件：vim /etc/vsftpd/vsftpd.conf写入内容userlist_deny=NO        ##设定参数，此文件从临时黑名单变成白名单，只在名单中出现的用户可登陆ftp

4.ftp Virtual Account Identity

1. Create a virtual account identity

(1) Edit new file:

vim /etc/vsftpd/userfile(文件名任意)

Write content: (write the login account and password, note that after the account password do not have a space)

Save exit.

(2) account password file hash encryption:

db_load -T -t hash -f /etc/vsftpd/userfile /etc/vsftpd/userfile.db

(3) New Edit password verification file:

vim /etc/pam.d/usercheck

Write content:

(4) Editing the FTP configuration file: vim/etc/vsftpd/vsftpd.conf
Write content:

(5) The last step, restart the VSFTPD service:

systemctl restart vsftpd

After the above settings, you can use the Set password login.

2. Assigning Identities to Virtual accounts (user groups)
Edit vsftp configuration file: vim/etc/vsftpd/vsftpd.conf
Write content:

guwst_username=ftp  ##指定为ftp用户组身份

Restart the FTP service.

3. Virtual account independent Home directory settings

We create directories under the root directory ftphome as a home directory for virtual users.
Mkdir/ftphome

(1) Edit file: vim/etc/vsftpd/vsftpd.conf
Add Content:

local_root=/ftphome/$USERuser_sub_token=$USER

(2) Restart the FTP service.

(3) Test: Set up a directory to differentiate the virtual account after landing into which home directory:
Mkdir/ftphome/user1/user1dir-p
Mkdir/ftphome/user2/user2dir-p
Mkdir/ftphome/user3/user3dir-p
(There is no permission to change this home directory)

Login to the virtual account test.

User2 log in to see the directory User2dir indicates that the User2 user's home directory is/ftphome/user2

User3 log in to see the directory User3dir indicates that the User3 user's home directory is/ftphome/user3

5. Virtual account Independent Permissions configuration

(1) Create a new directory to store individual permissions for each virtual account: Mkdir/etc/vsftpd/userconfig

(2) Edit file: Vim/etc/vsftpd/vsftpd.config
Write content:
User_config_dir=/etc/vsftpd/userconfig

(3) New file: Vim/etc/vsftpd/user1 (this file takes the virtual user's home directory as the file name)
Write related permissions. For example:

Save the exit and restart the FVSTPD service to take effect.

For some FTP error prompt code:

350: Authentication failed

500: Too much permission

530: Password account error, authentication policy error

550: The service itself is not allowed to operate

Linux (radhat) Basic Learning-ftp Service

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More