Launch of the FTP service 1.FTP service under Redhat
1. Edit file: Vim/etc/sysconfig/selinux
Line 6th selinux=disabled
Save exit.
Reboot the host.
2. Installing VSFTPD
yum install vsftpd -y
Installation Complete:
To open the FTP service:
systmctl start vsftpdsystemctl enable vsftpd
3. Firewall allows FTP connection
firewall-cmd --permanent --add-service=ftp ##允许ftp连接firewall-cmd --reload ##重启火墙使设置生效
4. Test: FTP access to this host ftp://172.25.254.157
Basic information for 2.FTP
Access Data port: 21
Data transfer port: >1024 Random Port
Default Publish directory:/var/ftp/
Access method:
lftp ip地址 ##匿名登陆
lftp ip地址 -u username ##用户登陆
Configuration file for ftp:/etc/vsftpd/vsftpd.conf
Secure deployment of 3.FTP
Edit Profile: vim/etc/vsftpd/vsftpd.conf
(1)anonymous_enable=YES|NO:匿名用户是否可登陆(2)local_enable=YES|NO:本地用户是否可以登陆(3)write_enable=YES|NO:本地用户是否可写文件(4)设置匿名用户可写: a.改变目录权限,使用户组有可写权限:chmod 775 /var/ftp/pub b.目录的所有组改成ftp组:chgrp ftp /var/ftp/pub(匿名登陆用户属于ftp组)编辑文件/etc/vsftpd/vsftpd.conf第29行,改为YES(5)anon_upload_enable=YES|NO:匿名用户可上传(6)anon_world_readable_only=YES|NO:匿名用户可下载(NO表示可下载)(7)anon_mkdir_write_enable=YES|NO:匿名用户建立目录(8)anon_other_write_enable=YES|NO:匿名用户删除和重命名(9)anon_root=目录:匿名用户家目录修改(10)anon_umask=xxx:匿名用户上传文件默认权限修改(11)匿名用户的身份修改: chown_uploads=YES chown_username=student(修改为student身份)(12)anon_max_rate=102400:最大上传速率(13)max_clients=5:最大连接数
Each time you change the/etc/vsftpd/vsftpd.conf file, you need to restart the service for the changes to take effect:
systemctl restart vsftpd
1. Create a user whitelist:
Users in the list can log in and other users cannot login.
(1)编辑白名单文件:vim /etc/vsftpd/chroot_list写入允许登陆的用户帐号(2)更改配置文件:vim /etc/vsftpd/vsftpd.conf
Write the contents of the file again:
chroot_local_user=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list
2. Restrict local User Login
编辑黑名单文件:vim /etc/vsftpd/ftpusers ##用户永久黑名单写入拒绝登陆的用户帐号
Or
vim /etc/vsftpd/user_list ##用户临时黑名单写入拒绝登陆的用户帐号
Temporary blacklist, and in some cases it can become a whitelist, as shown below:
3. Second user whitelist setting
编辑文件:vim /etc/vsftpd/vsftpd.conf写入内容userlist_deny=NO ##设定参数,此文件从临时黑名单变成白名单,只在名单中出现的用户可登陆ftp
4.ftp Virtual Account Identity
1. Create a virtual account identity
(1) Edit new file:
vim /etc/vsftpd/userfile(文件名任意)
Write content: (write the login account and password, note that after the account password do not have a space)
Save exit.
(2) account password file hash encryption:
db_load -T -t hash -f /etc/vsftpd/userfile /etc/vsftpd/userfile.db
(3) New Edit password verification file:
vim /etc/pam.d/usercheck
Write content:
(4) Editing the FTP configuration file: vim/etc/vsftpd/vsftpd.conf
Write content:
(5) The last step, restart the VSFTPD service:
systemctl restart vsftpd
After the above settings, you can use the Set password login.
2. Assigning Identities to Virtual accounts (user groups)
Edit vsftp configuration file: vim/etc/vsftpd/vsftpd.conf
Write content:
guwst_username=ftp ##指定为ftp用户组身份
Restart the FTP service.
3. Virtual account independent Home directory settings
We create directories under the root directory ftphome as a home directory for virtual users.
Mkdir/ftphome
(1) Edit file: vim/etc/vsftpd/vsftpd.conf
Add Content:
local_root=/ftphome/$USERuser_sub_token=$USER
(2) Restart the FTP service.
(3) Test: Set up a directory to differentiate the virtual account after landing into which home directory:
Mkdir/ftphome/user1/user1dir-p
Mkdir/ftphome/user2/user2dir-p
Mkdir/ftphome/user3/user3dir-p
(There is no permission to change this home directory)
Login to the virtual account test.
User2 log in to see the directory User2dir indicates that the User2 user's home directory is/ftphome/user2
User3 log in to see the directory User3dir indicates that the User3 user's home directory is/ftphome/user3
5. Virtual account Independent Permissions configuration
(1) Create a new directory to store individual permissions for each virtual account: Mkdir/etc/vsftpd/userconfig
(2) Edit file: Vim/etc/vsftpd/vsftpd.config
Write content:
User_config_dir=/etc/vsftpd/userconfig
(3) New file: Vim/etc/vsftpd/user1 (this file takes the virtual user's home directory as the file name)
Write related permissions. For example:
Save the exit and restart the FVSTPD service to take effect.
For some FTP error prompt code:
350: Authentication failed
500: Too much permission
530: Password account error, authentication policy error
550: The service itself is not allowed to operate
Linux (radhat) Basic Learning-ftp Service