Linux study note _ 12 _ file sharing service _ 2_FTP Application -- vsftpd

Wu-FTP: Old, Complex Configuration
Proftp: Powerful
Vsftp: Secure, fast, and stable [Default FTP software]

VSFTP Server Configuration

Start:/etc/rc. d/init. d/vsftpd start
[Access to the user's home directory and anonymous access are supported by default after startup]
Configuration File:/etc/vsftp. conf


1. Anonymous Access
1. anonymous FTP Username: ftp, anonymous
In this case, go to the pseudo-user home directory/var/ftp


2. Edit the/etc/vsftp. conf file.
Anonymous_enable = YES // Allow Anonymous Access


Xferlog_enable = YES // activate the upload and download logs
Xferlog_std_format = YES
Xferlog_file =/var/log/xferlog


Ftpd_banner = Welcome... // displays the prompt information. By default, vsftp version information is displayed.

[Just write it at the end of the file]
Anon_max_tate = 100000 // The maximum transmission rate of anonymous users is 100 K/s. [inaccurate value]


3. Connect to the FTP server. Common commands
Ftp address
Ftp>
Ls-view directory files
Cp-switch directory (FTP)
Bin-binary Transfer
LCD-switch download directory (local)
Get-download a single object
Mget-download multiple files
Put-upload a file
Mput-upload multiple files
Prompt-Disable Interaction Mode
Bye-exit
Open FTP address-connect to the FTP server
User-enter the FTP server user name and password
3. [use FTP client commands to automate upload and download]
1) write the script auto. ftp:
Open 192.168.16.155
User ftp xiaofang@163.com.
Bin
Prompt
LCD/ftp. bak
Mget *
Bye
2) execute the script
Ftp-n <auto. ftp or ftp-n>/dev/null

2. User Access
1. Normal users support upload and download by default.
* If SELinux is enabled to allow users to upload files to the Home Directory, run the following command:
Setsebool-P ftp_home_dir 1/on
Setsebool-P allow_ftpd_full_access 1/on
* Or edit/etc/selinux/config to disable SELinux.


2. Edit the/etc/vsftp. conf file.
Local_enable = YES // user logon is allowed and must be enabled
Write_enable = YES
Local_umask = 022


* Local_max_rate = 200000 // limits the user transmission rate to kb/s


3. User access restriction [preferably enabled]
1. Restrict access from specified users, while other users can access
Userlist_enable = YES
Userlist_deny = YES
Userlist_file =/etc/vsftpd. user_list
2. restrict access by the specified user, while other users cannot.
Userlist_enable = YES
Userlist_deny = NO
Userlist_file =/etc/vsftpd. user_list


Note When writing the/etc/vsftpd. user_list file: each user occupies one row]


3. Set chroot
Function of chroot: on the FTP server, the user accesses the home directory as the root directory, so the result displayed by pwd is/
You can edit/etc/ftpd/vsftpd. conf.
1) set all users to execute chroot
Chroot_local_user = YES
2) set the specified user to not execute the chroot command, that is, the user can access a directory other than his/her home directory.
Chroot_local_user = YES
Chroot_list_enable = YES
Chroot_list_file =/etc/vsftpd/chroot_list


Note when writing/etc/vsftpd/chroot_list: each user occupies one line]


4. Other settings
Idle_session_timeout = 600 // The user session is suspended after being idle for 10 minutes.
Max_clients = 50 // The total number of concurrent connections to the server is 50
Max_per_id = 3 // The maximum number of connections per client is 3
Listen_port = 10011 // specify the non-standard port as 10011 [1024 or above]. The default port is 21.
// You can block general scans.
Access: ftp 192.168.139.1 10011


[Appendix :]
Nmap port scanning tool. By default, it only scans well-known ports and worker ports.
Nmap host address
For example, nmap 192.168.139.1
Specify scan range: nmap-p1-65535 192.168.139.1