First, Introduction
1. Introduction
File Transfer is the abbreviation for Protocol (document Transfer Protocol), while Chinese is called "File Transfer Protocol". Used for two-way transmission of control files on the Internet. At the same time, it is also an application (application). There are different FTP applications based on different operating systems, and all of these applications follow the same OH protocol to transfer files. In the use of FTP, users often encounter two concepts: "Download (Download)" and "Upload (Upload)."
The download file is to copy the file from the remote host to your computer;
Uploading a file is a copy of the file from your computer to a remote host.
Servers that support the FTP protocol are FTP servers.
2. Working mode
Active mode:
The FTP client sends a request to the server's FTP control port (by default, 21), the server accepts the connection, establishes a command link, and when the data needs to be transferred, the client tells the server with the Port command on the command link: "I opened a port and you came to me." The server then sends the connection request from Port 20 to the client's port and establishes a data link to transmit the data. In the process of data link establishment is the server unsolicited request, so called the active mode.
FTP Active mode (command line is active mode)
The server uses port 20th, which actively connects the client to a random port greater than 1024.
Passive mode:
The FTP client sends a connection request to the FTP control port of the server, the server receives the connection, establishes a command link, and when the data needs to be transferred, the server tells the client with the PASV command on the command link; "I opened a port and you came to me." The client then sends a connection request to the port on the server and establishes a data link to transmit the data. In the process of data link establishment, the server waits for the client request passively, so it is called passive mode.
The FTP passive mode client uses a random port greater than 1024 to actively connect to a random port with a server greater than 1024.
An
FTP server in active mode needs to set a less-than-necessary firewall between the server and the client:
allow FTP clients to connect 21 ports of the FTP server from ports greater than 1024
allow the FTP server to respond from port 21 to network connections that are larger than 1024 ports in the FTP client.
allow FTP servers to actively connect to ports greater than 1024 in FTP clients from Port 20
allow FTP clients to respond to network connections from FTP server 20 ports from ports greater than 1024
In passive mode, an FTP server needs to be set up in a firewall between the server and the client:
allow FTP clients to connect 21 ports of the FTP server from ports greater than 1024
allow the FTP server to respond from port 21 to network connections that are larger than 1024 ports in the FTP client.
allow FTP clients to actively connect to ports greater than 1024 on FTP servers from more than 1024 ports
allow FTP servers to respond to network connections from FTP clients larger than 1024 ports from ports greater than 1024
3. Service Side and client program
1) Common FTP server programs:
Windows:iis, Serv-u
LINUX:WU-FTPD, PROFTPD, vsftpd (Very Secure FTP Daemon, Common)
2) Common FTP client programs:
CuteFTP, FlashFXP, Leapftp, Filezilla
GFTP, KUFTP, FTP commands (Linux may need to install itself, yum-y install FTP)
Second, the installation and configuration of FTP server
1. Installation
1) Server side: VSFTPD
2) Client:
Linux system: Install FTP command
Windows systems: Connecting using third-party software
2. Detailed configuration file
/etc/vsftpd/vsftpd.conf #主配置文件
Anonymous_enable=yes #允许匿名用户访问
anon_umask=022 #匿名用户所上传文件的权限掩码 (no this, default is 600)
Anon_root=/var/ftp #匿名用户的FTP根目录
Anon_upload_enable=yes #允许匿名用户上传 (both server permissions and directory permissions need to be set)
Anon_mkdir_write_enable=yes #允许创建目录
Anon_other_write_enable=yes #开放其他写入权
Anon_max_rate=0 #限制最大传输速度 (Bytes/sec)
Local_enable=yes #是否启用本地系统用户
local_umask=022 #本地用户所上传文件的权限掩码
Local_root=/var/ftp #设置本地用户的FTP根目录
Chroot_local_user=yes #是否将用户禁锢在主目录
Local_max_rate=0 #限制最大传输速率
listen_address=192.168.4.1 #设置监听的IP地址
Listen_port=21 #设置监听FTP服务的端口号
Write_enable=yes #是否启用写入权限
Download_enable=yes #是否允许下载文件
Max_clients=0 #限制并发客户端连接数
Max_per_ip=0 #限制同一IP地址的并发连接数
3. Virtual User Configuration
1) Establish the virtual FTP user's account database file
Vi/etc/vsftpd/vusers.list (odd line write user name, even line write password)
Lc
123
Sc
123
Cd/etc/vsftpd
Db_load-t-T hash-f vusers.list vusers.db
chmod 600/etc/vsftpd/vusers.*
2) Create the FTP root directory and the virtual user Mapping system user
useradd-d/var/ftproot-s/sbin/nologin Virtual
chmod 755/var/ftproot
3) Establish a PAM authentication file that supports virtual users
Vi/etc/pam.d/vsftpd.vu
#%pam-1.0
Auth Required pam_userdb.so Db=/etc/vsftpd/vusers
Account Required Pam_userdb.so Db=/etc/vsftpd/vusers
Add Virtual user Support
4) Add support configuration in the vsftpd.conf file
Local_enable=yes
Write_enable=yes
anon_umask=022
Guest_enable=yes
Guest_username=virtual
Pam_service_name=vsftpd.vu
User_config_dir=/etc/vsftpd/vusers_dir
5) Create separate profiles for individual virtual users
Mkdir/etc/vsftpd/vusers_dir
Cd/etc/vsftpd/vusers.dir
VI LC
Anon_upload_enable=yes
Anon_mkdir_write_enable=yes
Start the service and test
6) Reload VSFTPD configuration
Service VSFTPD Reload
7) Access test using virtual FTP account
Each user can access the FTP server through the permissions assigned to it in their own standalone profile.
This article is from the Linux OPS blog, so be sure to keep this source http://jinghsy.blog.51cto.com/7648537/1654805
Linux system FTP Server Setup and configuration