FTP: File Transfer Protocol, Client/Server mode
1. Install WU-FTPD
#rpm -ivh wu-ftpd*.rpm #tar zxvf wu-ftpd*.tar.gz #cd wu-ftp* #./configure #make #make install |
If no installation directory is specified, the execution files are installed in/usr/bin and/usr/sbin by default.
2. Start the WU-FTPD
Cd to the/etc/xinetd. d/directory |
Open the wu-ftpd file and change disable = yes to disable = no.
Then restart the xinetd service:
#/etc/rc.d/init.d/xinetd restart |
Iii. Confirm FTP startup
#telnet localhost 21 Trying 127.0.0.1 connected to rh escape character is '^]', 220 rh.china.com FTP server (version wu-2.6.1) mon jul 24 01:59:25 EDT 2000)ready. |
^] // Press ctrl +.
Telnet> q // press Q to exit.
Iv. Anonymous FTP settings and organization
/Etc/ftpaccess // The most important profile for the WU-FTPD /Etc/ftpconversions // when an anonymous FTP user transfers a file, the file can be tar, compressed, and decompressed. /Etc/ftpgroups // specifies which user groups cannot log on to the FTP server. /Etc/ftphosts // specifies which network addresses cannot be connected to the FTP server /Etc/ftpusers // specifies who cannot log on to the FTP server. |
Executable program for the WU-FTPD
/Usr/bin/ftpcount // query the current number of online users. /Usr/bin/ftprestart // reactivate FTP /Usr/bin/ftpshut // generate the shutmsg file and suspend the FTP service. /Usr/bin/ftpwho // query online Conditions |
Directory of the downloaded file
To increase system security, you can use adduser to add administrators of FTP Server resources, such as ftpadm, and add ftpadm to the adm group. In this way, when others have suggestions for FTP, you can send an email to ftpadm, instead of having to run the root program on everything.
Modify/etc/group as follows:
adm:x4:root,adm,daemon,ftpadm |
Then:
/Var/ftp/bin directory
Because anonymous users cannot see anything except/var/ftp, they must provide enough files for anonymous FTP. By default,/var/ftp is the root directory of FTP users, /var/ftp/bin directory
Place some commonly used FTP commands, such as ls, tar, gzip, compress, and other execution files. The directory permission should be 111.
/Var/ftp/etc directory
This directory contains some settings files required by anonymous FTP users, such as passwd and group. When an anonymous user executes ls-l, the file and directory of the FTP server will display the owner's name and group instead of numbers. The permission for this directory is 111.
/Var/ftp/pub directory
Place the start point of the downloaded file. Normally, the file resource features are classified under the pub directory, and then subdirectories are created, which are planned by the Administrator.
/Var/ftp/upload directory
Upload directory. By default, the system does not provide the upload directory. If you need to upload files, you must create the directory by yourself to provide anonymous FTP users to upload files. To avoid viruses, a good administrator will filter the files and directories in upload. After everything is correct, the uploaded files will be moved to the download area. Generally, the permission for setting the upload directory is chmod 733.
5. Restrict login users and hosts
Users that can be logged on can be divided into three categories: real, anonymous, and guest.
Real:
A user who owns an account on this server and logs on to it with his account. The default logon directory for such accounts is its exclusive directory, but as long as he has the permission to read a directory, which directory can be switched even if the directory is not in its exclusive directory.
Anonymous:
Users without accounts on this server can use anonymous and email addresses as account names and passwords to log on to the server anonymously. The root cause after logon is/var/ftp, such users cannot switch to directories other than/var/ftp.
Guest:
Guest account. In some cases, the Administrator may only want users with accounts to access files under the exclusive directory rather than files outside the exclusive directory after logging on, therefore, the administrator can use ftpaccess to set the guestuser or guestgroup parameters in the file to specify which users belong to this type.
Set users that cannot log on
The/etc/ftpusers setting file is used to set which users are not allowed to log on. The method is that each user occupies a row.
Modify the/etc/ftphosts setting file
This file is used to allow or deny users to log on from different addresses. There are two formats: allow and deny.
1. allow specific users to log on to allow from a specified address
The format is as follows:
Allow <Account Name> Allow test * .china.com |
2. Refuse to log on to deny from a specified address.
The format is as follows:
Deny <Account Name> <Host Name>... for example, the user test is not allowed to log on from the 202.198.16.8 address, Deny test 202.198.16.8 |
Vi. server environment settings (/etc/ftpaccess file)
Command
Class
Class is used to define a user Working Group and specify the categories of users that belong to the Working Group, or the blocked address from which the Group belongs. At the same time, we can define multiple working groups in an ftpaccess file. The format is as follows:
Class <workgroup name> <user category> |
Workgroup name: the name of the workgroup, defined by the Administrator.
User category: real, anonymous, and guest are available.
Host address: Enter the IP address or domain name of the host where the user is located. You can specify the host address or use the wildcard.
The following example shows the default value:
Class all real, guest, anonymous * // The workgroup name defined by this definition is all, and this workgroup member is set to all categories of users logged in from anywhere. |
For example, class group1 real *
class group2 real,guest,anonymous *.china.com 203.84.200.* |
Email
Set the FTP server administrator's e-mail address. When the WU-FTPD wants to display the Administrator's e-mail address, the format is shown here:
For example:
Exercise:
1. Start FTP
2. Create user accounts aaa and bbb, and set that bbb login is not allowed
3. Create a working group group1, which defines that the members of this working group are real and anonymous users logged on from the 192.168.9.0 network.
Guestuser
User in the guest category
Example (Format ):
Guestgroup
Used to specify which workgroup belongs to the guest category. In the following example, users who belong to the guestgp workgroup belong to the guest category: the guestgroup guestgp // guestgp workgroup must be established first.
Loginfails
Set the maximum number of Logon failures allowed for users. The format is as follows:
Loginfails <logon times> // The number of logons indicates that when the user has entered an incorrect account and password that exceeds the set number of logons, the user is no longer allowed to log on again.
For example:
Readme
This parameter is used to set the following format when a user logs on to FTP or switches to a directory for the first time:
Readme <description file path> <timing> <workgroup name> |
Description file path:
Set the location of the description file. Wildcards can be used here *
Timing:
Set the time to display the prompt information. Use the login option to indicate that the user has logged on. Use the cwd = <path> Option to indicate that the user has switched to this directory for the first time.
Workgroup name:
A prompt is displayed only for the specified workgroup.
Exercise:
Settings:
Readme README * login // when the user logs on to FTP, the system will prompt the user to read the README * files in the same directory and create a README file in the exclusive directory of the user, or create a file starting with the README name and enter some content.
Restart the xinetd service
/etc/rc.d/init.d/xinetd restart |
Connect to the ftp server as a user in shell status. You will be prompted to read the README file
Example 2
Set readme README * cwd = * // indicates that when the user switches to any directory at a time, the system will prompt the user to read the README * file in the same directory.
Example 3
Set readme README * CWD =/LIB GROUP1 // indicates that the system will prompt the user to read the README * file only when the user of group1 workgroup switches to the/lib directory for the first time.
Message
Is used to set the welcome information to be displayed after a user logs on or switches to a directory for the first time. The format is as follows:
Message <information file path> <timing> <Category> |
Information File Path:
Set the location where the welcome information file is stored. The path is relative to the/var/ftp directory.
Timing:
Set the time to display the prompt. When the login option is used, cwd = <path> indicates the first time a user switches to the directory, the prompt is displayed only when the user switches to the directory, if you switch back to the same directory again, no information is displayed.