Perfect Combination of RHEL 5 FTP Construction

Source: Internet
Author: User
Tags ftp login gopher ftp protocol

FTP servers are computers that provide storage space on the Internet. They provide services according to the FTP protocol. RHEL 5 is a stable computer system, so it is very important for RHEL 5 to build FTP. Setting up FTP in RHEL 5 is a rigorous process and has strict requirements on some very small areas. The following describes the details of setting up FTP in RHEL 5.

Vsftp allows three login modes:
◆ Anonymous login using ftp or anonymous with an empty password or an email address)
◆ A local user logs on to a system user that exists on the vsftp server, except for special users such as root)
◆ Virtual users cannot log on to the system, but can log on to ftp ).

[Root @ Linserv ~] # Rpm-ivh/mnt/Server/vsftpd-2.0.5-10.el5.i386.rpm
Warning:/mnt/Server/vsftpd-2.0.5-10.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ######################################## ### [100%]
1: vsftpd ####################################### #### [100%]

[Root @ Linserv/] # vi/etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
Root
Bin
Daemon
Adm
Lp
Sync
Shutdown
Halt
Mail
News
Uucp
Operator
Games
Nobody

[Root @ Linserv/] # vi/etc/vsftpd/user_list
# Vsftpd userlist
# If userlist_deny = NO, only allow users in this file
# If userlist_deny = YES (default), never allow users in this file, and
# Do not even prompt for a password.
# Note that the default vsftpd pam config also checks/etc/vsftpd/ftpusers
# For users that are denied.
Ftp
Anonymous
Pop3
Smtp
Exchange

[Root @ Linserv/] # vi login.txt
Pop3
Naruto
Smtp
Naruto
Exchange
123

[Root @ Linserv/] # rpm-ivh/mnt/Server/db4-utils-4.3.29-9.fc6.i386.rpm
Warning:/mnt/Server/db4-utils-4.3.29-9.fc6.i386.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing... ######################################## ### [100%]
1: db4-utils ####################################### #### [100%]

[Root @ Linserv/] # db_load-t hash-T-f/login.txt/etc/vsftpd/login. db

[Root @ Linserv/] # ll/etc/vsftpd/login. db-rw-r -- 1 root 12288 Nov 14 08:34/etc/vsftpd/login. db

[Root @ Linserv/] # chmod 600/etc/vsftpd/login. db

[Root @ Linserv/] # ll/etc/vsftpd/login. db-rw ------- 1 root 12288 Nov 14 08:34/etc/vsftpd/login. db

[Root @ Linserv/] # vi/etc/pam. d/vsftpd. yang
Auth required/lib/security/pam_userdb.so db =/etc/vsftpd/login
Account required/lib/security/pam_userdb.so db =/etc/vsftpd/login
Root @ Linserv/] # useradd-d/home/ftpsite virtual

[Root @ Linserv/] # chmod 700/home/ftpsite/

[Root @ Linserv/] # ll-d/home/ftpsite/
Drwx ------ 2 virtual 4096 Nov 14/home/ftpsite/

[Root @ Linserv/] # vi/etc/vsftpd. conf
Anonymous_enable = YES
Local_enable = YES
Write_enable = YES
Local_umask = 022
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Listen = YES
Pam_service_name = vsftpd. yang
Userlist_enable = YES
Userlist_deny = no
Tcp_wrappers = YES
Guest_enable = yes
Guest_username = virtual
Chroot_local_user = yes
Hide_ids = yes
Max_clients = 100
Max_per_ip = 5
Anon_max_rate = 200000
User_config_dir =/etc/vsftpd/user_config

[Root @ Linserv/] # ls/etc/vsftpd/user_config/anonymous exchange ftp pop3 smtp

[Root @ Linserv/] # cat/etc/vsftpd/user_config/pop3
Anon_world_readable_only = no
Anon_upload_enable = yes

[Root @ Linserv/] # service vsftpd start
Starting vsftpd for vsftpd: [OK]

[Root @ Linserv/] # cat/etc/passwd
Root: x: 0: 0: root:/bin/bash
Bin: x: 1: 1: bin:/sbin/nologin
Daemon: x: 2: 2: daemon:/sbin/nologin
Adm: x: 3: 4: adm:/var/adm:/sbin/nologin
Lp: x: 4: 7: lp:/var/spool/lpd:/sbin/nologin
Sync: x: 5: 0: sync:/sbin:/bin/sync
Shutdown: x: 6: 0: shutdown:/sbin/shutdown
Halt: x: 7: 0: halt:/sbin/halt
Mail: x: 8: 12: mail:/var/spool/mail:/sbin/nologin
News: x: 9: 13: news:/etc/news:
Uucp: x: 10: 14: uucp:/var/spool/uucp:/sbin/nologin
Operator: x: 11: 0: operator:/root:/sbin/nologin
Games: x: 12: 100: games:/usr/games:/sbin/nologin
Gopher: x: 13: 30: gopher:/var/gopher:/sbin/nologin
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin
Nobody: x: 99: 99: Nobody: // sbin/nologin
Rpm: x: 37: 37:/var/lib/rpm:/sbin/nologin
Messages: x: 81: 81: System message bus: // sbin/nologin
Mailnull: x: 47: 47:/var/spool/mqueue:/sbin/nologin
Smmsp: x: 51: 51:/var/spool/mqueue:/sbin/nologin
Nscd: x: 28: 28: NSCD Daemon: // sbin/nologin
Vcsa: x: 69: 69: virtual console memory owner:/dev:/sbin/nologin
Haldaemon: x: 68: 68: HAL daemon: // sbin/nologin
Rpc: x: 32: 32: Portmapper RPC user: // sbin/nologin
Sshd: x: 74: 74: Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
Rpcuser: x: 29: 29: RPC Service User:/var/lib/nfs:/sbin/nologin
Nfsnobody: x: 65534: 65534: Anonymous NFS User:/var/lib/nfs:/sbin/nologin
Pcap: x: 77: 77:/var/arpwatch:/sbin/nologin
A: x: 500: 500:/home/a:/bin/bash
B: x: 501: 501:/home/B:/bin/bash
Virtual: x: 502: 502:/home/ftpsite:/bin/bash

◆ Note: RHEL 5 can be used in vsftpd during FTP construction. add user_list enable = yes and user_list deny = no to the conf configuration file. The first item indicates that the user identity is verified using the user_list file. The file path is/etc/vsftpd/user_list; the second item indicates that only users in the user_list file will allow ftp login, and all other users will be rejected unconditionally. Then, you can add virtual users to the file. At the same time, there is a file/ftpuser in/etc/vsftpd. the user in the file will unconditionally refuse ftp login. the user in the file is mainly some system users, such as root, nobody, bin, adm, etc)

◆ Note: after setting up FTP in RHEL 5, the user will log on to the Home Directory of the virtual system. That is,/home/ftpsite. At the same time, you must add an item in the main configuration file of vsftp to block local users in your home directory to improve security, specifically: chroot_local_user = yes; you can also add a hidden user ID, specifically: hide_ids = yes; you can also set the number of clients that can be connected to the server at the same time in the main configuration file, specifically: max_clients = 100; you can also set the client speed and number of threads as follows:
◆ Max_per_ip = 5 indicates that the number of connections established between the client and the server of the same IP address cannot exceed 5)
◆ Local_max_rate = 500000 indicates that the maximum transmission rate of local users is kb/s)
◆ Anon_max_rate = 200000 indicates that the maximum transmission rate of anonymous users is kb/s)
Indicates that up to 100 clients can be connected to the server. After the master configuration file is changed, restart the service.

After a virtual user logs in, it cannot perform any operation because it only has the minimum system permission. Next, we need to set specific permissions for each virtual user, before that, you need to add a configuration file for setting a virtual user in the main configuration file, specifically: user_config_dir =/etc/vsftpd_user (this is the storage location of the virtual user configuration file, you can modify the location according to the actual situation) and then create the Directory: mkdir/etc/vsftpd_user. Next, create a configuration file with the same name for each virtual user in this directory, such as clst01 in this example, then, set the ftp permission for clst01. The specific permission settings include:
◆ Anon_world_readable_only = no indicates that you can browse the ftp directory and download files)
◆ Anon_upload_enable = yes indicates that you can upload files)
◆ Anon_mkdir_wirte_enable = yes indicates that the user has the permission to create and delete directories)
◆ Anon_other_write_enable = yes indicates that the user has the permission to rename and delete files)
Adjust the actual needs of each user to ensure the security of the server!

On the RHEL 5 operating system platform, you can choose to use wu-ftpd, porftpd, vsftpd, and other FTP server software. These software have their own characteristics. In the vsftpd name, vs is short for very secure, that is, a "very secure" ftp server. At the same time, vsftpd is twice faster than wu-ftpd, vsftp supports simultaneous connection of more than 4000 users on a single machine. RHEL 5 is a perfect combination of stable FTP systems and secure servers.

  1. Set ORACLE11g to enable and disable with RHEL5
  2. RHEL-guided troubleshooting
  3. RHEL configuration NIS Network Information Service instance (1)
  4. Problem Analysis: Is it legal to use RHEL like this?
  5. Vi syntax highlighting in RHEL5

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.