RHCEvsftpd, samba server-side write configuration details

This section describes how to configure vsftp for anonymous upload and samba file sharing. This is a classic experiment in the file system and a hot spot in RHCE. It is necessary to organize the experiment. 1. Anonymous FTP allows upload, create an incoming directory under the/var/ftp directory and allow anonymous users to upload data [root @ server ~] # Rpm-qa | grepvsftpd // confirm vsftpd is installed. If vsftpd is not installed, use yum to install vsftpd-

This section describes how to configure vsftp for anonymous upload and samba file sharing. This is a classic experiment in the file system and a hot topic of RHCE. It is necessary to sort it out.
1: anonymous FTP allows upload. A new incoming directory is created under the/var/ftp directory, allowing anonymous users to upload data.

[Root @ server ~] # Rpm-qa | grep vsftpd // confirm that vsftpd is installed. If not, use yum for installation.
Vsftpd-2.0.5-16.el5
[Root @ server ~] # Cd/var/ftp/
[Root @ server ftp] # ls-Z // view the context of pub's selinux
Drwxr-xr-x root system_u: object_r: public_content_t pub

[Root @ server ftp] # chgrp ftp incoming // sets the owner and permission of the incoming directory.
[Root @ server ftp] # chmod 730 incoming/
[Root @ server ftp] # chcon-t public_content_rw_t incoming // sets the selinx context that allows anonymous users to write data to the incoming directory.
[Root @ server ftp] # setsebool-P allow_ftpd_anon_write on // adjust selinux's Boolean value for anonymous user uploads

[Root @ server ~] # Grep-v '^ #'/etc/vsftpd. conf
Anonymous_enable = YES // allow anonymous users to log on
Local_enable = YES // allow local users to log on
Write_enable = YES // allow local users to write data to their home directory
Local_umask = 022 // reverse mask of local files
Anon_upload_enable = YES // allows anonymous users to upload files. This tutorial focuses on
Dirmessage_enable = YES // enable the logon Welcome Message
Xferlog_enable = YES // logs
Connect_from_port_20 = YES // The control port is tcp 20
Chown_uploads = YES // Changes the file owner uploaded by anonymous users. This tutorial focuses on
Chown_username = daemon // change the owner of files uploaded by anonymous users to daemon.
Anon_umask = 077 // reverse mask of uploaded files by anonymous users
Xferlog_std_format = YES // logs are recorded in standard format
Listen = YES // listening port
Connect_from_port_20 = YES // Enable TCP port 20 as the control port

[Root @ server ~] # Service vsftpd start // start the service and ensure that the service is automatically started upon next boot
Starting vsftpd for vsftpd: [OK]
[Root @ server ~] # Chkconfig vsftpd on

Client test:
C: \> ftp 192.168.100.20
Connect to 192.168.100.20.
220 (vsFTPd 2.0.5)
User (192.168.100.20 :( none): ftp
331 Please specify the password.
Password:
230 Login successful.
Ftp> pwd
257 then /" // by default, anonymous users execute chroot, while non-anonymous users do not execute chroot.
Ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
Incoming
Pub
226 Directory send OK.
Ftp: 15 bytes received, 0.00 KB/second in 15000.00 seconds.
Ftp> cd incoming
250 Directory successfully changed.

Ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
226 Transfer done (but failed to open directory ).
Ftp> put c: \ 1.txt
200 PORT command successful. Consider using PASV.
150 OK to send data.
226 File receive OK.
Ftp: Send 5 bytes, 0.23 KB/second in 0.02 seconds.

Ftp> ls
200 PORT command successful. Consider using PASV. // because the directory is set to 730, no anonymous user has ls permission
150 Here comes the directory listing.
226 Transfer done (but failed to open directory ).

[Root @ server incoming] # ll // server-side authentication. The permission is 600 and the owner is daemon. For ftp host-level access control, tcpwrap and iptables can be implemented.
Total 8
-Rw ------- 1 daemon ftp 5 Mar 25 1.txt