First, the principle of FTP work
In an FTP session, there are two separate network connections: control connections and data connections. Typically, the FTP server listens on the port number 21, waiting for the control connection to establish the request. When the FTP control connection is established, you can begin transferring files, and the connection to the transfer file is called FTP "FTP data Connection". FTP data connection is the process of FTP data transmission, it has 3 kinds of transmission mode, namely Active transmission mode (PORT), passive transmission mode (passive, PASV), single port mode.
Active transmission mode : When the FTP control connection is established, the client presents the directory list and transmits the file, the client issues the port command to negotiate with the server, and the FTP server uses ports 20 as the data connection port of the server to establish data connection with the client. Port 20 is used only for connections where the source address is a server, and Port 20 does not have a listener process but rather listens to client requests. In active transfer mode, the FTP server uses port 20 to connect to the client's temporary port and transfer the data, and the client is only in an accepted state.
Passive transmission mode : When the FTP control connection is established, the client presents the directory list and transmits the file, the client sends the PASV command to make the server out of passive transmission mode, and the FTP server waits for the customer to contact. The FTP server listens for client requests on other data transfer ports other than Port 20. When an FTP client accesses an FTP server outside the firewall, it needs to use the passive transfer mode. That is, the FTP server opens a temporary port waiting for the client to connect to and transmit data. The server does not participate in the active transmission of the data, but passively receives it.
Single port mode : Using this transfer mode, the client's control connection port is consistent with the data connection port. This pattern is not commonly used because it cannot continuously enter data and transfer commands in a short period of time.
Second, Linux server-side main FTP software: wu-ftpd, VSFTPD, ProFTPD
Details about the software are not discussed here.
Third, configure the VSFTPD server
VSFTPD configuration file
Main program of/USR/SBIN/VSFTPD VSFTPD
/ETC/RC.D/INIT.D/VSFTPD startup script
/ETC/VSFTPD/VSFTPD.CONF Master configuration file
/ETC/PAM.D/VSFTPD Pam Certification File
/etc/vsftpd.ftpusers prohibit the use of VSFTPD user list files
/etc/vsftpd.user_list prohibit or allow the use of VSFTPD user list files
/var/ftp Anonymous User home directory
/var/ftp/pub download directory for anonymous users
/etc/logrotate.d/vsftpd.log vsftpd log file
1. Quickly build a VSFTPD server
1.1: Install Package
1.2: Start the VSFTPD server
1.3: Create the file in the/var/ftp/pub directory Test1
#touch/var/ftp/pub/test1
1.4: In the client with LEAPFTP software testing
To this, a simple VSFTPD server is set up. This is an anonymous FTP server that specializes in downloading services because Red Hat already has a default FTP server configured, but most of the requirements are not applicable in practical applications.
2. Disable Anonymous Logon to FTP
1.1: Modify the main configuration file:/etc/vsftpd/vsftpd.conf
Change yes to No on line 12th, save exit, restart Service
3. Lock the user's login directory
3.1: The Default User Login to FTP, in addition to see their own home directory, but also to browse other directories, here let users lock in their own home directory
3.2: Modify the primary configuration file
Add 117 and 118 lines, open the lock User directory, and then specify a locked user's list file
3.3: Restart the service and add the US1 user to the list file
#service vsftpd Restart
#echo US1 >/etc/vsftpd/chroot_list
3.4: Verify the effect
Can see his access to the directory can only stay in his home.
4. Change the user's default login directory
4.1: Change the user's access directory is:/tmp
By default each user logs on to FTP and is logged into his home directory
4.2: Build a file in/tmp: TEST2
#touch/tmp/test2
4.3: Modify the primary configuration file and add it to the last line of the main configuration file:
# local_root=/tmp
4.4: Restart the service and verify the effect
US1 's login directory has changed to/tmp
5. Configure the user's personal profile
In the primary configuration file, all parameters are in effect for each user, such as: Local_max_rate=value (limiting the user's maximum data transfer speed), and defining this option in the master configuration file will limit the same speed to all users, but If you want to increase the maximum data transfer speed for some of the features of the user, use the user's personal profile.
5.1: Define the user's personal profile directory first: Add a row to the primary configuration file
#user_config_dir =/etc/vsftpd/userconf
5.2: Create this directory
#mkdir/etc/vsftpd/userconf
5.3: Create a file with the same name as the user in this directory, such as a personal profile that defines US1
#touch/etc/vsftpd/userconf/us1
5.4: Modify the file US1 just created to define the user US1 some personal configuration parameters (only for US1). For example, set US1 maximum data transfer speed, then add a row
local_max_rate=100000 #单位为Bytes/S
6. Only allow specific users to log on to FTP
6.1: Modify the main configuration file, add the following three lines
#userlist_deny =no
#userlist_enable =yes
#userlist_file =/etc/vsftpd.user_list
The third line represents the user's list file, and the second row is yes, which means that the option is activated, and when a user in the list logs on to the FTP server, the user is prohibited from promoting the input password. The user is not allowed to log on. However, the first row value is no, the user who represents the user list file can log on to the FTP server, and by default Yes, the user in the file is prevented from logging in. So on the second and third lines, be sure to change the value of the first row to no, otherwise the user in the list is blocked from landing.
6.2: Add users who are allowed to log in to the list file
#echo us2/etc/vsftpd.user_list
6.3: Restart the service, the FTP server only allows US2 to log in.
7. Set the user's operation rights
Write_enable=yes/no
Whether you have writable permissions
anon_umask=
Sets the umask value of the new file for anonymous users, which defaults to 077
local_umask=
Sets the Umask value when the user adds a new file, the default is 077
File_open_mode=
Set the full limit for uploading files, default to 0666. If the file you are uploading has execute permissions, modify to 0777
This article is from: http://lonay.blog.51cto.com/872125/194923