Set up FTP Server 3 in Linux-Linux Enterprise Application-Linux server application information. The following is a detailed description. 2./etc/ftpusers and/etc/ftphosts settings
/Etc/ftpusers is used to set that some users on the system are not allowed to use FTP to transfer files, and/etc/ftphosts is used to set that some hosts are not allowed to connect to the FTP server. This is intended for security considerations.
Examples of using/etc/ftpusers are as follows:
Root
Bin
Daemon
Adm
Lp
Sync
Shutdown
Halt
Mail
News
Uucp
Operator
Games
Nobody
Some users are restricted from logging on to the FTP server for system security reasons, for example, to prevent Super Users from logging on to the system. Some users with the same command name are prohibited from accessing the FTP server.
An example of/etc/ftphosts is as follows:
# Example host access file
#
# Everything after a #### is treated as comment,
# Empty lines are ignored
# Allow [...]
# Only allow host (s) matching to log in .
# Deny [...]
# Always deny host (s) matching to log in .
Allow ideal * .linuxaid.com.cn 10.0.0.0/8
Deny fred * .hacker.com 131.211.32.0/24
Here, only ideal is allowed to log on to the FTP server from the host with the suffix linuxaid.com.cn and the host with 10.0.0.0/255.0.0.0. fred is prohibited from logging on to the FTP server from * .hacker.com and 131.211.32.0/24. If username is anonymous or ftp, it indicates an anonymous user.
3./etc/ftpconversions settings
This file is used to set the operations that users should perform when downloading files, such as compression and decompression. The file content is as follows:
:. Z:/bin/compress-d-c % s: T_REG | T_ASCII: O_UNCOMPRESS: UNCOMPRESS
Decompress all files ending with ". Z" using/bin/compress-d-c.
:::. Z:/bin/compress-c % s: T_REG: O_COMPRESS: COMPRESS
Indicates to compress the transmitted file to ". Z" format.
:. Gz:/bin/gzip-cd % s: T_REG | T_ASCII: O_UNCOMPRESS: GUNZIP
Indicates to decompress all files in ". gz" with "/bin/gzip-cd.
:::. Gz:/bin/gzip-9-c % s: T_REG: O_COMPRESS: GZIP
Indicates to compress the transmitted file to ". gz" format.
:::. Tar:/bin/tar-c-f-% s: T_REG | T_DIR: O_TAR: TAR
Indicates that the file to be transferred is packed with tar.
:. Tar. Z:/bin/tar-c-Z-f-% s: T_REG | T_DIR: O_COMPRESS | O_TAR: TAR + COMPRESS
Indicates that the file to be transferred is compressed into the "tar. Z" format.
: .Tar.gz:/bin/tar-c-z-f-% s: T_REG | T_DIR: O_COMPRESS | O_TAR: TAR + GZIP
Indicates that the file to be transferred is compressed into the "tar.gz" format.
:::. Crc:/bin/cksum % s: T_REG: CKSUM
Indicates that CRC verification is performed on the file to be transferred.
:::. Md5:/bin/md5sum % s: T_REG: MD5SUM
Indicates that the file to be transferred is md5 verified.
In fact, after FTP is installed, the default configuration file has defined commonly used compressed and decompressed programs. Therefore, you do not need to modify the content of this file, however, you can modify the order of the content as needed. For example, if you want to download a file named "file.tar.gz", but there is no such file on the ftp, but there is a file named file.tar.gz, The ftpserver will compress the file into file.tar.gz and pass it to the user. If the file is not found on the server, the server will send the file first found to the user according to the/etc/hosts, file. crc, and file. md5 files. Therefore, the content of the file/etc/ftpconversions can change the order as needed.
So far, an FTP server that provides anonymous access has been successfully installed and configured, and can be connected to test whether the function meets the requirements.
4. wu-ftp related programs
The ftpcount program can count the number of users currently connected and provide an upper limit, for example:
[Root @ linux doc] # ftpcount
Service class friend-0 users (no maximum)
Service class local-0 users (no maximum)
Service class outworld-0 users (no maximum)
There are 0 local users connected, and there is no upper limit. The meanings of other categories are the same.
[Root @ linux doc] # ftpwho
Service class friend:
-0 users (no maximum)
Service class local:
-0 users (no maximum)
Service class local:
-0 users (no maximum)
No user connection is available for the current three categories.
Ftpshut
This program is mainly used to generate/etc/shutmsg, that is, the shutdown command set in/etc/ftpaccess. The format of ftpshut is as follows:
Ftpshut [-V] [-l min] [-d min] time [warning-message...]
-L this option sets the number of minutes before the FTP server is shut down to stop user connection requests.
-D this option is used to set the number of minutes before the FTP server is shut down to disconnect connected users
Time: set the time when the FTP server is disabled. For example, if you want to disable the FTP server at, the time is 2200.
Warning Information displayed to the user before the warning-message disconnection
For example:
[Root @ linux/etc] # ftpshut-l15-d5 1800 "ftp server will shutdown"
[Root @ lix/etc] # less shutmsg
2000 04 07 18 00 0015 0005
Ftp server will shutdown
5. Open an FTP-only account
In many cases, you need to set up users who only allow ftp to the server. The implementation method is as follows:
1. open accounts for these users on the system in the usual way.
Delete item:
Ftp_user1 :!! : 11113: 0: 99999: 7:-1:-1: 134537372
"!! ", And then use the ftp_usre1 user to log on, the user will not ask for the password, and then use passwd to set the password for the user
2. Use vi to modify the/etc/shells file and add/dev/null or/bin/passwd, as shown below:
2. Use vi to open the file/etc/passwd
3. Change the logon shell of those users that only allow FTP to/dev/null (if the user is not allowed to change the password) or/bin/passwd (if you are allowed to change the password), as shown below:
In this way, the user can only use services such as pop3 and FTP, but cannot log on to the system through telnet.
6. Set up a virtual FTP host
A virtual anonymous host is a machine that has multiple IP addresses and can provide anonymous FTP servers externally. These servers are logically independent, there are different access control tables and different download content. To set up a virtual FTP server, follow these steps:
1. First, set an alias IP address for a local Nic, that is, bind multiple IP addresses to one Nic. For example, your internal FTP host is 192.168.0.4.
You can bind another IP address as follows:
/Sbin/ifconfig eth0: 0 192.168.0.5 up // Add a new IP address to the interface
/Sbin/route add-host 192.168.11.7 eth0: 0 // add route information
2. First create the directory/home/virtualftp and/var/log/virtualftp. Generate the banner file/home/virtualftp/banner_message to modify the FTP server's master configuration file/etc/ftpaccess, add support information for virtual FTP, and add the following lines to the file:
The preceding three indicators indicate the logon display information of the record files of the root directory set separately. The above path and file name can be defined at will.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.