1. Why use ftp?
As a backend server developer, I believe that I have my own understanding and understanding of why FTP is installed on the server. In practical applications, once the server is installed and put into use, it is often placed in the data center. Generally, developers do not directly enter the data center for development or software maintenance. In this case, installing the FTP tool for the server becomes so important. It allows technicians to remotely operate the server by uploading or downloading files from the server to the local machine. Therefore, in terms of server architecture, FTP tools are often essential for installation.
2. Introduction to vsftpd
Vsftpd is the next common FTP tool in Linux. In rh Linux, vsftpd, an FTP tool, is not installed as a standard in the system. In other words, we need to install the FTP tool by ourselves.
Vsftpd is short for "very secure FTP daemon". Security is one of its biggest features. Vsftpd is the name of a server running on a UNIX operating system that can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc, it is a completely free FTP server software developed with source code. It supports features not supported by many other FTP servers. For example, high security requirements, bandwidth restrictions, good scalability, virtual User Creation, IPv6 support, and high speed. [The above definition is taken from Baidu encyclopedia]
Vsftpd has many advantages, so it becomes one of the most commonly used FTP tools on Linux servers. There are many instructions on this. If you are interested, you can directly view the description of [Baidu encyclopedia]. I will not go into details here.
3. Install vsftpd
Before vsftpd is installed and used, we still cannot connect to the server by using FTP commands on a remote machine to upload or download files (of course, FTP tools are not installed yet ).
I first found the available FTP installation package on the Internet:Vsftpd-2.0.5-16.el5_4.1.i386.rpm. The download link is provided below!
Http://download.csdn.net/detail/libear218/3046262
I created a software directory under the root directory in the Virtual Machine and specially placed the software installation package (using the root user, the parent directory is the root directory /)
Directly put the FTP installation package into the server through the Virtual Machine.
Check whether vsftpd has been installed as a root user: rpm-Qa | grep vsftpd (it can be seen that vsftpd has not been installed yet)
Install vsftpd: rpm-IVH/software/vsftpd-2.0.5-16.el5_4.1.i386.rpm as root users
Run the root user to check the vsftpd installation status: rpm-Qa | grep vsftpd (the installation content is displayed, indicating that vsftpd has been installed)
4. vsftpd Configuration
After vsftpd is installed, we cannot use vsftpd properly for two reasons:
1. vsftpd is not configured (or is not personalized) 2. vsftpd is not started |
Next, we need to configure vsftpd. In vsftpd, the main configuration file is vsftpd. conf. The following describes the configuration file of vsftpd.
1. Main configuration file/etc/vsftpd. conf 2./etc/vsftpd/ftpusers prohibits access to the user list file of the vsftpd server. As the name suggests, if you want to prohibit users from using FTP to log on, simply write it here. 3./etc/vsftpd/user_list configure vsftpd. conf Based on the master to permit or prohibit access to the server's user list file. That is to say, it can be used as a license list or a prohibited list, depending on the parameters in vsftpd. conf. 4./var/ftp: default directory when anonymous users log on |
The following describes the main parameters of the main configuration file.
Anonymous_enable specifies whether anonymous logon is allowed. The default value is yes. Local_enable specifies whether to allow local users to log on. The default value is yeswrite_enable, which specifies whether to enable write permission. The default value is yes. Local_umask specifies the initial permission mask value created by the file. Dirmessage_enable specifies whether information in the directory can be browsed Userlist_enable specifies whether to enable the user_list file,If yes, the file user_list indicates permission. If no, the file user_list indicates forbidden. Idle_session_timeout indicates the amount of idle time (in seconds) of a user's session and is automatically disconnected. Data_connection_timeout indicates the idle time (in seconds) of the data connection and is automatically disconnected. Ascii_upload_enable specifies whether files can be uploaded in ASCII format Ascii_download_enable specifies whether files can be downloaded in ASCII format Listen specifies the running mode of the vsftpd server, which is yes by default and runs independently. Xferlog_enable specifies whether to enable the log function Tcp_wrapper specifies whether to enable the Firewall |
Next, I use the root user to modify the main configuration file vsftpd. conf: VI/etc/vsftpd. conf.
Modify the file content (ASC encoding is allowed for file upload or download)
Go to # and change it
Add userlist_deny = no at the end
I will use the root user to modify the user list file user_list: VI/etc/vsftpd/user_list.
Append users: Oracle (allow oracle users to connect to the server through FTP)
I will use the root user to modify the user list file ftpusers: VI/etc/vsftpd/ftpusers
Delete user: Root (prevent root users from connecting to the server when using FTP)
Delete the root user and change it
Therefore, the configuration of vsftpd is basically complete. In this case, we can start the vsftpd service. Use the Command Service vsftpd start
To prevent the vsftpd service from being ineffective after the server is restarted, we also need to enable vsftpd to be automatically started when the server is restarted or started.
Run the command chkconfig vsftpd on and run the command to check chkconfig -- list | grep vsftpd.
We can see that vsftpd is automatically started when the levels are 2, 3, 4, and 5. This basically meets our needs!
5. vsftpd debugging
After vsftpd is installed on the server, we need to check whether the installation result is successful. Try to connect to the server by using the Windows doscommand.
If you have used FTP to connect to the server for file upload and download operations, you will find that FTP connection has failed! Why?
In fact, when we use ftp, the port may be filtered out by the server firewall. That is to say, the port is invalid. After the FTP service is started, we still cannot connect to the server.
In this case, we can perform some operations on the firewall to activate the required ports for vsftp. By default, the vsftpd port number is 20 or 21.
Use the root user to edit the firewall file: VI/etc/sysconfig/iptables
Add the following statement to commit:
Iptables-A input-p tcp -- dport 21-J accept Iptables-A input-p tcp -- dport 20-J accept |
For example:
Restart the Firewall Service: Service iptables restart
Restart the vsftpd service: Service vsftpd restart
Then use the Windows doscommand FTP to the server
Success. In this case, you can enter the user name, password, and other information to connect to the server using FTP.
[Digression] Later, I found that the LS command did not display the file list during ftp usage. Check it online and use the following command to solve the problem:
# Setsebool-P ftpd_disable_trans 1
# Service vsftpd restart
[Stage 1] installation and use of vsftpd