Steps and Problem Analysis for setting up an FTP server using RHEL (1)

Simply put, an FTP server is the server that supports the FTP protocol, while RHEL 4 is a system. It is a complicated process to build FTP in RHEL 4, next we will explain in detail the process of setting up rhel ftp.

1. in rhel ftp, first modify the configuration file so that the host can obtain a permanent IP address.
# Vi/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE = eth0
BOOTPROTO = static
IPADDR = 172.16.16.111
NETMASK = 255.255.0.0
GATEWAY = 172.16.16.1
ONBOOT = yes
TYPE = Ethernet

Restart the configuration file to make it take effect
#/Etc/init. d/network restart
Shutting down interface eth0: [OK]
Shutting down loopback interface: [OK]
Setting network parameters: [OK]
Bringing up loopback interface: [OK]
Bringing up interface eth0: [OK]

To disable the iptables system firewall, run the following command:
# Service iptables stop
Lower the security level
# Vi/etc/selinux/config
Change SELINUXTYPE = targeted to SELINUXTYPE = disabled.
Vsftpd is not installed by default in the system. You need to run the rpm command to install it.
It's in RHEL4's 1st discs, the package file name is vsftpd-2.0.1-5.i386.rpm

Attach a CD first
# Mount/dev/cdrom/media/cdrom
# Cd/media/cdrom/RedHat/RPMS
# Ls-l vsftpd *
-Rw-r -- 25 root 122195 Jan 6 2005 vsftpd-2.0.1-5.i386.rpm
After mounting, install it
# Rpm-ivh vsftpd-2.0.1-5.i386.rpm
Warning: vsftpd-2.0.1-5.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e
Preparing... ######################################## ### [100%]

Let's take a look at the configuration file of vsftpd. conf.
# Grep-V' # '/etc/vsftpd. conf (remove the configuration file after the comment line)
Anonymous_enable = YES // when anonymous_enable is set to yes, the ftp server allows anonymous logon. That is, you can use the username ftp or anonymous to log on to the ftp server. The logon password is the user's e-mail address.
Local_enable = YES // when local_enable is set to yes, local users are allowed to log on. Local Users are the user accounts in the lunux system.
Write_enable = YES // when write_enable is set to yes, the ftp Server opens the write permission to the local user.
Local_umask = 022 // local_umask configuration item sets the local user's file generation mask, and the configuration file is set to 022.
Dirmessage_enable = YES // when dirmessage_enable is set to yes, when you switch to a directory on the ftp server, the contents of the ". message" hidden file under this directory are displayed.
Xferlog_enable = YES // when xferlog_enable is set to yes, the ftp server enables upload and download logs.
Connect_from_port_20 = YES // when connect_from_port_20 is set to yes, the ftp server will enable the connection request of the ftp data port.
Xferlog_std_format = YES // when xferlog_std_format is set to yes, the ftp server uses the standard ftpd xferlog format.
Pam_service_name = vsftpd // pam_service_name sets the name of the configuration file for the PAM Authentication Service, which is saved in the "/etc/pam. d/" directory.
When userlist_enable = YES // userlist_enable is set to yes, the ftp server checks whether the user specified in the userlist_file setting file can access the vsftpd server. The default value of userlist_file is "/etc/vsftpd. usr_list "file.
Listen = YES // when listen is set to yes, the ftp server is in independent startup mode.
When tcp_wrappers = YES // tcp_wrappers is set to yes, the ftp server uses tcp_wrappes as the host access control mode. Tcp_wrappers can implement host address-Based Access Control for network services in linux systems, and hosts in the "/etc" directory. allow and host. two deny files are used to set tcp_wrappers access control, hosts. the allow file settings allow access records, host. deny File Settings deny access records.

Start the vsftpd Server
# Service vsftpd start
Starting vsftpd for vsftpd: [OK]

To disable it, you can use:
Service vsftpd stop
Shutting down vsftpd: [OK]

View the running status of the server:
# Service vsftpd status
Vsftpd is stopped

Add two local users and log on to the ftp
# Useradd aa
# Passwd aa
# Useradd bb
# Passwd bb

And change the owner and group of the directory.
# Chown aa. aa/home/aa
# Chown bb. bb/home/bb
# Ls-l/home
Total 24
Drwx ------ 4 aa 4096 May 26 aa
Drwx ------ 4 bb 4096 May 26 bb

Set the home directory permission
# Chmod 770/home/aa
# Chmod 770/home/bb
# Ls-l/home
Total 24
Drwxrwx --- 4 aa 4096 May 26 aa
Drwxrwx --- 4 bb 4096 May 26 bb

You can log on to the ftp
1. log on with an anonymous user
# Ftp 172.16.16.121
Connected to 172.16.16.121.
220 (vsFTPd2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.16.16.121: root): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> ls
227 Entering Passive Mode (16,121,208, 47)
150 Here comes the directory listing.
Drwxr-xr-x 2 0 0 4096 Oct 04 2004 pub
226 Directory send OK.

Anonymous Users can log on using ftp or anonymous as the ftp login username. you can log on by entering any string or directly returning to the car in the default vsftpd settings, after an anonymous user logs on, the "/var/ftp" directory in the ftp server system is used as the ftp root directory of the anonymous user.

2. log on with a local user
# Ftp 172.16.16.121
Connected to 172.16.16.121.
220 (vsFTPd2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (172.16.16.121: root): aa
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> ls
227 Entering Passive Mode (172,16, 16,121,223, 86)
150 Here comes the directory listing.
-Rw-r -- 1 0 0 19 May 26 0:48 11.txt
226 Directory send OK.
You can use the put command to upload files from an ftp client to an ftp server.
Ftp> put 22.txt
Local: 22.txt remote: 22.txt
227 Entering Passive Mode (16,121)
150 OK to send data.
226 File receive OK.
30 bytes sent in 0.00086 seconds (34 Kbytes/s)
You can use the get command to download files from the ftp server to the ftp client.
Ftp> get 22.txt
Local: 22.txt remote: 22.txt
227 Entering Passive Mode (16,121,143, 82)
150 Opening BINARY mode data connection for 22.txt (30 bytes ).
226 File send OK.
30 bytes encoded ed in 0.0005 seconds (58 Kbytes/s)

However, the local ftp user account has certain security. First, it is a system account. Once the ftp server has a security vulnerability, the linux host where the ftp server is located will be threatened; in addition, the local user account can leave the user's home directory and convert it to other directories in the system, which poses a certain threat to system security. However, setting the ftp local user to block in the home directory can prevent it from switching to another directory.
Add the configuration item chroot_local_user to the configuration file vsftpd. conf of the vsftpd server to set it to YES. The vsftpd server will block local users in the user's home directory.

Chroot_local_user = YES. Remember to restart the service after configuration, so that ftp local users can only access their own directories.

Configure the virtual directory of the ftp server and support Anonymous Users, Local Users, and virtual users in the vsftpd server.
Two types of anonymous users are mentioned above. anonymous Users are ftp users named anonymous or ftp. anonymous ftp users use "/var/ftp" on the ftp server as the ftp root directory after logon. Anonymous Users are usually used to download public files.

When a local user account is used, the System user account in the ftp server uses the ftp local user account to log on to the ftp server. The logon directory is the home directory of the local user. The local ftp user account is usually used with the web server to provide the virtual host service, which is used as a way for web page virtual hosts to update web pages.

Non-system user accounts provided by the vsftpd server to ensure the security of the ftp server. After a virtual user logs on to ftp, the specified directory is used as the ftp root directory. Virtual users have similar functions as local users.