The principles of the Centos FTP server and the configuration of the virtual user

Source: Internet
Author: User
Tags gpg ftp client file transfer protocol ftp protocol

Before the author wrote an "ftp local user " essay, that is only a case, and did not complete the function, configuration file parsing and principle, today I will publish "theprinciple of FTP Server and virtual User Configuration " essay

The principle of FTP service

    1. FTP (file Transfer Protocol) is a very old and widely used document transfer Protocol, and the FTP protocol is one of the most widely used network file sharing protocols today.
    2. Now also has been using the FTP protocol to carry out a variety of file transfer, FTP provides people with a reliable way to share files on the network
    3. FTP is the service of C/s architecture, has a server side and a client, the FTP layer through the TCP protocol as a transport protocol, so the FTP protocol is a reliable way of file transfer
    4. FTP provides two port numbers, 20 and 21st ports, 20th is the data interface, provides transmission between data, 21st is the command interface, provides the transmission between commands
    5. FTP Server and client connections generally have two modes: Active mode and passive mode

†port (Active mode)

    • The FTP client connects to the FTP server 21 port, sends the user name and the password to log in, after the login succeeds wants list list or reads the data, the client randomly opens a port (above 1024 on the line), sends the port command to the FTP server, tells the server client to adopt the active mode and the open port
    • After the FTP server receives the port Active mode command and port number, it sends the data through the server's 20 port and the client open port connection.

  †PASV (Passive mode)

    • The FTP client connects to the FTP server 21 port, sends the user name and the password to log in, after the login succeeds wants list list or reads the data, sends the PASV command to the FTP server, the server randomly opens a port in the local (above 1024), then the open port tells the client, The client then connects to the server's open port for data transfer

What is the difference between the two modes and what is the best way to

    • The different simple overviews for active mode and passive mode are:

† "Server" connects to "client" port when transmitting data in active mode

† Passive mode transmits data to the "client" port that is connected to the "server"

    • usually still use the mode of passive connection, because the server side has the configuration firewall, and the firewall for the intranet connection outside the port is generally released, external network to connect the port of the intranet is generally limited, Therefore, if the active mode connection is used, the port may be blocked by the firewall, which prevents the FTP service from being connected .
    • If you want to share the internal and external FTP through NAT technology to the external network, then you must choose the passive connection is feasible, safe!

Installation of the FTP service program "VSFTPD"

    • VSFTPD is very secure FTP shorthand form, from the name can be seen, provides a very secure FTP service!
    • The software is based on the GPL, and is designed to be a stable, fast, secure FTP software under the Linux platform, which also supports IPV6 and SSL encryption
    • It supports features that are not supported by many other FTP servers:

† Very High security requirements

† Bandwidth Limit

† Create a virtual user

    • In the Linux Cnetos system is not installed by default FTP service program "VSFTPD", if you want to use VSFTPD to achieve FTP data sharing, the first need to install VSFTPD software, the software has been installed in the CentOS CD (RPM format), if there is no disc, can also be installed or deployed using the online method
    • If this is a local installation, mount the CD to the/MNT directory and configure the local Yum source to be installed at the end of the command: yum-y install VSFTPD
[[email protected] ~] # mount / dev / cdrom / mnt / // mount to the / mnt directory
mount: block device / dev / sr0 is write-protected, mounting read-only
[[email protected] ~] # cd /etc/yum.repos.d/ // Enter the yum source definition file directory
[[email protected] yum.repos.d] # vim CentOS-Media.repo // Configure Yum source (extension is .repo)
[c6-media] // [] is the unique ID of Yum source, the name can be any string
name = CentOS- $ releasever-Media // Specify the name of the Yum source, the name can be any string
baseurl = file: /// mnt // Specify the URL path of Yum source, here is my CD mount path
# file: /// media / cdrom /
# file: /// media / cdrecorder /
gpgcheck = 0 // Whether the installation software detects the signature "0 is disabled, 1 is activated"
enabled = 1 // whether Yum source is activated "0 is disabled, 1 is activated"
gpgkey = file: /// etc / pki / rpm-gpg / RPM-GPG-KEY-CentOS-6 // Detect the signed key file
: wq! // Save and exit
[[email protected] yum.repos.d] # mv CentOS-Base.repo CentOS-Base.repo.bak // Move the file to the current directory and add .bak, if not commented out this will be installed online by default
[[email protected] ~] # yum -y install vsftpd

    • If the installation is online, first ensure that the Linux operating system can access the extranet and can resolve the domain name
[[email protected] ~]# ping -c 2
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=52 time=39.5 ms
64 bytes from icmp_seq=2 ttl=52 time=39.9 ms
[[email protected] ~] # yum -y install vsftpd
[[email protected] ~] # chkconfig vsftpd on // Startup
[[email protected] ~] # service vsftpd start // Start the service
[[email protected] ~] # netstat -ntulp | grep: 21 // Check if the startup is successful and listen
tcp 0 0* LISTEN 4117 / vsftpd
    • Whether it's a yum local installation or an online yum installation! are installed in the RPM format of the software, the main program of the software is/USR/SBIN/VSFTPD following is the VSFTPD related core file directory list description
[[email protected] ~] # rpm -ql vsftpd // View the installation directory of vsftpd
/etc/logrotate.d/vsftpd // Log rotation backup file
/etc/pam.d/vsftpd // PAM-based vsftpd authentication configuration file
/etc/rc.d/init.d/vsftpd // vsftpd startup file, you can use server call
/ etc / vsftpd // vsftpd's home directory
/ etc / vsftpd / ftpusers // The default blacklist of vsftpd
/ etc / vsftpd / user_list // The file can be set to blacklist or whitelist through the main configuration file
/etc/vsftpd/vsftpd.conf // The main configuration file of vsftpd
/ usr / sbin / vsftpd // vsftpd main program
/ var / ftp // default vsftpd shared directory

Configuration file parsing for FTP service program "VSFTPD"

    • Global Settings
listen = YES // Whether to listen to the port and run the daemon independently
listen_port = 21 // The port number to listen for inbound FTP requests
write_enable = YES // Write or not, global switch
download_enable = YES // If set to NO, all download requests are rejected
dirmessage_enable = YES // Whether the user enters the directory to display a message
// Create a .message file in the login directory to write the login prompt information
xferlog_enable = YES // Whether to enable the xferlog log function
xferlog_std_format = YES // xferlog log format
connect_from_port_20 = YES // Use active connection, enable port 20
pasv_enable = YES // Whether to enable passive connection
pasv_max_port = 5000 // Maximum port number for passive connection
pasv_min_port = 6000 // Minimum port number for passive connection
max_clients = 1000 // Maximum 1000 client connections allowed, 0 means unlimited
max_per_ip = 0 // Maximum connection limit for each client, 0 means unlimited
tcp_wrappers = YES // Whether to enable tcp_wrappers
guest_enable = YES // If YES, all non-anonymous logins are mapped to the guest_username specified account
guest_username = ftp // Set the guest user
user_config_dir / etc / vsftpd / conf // Specify the directory under which you can set independent configuration file options for users
dual_log_enable = NO // Whether to enable the dual log function and survive two log files
    • Local User settings
local_enable = YES // Whether to enable the local account function
local_max_rate = 500000 // Maximum transfer rate of anonymous users on the FTP server B / s, 0 is unlimited
local_umask = 077 // Local account permission mask
Chroot_local_user = YES
chroot_list_enable = NO // when YES, the user is switched to the parent directory in chroot_list, others are not allowed
// When both are YES, chroot_list_enable takes precedence
chroot_list_file = / etc / vsftpd / chroot_list // chroot_list file target
userlist_enable = YES // whether to enable userlist user list
userlist_deny = YES // whether to disable account access in the userlist file from ftp
local_root = / ftp / common // FTP root path for local account access
    • Anonymous user settings
anonymous_enable = YES // Whether to allow anonymous users to log in
anon_mkdir_writ_enable = YES // Whether to allow anonymous accounts to create directories, it is prohibited by default
anon_other_writ_enable = YES // Whether anonymous account is allowed to perform all other write operations
anon_umask = 077 // Anonymous upload permission mask
anon_root = / var / ftp // Anonymous default login directory
anon_upload_enable = YES // whether to allow anonymous users to upload files, then enable global write_enable = YES
chown_uploads = YES // Whether to allow anonymous users to change the owner of uploaded files
chown_usernamed = xxx // Owner changed to xxx "Use with the above"
no_anon_password = YES // If this function is enabled, the password will not be asked when using anonymous login
anon_max_rate = 200000 // Maximum transfer rate of anonymous users on the FTP server B / s, 0 is unlimited  
    • Vsfptd default is not to give the anonymous file to the W permission, so want to upload files anonymous users, you need to create a new file under the anonymous file to give 777 permissions on it  
    • Click Download Main profile Resolution

FTP User and file sharing

    • VSFTPD is by using the user as the administrative unit, want to access an FTP shared file, must be logged in as a specific user, we can configure several types of users

The principles of the Centos FTP server and the configuration of the virtual user

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.