The VSFTP Service experiment of the Beginner Linux Network Service

Experimental topology:

Linux Client

-----RHEL5.9 (Vmnet1)----------(VMNET1)

Win7 Client

Experiment one: Test the results of the default installation vsftpd

Anonymous users and local users can log on

Anonymous user Login to/var/ftp, only download cannot upload

Local user Login to local user's home directory, can upload and download

Server-side settings

[[email protected] ~]# cd/misc/cd/server //Enter RHEL5.9 disc

[[email protected] server]# ls *vsftpd* //view VSFTP installation package

vsftpd-2.0.5-28.el5.x86_64.rpm

[[email protected] server]# RPM-IVH vsftpd-2.0.5-28.el5.x86_64.rpm //Installation VSFTPD

[[Email protected] server]# service vsftpd restart //start VSFTPD services

[[email protected] server]# chkconfig vsftpd on //Set VSFTPD boot from

[[email protected] server]# touch/var/ftp/pub/test1.txt //Create test file

[Email protected] ~]# Useradd Kaka

[Email protected] ~]# echo "123456" | passwd--stdin Kaka //Set password for user Kaka

Changing password for user Kaka.

Passwd:all authentication tokens updated successfully.

Validation: (client-side test)

[[Email protected] ~]# FTP 192.168.1.253 //Connect FTP server

Connected to 192.168.1.253.

(VsFTPd 2.0.5)

530 Login with USER and PASS.

530 Login with USER and PASS.

Kerberos_v4 rejected as an authentication type

Name (192.168.10.253:root): FTP //anonymous user login

331 Specify the password.

Password:

Successful Login. //Login Successful

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp> CD Pub //Enter the pub directory

Directory successfully changed.

Ftp> ls

227 Entering Passive Mode (192,168,1,253,75,98)

Here comes the directory listing.

-rw-r--r--1 0 0 11627 June 02:04 etc.txt

226 Directory send OK.

Ftp> get Test1.txt //download test file

Local:etc.txt Remote:etc.txt

227 Entering Passive Mode (192,168,1,253,136,141)

Opening BINARY mode data connection for Etc.txt (11627 bytes).

226 File send OK.

11627 bytes received in 0.00082 seconds (1.4e+04 kbytes/s)

ftp>!ls //! Execute the command externally to view

Download results

Anaconda-ks.cfg test1.txt install.log.syslog //download Test.txt success

Desktop Install.log

Ftp> put Install.log //upload file

Local:install.log Remote:install.log

227 Entering Passive Mode (192,168,1,253,46,17)

550 Permission denied. //no permission denied

Ftp> quit //Exit

...

Experiment Two:

Prevent anonymous users from logging on

Modify FTP default port to 2121

Imprison local users in their home directory

Experimental steps:

[Email protected] ~]# cd/etc/vsftpd/

[[email protected] vsftpd]# cp vsftpd.conf Vsftpd.conf.bak //backup VSFTPD main

File

[[email protected] vsftpd]# vim vsftpd.conf //edit VSFTPD main

File

...

Anonymous_enable=no //anonymous user not allowed

Access

...

119 listen_port=2121 //Listening port 2121

Chroot_local_user=yes

[[Email protected] vsftpd]# service vsftpd restart //Restart services

[Email protected] vsftpd]# NETSTAT-TULNP | grep vsftpd //view listening port

TCP 0 0 0.0.0.0:2121 0.0.0.0:* LISTEN

4705/vsftpd

Test:

FTP 192.168.1.253 2121 //Login FTP

Name (192.168.1.253:root): Kaka //user Kaka login

331 Specify the password.

Password:

Successful Login.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> pwd //view current directory as pseudo root directory (i.e. user home directory)

257 "/"

Experiment Three: Verify Black/White list

/etc/vsftpd/ftpusers//Blacklist

/etc/vsftpd/user_list //Black/White list

[[email protected] ~]# useradd Jerry //Add user Jerry

[Email protected] ~]# Useradd Mike

[Email protected] ~]# echo "123456" | passwd--stdin Jerry //Set a password for user Jerry

Changing password for user Jerry.

Passwd:all authentication tokens updated successfully.

[Email protected] ~]# echo "123456" | passwd--stdin Mike

Changing password for user Mike.

Passwd:all authentication tokens updated successfully.

[[email protected] ~]# grep kaka/etc/vsftpd/ftpusers //See if the user Kaka is blacklisted

Kaka //user Kaka in blacklist

Excuse me, can kaka login ftp??

[[email protected] ~]# grep jerry/etc/vsftpd/user_list //See if the user Jerry is in the black and white list

Jerry

Could jerry log in to FTP???

[[email protected] ~]# vim/etc/vsftpd/vsftpd.conf //Edit VSFTPD Master profile

...

121 Userlist_deny=no //Deny user list select NO

[Email protected] ~]# service vsftpd restart

May I ask Kaka, Jerry, Mike who can log in???

Only jerry can log in.

After the experiment, please 121 the main configuration file Userlist_deny=no comments, add user_list and Ftpusers

Account is removed

Experiment Four:

Local Users log in to the/data/ftproot directory

Up upload/download, down download only. Deny all user logins including anonymous users

Up to 20 concurrent, up to 2 concurrent per IP address

Limit download speed limit to 100kb/s

[[email protected] ~]# mkdir-p/data/ftproot //new Folder FTPRoot

[[email protected] ~]# useradd up

[Email protected] ~]# Useradd down

[Email protected] ~]# echo "Redhat" | passwd--stdin up

[Email protected] ~]# echo "Redhat" | passwd--stdin Down

[Email protected] ~]# vim/etc/vsftpd/vsftpd.conf

...

Anonymous_enable=no //Turn off anonymous user access

...

Write_enable=yes //Allow writable

...

117 Userlist_enable=yes //Enable black and white list

...

121 Userlist_deny=no //Whether to enable black-and-white list rejection, not enabled

122 Local_root=/data/ftproot //Specify VSFTP directory

123 max_clients=20 //Maximum number of connections

124 max_per_ip=2 //MAX concurrent number

local_max_rate=100000 //MAX download speed

[Email protected] ~]# service vsftpd restart

[Email protected] ~]# setfacl-m u:up:rwx/data/ftproot/

[Email protected] ~]# tail-n 2/etc/vsftpd/user_list

Up

Down

[[email protected] ~]# dd If=/dev/zero of=/data/ftproot/local.tgz bs=1m count=1000// Create test file

Test:

[[Email protected]~]# wget ftp://up:[email protected]:2121/local.tgz//download file test download speed

Vsftpd.conf Master configuration file interpretation

Listen whether to monitor the service in a standalone manner

listen_address Setting the IP address of the Listening FTP service

Listen_port setting up ports to listen for FTP services

Write_enable whether Write permission is enabled

Download_enable whether to allow download

Userlist_enable whether the User_list list file is enabled

Userlist_deny whether to disable users in User_list

Max_clients limit the number of concurrent clients

Max_per_ip limit the number of concurrent connections per client IP

Anonymous_enable whether anonymous access is enabled

Anon_umask permission mask for anonymous uploads

Anon_root Anonymous FTP root directory

Anon_upload_enable whether to allow uploading of files

Anon_mkdir_write_enable whether to allow the directory to be built

Anon_other_write_enable Other write controls

Anon_max_rate Maximum transfer speed (Bytes/sec)

Local_enable whether local users are enabled

Local_umask permission masks uploaded by local Users

Local_root Local user's FTP root directory

Chroot_local_user is locked in the home directory

Local_max_rate Maximum transfer rate (Bytes/sec)