Use vsftp to install the server on a Linux Network and the Redhat LAN

Source: Internet
Author: User
Tags ftp commands best ftp ftp access
Install the server on a Linux network using vsftp and the solution for Redhat LAN installation-Linux Enterprise Application-Linux server application information. For more information, see the following. To verify that Linux is installed on a LAN, an experiment was conducted in the last two days to write a complete post.

Conventions:

1. The operating environment of this post is Redhat 9.0, the VSFTPD version is the vsftpd-1.1.3-8.i386.rpm of Redhat 9.0, in the third part of the installation disk

2. The most basic purpose of VSFTPD is to use real users in the system to log on to FTP and use anonymous access.

3. Server IP and DNS settings

The first Nic
IP: 192.168.0.1
Child mask: 255.255.255.0
The gateway is not set:
The second NIC:
IP: 192.168.0.2
Child mask: 255.255.255.0
Gateway not set

Because my operating environment is a small LAN, the IP addresses of other machines are on the network segment 192.168.0. ADSL is connected to the first network card of the server. The second Nic of the server is connected to the hub, and other clients are connected to the hub. In order to allow ADSL to access the internet, because you have manually set the IP address, you must set the DNS as follows:

202.96.134.20.
202.96.168.68

The setting tool is:

[Root @ linuxsir001 root] # redhat-config-network

I. VSFTP is used to set up FTP servers. The VSFTP server is currently the best FTP server software. It has the advantages of being small, customizable, and efficient.

1. Check whether vsftpd software is installed
[Root @ linuxsir001 root] # rpm-qa | grep vsftpd
If no display is displayed, vsftpd is not installed. If the following prompt is displayed, it indicates that vsftpd has been installed.

[Root @ linuxsir001 root] # rpm-qa | grep vsftpd
Vsftpd-1.1.3-8

I agree on Redhat 9.0 with its own vsftpd package vsftpd-1.1.3-8 version.

[Root @ linuxsir001 root] # rpm-ivh vsftpd *. rpm

2. Open the VSFTP server.

[Root @ linuxsir001 root] # ntsysv

Open the vsftpd server, that is, select the vsftpd service after running the ntsysv command.

  • Vsftpd

    3. Run/etc/init. d/vsftpd start

    [Root @ linuxsir001 root] #/etc/init. d/vsftpd start
    Start vsftpd For vsftpd: [OK]
    [Root @ linuxsir001 root] #

    4. VSFTP preparation: two modes are available for FVSFTP. One is stardard "initd mode, and the other is xinetd mode. What we mentioned above is stardard initd mode. The operating mechanisms of the two modes are not the same. The stardard initd mode is suitable for Professional FTP, and FTP is always accessed by someone, occupying a large amount of resources. If your FTP is always accessed and logged on. This mode is required. If you have a small number of FTP users, we recommend that you use the xinetd mode. In xinetd mode, vsftpd is enabled only when the user requests it.

    Of course, different startup modes are required for different environments.

    If you want to learn more, please follow the post in this post. I will slowly add the xinetd mode and how to set up virtual users.


    1] Let's change the configuration file of vsftp. In/etc/vsftpd. conf, open the configuration file in your favorite editor. See the following preparation documents.


    # Example config file/etc/vsftpd. conf
    #
    # The default compiled in settings are very paranoid. This sample file
    # Loosens things up a bit, to make the ftp daemon more usable.
    #
    # Allow anonymous FTP?
    Anonymous_enable = YES
    #
    # Uncomment this to allow local users to log in.
    Local_enable = YES
    #
    # Uncomment this to enable any form of FTP write command.
    Write_enable = YES
    #
    # Default umask for local users is 077. You may wish to change this to 022,
    # If your users CT that (022 is used by most other ftpd's)
    Local_umask = 022
    #
    # Uncomment this to allow the anonymous FTP user to upload files. This only
    # Has an effect if the above global write enable is activated. Also, you will
    # Obviously need to create a directory writable by the FTP user.
    # Anon_upload_enable = YES
    #
    # Uncomment this if you want the anonymous FTP user to be able to create
    # New directories.
    # Anon_mkdir_write_enable = YES
    #
    # Activate directory messages-messages given to remote users when they
    # Go into a certain directory.
    Dirmessage_enable = YES
    #
    # Activate logging of uploads/downloads.
    Xferlog_enable = YES
    #
    # Make sure PORT transfer connections originate from port 20 (ftp-data ).
    Connect_from_port_20 = YES
    #
    # If you want, you can arrange for uploaded anonymous files to be owned
    # A different user. Note! Using "root" for uploaded files is not
    # Recommended!
    # Chown_uploads = YES
    # Chown_username = whoever
    #
    # You may override where the log file goes if you like. The default is shown
    # Below.
    # Xferlog_file =/var/log/vsftpd. log
    #
    # If you want, you can have your log file in standard ftpd xferlog format
    Xferlog_std_format = YES
    #
    # You may change the default value for timing out an idle session.
    # Idle_session_timeout = 600
    #
    # You may change the default value for timing out a data connection.
    # Data_connection_timeout = 120
    #
    # It is recommended that you define on your system a unique user which
    # Ftp server can use as a totally isolated and unprivileged user.
    # Nopriv_user = ft1_cure
    #
    # Enable this and the server will recognize asynchronous ABOR requests. Not
    # Recommended for security (the code is non-trivial). Not enabling it,
    # However, may confuse older FTP clients.
    # Async_abor_enable = YES
    #
    # By default the server will pretend to allow ASCII mode but in fact ignore
    # The request. Turn on the below options to have the server actually do ASCII
    # Mangling on files when in ASCII mode.
    # Beware that turning on ascii_download_enable enables malicious remote parties
    # To consume your I/O resources, by issuing the command "SIZE/big/file" in
    # ASCII mode.
    # These ASCII options are split into upload and download because you may wish
    # To enable ASCII uploads (to prevent uploaded scripts etc. from breaking ),
    # Without the DoS risk of SIZE and ASCII downloads. ASCII mangling shoshould be
    # On the client anyway ..
    # Ascii_upload_enable = YES
    # Ascii_download_enable = YES
    #
    # You may fully customise the login banner string:
    # Ftpd_banner = Welcome to blah FTP service.
    #
    # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    # Useful for combatting certain DoS attacks.
    # Deny_email_enable = YES
    # (Default follows)
    # Banned_email_file =/etc/vsftpd. banned_emails
    #
    # You may specify an explicit list of local users to chroot () to their home
    # Directory. If chroot_local_user is YES, then this list becomes a list
    # Users to NOT chroot ().
    # Chroot_list_enable = YES
    # (Default follows)
    # Chroot_list_file =/etc/vsftpd. chroot_list
    #
    # You may activate the "-R" option to the builtin ls. This is disabled
    # Default to avoid remote users being able to cause excessive I/O on large
    # Sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
    # The presence of the "-R" option, so there is a strong case for enabling it.
    # Ls_recurse_enable = YES

    Pam_service_name = vsftpd
    Userlist_enable = YES
    # Enable for standalone mode
    Listen = YES
    Tcp_wrappers = YES

    2] after changing the configuration file, we can use the following command to restart the VSFTPD server.

    [Root @ linuxsir001 root] #/etc/init. d/vsftpd restart
    Disable vsftpd: [OK]
    Start vsftpd For vsftpd: [OK]
    [Root @ linuxsir001 root] #

    3] access the test anonymously. In text mode:

    Note: In text mode, you must use the ftp user name and password to access ftp. This means anonymous access to FTP in text. See the following operations:

    [Root @ linuxsir001 root] # ftp 192.168.0.1
    Connected to 192.168.0.1.
    220 (vsFTPd 1.1.3)
    530 Please login with USER and PASS.
    530 Please login with USER and PASS.
    KERBEROS_V4 rejected as an authentication type
    Name (192.168.0.1: root): Write ftp here
    331 Please specify the password.
    Password: [Add the ftp Password here]. The anonymous login Password is also the ftp Password.
    230 Login successful. Have fun.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    Ftp> ls
    227 Entering Passive Mode (192,168, 137,151)
    150 Here comes the directory listing.
    Drwxr-xr-x 6 0 0 4096 May 25 13:54 RedHat90
    Drwxr-xr-x 2 0 0 4096 Feb 28 19:21 pub
    226 Directory send OK.
    Ftp>
    Which directory does the anonymous user access? Yes. This directory is/var/ftp.

    Solution to the Problem: Sometimes an error occurs because there are no ftp and nobody users. Therefore, you must add these two users to the system. Generally, these two users exist in the system. See the following operations.
    [Root @ linuxsir001 root] # adduser ftp
    Adduser: user ftp exists
    [Root @ linuxsir001 root] # adduser nobody
    Adduser: user nobody exists

    From the above operations, we can see that ftp and nobody users exist, so there is no need to add ftp and nobody users. If the two users do not exist, they must be added; otherwise, anonymous users may not be able to access the service.

    4] If you want to log on to FTP as a common user in the system, there is nothing to set. Just add a user. For example, if you want to add the beinan user, you must use the following method:

    [Root @ linuxsir001 root] # adduser beinan
    [Root @ linuxsir001 root] # passwd beinan
    Changing password for user beinan.
    New password:
    Bad password: it does not contain enough DIFFERENT characters
    Retype new password:
    Passwd: all authentication tokens updated successfully.
    [Root @ linuxsir001 root] #

    In this case, a beinan user directory appears in the/home directory:

    [Root @ linuxsir001 root] # ls/home/
    Beinan


    If we want the beinan user to be a virtual user, that is to say, the beinan user cannot log on to the system, but can only log on to FTP. How should we add such users ??

    [Root @ linuxsir001 backupNow] # adduser-g ftp-s/sbin/nologin beinan
    [Root @ linuxsir001 backupNow] # passwd beinan
    Changing password for user beinan.
    New password:
    Retype new password:
    Passwd: all authentication tokens updated successfully.
    [Root @ linuxsir001 backupNow] #

    Note: This is only one way to add virtual users to VSFTP. There are also better ways to learn! The other method is also being tested. Strictly speaking, this method cannot be regarded as a virtual user. Another method is to pass pam Authentication and use db_load to add users. At present, I have succeeded, but it is more complicated. Testing.


    What should we do if we want to locate the user directory to another directory ?? This is also relatively simple. Take a look at useradd and you will understand it. For example, I want to add the beinan user and put the directory in the/opt directory:

    [Root @ linuxsir001 root] # adduser-d/opt/beinan
    [Root @ linuxsir001 root] # passwd beinan
    Changing password for user beinan.
    New password:
    Retype new password:
    Passwd: all authentication tokens updated successfully.

    If you want to add a virtual user, that is, not to allow the user to log on to the system, you can only log on to FTP users. If we want to locate the user directory beinan in the/opt/beinan directory, follow the above method. Follow these steps:
    [Root @ linuxsir001 backupNow] # adduser-d/opt/beinan-g ftp-s/sbin/nologin beinan
    [Root @ linuxsir001 backupNow] # passwd beinan
    Changing password for user beinan.
    New password:
    Retype new password:
    Passwd: all authentication tokens updated successfully.
    [Root @ linuxsir001 backupNow] #

    Check whether the user beinan has been successfully added and put the Home Directory of beinan in the/opt directory ??

    [Root @ linuxsir001 root] # ls/opt/
    Beinan

    It proves that it has been successful.

    We can log in as a beinan user in text mode and then access ftp.

    [Root @ linuxsir001 root] # ftp 192.168.0.1
    Connected to 192.168.0.1.
    220 (vsFTPd 1.1.3)
    530 Please login with USER and PASS.
    530 Please login with USER and PASS.
    KERBEROS_V4 rejected as an authentication type
    Name (192.168.0.1: root): beinan
    331 Please specify the password.
    Password:
    230 Login successful. Have fun.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    Ftp>

    Is it successful ???

    How can we restrict users to the home directory ??

    We need to create a file on our own in the/etc directory.
    # Touch/etc/vsftpd. chroot_list
    Take the user beinan as an example.

    Add beinan to the vsftpd. chroot_list file.

    Modify the/etc/vsftpd. conf file and find the following two lines:

    # Chroot_list_enable = YES
    # Chroot_list_file =/etc/vsftpd. chroot_list

    Remove the # above, that is
    Chroot_list_enable = YES
    Chroot_list_file =/etc/vsftpd. chroot_list

    If there are no such two rows, you can add them by yourself.

    After the configuration, restart the vsFTPD server.

    [Root @ linuxsir001 root] #/etc/init. d/vsftpd restart
    Disable vsftpd: [OK]
    Start vsftpd For vsftpd: [OK]
    [Root @ linuxsir001 root] #


    We can also use gftp to access beinan users and upload the corresponding items. The uploaded items are stored in the home directory where beinan users are located, it is related to the method used to add users. I have already mentioned two methods. One is to add the method by default, that is, to put it in the/home directory.

    In this example, I use the default method to add users. In this way, the user directory is in the/home directory. For example, when you use beinan to log on to FTP, the/home/beinan directory is accessed. Let the uploaded content be in this directory.

    Which directory is accessed by anonymous users ???

    It should be:/var/ftp directory


    5] Several ftp access methods

    The first method is text access, that is, access using ftp commands. I have already said this before.

    The second method is to use the client FTP software to access gftp in linux. In this example, my FTP address is accessed through the LAN. In the address bar, add 192.168.0.1 and port 21 to the user name and password. If you are using anonymous login, do not add the user name and password. If you use a common user to log on, you must use the user name and password.

    The third method is access with the browser: If you log on anonymously, directly use the following method:
    Ftp: // 192.168.0.1
    If it is a user login method, it should be
    Ftp: // beinan@192.168.0.1

    If you want to allow users on the Internet to access the Internet, if you want to use ADSL to access the Internet and find your dynamic IP address, use the following method:
    [Root @ linuxsir001 root] # ifconfig ppp0
    Ppp0 Link encap: Point-to-Point Protocol
    Inet addr: 218.61.7.23 P-t-P: 218.61.7.1 Mask: 255.255.255.255
    Up pointopoint running noarp multicast mtu: 1492 Metric: 1
    RX packets: 24245 errors: 0 dropped: 0 overruns: 0 frame: 0
    TX packets: 20411 errors: 0 dropped: 0 overruns: 0 carrier: 0
    Collisions: 0 txqueuelen: 3
    RX bytes: 23103297 (22.0 Mb) TX bytes: 3588337 (3.4 Mb)

    As you can see from the above, the address that can be accessed over the internet is: 218.61.7.23


    II. How can I install Linux Through This FTP ?? Take Redhat 9.0 as an example:

    1. In/var/ftp, create a directory for each release, and then create a directory for each release. Decompress the ISO of each version to the corresponding directory. For example:

    For example, if I want other clients to install Redhat9.0 on my server, I will create a RedHat90 directory in the/var/ftp directory, then, the three ISO records of RedHat 9.0 are all removed to this directory.

    In this way, the server settings are complete.

    2. How to guide and set the client ??? We can create a system index disk, but some releases are not necessary. This also depends on the situation of each release. For example, for Redhat 9.0 installation, if your client has windows, you can directly put the three directories of the lan ftp and dosutils images isolinux to a directory created in the fat32 partition, for example, create a Redhat9 directory on the client and copy the three files to the Redhat9 directory in fat32 partition of the client.

    3. Client installation and operations:

    Boot with a DOS disk, do not load CDROM, directly go to the fat32 partition Redhat9 \ dosutils directory in the client, and execute the following command.

    Autoboot

    In this way, the installation starts:

    4. Select ftp for installation. When setting the network environment, we need to set up IP addresses, gateways, and so on.

    Take my lan as an example:

    Set the IP address of the client to 192.168.0.5, the mask to 2552555.255.0, and the gateway to 192.168.0.1. The name service can be left unspecified. Access FTP anonymously.

    In the next step, let's add the FTP and the source address, or take my lan as an example:

    Address: 192.168.0.1
    Path: Because I put the three ISO files in the/var/ftp/RedHat90 directory, I should write the following

    /RedHat90

    In this way, everything is the same as other installation methods.


    Because each release version is not the same, you may need to install it through the network. I think you have long known how to make boot disks and boot disks. If you do not know this, search for this post.
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.