Vsftp service configuration

Source: Internet
Author: User
Tags crypt

Vsftp service configuration

FTP server introduction:

The FTP server is a server that provides file storage and access services. It implements data transmission through ftp (file transfer protocol). FTP is only based on TCP services and does not support UDP. An FTP application is a C/S architecture application. Both the client and server must install relevant software to implement data transmission between them. Common Software Kits include FileZilla, Server-U, VsFTP, Pure-FTPd, ProFTPD, etc. Among them, VsFTP, Pure-FTPd, ProFTPD are Pure Server programs, and common client programs include ftp, lftp. The server program used in this experiment environment is vsftp.
Working principle:

Authentication Based on the pam Authentication Framework:

Installation:
[Root @ sherry ~] # Yum install vsftpd-y

Start:
[Root @ sherry home] # service vsftpd start
Starting vsftpd for vsftpd: [OK]

[Root @ sherry home] # ps-ef | grep vsftpd
Root 85235 1 0 00:52? 00:00:00/usr/sbin/vsftpd/etc/vsftpd. conf # Start with root and run with ftp

Default home directory:
[Root @ sherry home] # cat/etc/passwd | grep ftp
Ftp: x: 14: 50: FTP User:/var/ftp:/sbin/nologin

[Root @ sherry pub] # cd/var/ftp/pub
[Root @ sherry pub] # touch

Default Client Login:
[Root @ martin ~] # Ftp 172.16.178.153
Connected to 172.16.178.153 (172.16.178.153 ).
220 (vsFTPd 2.2.2)
Name (172.16.178.153: root): anonymous # anonymous user
331 Please specify the password.
Password: # The Password is empty.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
Ftp> ls
227 Entering Passive Mode (178,153, 65,242 ).
150 Here comes the directory listing.
Drwxr-xr-x 2 0 0 4096 May 25 pub
226 Directory send OK.
Ftp> cd pub
250 Directory successfully changed.
Ftp> ls
227 Entering Passive Mode (178,153,138,207 ).
150 Here comes the directory listing.
-Rw-r -- 1 0 0 0 May 25 16:59
226 Directory send OK.

Graphical operation:

Create an ftp account:
[Root @ sherry tftp] # useradd-g sherry-s/sbin/nologin-d/home/tftp testftp

Use lftp ):
[Root @ martin ~] # Yum install lftp-y
[Root @ martin ~] # Lftp-u testftp, 111111 172.16.178.153
Lftp testftp@172.16.178.153: ~> Ls
-Rw-r -- 1 0 0 0 May 25 17: 59 1
-Rw-r -- 1 501 500 0 May 25
Lftp testftp@172.16.178.153:/> put all. SQL
651585 bytes transferred

Obtain lftp commands:
Lftp testftp@172.16.178.153:/> help
! <Shell-command> (commands)
Alias [<name> [<value>] bookmark [SUBCMD]
Cache [SUBCMD] cat [-B] <files>
Cd <rdir> chmod [OPTS] mode file...
Close [-a] [re] cls [opts] [path/] [pattern]
Debug [<level> | off] [-o <file>] du [options] <dirs>
Exit [<code> | bg] get [OPTS] <rfile> [-o <lfile>]
Glob [OPTS] <cmd> <args> help [<cmd>]
History-w file |-r file |-c |-l [cnt] jobs [-v]
Kill all | <job_no> LCD <ldir>
Lftp [OPTS] <site> ls [<args>]
Mget [OPTS] <files> mirror [OPTS] [remote [local]
Mkdir [-p] <dirs> module name [args]
More <files> mput [OPTS] <files>
Mrm <files> mv <file1> <file2>
[Re] nlist [<args>] open [OPTS] <site>
Pget [OPTS] <rfile> [-o <lfile>] put [OPTS] <lfile> [-o <rfile>]
Pwd [-p] queue [OPTS] [<cmd>]
Quote <cmd> repeat [OPTS] [delay] [command]
Rm [-r] [-f] <files> rmdir [-f] <dirs>
Scache [<session_no>] set [OPT] [<var> [<val>]
Site <site_cmd> source <file>
Torrent [-O <dir>] <file> user <user | URL> [<pass>]
Version wait [<jobno>]
Zcat <files> zmore <files>

Use it on lftp! Command to execute local commands
Lftp testftp@172.16.178.153:/>! Ls
A. bin. SQL a. SQL all. SQL anaconda-ks.cfg install. log install. log. syslog

Get configuration file help:
[Root @ sherry vsftpd] # man vsftpd. conf

Configuration file:
[Root @ sherry vsftpd] # vim/etc/vsftpd. conf
# Note
# Enable Anonymous Users
Anonymous_enable = YES
# By default, anonymous users do not have the write permission in the root directory. The file system has the write permission in the subdirectory and the write permission in the service process can be enabled.
# Upload
# Anon_upload_enable = YES
# Delete
# Anon_other_write_enable = YES
# Creating a directory
# Anon_mkdir_write_enable = YES
# Whether to allow access by local users
Local_enable = YES
# Allow local users to upload
Write_enable = YES
# No by default for banned home directories of all users
Chroot_local_user = YES
# Enable the user blocking function in the record file. It cannot be used together with chroot_local_user = YES.
# Chroot_list_enable = YES
# Chroot_list_file =/etc/vsftpd/chroot_list
# Display login information
# Ftpd_banner = Welcome to blah FTP service.
# You can also introduce files
# Banner_file =/etc/vsftpd/banner
# Switch to the. messages directory to display the information in. messages.
Dirmessage_enable = YES
# Whether to enable the default blacklist for the user list
# Blacklist: userlist_enable = YES userlist_deny = YES option 2 can be omitted
# Whitelist: userlist_enable = YES userlist_deny = NO
Userlist_enable = YES
# Connection restrictions
# Maximum number of concurrent connections
# Max_clients
# Each ip Address can initiate concurrent requests at the same time
# Max_per_ip
# Transmission rate
# Maximum transmission rate of anonymous users, in bytes/second"
# Anon_max_rate
# Maximum transmission rate of local users, in bytes/second"
# Local_max_rate
# Umask for uploading files
# Umask for uploading files by anonymous users;
# Anno_umask
# Umask for the local user to upload files;
# Local_umask
# Modify the owner and group of files uploaded by anonymous users:
# Chown_uploads = YES
# Chown_username = someuser

# Logs
Xferlog_enable = YES
# Xferlog_file =/var/log/xferlog

Many system users cannot log on, such as root:
[Root @ sherry tftp] # cat/etc/pam. d/vsftpd
# % PAM-1.0
Session optional pam_keyinit.so force revoke
Auth required pam_listfile.so item = user sense = deny file =/etc/vsftpd/ftpusers onerr = succeed # users in this authentication file cannot log on.
Auth required pam_shells.so
Auth include password-auth
Account include password-auth
Session required pam_loginuid.so
Session include password-auth

[Root @ sherry tftp] # cat/etc/vsftpd/ftpusers
# Users that are not allowed to login via ftp
Root
Bin
Daemon
Adm
Lp
Sync
Shutdown
Halt
Mail
News
Uucp
Operator
Games
Nobody

All virtual users map to a system user. The file directory accessed is the home directory of the System user;
Virtual User Configuration:
Hash-encoded files: odd behavior usernames and even behavior passwords
Relational Database: pam-mysql Authentication
Check whether pam_mysql.so is installed.

[Root @ sherry vsftpd] # ls/lib64/security/pam_m
Pam_mail.so pam_mkhomedir.so pam_motd.so

Yum install pam_mysql-y
[Root @ sherry vsftpd] # ls/lib64/security/pam_m
Pam_mail.so pam_mkhomedir.so pam_motd.so pam_mysql.so

Create the databases, tables, and vsftpd users required for vsftpd.
12345678910 mysql & gt; create database vsftpd;
Mysql> grant select on vsftpd. * to 'vsftpd '@ 'localhost' identified by '123 ';
Mysql> flush privileges;

Mysql> create table users (
Id int AUTO_INCREMENT not null,
Name char (20) binary not null,
Password char (48) binary not null,
Primary key (id)
);

Add a virtual user:

Mysql> insert into users (name, password) values ('Tom ', password ('Tom '));
Mysql> insert into users (name, password) values ('Jerry ', password ('Jerry '));

Configure vsftpd:
File required for pam Authentication
12345 [root @ sherry pam. d] # vim/etc/pam. d/vsftpd. mysql
# Crypt = 2 mysql-password encryption during authentication 3 md5 4sha1
Auth required/lib64/security/pam_mysql.so user = vsftpd passwd = 222222 host = 127.0.0.1 db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 2
# Account Verification
Account required/lib64/security/pam_mysql.so user = vsftpd passwd = 222222 host = 127.0.0.1 db = vsftpd table = users usercolumn = name passwdcolumn = password crypt = 2

[Root @ sherry tftp] # useradd-g sherry-s/sbin/nologin-d/home/tftp testftp
[Root @ sherry home] # chmod go + rx tftp/

Make sure the following options are enabled in/etc/vsftpd. conf.
Anonymous_enable = YES
Local_enable = YES
Write_enable = YES
Anon_upload_enable = NO
Anon_mkdir_write_enable = NO
Chroot_local_user = YES

Then add the following options
Guest_enable = YES
Guest_username = testftp # ing user
Pam_service_name = vsftpd. mysql

Start the service:
[Root @ sherry home] #/etc/init. d/vsftpd restart
Shutting down vsftpd: [OK]
Starting vsftpd for vsftpd: [OK]

Login successful:
[Root @ martin ~] # Lftp-u tom, tom 172.16.178.153
Lftp tom@172.16.178.153:/> put a. bin. SQL
2448 bytes transferred
[Root @ sherry tftp] # ll
Total 644
-Rw ------- 1 testftp sherry 2448 May 26 a. bin. SQL

Permission Configuration:
[Root @ sherry ~] # Vim/etc/vsftpd. conf
# Configure vsftpd as a virtual user using the vusers_config name in the configuration file directory.
User_config_dir =/etc/vsftpd/vusers_config

Create the required directory and provide the configuration file for the virtual user

[Root @ sherry ~] # Mkdir/etc/vsftpd/vusers_config/
[Root @ sherry ~] # Cd/etc/vsftpd/vusers_config/
[Root @ sherry ~] # Touch tom jerry

The access permission of a virtual user to the vsftpd service is obtained through commands of an anonymous user. For example, to allow the tom user to upload files, modify the/etc/vsftpd/vusers/tom file and add the following options.
[Root @ sherry ~] #/Etc/vsftpd/vusers/tom
Anon_upload_enable = {YES | NO}
Anon_mkdir_write_enable = {YES | NO}
Anon_other_write_enable = {YES | NO}

 

Four Advanced configurations of vsftpd Server:

VsFTPd configuration Tutorial:

Simple and practical Ubuntu FTP setup

Set up FTP server and Apache server on Ubuntu

Install the LAMP \ vsftpd \ Webmin \ phpMyAdmin service and settings in Ubuntu 13.04

Simple case of anonymous uploading of SeLinux and vsftpd on the RHEL6 Platform

Install vsftpd source code in Linux

Install and configure the FTP server vsftpd in openSUSE 13.2/13.1

This article permanently updates the link address:

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.