VSFTPD Service Transfer

1. FTP Simple Introduction

File Transfer Protocol FTP (Transfer Protocol), a file protocol that enables users to upload and download files on the Internet

FTP Client FTP server side

FTP occupies two port number (21,20)

21 Port: Command control, which is used to accept FTP commands executed by the client.

20-Port: Data transfer for uploading and downloading of files.

FTP Data Transfer Type:

Active mode: The FTP server initiates a connection request to the FTP client actively.

Passive mode: The FTP server waits for a connection request from the FTP client.

2. Installing the VSFTPD Service Program

VSFTPD "Very Secure ftp Dawmon" is an FTP server program running on the UNIX operating system,

Main: Security, full open source free, high speed, support IPv6, virtual user function and so on.

#yum Install Vsftpd-y

#iptables-f//Empty firewall rules

#service iptables Save//Baoqunqing firewall rules after empty

/USR/SBIN/VSFTPD Main Program

/etc/vsftpd/ftpusers &/etc/vsftpd/user_list//user Forbidden Login List

/etc/vsftpd/vsftpd.conf//Master configuration file

Configuration file parameters function in detail:

Listen=yes|no//Whether to monitor the service in independent operation mode

LISTEN_ADDRESS=IP_ address//Set IP address to listen on

LISTEN_PORT=21//Setting up an FTP listening port

Download_enable=yes|no//Whether to run the download

Userlist_enable=yes|no//Whether to enable "Prohibit login user list"

Max_client=0//Maximum number of client connections, 0-bit Unlimited

anonymous_enable=yes| No//Whether anonymous user access is allowed

Anon_upload_enable=yes|no//Whether anonymous users are allowed to upload files

anon_umask=022//Umask value of anonymous user upload file

ANON_ROOT=/VAR/FTP//Anonymous user's FTP root directory

Anon_mkdir_write_enable=yes|no//Whether open anonymous user create directory

Anon_other_write_enable=yes|no//Whether to open anonymous user other write permissions

Local_enable=yes|no//Whether Local users are allowed to log on to FTP

local_umask=022

Local_root=/var/ftp

Chroot_local_user=yes|no//Whether to imprison user rights in the FTP directory, security

3. Three ways to verify VSFTPD

Anonymous access: Anyone can log on to the FTP server without verifying the password.

Local User: Use the account and password information in the FTP server.

Anonymous User: Create a separate FTP account profile.

3.1 Anonymous access mode

vim/etc/vsftpd/vsftp.conf

-------------------------------------

Anonymous_enable=yes

Anon_upload_enable=yes

Anon_mkdir_write_enble=yes

Anon_other_wite_enable=yes

Write_enbale=yes

-----------------------------------------

Server side: chmod ftp/var/ftp/pub//Modify Pub directory host

Setenforce=0//Turn off SELinux

vim/etc/selinux/conf

Systemctl Restart VSFTPD

Client side configuration: Yun Install ftp-y

FTP 192.168.100.10 (server IP)

Anonymous

3.2 Local User mode

Vim/etc/vsftpd/vsftp.conf

-------------------------------------

Anonymous_enable=no

Local_enable=yes

Write_enable=yes

Userlist_deny=yes

Userlist_enable=yes

pam_service_name=vsftpd

-----------------------------------------

Systemctl Restart VSFTPD

Useradd Jerry && echo "Jerry" | passwd--stdin Jerry//Add users outside of userlist

Iptables-f

Setenforce=0

--------------------------------

3.3 Virtual User mode (most secure)

3.3.1 Creating a virtual FTP user database file

Cd/etc/vsftpd

Vim myvuser.list//Singular line account number is a password

Jerry

Jerry

Db_load-t-T hash-f myvuser.list myvuser.db//using the Dbload command to generate the database file with the hash algorithm myvuser.db

chmod myvuser//Modify Permissions

Rm-f myvuser.list

3.3.2 Creating FTP root and virtual user mappings for system users

useradd-d/var/ftproot-s/sbin/nologin Virtual//create default file root/var/ftproot

ls-ld/var/ftproot/

CHMOD-RF 755/var/ftproot/

3.3.3 establishing a PAM authentication file that supports virtual use

Vim/etc/pam.d/vsftpd.u

Auth required pam_userdb.so.db=/etc/vsftpd/myvuser//myvuser no suffix

Account Required Pam_userdb.so.db=/etc/vsftpd/myvuser

3.3.4 adding support configurations in the vsftpd.conf file

---------- -------------------------------------    

Anonymous_enable=no

Local_enable=yes

Guest_enable=yes

Guest_username=virtual

PAM_SERVICE_NAME=VSFTPD.VU//Specify Pam File

Write_enable=yes

Allow_writeable_chroot=yes//allow the root directory to be writable

User_config_dir=/etc/vsftpd/myvusers_dir

-----------------------------------------------

3.3.5 set different permissions for a virtual user

............................................................

Vim/etc/vsftpd/vsftpd.conf

User_config_dir=/etc/vsftpd/myvusers_dir//Create user-independent permission profile to store directory

Cd/etc/vsftpd/myvusers_dir

Vim Jerry//Configure specific permissions for Jerry users

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

Anon_other_write_enable=yes

......................................................................

3.3.6 Restart VSFTPD service systemctl restart VSFTPD

4. Pluggable Authentication Module Pam

Pam:pluggable authentication modules A kind of authentication mechanism

Application, PAM API (Application interface layer), module (Identification module layer)

Important Pam Directory:

/lib/security:pam//Authentication Module

/ETC/PAM.D//Pam configuration file for different service definitions

This article is from the Linux learning blog, so be sure to keep this source http://meeyu.blog.51cto.com/9901616/1792614

VSFTPD Service Transfer