VSFTPD Service Building

A FTP operating mode

2. Active mode

   1. in the first step, the client randomly opens a port larger than 1024x768 to establish a connection channel with the server's port.

   2. in the second step, when the client needs to transfer data to the server, the client will open a random port y greater than 1024x768and transmit the Y port number to the server via the previous command channel Port.

   3. The third step, the server gets to the client's second port will be actively connected to the client's port, through three handshake, the completion of the server and client data channel, all the data through the data channel transmission.

3. Passive mode

   1. in the first step, the client randomly opens an X port greater than 1024x768 and establishes a connection channel with the server's Port.

   2. The second step, when the client needs to communicate with the server, the client sends data from the command channel request to upload or download data.

   3. in the third step, when the server receives the data request, it randomly opens a port Y andtransmits the port information to the client via the command channel.

   4. Fourth, after the client receives the information from the data port Y sent by the server , a random port Z is opened locally on the client, at whichpoint the client actively passes the local z Port and the server's the Y port is connected and the data can be transferred after the three handshake is complete.

   5.

Two installation and Management VSFTPD

RPM–IVH vsftpd

Service Vsftpdstart

Chkconfig Vsftpdon

A configuration file Resolution

VSFTPD configuration file is located in the/ETC/VSFTPD directory by default

Common Global Configuration Items

Listen=yes: Whether to monitor the service in a standalone manner

listen_address=192.168.4.1: Set the listening IP address

LISTEN_PORT=21: Setting the port number for listening to the FTP service

Write_enable=yes: Whether Write permission is enabled

Download_enable=yes: Whether to allow files to be downloaded

Userlist_enable=yes: Whether to enable User_list list file

Userlist_deny=yes: Whether to disable users in User_list

Max_clients=0: Limit the number of concurrent client connections

Max_per_ip=0: Limit the number of concurrent connections for the same IP address

Common Anonymous FTP configuration entries

Anonymous_enable=yes: Enable anonymous access

anon_umask=022: Permission mask for files uploaded by anonymous users

ANON_ROOT=/VAR/FTP: Anonymous user's FTP root directory

Anon_upload_enable=yes: Allow uploading of files

Anon_mkdir_write_enable=yes: Allow directory creation

Anon_other_write_enable=yes: Open Other write rights

Anon_max_rate=0: Limit Maximum transfer rate (Bytes/sec)

Common Local user FTP configuration entries

Local_enable=yes: Whether to enable Local system users

local_umask=022: Permission mask for files uploaded by local Users

LOCAL_ROOT=/VAR/FTP: Setting the FTP root directory for Local Users

Chroot_local_user=yes: Whether to imprison the user in the home directory

Local_max_rate=0: Limit Maximum transfer rate (Bytes/sec)

Five. Local account FTP(case one)

1. Modify the configuration file as follows

Anmous_enable=no

Local_enable=yes

Write_enable=yes

local_umask=022

Dirmessage_enable=yes

Xferlog_enable=yes

Xferlog_std_fromat=yes

Chroot_local_user=yes

Listen=yes

Pam_service_name=vsftpd

Userlist_enable=yes

Tcp_wrappers=yes

2. Create SYSTEM account and test file

Useradd–s/sbin/nologin Tom

Useradd–s/sbin/nologin Jerry

Useradd–s/sbin/nologin Smith

Touch Home/{tom,jerry,smith}/test.txt

3. Service Management

SERVICEVSFTPD start

A Virtual User FTP(case two)

1. Create a virtual user database

first, you need to create the plaintext password file, the odd behavior in the file user name, even the password. Then using the Db_load tool to convert it to a database file,the Db_load tool needs to be obtained by installing DB4-utils software and finally by modifying the file permissions to enhance the security of the data.

[[Email protected]]# vi/etc/vsftpd/vusers.list

Mike

123

John

456

[[Email protected]]# cd/etc/vsftpd/

[Email protected] vsftpd]# db_load-t-t hash-f vusers.list vusers.db

[[Email protected] vsftpd]# file vusers.db

Vusers.db:Berkeley db (Hash, version 9, native Byte-order)

[Email protected] vsftpd]# chmod 600/etc/vsftpd/vusers.*

[Email protected] vsftpd]# ls-lh/etc/vsftpd/vusers.*

-RW-------1 root root 12K June 08:51/etc/vsftpd/vusers.db

-RW-------1 root root 18 June 08:48/etc/vsftpd/vusers.list

2. Create FTP root and virtual user mappings for system users

[Email protected]]# useradd-d/var/ftproot-s/sbin/nologin Virtual

[Email protected]]# chmod 755/var/ftproot/

3. Establish a PAM authentication file that supports virtual users

[[Email protected]]# vi/etc/pam.d/vsftpd.vu

#%pam-1.0

Auth Required pam_userdb.so Db=/etc/vsftpd/vusers

Account Required Pam_userdb.so Db=/etc/vsftpd/vusers

4. Add the support configuration in the vsftpd.conf file

[Email protected] ~]# vi/etc/vsftpd/vsftpd.conf

......

Local_enable=yes

Write_enable=yes

anon_umask=022

Guest_enable=yes//Enable user mapping feature

Guest_username=virtual//Specifies the mapped system user name

PAM_SERVICE_NAME=VSFTPD.VU//Specify a new PAM certification file

5. Create separate profiles for different virtual users

Adding User Configuration directory support in the vsftpd.conf file

User_config_dir=/etc/vsftpd/vusers_dir

Create separate configuration directories and files for user Mike and John

The configuration file name is the same as the user name

[Email protected] ~]# mkdir/etc/vsftpd/vusers_dir/

[Email protected] ~]# cd/etc/vsftpd/vusers_dir/

[Email protected] vusers_dir]# VI John

Anon_upload_enable=yes

Anon_mkdir_write_enable=yes

[[email protected] vusers_dir]# Touch Mike

This article is from the "Carey" blog, make sure to keep this source http://akhack.blog.51cto.com/11084669/1760100

VSFTPD Service Building