Shulou(Shulou.com)06/02 Report--

FTP File transfer Service

Requirements description:

 uses the way of FTP virtual users, adding three users: zhangsan, lisi, wangwu.

 user access and file permission control

 provides anonymous access, and any user can download software materials from the server / var/ftp/soft/ directory.

 user zhangsan can upload and delete the / var/ftp/soft/ directory of the server.

 user lisi can download information about marketing activities and sales plans in the server / var/market/ directory.

 user wangwu can upload and delete the server / var/market/ directory.

 all files uploaded through FTP remove write permissions that are not part of the theme (that is, the permission mask is set to 022).

 forbids any user access to other directories in the server that are not explicitly authorized.

 transmission rate and concurrent connection control

 allows a maximum of 150 concurrent user connections, with no more than 5 concurrent connections per IP.

Download bandwidth for  anonymous users and lisi users is limited to 100KB/s.

The download and upload bandwidth of  wangwu users is limited to 200KB/s.

Specific steps:

Insert the CD and mount it, then install the vsftpd package. As shown in the figure:

The vsftpd service uses database files in Berkeley DB format to store virtual user accounts. The establishment of such a database file requires the use of the db_load tool, which is provided by the db4_utils package, and the db4_utils package, which needs to be installed from the RHEL5 CD directory, and its installation can do the following:

Create a list of usernames and passwords in text format

First of all, you need to create a user name / password list file in text format, the user name in the odd behavior, and the password corresponding to the user in the previous line of the even behavior. As shown in the figure:

Create a database file in Berkeley DB format

Once you have a user name / password list file in text format, create a database file in Berkeley DB format for the data stream through the db_load tool.

In the db_load command, the "- f" option is used to specify the data source file, the "- T" option allows non-Berkeley DB applications to use DB data files converted from text format, and the "- t hash" option specifies the basic method of reading the data file.

In order to improve the security of asking prices for virtual user accounts, the asking rights should be set to 600 to avoid data leakage. The specific operations are as follows:

Add the virtual user's mapped account and create the FTP root directory

The vsftp server adopts the mapping control mode to control the virtual users, which corresponds all the virtual users to the same system user, and the user host directory of the system is the FTP root directory shared by all virtual users after logging in. Therefore, you also need to add a corresponding system user account (this account does not need to set a password and shell).

Create PAM authentication files for virtual users

The default PAM authentication file for the vsftpd service is located in / etc/pam.d/vsftpd, which is suitable for authentication with the system user account of the Linux host. To read the virtual user's account file, you need to create a new PAM authentication configuration.

In the above PAM configuration, the location of the virtual user database file to be used is specified through the "db=/etc/vsftpd/vusers" parameter (omitting the .db extension), which corresponds to the / etc/vsftpd/vusers.db file.

Modify vsftpd configuration to add virtual user support

Add guest_enable and guest_username configuration items to the vsftpd.conf configuration file, correspond all virtual users accessing the FTP service to the same system user account virtual, and modify the pam_serivce_name configuration entry to point to the / etc/pam.d/vsftpd.vu authentication file established in the previous step.

In vsftpd services, virtual users are treated as anonymous users by default to reduce privileges, so the corresponding configuration items usually start with anon_.

Create the directory / var/ftp/soft/, and set the owner to virtual with permissions of 755. As shown in the figure:

Create separate profiles for different virtual users

With the previous steps, you can actually reload vsftpd and provide services, and you can log in to the FTP server and download files using any virtual user account. But because all virtual uses are mapped to the same system user account, FTP access is the same, either downloading or uploading.

To set different access permissions for different virtual user accounts, you can do this by establishing a separate profile for each virtual user, enabling a separate profile for FTP users, and adding a "user_config_dir" configuration item through the vsftpd.conf profile.

With the above configuration in place, you can create a separate profile for each virtual user in the / etc/vsftpd/vusers_dir/ directory.

After the "user_config_dir" configuration item is enabled in the vsftpd.conf file, a separate configuration user (which can be an empty file) should be established for each virtual user, otherwise the user may not be able to log in. In each user's separate profile, you can add new configuration items to limit access, download rates, and so on.

Once you have the virtual user database file and correctly added virtual user support for vsftpd, you can reload the vsftpd service program. Users can use the FTP client program to access the FTP server and test with a virtual user account.

The FTP server has been built!

 uses user_list user list files

When the vsftpd server opens the "local_enable" configuration item, all system users can log in to the FTP server by default. If you only want to open the FTP service to a small number of system users, you need to open the relevant configuration items controlled by the user list, including userlist_enbale and userlist_deny. As shown in the figure:

 modifies the listening address and port of the vsftpd service

After changing the port number, Linux access: ftp://IP address port number

 allows passive mode of the FTP server

 active mode: the server initiates a data connection actively. First of all, the client establishes a FTP control connection to port 21 of the server. When it needs to transfer data, the client tells the server with PORT command, "I have opened a certain port, you come and connect me", so the server sends a request from port 20 to the port of the client and establishes a data connection.

 passive mode: the server passively waits for a data connection. If the firewall of the network where the client is located prohibits active mode connections, passive mode is usually used. First of all, the FTP control connection is established from the client to port 21 of the server. When the server needs to transfer data, the server has PASV command to tell the client, "I have opened a port, you come and connect to me", so the client sends a request to the port (not 20) of the server and establishes a data connection.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.