Shulou(Shulou.com)06/01 Report--

1. ftp download installation and basic configuration

1. Download and install vsftpd and lftp first (lftp to verify ftp)

getenforce is shown as Enforcement

Modify/etc/sysconfig/selinux

2. Install vsftpd on the host and continue configuration after installation:

Systemctl start vsftpd

Systemctl enable vsftpd

firewall-cmd --permanent --add-service=ftp

firewall-cmd --reload

firewall-cmd --list-all

Error 550 means service is not allowed

Anonymous Users

1. Anonymous User Uploads (3)

/etc/vsftpd/vsftpd.conf

Limit anonymous user logins

At the same time, you need to modify the permissions of the pub directory to 775 and change all groups of the pub to ftp

2. Change default access path (13)

3. Allow anonymous users to download files uploaded by anonymous users (31)

4. Allow users to create directories (9) and delete directories (6)

5. Limit download and upload speed, limit the number of users simultaneously connected to ftp

(33, 34 lines)

Generate a file of controllable size

6. Expand uploader file permissions (34)

7. Modify the owner of the uploaded file (only users with existing server can)(53 54)

anon umask and modify upload file owner conflict

3. Log in with local users

lftp ip -u username

Line 17 Whether local users are allowed to log in

Line 20 Whether local users are allowed to read and write

24 lines to modify local user UMASK

IV. Restricting local users from accessing the root directory

chmod u-w /home/* is required to open line 106 (W permissions need to be subtracted if permissions are too large)

106 line NO| Yes, all can be accessed.| may not access

Line 107 opens the black and white list

Line 109 creates this file and writes to the user

When 106 is yes, the file is whitelisted.

When 106 is no, the file is blacklisted.

(All of the above black and white lists are for access to the root directory)

V. Local user login blacklist

/etc/vsftpd/ftusers and user_list

All are blacklisted ftusers are permanently blacklisted

User_list is a temporary blacklist

In/etc/vsftpd/vsftpd.conf

The path to vsftpd is/etc/pam.d/.

Add line 132 user_list to whitelist

ftusers> user_list

6. How to be a virtual user

Under/etc/vsftpd

Create loginusers (arbitrary name) file

Enter your username and password.

and encrypt the file.

db_load -T -t hash -f loginusers loginusers.db

Go to/etc/pam.d/

Create file ftpauth (name arbitrary)

modify the configuration file

/etc/vsftpd/vsftpd.conf(130,131,132)

systemctl restart vsftpd

(Add virtual user account information, continue to write loginusers file, re-encrypt file)

virtual user specified home directory

Create a home directory for each virtual user

chmod u-w /ftpuser/*

Modify the configuration file vsftpd.conf(lines 135, 136)

Assign permissions to virtual users individually

Turn off virtual user rights first

Take user1 as an example:

Specify the location of the user's individual permissions in the configuration file

vim /etc/vsftpd/userconf/user1

Write the permissions required by user1

mkdir -p /ftpuser/user{1.. 3}/config

chgrp ftp /ftpuser/user{1.. 3}/config

chmod 775 /ftpuser/user{1.. 3}/config

Reason for error:

500: Too many permissions for files (usually local users)

Or the file configuration is wrong

530: Account and password do not match

550: Configuration file permissions not allowed

553: Anonymous user does not have write permission to file

getenforce impact on lftp

vim /etc/sysconfig/selinux

command settings

touch /mnt/file moved to ftp pub

Anonymous user login cannot see file

viewing the tag

Modify label (temporary modification)

By default, local users cannot upload because selinux is disabled by default.

selinux: anonymous users can upload

setsebool -P ftpd_anon_write on

setsebool -P ftpd_full_access on

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.