In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
Main points of content:
I. Overview of vsftpd
Second, the difference between ftp, sftp, vsftp and vsftpd
Anonymous users log in to ftp
4. Log in to ftp with local users
Set up a virtual user account and use ftp
I. Overview of vsftpd
Vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. Vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX and so on. It is a completely free, open source ftp server software that supports many features that other FTP servers do not support.
1. Characteristics
Very high security requirements, bandwidth restrictions, good scalability, can create virtual users, support IPv6, high speed, compact and light, safe and easy to use.
Second, the difference between ftp, sftp, vsftp and vsftpd
Ftp is the abbreviation of File Transfer Protocol, file transfer protocol, a set of standard protocols for file transfer over the network, using client / server mode. It belongs to the application layer of the network transport protocol.
Sftp is the abbreviation of SSH File Transfer Protocol, secure file transfer protocol.
Vsftp is a ftp server software used on Unix-like systems based on GPL. Its full name is Very Secure FTP. From this name, we can see that the original intention of the programmer is the security of the code.
Vsftpd is the abbreviation of very secure FTP daemon, and security is one of its biggest features. Vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX and so on. It is a completely free, open source ftp server software.
Third, anonymous users log in to ftp (file in / var/ftp)
1. Install the vsftpd service
[root@localhost ~] # yum install vsftpd-y # # installation service [root@localhost ~] # cd / etc/vsftpd/ # # this directory is the configuration file directory [root@localhost vsftpd] # lsftpusers user_list vsftpd.conf vsftpd_conf_ migrate.sh [root @ localhost vsftpd] # systemctl start vsftpd # # enable the vsftpd service [root@localhost vsftpd] # systemctl stop firewalld.service # # close the firewall [root@localhost vsftpd] # setenforce 0 # # Turn off the enhancements [root@localhost vsftpd] # ls / var/ftp/ # # switch to pub[ root @ localhost vsftpd] # echo "this is test" > / var/ftp/test.txt # # in the ftp directory to add a text file
2. Use the test machine cmd to access the vsftpd service (cmd connects to ftp) and download the file
C:\ Users\ xy007 > ftp 192.168.13.140 # # access the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): ftp # # Anonymous access 331 Please specify the password. Password: # # password No return Login successful.ftp > pwd # # View the current path 257 "/" # the root directory of the ftp service ftp > ls-a # # View the contents of the directory 200 PORT command successful. File in Consider using PASV.150 Here comes the directory listing....pubtest.txt # # server: received 25 bytes and used 25000.00 kilobytes per second in 0.00 seconds. Ftp > get test.txt # # download files locally (download to whichever disk is accessed, you can switch disks to download e:) 200 PORT command successful. Consider using PASV.150 Opening BINARY mode data connection for test.txt (13 bytes) .226 Transfer complete.ftp: received 13 bytes and took 13000.00 kilobytes per second in 0.00 seconds. Ftp > put test1.txt # # create a test1.txt on disk C and upload it to Linux for 200 PORT command successful. Consider using PASV.550 Permission denied. # # permission is restricted at this time
3. Modify the vsftpd configuration file to enable the maximum permission for anonymous access.
[root@localhost ftp] # cd / etc/vsftpd/ [root@localhost vsftpd] # vim vsftpd.conf## look for the following options in the configuration file: anonymous_enable=YES # # enable anonymous user local_enable=YES # # local user write_enable=YES # # write permission local_umask=022 # # local user reverse mask anon_upload_enable=YES # # upload permission enable anon_mkdir_write_enable=YES # # enable create directory And can write anon_other_write_enable=YES # # add an other rename and delete permissions [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service [root@localhost vsftpd] # cd / var/ftp/ # # switch to the ftp directory [root@localhost ftp] # lspub test.txt [root@localhost ftp] # ls-l total usage 4drwxr-xr-x. 2 root root 6 October 31 2018 pub-rw-r--r--. 1 root root 13 November 5 19:14 test.txt [root@localhost ftp] # chmod 777 pub # # maximize the permissions of the pub directory, note that you cannot directly give the maximum permissions to ftp
4. Use the test machine cmd to access ftp and upload local files to Linux
C:\ Users\ xy007 > ftp 192.168.13.140 # # access the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): ftp331 Please specify the password. Password: 230 Login successful.ftp > cd pub/ # # switch to the pub directory 250 Directory successfully changed.ftp > put test1.txt # # upload files 200 PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: sends 13 bytes, takes 0.03 seconds and 0.41 kilobytes per second. Ftp > by # # exit 221 Goodbye.## you can also delete files using delete
5. View the uploaded file
[root@localhost ftp] # cd / var/ftp/pub # # switch to the pub directory [root@localhost pub] # ls # # to view the uploaded file test1.txt
Fourth, use local users to log in to ftp (file home directory) to prevent local users from accessing the system directory and restrict access to the user's home directory.
1, create a system user
[root@localhost pub] # useradd zhangsan # # create user and set user password [root@localhost pub] # passwd zhangsan [root@localhost pub] # useradd lisi # # create user and set user password [root@localhost pub] # passwd lisi
2. Cmd on the test machine uses users to log in to ftp
C:\ Users\ xy007 > ftp 192.168.13.140 # # Log in to the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # uses local user 331 Please specify the password. Password: 230 Login successful.ftp > ls / # # View the directory files under the user / and go directly to 200 PORT command successful under the system root directory. Consider using PASV.150 Here comes the directory listing./bin/boot/dev/etc/home/lib/lib64/media/mnt/opt/proc/root/run/sbin/srv/sys/tmp/usr/var226 Directory send OK.ftp: received 126bytes and used 0.02s 7.88kbytes per second.
3. Prevent local users from accessing the system directory, and restrict access to only the user's home directory
[root@localhost pub] # vim / etc/vsftpd/vsftpd.conf # # modify configuration file chroot_local_user=YES # # enable restrict local access to the system directory module allow_writeable_chroot=YES # # add write permission [root@localhost pub] # systemctl restart vsftpd # # restart the service
4. Cmd access of the test machine
C:\ Users\ xy007 > ftp 192.168.13.140 # # access ftp to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # user zhangsan331 Please specify the password. Password: 230 Login successful.ftp > cd / # # switch to the system root directory 250 Directory successfully changed.ftp > ls # # to check whether it is still in the user's home directory, can not access other directories of the system, enhanced the security of 200 PORT command successful. Consider using PASV.150 Here comes the directory listing.226 Directory send OK.
Set allow, deny specified users access to ftp1, set user-list (default deny), allow or deny specific users to log in to ftp
[root@localhost pub] # cd / etc/vsftpd/ # # switch to the vsftpd configuration file directory [root@localhost vsftpd] # vim vsftpd.confuserlist_enable=YES # # confirm that user-list opens [root@localhost vsftpd] # lsftpusers user_list vsftpd.conf vsftpd_conf_ migrate.sh [root @ localhost vsftpd] # echo "zhangsan" > > user-list # # add zhangsan users to the list [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service
2. Use cmd to test
C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # use zhangsan to log in to 530 Permission denied. Login failed. # # directly refuse to log in to ftp >
3, set the list to allow only
[root@localhost ftp] # cd / etc/vsftpd/ [root@localhost vsftpd] # vim vsftpd.conf # # configure vsftpd profile userlist_enable=YESuserlist_deny=NO # # add list allow [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service
4, test machine cmd test
C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # use zhangsan to log in to 331 Please specify the password. Password: 230 Login successful. # # Log in successfully ftp > by221 Goodbye.C:\ Users\ xy007 > ftp 192.168.13.140 connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): lisi # # use lisi to log in to 530 Permission denied. Login failed. # # Login failure
Fifth, set up a virtual user account using ftp (files in the system user's vuser home directory)
1, create a virtual user file
[root@localhost vsftpd] # cd / etc/vsftpd/ # # switch to the configuration file directory [root@localhost vsftpd] # vim vuser # # create a virtual user file lisa # # Odd behavior username 123123 # # even behavior password tom123123
2. Convert database files and set security permissions
[root@localhost vsftpd] # db_load-T-t hash-f vuser vuser.db # # convert vuser to database file # # T conversion, t type, f specify file [root@localhost vsftpd] # chmod 600vuser # # for security reasons, set permissions [root@localhost vsftpd] # chmod 600vuser.db
3. Edit pam authentication module to support virtual user login
[root@localhost vsftpd] # useradd-d / opt/vuser-s / sbin/nologin vuser # # create a system user, specify a home directory, and cannot log in to [root@localhost vsftpd] # vim / etc/pam.d/vsftpd.vu # # compile pam authentication module auth required pam_userdb.so db=/etc/vsftpd/vuser # # identify the converted database file account required pam_userdb.so db=/etc/vsftpd/vuser # # connected password service
4. Enable virtual users and use pam module to authenticate and log in
[root@localhost vsftpd] # vim vsftpd.conf # # modify the configuration file # # G to the last line # pam_service_name=vsftpd # # Note # # add the following three lines guest_enable=YES # # enable guest users to access guest_username=vuser # # use vuser username pam_service_name=vsftpd.vu # # pam module [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service
5, test machine cmd test
C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): tom # # uses the virtual user tom to log in to 331 Please specify the password. Password: 230PORT command successful > put test1.txt # # upload a file 200PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: send 13 bytes, 13000.00 kilobytes per second in 0.00 seconds. # # the permission to view files is 600 [root@localhost vsftpd] # ls-l / opt/vuser/. 1 vuser vuser 13 November 5 22:51 test1.txt
6. Individual user configuration, specifying the permission to upload files 644
[root@localhost vsftpd] # vim vsftpd.conf # # add user_config_dir=/etc/vsftpd/vu_dir # # individual user configuration folder [root@localhost vsftpd] # mkdir vu_dir # # create a folder [root@localhost vsftpd] # cd vu_dir/ [root @ localhost vu_dir] # vim lisa # # create a user profile in the configuration folder anon_umask=022 # # specify the permission to upload files [root@localhost vu_dir] # systemctl restart vsftpd # # restart the service
7. The test machine cmd logs in with the lisa user to view the permissions for uploading files
C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): lisa # # use lisa to log in to 331 Please specify the password. Password: 230Login successful.ftp > put 111.txt # # upload file 200PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: send 13 bytes, 13000.00 kilobytes per second in 0.00 seconds. [root@localhost vu_dir] # ls-l / opt/vuser/ # # View the total amount of permissions for uploading files. 1 vuser vuser 13 November 5 22:58 111.txt # # lisa upload file permission 644 Murray. 1 vuser vuser 13 November 5 22:51 test1.txt # # tom upload permissions 600
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
