In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/03 Report--
I. brief explanation
Ftp: file transfer protocol
Vsftpd: a very secure ftp process
Second, the working mode
The command port of ftp is 21
Active mode (not recommended): ftp data port is 20, the server connects to the client, because the client has a firewall, so it is inconvenient to use
Passive mode (recommended): the server tells the client my open port, and the client connects to the server
Third, install vsftpd
Yum-y install vsftpdsetenforce 0sed-I's etc/selinux/config'/ etc/selinux/config
After the installation is complete, the firewall setting opens the port in 21 and in the configuration file (pasv_min_port to pasv_max_port)
Configuration file: / etc/vsftpd/vsftpd.conf
Main program: / usr/sbin/vsftpd
Fourth, configure ftp in passive mode
1. General configuration
# anonymous anonymous_enable=NO#local system userlocal_enable=YESallow_writeable_chroot=YES#passive mode and portpasv_enable=YESpasv_min_port=20000pasv_max_port=20999#listenlisten=YESlisten_ipv6=NOconnect_from_port_20=YES#log xferlog_enable=YESxferlog_file=/var/log/xferlog#welcome infodirmessage_enable=YES#trans limitidle_session_timeout=120data_connection_timeout=120tcp_wrappers=YESmax_clients=10max_per_ip=10#safelocal_umask=022chroot_local_user=YES
two。 Anonymous user configuration (not recommended)
Anonymous user anonymous, corresponding to the ftp user of the server. The folder accessed is / var/ftp, except root cannot have write permission.
Enable configuration
# anonymous anonymous_enable=YES
3. System user configuration (not recommended)
Because ftp is transmitted in clear text, if you get caught, you can see the user name and password of the system user, which makes the server insecure
Related configuration
# local system userlocal_enable=YESwrite_enable=YES
Virtual user configuration (recommended)
It can be based on both database and file modes, and the file mode is configured as follows:
1. Create a user database file
The vm_user.txt format must be one-line user name and one-line password, such as
Tom
123456
Vi / etc/vsftpd/vm_user.txtcd / etc/vsftpd/db_load-T-t hash-f vm_user.txt vm_user.dbchmod 600 vm_user.db
two。 Create mapped users and FTP directories
Useradd-s / sbin/nologin ftpuser
3. Create a pam file
Vi / etc/pam.d/vm-vsftpdauth required pam_userdb.so db=/etc/vsftpd/vm_useraccount required pam_userdb.so db=/etc/vsftpd/vm_user
4. Configure in vsftp.conf
# vm_ftpguest_enable=YESguest_username=ftpuserpam_service_name=vm-vsftpduser_config_dir=/etc/vsftpd/vm_ftp.d/
5. Set separate permissions for virtual users
Mkdir / etc/vsftpd/vm_ftp.d/mkdir / home/ftpuser/lifechown-R ftpuser:ftpuser / home/ftpuser/vi / etc/vsftpd/vm_ftp.d/tomwrite_enable=YESanon_world_readable_only=NOanon_upload_enable=YESanon_mkdir_write_enable=YESanon_other_write_enable=YESlocal_root=/home/ftpuser/life
6. The complete vsftpd.conf configuration is as follows
# anonymous anonymous_enable=NO#local system userlocal_enable=YESallow_writeable_chroot=YES#passive mode and portpasv_enable=YESpasv_min_port=20000pasv_max_port=20999#listenlisten=YESlisten_ipv6=NOconnect_from_port_20=YES#log xferlog_enable=YESxferlog_file=/var/log/xferlog#welcome infodirmessage_enable=YES#trans limitidle_session_timeout=120data_connection_timeout=120tcp_wrappers=YESmax_clients=10max_per_ip=10#safelocal_umask=022chroot_local_user=YES#vm_ftpguest_enable=YESguest_username=ftpuserpam_service_name=vm-vsftpduser_config_dir=/etc/vsftpd/vm_ftp.d/
7. Restart and add boot entry
Systemctl restart vsftpdsystemctl enable vsftpd
VI. Virtual file configuration based on mysql or mariadb
The basic configuration is the same as above, except that the pam module files and database tables are modified.
The content of the 1.pam file is changed. A crypt of 0 means that the database is stored in plain text and encrypted in 1 bit.
Auth required / usr/lib64/security/pam_mysql.so user=ftpuser passwd=ftp123456 host=localhost db=mylab table=ftp_user usercolumn=name passwdcolumn=password crypt=0account required / usr/lib64/security/pam_mysql.so user=ftpuser passwd=ftp123456 host=localhost db=mylab table=ftp_user usercolumn=name passwdcolumn=password crypt=0
two。 Files required to install pam
Yum-y install pam-devel
Install pam_mysql-0.7RC1
Tar xf pam_mysql-0.7RC1.tar.gzcd pam_mysql-0.7RC1./configure-with-mysql=/home/program/mariadb/-with-pam-mods-dir=/lib64/security/make & make install
The pam module file needs to use the database library file, so
Vi / etc/ld.so.conf.d/mysql.conf/home/program/mariadb/libldconfig
3. Database creation tables and authorized users
Create table ftp_user (id int not null auto_increment primary key,name char (20) binary not null,password char (48) binary not null); insert into ftp_user (name,password) values ('ftphome','123'), (' ftpwork','456'); grant select on mylab.ftp_user to 'ftpuser'@'localhost' identified by' 123456
VII. Configuration instructions
Whether anonymous_enable=YES enables anonymous users local_enable=YES whether to enable system users write_enable=YES can upload files anon_upload_enable=YES by default anonymous users cannot upload, but the default var/pub directory itself does not have write permission Anon_mkdir_write_enable=YES anonymous users can create folders anon_other_write_enable=YES anonymous users other write permissions dirmessage_enable=YES whether to display hidden files under the welcome information directory. Message for the content xferlog_enable=YES whether to start the transfer log xferlog _ file=/var/log/xferlog specifies whether the log file xferlog_std_format=YES log file is uploaded using the standard format chown_uploads=YES whether to change the owner chown_username=whoever change Owner idle_session_timeout=600 command connection timeout data_connection_timeout=120 data connection timeout ascii_upload_enable=YES uploads ascii_download_enable=YES in text mode downloads chroot_local_user=YES in text mode all users lock to home directory chroot_list_enable=YES requires exception chroot_list_file=/etc/vsftpd/chroot_list exception user list allow_writeable_chroot=YES when the directory is locked in By default, you can log in without write permission to the root folder. This setting enables writing to listen=YES whether to listen to pam_service_name=vsftpd pam verification file module name userlist_enable=YES to enable user_list file userlist_deny=NO when it is yes, the list cannot log in. When no, only users in the list can log in tcp_wrappers=YES can be restricted through the host file nax_clients = 10 maximum number of client connections max_per_ip = 10 each ip can connect several anon_world_readable_only=YES allowed to download, YES can not be downloaded, NO can
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.