Shulou(Shulou.com)06/02 Report--

Overview of vsftpd

Vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. Vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX and so on. It is a completely free, open source ftp server software that supports many features that other FTP servers do not support.

Characteristics

Very high security requirements, bandwidth limitations, good scalability, can create virtual users, support IPv6, high speed

Small and light, safe and easy to use.

The difference between ftp, sftp, vsftp and vsftpd

Ftp is the abbreviation of File Transfer Protocol, file transfer protocol, a set of standard protocols for file transfer over the network, using client / server mode. It belongs to the application layer of the network transport protocol.

Sftp is the abbreviation of SSH File Transfer Protocol, secure file transfer protocol.

Vsftp is a ftp server software used on Unix-like systems based on GPL. Its full name is Very Secure FTP. From this name, we can see that the original intention of the programmer is the security of the code.

Vsftpd is the abbreviation of very secure FTP daemon, and security is one of its biggest features. Vsftpd is the name of a server running on a UNIX operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX and so on. It is a completely free, open source ftp server software.

First, anonymous users log in to ftp (file in / var/ftp)

1. Install the vsftpd service

[root@localhost ~] # yum install vsftpd-y # # installation service [root@localhost ~] # cd / etc/vsftpd/ # # this directory is the configuration file directory [root@localhost vsftpd] # lsftpusers user_list vsftpd.conf vsftpd_conf_ migrate.sh [root @ localhost vsftpd] # systemctl start vsftpd # # enable vsftpd service [root@localhost vsftpd] # systemctl stop firewalld.service # # close firewall [root@localhost vsftpd] # setenforce 0 # # turn off enhancements [root @ localhost vsftpd] # ls / var/ftp/ # # change to the ftp directory pub[ root @ localhost vsftpd] # echo "this is test" > / var/ftp/test.txt # # add a text file

2. Use the test machine cmd to access the vsftpd service (cmd connects to ftp) and download the file

C:\ Users\ xy007 > ftp 192.168.13.140 # # access the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): ftp # # Anonymous access 331 Please specify the password. Password: # # password No return Login successful.ftp > pwd # # View the current path 257 "/" # the root directory of the ftp service ftp > ls-a # # View the contents of the directory 200 PORT command successful. File in Consider using PASV.150 Here comes the directory listing....pubtest.txt # # server: received 25 bytes and used 25000.00 kilobytes per second in 0.00 seconds. Ftp > get test.txt # # download files locally (download to whichever disk is accessed, you can switch disks to download e:) 200 PORT command successful. Consider using PASV.150 Opening BINARY mode data connection for test.txt (13 bytes) .226 Transfer complete.ftp: received 13 bytes and took 13000.00 kilobytes per second in 0.00 seconds. Ftp > put test1.txt # # create a test1.txt on disk C and upload it to Linux for 200 PORT command successful. Consider using PASV.550 Permission denied. # # this is the configuration of vsftpd service in Linux with limited permissions (anonymous, user, virtual user)

3. Modify the vsftpd configuration file to enable the maximum permission for anonymous access.

[root@localhost ftp] # cd / etc/vsftpd/ [root@localhost vsftpd] # vim vsftpd.conf## look in the configuration file to enable the following options anonymous_enable=YES # # enable anonymous user local_enable=YES # # local user write_enable=YES # # write permission local_umask=022 # # local user reverse mask anon_upload_enable=YES # # upload permission enable anon_mkdir_write_enable=YES # # enable create directory and be able to write anon_other_write _ enable=YES # # add a permission to rename and delete other [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service [root@localhost vsftpd] # cd / var/ftp/ # # switch to [root@localhost ftp] # lspub test.txt [root@localhost ftp] # ls-l total usage 4drwxr-xr-x. 2 root root 6 October 31 2018 pub-rw-r--r--. 1 root root 13 November 5 19:14 test.txt [root@localhost ftp] # chmod 777 pub # # maximize the permissions of the pub directory, note that you cannot directly give the maximum permissions to ftp

4. Use the test machine cmd to access ftp and upload local files to Linux

C:\ Users\ xy007 > ftp 192.168.13.140 # # access the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): ftp331 Please specify the password. Password: 230 Login successful.ftp > cd pub/ # # switch to the pub directory 250 Directory successfully changed.ftp > put test1.txt # # upload files 200 PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: sends 13 bytes, takes 0.03 seconds and 0.41 kilobytes per second. Ftp > by # # exit 221 Goodbye.## you can also delete files using delete

5. View the uploaded file

[root@localhost ftp] # cd / var/ftp/pub # # switch to the pub directory [root@localhost pub] # ls # # to view the uploaded file test1.txt

Second, use the local user to log in to ftp (file home directory)

Prevent local users from accessing the system directory and restrict access to only the user's home directory

1, create a system user

[root@localhost pub] # useradd zhangsan # # create user and set user password [root@localhost pub] # passwd zhangsan [root@localhost pub] # useradd lisi # # create user and set user password [root@localhost pub] # passwd lisi

2. Cmd on the test machine uses users to log in to ftp

C:\ Users\ xy007 > ftp 192.168.13.140 # # Log in to the ftp service to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # uses local user 331 Please specify the password. Password: 230 Login successful.ftp > ls / # # View the directory files under the user / and go directly to 200 PORT command successful under the system root directory. Consider using PASV.150 Here comes the directory listing./bin/boot/dev/etc/home/lib/lib64/media/mnt/opt/proc/root/run/sbin/srv/sys/tmp/usr/var226 Directory send OK.ftp: received 126bytes and used 0.02s 7.88kbytes per second.

3. Prevent local users from accessing the system directory, and restrict access to only the user's home directory

[root@localhost pub] # vim / etc/vsftpd/vsftpd.conf # # modify configuration file chroot_local_user=YES # # enable restrict local access to the system directory module allow_writeable_chroot=YES # # add write permission [root@localhost pub] # systemctl restart vsftpd # # restart the service

4. Cmd access of the test machine

C:\ Users\ xy007 > ftp 192.168.13.140 # # access ftp to connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # user zhangsan331 Please specify the password. Password: 230 Login successful.ftp > cd / # # switch to the system root directory 250 Directory successfully changed.ftp > ls # # to check whether it is still in the user's home directory, can not access other directories of the system, enhanced the security of 200 PORT command successful. Consider using PASV.150 Here comes the directory listing.226 Directory send OK. Set allow, deny specified user access to ftp1, set user-list (default deny) Allow or deny specific users to log in to ftp [root@localhost pub] # cd / etc/vsftpd/ # # switch to the vsftpd configuration file directory [root@localhost vsftpd] # vim vsftpd.confuserlist_enable=YES # # confirm that user-list opens [root@localhost vsftpd] # lsftpusers user_list vsftpd.conf vsftpd_conf_ migrate.sh [root @ localhost vsftpd] # echo "zhangsan" > > user-list # # add zhangsan users to the list [root@localhost vsftpd] # systemctl restart vsftpd # # restart Service 2 Use the test machine cmd to test C:\ Users\ xy007 > ftp 192.168.13.140 to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # use zhangsan to log in to 530 Permission denied. Login failed. # # directly refuse to log in to ftp >

3, set the list to allow only

[root@localhost ftp] # cd / etc/vsftpd/ [root@localhost vsftpd] # vim vsftpd.conf # # configure vsftpd profile userlist_enable=YESuserlist_deny=NO # # add list allow [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service

4, test machine cmd test

C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): zhangsan # # use zhangsan to log in to 331 Please specify the password. Password: 230 Login successful. # # Log in successfully ftp > by221 Goodbye.C:\ Users\ xy007 > ftp 192.168.13.140 connect to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): lisi # # use lisi to log in to 530 Permission denied. Login failed. # # Login failure

Third, set up a virtual user account using ftp (files in the system user's vuser home directory)

1, create a virtual user file

[root@localhost vsftpd] # cd / etc/vsftpd/ # # switch to the configuration file directory [root@localhost vsftpd] # vim vuser # # create a virtual user file lisa # # Odd behavior username 123123 # # even behavior password tom123123

2. Convert database files and set security permissions

[root@localhost vsftpd] # db_load-T-t hash-f vuser vuser.db # # convert vuser to database file # # T conversion, t type, f specify file [root@localhost vsftpd] # chmod 600vuser # # for security reasons, set permissions [root@localhost vsftpd] # chmod 600vuser.db

3. Edit pam authentication module to support virtual user login

[root@localhost vsftpd] # useradd-d / opt/vuser-s / sbin/nologin vuser # # create a system user, specify a home directory, and cannot log in to [root@localhost vsftpd] # vim / etc/pam.d/vsftpd.vu # # compile pam authentication module auth required pam_userdb.so db=/etc/vsftpd/vuser # # identify the converted database file account required pam_userdb.so db=/etc/vsftpd/vuser # # connected password service

4. Enable virtual users and use pam module to authenticate and log in

[root@localhost vsftpd] # vim vsftpd.conf # # modify configuration file # # Big G to last line # pam_service_name=vsftpd # # Note # # add the following three lines guest_enable=YES # # enable guest user to access guest_username=vuser # # use vuser username pam_service_name=vsftpd.vu # # pam module [root@localhost vsftpd] # systemctl restart vsftpd # # restart the service

5, test machine cmd test

C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): tom # # uses the virtual user tom to log in to 331 Please specify the password. Password: 230PORT command successful > put test1.txt # # upload a file 200PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: send 13 bytes, 13000.00 kilobytes per second in 0.00 seconds. # # the permission to view files is 600 [root@localhost vsftpd] # ls-l / opt/vuser/. 1 vuser vuser 13 November 5 22:51 test1.txt

6. Individual user configuration, specifying the permission to upload files 644

[root@localhost vsftpd] # vim vsftpd.conf # # add user_config_dir=/etc/vsftpd/vu_dir # # individual user configuration folder [root@localhost vsftpd] # mkdir vu_dir # # create a folder [root@localhost vsftpd] # cd vu_dir/ [root @ localhost vu_dir] # vim lisa # # create a user profile in the configuration folder anon_umask=022 # # specify the permission to upload files [root@localhost vu] _ dir] # systemctl restart vsftpd # # restart the service

7. The test machine cmd logs in with the lisa user to view the permissions for uploading files

C:\ Users\ xy007 > ftp 192.168.13.140 connects to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. User (192.168.13.140: (none)): lisa # # use lisa to log in to 331 Please specify the password. Password: 230Login successful.ftp > put 111.txt # # upload file 200PORT command successful. Consider using PASV.150 Ok to send data.226 Transfer complete.ftp: send 13 bytes, 13000.00 kilobytes per second in 0.00 seconds. [root@localhost vu_dir] # ls-l / opt/vuser/ # # View the total amount of permissions for uploading files. 1 vuser vuser 13 November 5 22:58 111.txt # # lisa upload file permission 644 Murray. 1 vuser vuser 13 November 5 22:51 test1.txt # # tom upload permissions 600

Summary

The above is the configuration of vsftpd service in Linux introduced by Xiaobian (anonymous, user, virtual user). I hope it will be helpful to you. If you have any questions, please leave me a message and the editor will reply to you in time. Thank you very much for your support to the website!

If you think this article is helpful to you, you are welcome to reprint it, please indicate the source, thank you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.