Shulou(Shulou.com)06/02 Report--

First of all, the basic requirements of the network and firewall should be met, such as static ip and whether the firewall can pass through the traffic of ftp.

We can start to build a ftp server, and we use vsftpd, a ftp service software. (the article contains the configuration of anonymous access and user authentication, and the configuration based on virtual users will be written in the next article.)

-install vsftpd and access it anonymously:

1. Prepare the vsftpd software installation package (also available on the system disk) and install the vsftpd service.

After installation, execute systemctl start vsftpd to start vsftpd to access the ftp server anonymously, although anonymous, but there is also a corresponding system account "ftp". By default, the ftp root directory of anonymous users is that / var/ftp/, only has read permissions, and the local / var/ftp/ directory must have corresponding permissions for ftp accounts. If anonymous users need more permissions, you can change the configuration file of the vsftpd service.

2. Open the configuration file of vsftpd service:

3. In order to facilitate the preview, I deleted most of the comments

4. The following is the profile information with the maximum permissions for anonymous users:

The meaning of common configuration items for anonymous users:

Anonymous_enable=YES: whether anonymous access is allowed; anon_umask=022: set the default permission mask value (anti-mask) for files uploaded by anonymous users; anon_root=/var/ftp: set the FTP root directory of anonymous users; anon_upload_enable=YES;: whether anonymous users are allowed to upload files; anon_mkdir_write_enable=YES: whether anonymous users are allowed to write by creating directories Anon_other_write_enable=YES: whether anonymous users are allowed to have other write permissions, such as renaming, overwriting and deleting files, etc.

-FTP service based on user authentication:

The following is the ftp service profile that requires user authentication. The default path of the profile is / etc/vsftpd/vsftpd.conf

The final effect of the above configuration file is that each system user can log in to the ftp server with the maximum permissions, and the default root directory of ftp is under the system user's host directory. (for local system users, it is more convenient to directly change the permissions of the user's host directory

About the common configuration items and meaning of local users:

Local_enable=YES: whether local users are allowed to access; local_umask=022: set the default permission mask value (anti-mask) for files uploaded by local users; local_root=/var/ftp: set the FTP root directory of local users (default is the user's host directory); chroot_local_user=YES: whether to lock FTP local users in the host directory; allow_writeable_chroot=YES: allow the home directory of restricted users to have write permission

Local_max_rate=0: limits the maximum transfer rate of local users (0 is unlimited), in bytes per second (Bytes)

There are also two configuration files, ftpusers and userlist, in the / etc/vsftpd/ directory

Ftpusers file: users listed in this file will be prohibited from logging in to the vsftpd server. By default, it contains special users such as root, bin, daemon, etc., for system operation.

User_list file: the users contained in this file may be prohibited or allowed, depending on the settings in the main configuration file vsftpd.conf, when there is "userlist--enable=YES", the user_list list file can only take effect, if you continue to specify "userlist_deny=YES", then the function is the same as the ftpusers file, which means that users in this list are prohibited from logging in; if you specify "userlist_deny=NO", only users in the list are allowed to log in. Anonymous_enable=YES: whether anonymous access is allowed; anon_umask=022: set the default permission mask value (anti-mask) for files uploaded by anonymous users; anon_root=/var/ftp: set the FTP root directory of anonymous users; anon_upload_enable=YES;: whether anonymous users are allowed to upload files; anon_mkdir_write_enable=YES: whether anonymous users are allowed to write by creating directories

Anon_other_write_enable=YES: whether anonymous users are allowed to have other write permissions, such as renaming, overwriting and deleting files, etc.

-about local users:

Local_enable=YES: whether to allow local users to access; local_umask=022: set the default permission mask value (anti-mask) for files uploaded by local users

Local_root=/var/ftp: set the FTP root directory of the local user (default is the user's host directory); chroot_local_user=YES: whether to lock the FTP local user in the host directory; allow_writeable_chroot=YES: allow the home directory of the restricted user to have write permission

Local_max_rate=0: limits the maximum transfer rate of local users (0 is unlimited), in bytes per second (Bytes)

-about global configuration:

Listen=NO: whether to listen to the service independently; listen_address=0.0.0.0: set the ip address to listen to the ftp service; listen_port=21: set the port number to listen to the ftp service; write_enable=YES: enable any form of write permission (such as uploading or deleting files, etc.) Download_enable=YES: whether to allow file downloading (this can be set to "NO" when setting up a FTP server limited to browsing and uploading); dirmessage_enable=YES: the contents of the ".message" file are displayed when the user changes to the directory (if they already exist); xferlog_enable=YES: enable xferlog logging, and log to / var/log/xferlog by default Xferlog_std_format=YES: enable the standard xferlog log format, if disabled, use vsftpd's own log format; connect_from_port_20=YES: allow server active mode (establish data connection from port 20); pasv_enable=NO: disable passive mode connection; default allows passive mode connection; pasv_max_port=24600: set the maximum port number of the server for passive mode Pasv_min_port=24500: sets the maximum server port number for passive mode; pam_service_name=vsftpd.vu: sets the PAM file location for user authentication (the corresponding file name in the / etc/pam.d/ directory); userlist_enable=YES: whether to enable the userl_ist user list file; userlist_deny=YES: whether to disable the user account in the user_list list file; max_clients=0: the maximum number of clients allowed to connect at the same time (0 is unlimited) Max_per_ip=0: the maximum number of concurrent connections allowed for clients from the same ip address (0 is unlimited)

Tcp_wrappers=YES: whether to enable tcp_wrappers host access control

-configuration items for virtual users:

Guest_username=test: specifies the mapped system user name; guest_enable=YES: whether to enable virtual users; allow_writeable_chroot= allows write access to the home directory of restricted users (this must be written, otherwise an error may be reported) anon_world_readable_only=NO: allows users to download directory contents anon_other_write_enable=YES: allows anonymous users to have other write permissions, such as renaming, overwriting and deleting files. User_config_dir=/etc/vsftpd/vusers_dir: specify a separate profile directory for virtual users

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.