In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
This article will explain in detail how to build a vsftp service that meets your requirements for linux operation and maintenance. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.
When we have installed the vsftpd software on the server and have understood the main configuration file / etc/vsftpd/vsftpd.conf of the software, we can build the ftp service we want.
Designated ports, etc.
Listen_port=21 sets the port to listen on
Download_enable=YES allows you to download files
Max_clients=100 limits the number of concurrent client connections
Max_per_ip=100 limits the number of concurrent links in Unified ip
Anonymous and physical users are prohibited from logging in.
First of all, turn off the login of anonymous users, and do not give anonymous users browsing rights.
Anonymous_enable=NO
So why not allow physical users to log in? Because physical users can already log in using a more secure sftp, there is no need to log in using the ftp protocol. In addition, because ftp is a plaintext transfer protocol, it is not good if the account password is intercepted.
How to prohibit physical users from logging in? The third step in configuring virtual users at the bottom of the article is to comment out everything under / etc/pam.d/vsftpd.
Active connection, passive connection settin
We want to build to support both active and passive connections, so the settings are as follows:
Port settings for active connection mode
Connect_from_port_20=YES
Set up a firewall to release port 21, and without opening port 20, directly allow packets that are actively requested by the host to enter the local machine (establish/related).
Iptables-An INPUT-p tcp-- dport 21-j ACCEPT # FTP Service iptables-An INPUT-m state-- state ESTABLISHED,RELATED-j ACCEPT
Passive mode is turned on, and passively connected ports are limited to any one of 10001mm 11000.
Pasv_enable=YESpasv_min_port=10001pasv_max_port=11000
Set up a firewall to allow ports between 10000mm and 11000 to be open.
Iptables-An INPUT-p tcp-- dport 10001vig ACCEPT # ftp passive connection port
Configure virtual users
The steps to configure a virtual user are as follows:
Create a virtual user password file
Generate virtual user password authentication file
Edit vsftpd's PAM authentication file
Establish a local mapping directory and set host directory permissions
Modify the configuration file.
Get a separate profile for each virtual user
1. Create a password file for the virtual user in the format of odd behavior username and even behavior password. Let's create such a file / etc/vsftpd/vusers, which reads as follows:
Ftptest1111111ftptest2222222
two。 Generate a virtual user password authentication file and execute the following command:
Db_load-T-t hash-f / etc/vsftpd/vusers / etc/vsftpd/login.db
When the command is executed correctly, the / etc/vsftpd/login.db file appears. For security reasons, we set the permissions for this file to 600. 0.
Chmod 600 login.db
3. Edit the PAM profile required by the virtual user
Vim / etc/pam.d/vsftpd
Comment out all the previous content and add two new lines
Auth required / lib64/security/pam_userdb.so db=/etc/vsftpd/login account required / lib64/security/pam_userdb.so db=/etc/vsftpd/login
Note that if it is 32-bit without 64 after lib, there is no need to add a suffix after login. After doing this, physical users will not be able to log in to the ftp service.
4. Establish a local mapping directory and set host directory permissions.
Establish the host user of the virtual user
# useradd-d / home/vsftp-s / sbin/nologin ftpuser
Modify directory permissions to 755
# chmod 755 / home/vsftp/
5. Modify the configuration file.
Write the following lines of configuration information to the / etc/vsftpd/vsftpd.conf configuration file.
# enable the virtual user login feature guest_enable=YES# to enhance the security check of the guest_username=ftpuser# pam authentication file corresponding to the virtual user and the host user (this configuration exists by default). If the user is limited to his or her home directory, the user's home directory can no longer have write permissions, so add the following configuration allow_writeable_chroot=YES
6. Create a separate profile for each virtual user.
If you want to create a separate profile for each virtual user, you need to add it to the main profile
User_config_dir=/etc/vsftpd/config
Specifies the profile path for the virtual user. Next, create their own profiles for the two virtual users:
# profile for ftptest1 virtual user # create virtual user home directory # mkdir / home/vsftp/ftptest1# chown ftpuser:ftpuser / home/vsftp/ftptest1/# create configuration file # mkdir / etc/vsftpd/config # vim / etc/vsftpd/config/ftptest1
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 219
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.