Shulou(Shulou.com)06/03 Report--

Vsftpd installation

When ls lists information, it means that the lftp service can be accessed, and resources need to be listed when accessing ip.

Note: login successful: connect and list information

Vsftpd basic Information

Use rpm-ql vsftpd to view the basic information of vsftpd: service name, configuration directory, main configuration file, default release directory, etc.

* * error message:

550 the program itself refuses

553 File system permission restrictions

500 permissions are too large

Authentication failed: eg: the user entered the wrong password when logging in.

Eg: anonymous user uploads files, 5500.The program itself refuses, open upload control, still report error: 553: file system permission limit

Anonymous user access control

Node1: ip:192.168.1.18

Node2: ip:192.168.1.17

Lftp 192.168.1.17 when accessing the lftp service did not join the user authentication for anonymous user access

Lftp 192.168.1.17-u wetos local user login

Change the following relevant information under the configuration file / etc/vsftpd/vsftpd.conf

# 1. Login Control # #

Annoymous_enable=YES | NO

YES: anonymous users can log in (connect and list information)

NO: anonymous users cannot log in (connect, but do not list information)

# 2. Home directory control #

Ann_root=/software

The default home directory for anonymous users is / var/ftp/,. By changing the following information in the configuration file in node2, change it to / software, restart the vsftpd service and log in to node1.

# # 3. Upload function # #

Anon_upload_enable=YES | NO

YES: enabled. Anonymous users can upload.

NO: closed. Anonymous users cannot upload.

Eg: close: upload error: 550: the program itself refuses

Turn on the upload function and still report an error

# 4. Download Control # #

Anon_world_readable_only=NO anonymous users can download files that cannot be read

Download: if the read function is enabled, anonymous users can only download files that they can read.

# 5. Directory creation control # #

Anon_mkdir_write_enable=YES | NO

After logging in successfully in node1, it is not a shell environment. Some commands cannot be used and can be used. Query which commands can be used

# 6. Delete duplicate name control #

Anon_other_write_enable=YES | NO

a. Use man 5 vsftpd.conf to view and control deletions? / write

b.

* * 7. Login quantity control #

Max_clients=2

If there is a large number of logins, heavy load and eg:2, it will wait when the third connection lists information.

# 8. Upload rate control # #

Anon_max_rate=102400

Man / rate eg: set the maximum upload rate for anonymous users to 102400

Upload: put

Access by local users

* login control

Useradd westos

Useradd lee

Echo lee | passwd-- stdin westos

Echo lee | passwd-- stdin lee

Lftp 192.168.1.17-u westos

# 1. Local user access Control #

Local_enable=NO | YES

NO: inaccessible to local users

YES local users can access

# 2. Home directory control # #

Local_root=/software

Refer to anonymous users

# 3 write access control # #

Write_enable=NO | YES

NO: local user is not writable and cannot execute mingling

YES: local user can write: delete.

# 4. Upload permission control #

Local_umask=077

Upload file control: specify umask value

For eg:077, the permission for uploaded files is 600,022,644.

# 5. User login control # #

/ etc/vsftpd/ftpusers permanent black change will take effect

/ etc/vsftpd/user_list default black temporary

The default black name is the same as above, which controls user login

# 6. User logs in whitelist #

Userlist_deny=NO

Set / etc/vsftpd/user_list to whitelist, and users who are not on the list cannot log in to ftp

Whitelist: specify user login

# 7. # Lock users to their home directory #

Chmod Umurw / home/

Chroot loocal user=YES

You can access the root after logging in

# 8. Lock users to their home directory whitelist #

Chroot_local_user=YES

Chroot_list_enable=YES

Chroot_list_file=/etc/vsftpd/chroot.list

The specified user is not locked to the home directory, and the default user is locked to the home directory

# 9. Lock the blacklist of users in their home directory #

Chroot_local_list=NO

Chroot_list_enable=YES

Chroot_list_file=/etc/vsftpd/chroot_list**

The default user is not locked to the home directory

The specified user is locked to the home directory

Virtual user access

Client rhel7_node2

Set up the environment in rhel8_node1 and test in rhel7_node2

Rhel7_node2: ip: 192.168.1.17

Rhel8_node1 ip: 192.168.1.16

Build a series of authentication systems specifically for ftp services, do not let them use the system authentication system

Virtual user: in the current system, there is no such user identity, and this user identity is recognized only in the ftp program.

Purpose: ftp has this user identity, but the system does not

Basic authentication mode

User identity: username password (ftp authenticated through pam module)

# 1. Create a virtual user process #

1.vim / etc/vsftpd/ftp_auth_file

Westos1

one hundred and twenty three

Westos2

one hundred and twenty three

Westos3

one hundred and twenty three

Note: there can be no spaces

2.db_load-T-f ftp_auth_file ftp_auth_file.db # # encryption authentication file

3.vim / etc/pam.d/westos must be in the / etc/pam.d directory

Account required pam_userdb.so db=/etc/vsftpd/ftp_auth_file

Auth required pam_userdb.so db=/etc/vsftpd/ftp_auth_file

4.vim / etc/vsftpd/vsftpd.conf

Pam_service_name=westos # # specify authentication policy file

Guest_enable=YES # # specify that the virtual user function is enabled

Guest_username=ftp # # specify the identity of the virtual user on the ftp server

# 2. Independent setting of virtual user home directory #

* * 1.

Mkdir-p / ftpuserdir/westos {1.. 3}

Touch / ftpuserdir/westos1/westos1file

Touch / ftpuserdir/westos2/westos2file

Touch / ftpuserdir/westos3/westos3file

two。

Vim / etc/vsftpd/vsftpd.conf

Local_root=/ftpuserdir/$USER

User_sub_token=$USER

3.systemctl restart vsftpd

Tested in the client rhel8, the user logs in to the set home directory * *

# 3. User configuration independent #

1.

When writing the file as the first step in / etc/vsftpd/vsftpd.conf, turn off the upload control, and then write the following

User_config_dir=/etc/vsftpd/user_config

two。

The file with the same user name in this directory is the configuration file

Mkdir / etc/vsftpd/user_config

Vim westos2

Edit the following in the westos2 file

Anon_upload_enable=YES

Restart the service

Westos2 users can upload files after the settings are completed.

Westos2,westos3 can't.

Note: permissions for pub/ and writable for lftp

Test: only specified westos2 users can upload files, the rest are not allowed

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.