Shulou(Shulou.com)06/01 Report--

This article mainly introduces "detailed steps for RHEL to build FTP server". In daily operation, I believe many people have doubts about the detailed steps for RHEL to build FTP server. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "detailed steps for RHEL to build FTP server". Next, please follow the editor to study!

1. In RHEL building FTP, first modify the configuration file to make the host get the * Ip address.

# vi / etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

IPADDR=172.16.16.111

NETMASK=255.255.0.0

GATEWAY=172.16.16.1

ONBOOT=yes

TYPE=Ethernet

Restart the configuration file to take effect

# / etc/init.d/network restart

Shutting down interface eth0: [OK]

Shutting down loopback interface: [OK]

Setting network parameters: [OK]

Bringing up loopback interface: [OK]

Bringing up interface eth0: [OK]

To turn off the iptables system firewall, use the command:

# service iptables stop

Lower the security level

# vi / etc/selinux/config

Change "SELINUXTYPE=targeted" to "SELINUXTYPE=disabled".

Vsftpd is not installed by default in the system, so you need to use the rpm command to install it.

It is on the first CD of RHEL4, and the name of the package file is vsftpd-2.0.1-5.i386.rpm

First of all, you need to mount the CD.

# mount / dev/cdrom / media/cdrom

# cd / media/cdrom/RedHat/RPMS

# ls-l vsftpd*

-rw-r--r-- 25 root root 122195 Jan 6 2005 vsftpd-2.0.1-5.i386.rpm

After mounting it, install it.

# rpm-ivh vsftpd-2.0.1-5.i386.rpm

Warning: vsftpd-2.0.1-5.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e

Preparing... # [100%]

Let's take a look at vsftpd.conf 's configuration file

# grep-v'#'/ etc/vsftpd/vsftpd.conf (configuration file with comment lines removed)

When anonymous_enable=YES / / anonymous_enable is set to yes, the ftp server allows anonymous login, that is, the user can log in with the user name ftp or anonymous for ftp, and the login password is the user's E-mail address.

When local_enable=YES / / local_enable is set to yes, local users are allowed to log in, and local users refer to user accounts in the lunux system.

When write_enable=YES / / write_enable is set to yes, the ftp server opens write permissions to local users

The local_umask=022 / / local_umask setting item sets the file generation mask for the local user, which is set to 022 in the configuration file.

When dirmessage_enable=YES / / dirmessage_enable is set to yes, the contents of the ".message" implicit file in that directory will be displayed when you change to a directory in the ftp server.

When xferlog_enable=YES / / xferlog_enable is set to yes, the ftp server enables uploading and downloading of logs.

When connect_from_port_20=YES / / connect_from_port_20 is set to yes, the ftp server enables connection requests for the ftp data port.

When xferlog_std_format=YES / / xferlog_std_format is set to yes, the ftp server uses the standard ftpd xferlog log format.

Pam_service_name=vsftpd / / pam_service_name sets the profile name of the PAM authentication service, which is saved in the "/ etc/pam.d/" directory.

When userlist_enable=YES / / userlist_enable is set to yes, the ftp server checks whether the user specified in the userlist_file settings file can access the vsftpd server; the default value for the userlist_file configuration item is the "/ etc/vsftpd.usr_list" file.

When listen=YES / / listen is set to yes, the ftp server will be in stand-alone startup mode.

When tcp_wrappers=YES / / tcp_wrappers is set to yes, the ftp server uses tcp_wrappes as the host access control method. Tcp_wrappers can realize the host address-based access control of network services in the linux system. The hosts.allow and host.deny files in the "/ etc" directory are used to set the access control of tcp_wrappers, the hosts.allow file sets the allowed access record, and the host.deny file sets the denied access record.

Start the vsftpd server

# service vsftpd start

Starting vsftpd for vsftpd: [OK]

When turned off, you can use:

Service vsftpd stop

Shutting down vsftpd: [OK]

To view the running status of the server, use:

# service vsftpd status

Vsftpd is stopped

Add two local users and log in to ftp using the local user

# useradd aa

# passwd aa

# useradd bb

# passwd bb

And change the owner and group of the catalogue.

# chown aa.aa / home/aa

# chown bb.bb / home/bb

# ls-l / home

Total 24

Drwx- 4 aa aa 4096 May 26 12:15 aa

Drwx- 4 bb bb 4096 May 26 12:16 bb

Set host directory permissions

# chmod 770 / home/aa

# chmod 770 / home/bb

# ls-l / home

Total 24

Drwxrwx--- 4 aa aa 4096 May 26 12:15 aa

Drwxrwx--- 4 bb bb 4096 May 26 12:16 bb

You can log in to ftp at this time

1. Log in with an anonymous user

# ftp 172.16.16.121

Connected to 172.16.16.121.

220 (vsFTPd2.0.1)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (172.16.16.121:root): anonymous

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp > ls

227 Entering Passive Mode (172, 16, 16, 121, 208, 47)

150 Here comes the directory listing.

Drwxr-xr-x 200 4096 Oct 04 2004 pub

226 Directory send OK.

The anonymous user login uses ftp or anonymous as the user name of the ftp login, and any string or enter directly can log in in the default setting of vsftpd. After logging in, the anonymous user will use the "/ var/ftp" directory in the ftp server system as the ftp root directory of the anonymous user.

2. Log in with a local user

# ftp 172.16.16.121

Connected to 172.16.16.121.

220 (vsFTPd2.0.1)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (172.16.16.121:root): aa

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp > ls

227 Entering Passive Mode (172, 16, 16, 121, 223, 86)

150 Here comes the directory listing.

-rw-r--r-- 1 0 19 May 26 03:48 11.txt

226 Directory send OK.

Use the put command to upload files from the ftp client to the ftp server.

Ftp > put 22.txt

Local: 22.txt remote: 22.txt

227 Entering Passive Mode (172, 16, 16, 121, 86, 19)

150 Ok to send data.

226 File receive OK.

30 bytes sent in 0.00086 seconds (34 Kbytes/s)

Use the get command to download files from the ftp server to the ftp client.

Ftp > get 22.txt

Local: 22.txt remote: 22.txt

227 Entering Passive Mode (172, 16, 16, 121, 143, 82)

150 Opening BINARY mode data connection for 22.txt (30 bytes).

226 File send OK.

30 bytes received in 0.0005 seconds (58 Kbytes/s)

However, there is some security in using the local ftp user account. First of all, it is the system account. Once the security loophole occurs in the ftp server, it will pose a threat to the linux host where the entire ftp server is located. In addition, the local user account can leave the user host directory and change to other directories in the system, which has a certain threat to the security of the system. However, set the ftp local user to be trapped in the host directory, which prevents it from switching to another directory.

Adding the configuration item chroot_local_user to the vsftpd server's configuration file vsftpd.conf to YES,vsftpd server will lock the local user in the user host directory.

Chroot_local_user=YES, remember to restart the service after configuration, so that local ftp users can only access their own directories.

Configure the virtual directory of the ftp server to support anonymous, local and virtual user accounts in the vsftpd server

Two types were recognized earlier, where anonymous users are ftp users named anonymous or ftp, and anonymous ftp users log in and use "/ var/ftp" in the ftp server as the ftp root directory. Anonymous users are often used to provide downloads of public files.

The local user account is the system user account in the ftp server. After logging in to the ftp server using the ftp local user account, the login directory is the host directory of the local user. Local ftp user accounts usually provide virtual hosting services together with web servers as a way for web pages to be updated by virtual hosts.

Virtual user account is a non-system user account provided by the vsftpd server in order to ensure the security of the ftp server. When the virtual user ftp logs in, the specified directory is used as the ftp root directory. Virtual users have similar functions to local users.

2. The process of setting up virtual user account in FTP by RHEL

1. Establish a virtual user password library file.

Establish the password base of the virtual user, set the user name of the virtual user on odd lines and the password on even lines in the file.

Create a user password base file named logins.txt using a text editor

# vi logins.txt

Ee

one hundred and twenty three

Rr

four hundred and fifty six

2. Generate the authentication file of vsftpd.

First we need to install db4-utils-4.2.52-7.1.i386.rpm, on the third CD.

# cd / media/cdrom/RedHat/RPMS/

# rpm-ivh db4-utils-4.2.52-7.1.i386.rpm

Warning: db4-utils-4.2.52-7.1.i386.rpm: V3 DSA signature: NOKEY, key ID db42a60e

Preparing...### [100%]

Package db4-utils-4.2.52-7.1 is already installed

Then use the db_load command to generate the authentication file, and the value set by the "- f" command option is the password base file of the virtual user, namely: logins.txt. The argument to the command is set to the authentication file name vsftpd_login.db that needs to be generated, which is placed in the directory "/ etc/vsftpd".

# db_load-T-t hash-f logins.txt / etc/vsftpd/vsftpd_login.db

Set the permissions of the vsftpd_login.db file to be readable and writable only to root users. That's 600.

# chmod 600 / etc/vsftpd/vsftpd_login.db

[root@benet01 ~] # ls-l / etc/vsftpd/vsftpd_login.db

-rw- 1 root root 12288 May 26 12:54 / etc/vsftpd/vsftpd_login.db

3. Set up the PAM configuration file needed by the virtual user.

Set up the PAM configuration file required for vsftpd virtual user authentication in the "/ etc/pam.d" directory, named vsftpd.vu.

# vi / etc/pam.d/vsftpd.vu

Auth required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

Account required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

# cat / etc/pam.d/vsftpd.vu

Auth required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

Account required / lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

4. Set up the virtual user and the directory to be accessed and set the corresponding permissions.

The system user account required to establish the vsftpd virtual user, the account number is zhen, the specified user's host directory is "/ home/ftpsite/", and the permission to set the host directory is 700 (all virtual user accounts in the vsftpd server will be logged in the "/ home/ftpsite" directory)

# useradd-d / home/ftpsite zhen

# chmod 700 / home/ftpsite

5. Set the vsftpd.conf configuration file

Before modifying the vsftpd.conf configuration file, back up its original file so that it can be restored in case of configuration errors.

# cd / etc/vsftpd

# cp vsftpd.conf vsftpd.conf.bak

Add a configuration item for the virtual user to the vsftpd.conf profile:

Guest_enable=yes

Guest_username=zhen

Pam_service_name=vsftpd.vu

After all configuration is complete, restart the vsftpd service program

# service vsftpd restart

Shutting down vsftpd: [OK]

Starting vsftpd for vsftpd: [OK]

Different permissions can be set for different users.

3. The virtual users in the vsftpd server in RHEL can flexibly set different user permissions for different user accounts:

1. Set up the main configuration file

Add a user_config_dir configuration item to the vsftpd configuration file and set the path where the user profile is saved

User_config_dir=/etc/vsftpd_user_conf (set to save the virtual user's profile in the "/ etc/vsftpd_user_conf" directory.)

2. Set up the user profile directory

# mkdir / etc/vsftpd_user_conf

3. Create a separate configuration file for the virtual directory

Create a separate profile for the user, with the same profile name and user name, and give him the appropriate permissions.

# vi / etc/vsftpd_user_conf/rr

Anon_world_readable_only=no / / indicates that the user can browse the ftp directory and download files.

# ftp 172.16.16.121

Connected to 172.16.16.121.

220 (vsFTPd2.0.1)

530 Please login with USER and PASS.

530 Please login with USER and PASS.

KERBEROS_V4 rejected as an authentication type

Name (172.16.16.121:root): rr

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

Ftp > ls

227 Entering Passive Mode (172, 1651, 750, 156)

150 Here comes the directory listing.

-rw-r--r-- 1 0 29 May 26 05:27 44.txt

-rw-r--r-- 1000 May 26 05:30 55.txt

-rw-r--r-- 1 503 503 0 May 26 05:24 afile

-rw-r--r-- 1 503 503 0 May 26 06:10 file01

At this point, the study of "detailed steps for RHEL to build a FTP server" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.