Shulou(Shulou.com)06/02 Report--

FTP environment example:

Due to the needs of business development, a company now needs to build a FTP server within the company! The company has several departments (IT FD HR) and N employees (fus1 fus2 fus3 fus4 fus5 fus6 fus7 fus8 fus9) using the server! In order to ensure the security of the system and other data, users are required to access only the data below the root directory (/ var/ftp) of the FTP service; a public directory is required under the root directory, which is accessible to everyone and has the permission to upload and download; there is also a working directory for each department under the root directory, and access is limited to employees of that department. Under each department directory, there should be a public directory limited to employees of that department, as well as a working directory for each employee, and the employee directory requires that only the employee can access it; create a privileged user (manager) who can access any public directory under the root directory and has permission to upload and download! In order to facilitate the access of privileged users, it is required to have the prompt information of each department when the directory of each department is accessed; in order to show the humanistic spirit, the welcome message should be displayed when the user logs into the FTP server! In addition, anonymous users are required to access it, and all accounts that access the FTP server cannot log in to the system!

Train of thought:

1. Install FTP server software and set SELinux access rights

2. If the test environment is available, back up the master configuration file.

3. Create user groups and users and their directories

4. Modify the server configuration file for access control

5. Modify directory access permissions to control access

6. Restart the service and set it to boot

Steps:

Step 1: install the vsftpd software

[root@feng ~] # yum install vsftpd-y

Step 2: set up SELinux secure access

[root@feng ~] # getsebool-a | grep ftp

[root@feng ~] # setsebool allow_ftpd_full_access 1

Step 3: test whether the environment is working properly

[root@feng ~] # service vsftpd start

[root@feng ~] # firefox ftp://127.0.0.1

Also: install the ftp client test:

[root@feng ~] # yum install ftp-y

(anonymous user (ftp/anonymous) login does not require a password)

Step 4: back up the master configuration file

[root@feng] # mkdir-p / backup/vsftpd

[root@feng] # cp-p / etc/vsftpd/vsftpd.conf / bachup/vsftpd/vsftpd.conf

Step 5: create user groups and their department directories

[root@feng ~] # groupadd IT

[root@feng ~] # groupadd FD

[root@feng ~] # groupadd HR

[root@feng] # mkdir-p / var/ftp/OU_ {IT,FD,HR}

Step 6: create users and their home directories

[root@feng ~] # for name in fus {1.. 3}

> do

> useradd-s / sbin/nologin-d / var/ftp/OU_IT/$name-G IT-m $name

> echo 123456 | passwd-- stdin $name

> done

[root@feng ~] # for name in fus {4.. 6}

> do

> useradd-s / sbin/nologin-d / var/ftp/OU_FD/$name-G FD-m $name

> echo 123456 | passwd-- stdin $name

> done

[root@feng ~] # for name in fus {7.. 9}

> do

> useradd-s / sbin/nologin-d / var/ftp/OU_HR/$name-G HR-m $name

> echo 123456 | passwd-- stdin $name

> done

Step 7: create a privileged user

[root@feng] # useradd-G IT,HR,FD-d / var/ftp/manager-s / sbin/nologin manager

[root@feng ~] # echo 123456 | passwd-- stdin manager

Step 8: check user attributes

[root@feng ~] # for name in fus {1.. 9}; do id $name; done

[root@feng ~] # id manager

Step 9: modify the server master configuration file

[root@feng ~] # cat / etc/vsftpd/vsftpd.conf | grep-vE "^ $| #"

Anonymous_enable=YES / / allow anonymous users to log in

Local_enable=YES / / allow system users to log in

Write_enable=YES / / enable global write permissions

Local_umask=022 / / system user rights mask

Anon_umask=022 / / Anonymous user Rights Mask

Anon_upload_enable=YES / / allow anonymous users to upload

Anon_mkdir_write_enable=YES / / allows anonymous users to create directories

Dirmessage_enable=YES / / enables directory access prompts

Message_file=.message / / define directory access prompt file

Xferlog_enable=YES / / enable user access logging

Xferlog_file=/var/log/vsftpd.log / / defines the location and name of the logging file (you need to create it yourself)

Xferlog_std_format=YES / / defines the file format for logging

Connect_from_port_20=YES / / define the connection port of the server

Idle_session_timeout=600 / / disconnect the session when there is no interaction for more than 600s

Data_connection_timeout=120 / / disconnect the transmission channel when the number of data exceeds 120s

Banner_file=/etc/vsftpd/banner / / defines the location of the login prompt file banner

Chroot_local_user=YES / / Lock user access to the home directory

Ls_recurse_enable=YES / / allows users to use the ls command

Listen=YES / / defines the vsftpd working mode as standalone

Pam_service_name=vsftpd / / enable PAM authentication of vsftpd

Userlist_enable=YES / / enable userlist access control

Userlist_deny=NO / / user access in userlist only (double negative equals affirmative)

Tcp_wrappers=YES / / enable TCP access control (hosts.allow and hosts.deny)

Local_root=/var/ftp / / Lock the root directory accessed by the system user

No_anon_password=YES / / Anonymous users are prompted for a password when accessing, which can be accessed directly.

Step 10: create the files defined in the main configuration file

Vsftpd.log:

[root@feng ~] # touch / var/log/vsftpd.log

Banner:

[root@feng ~] # vi / etc/vsftpd/banner

[root@feng ~] # cat / etc/vsftpd/banner

-

Hellow,everyone

Welcome to FTPServer!

Good luck!

-

.message:

[root@feng ~] # echo "welcome to IT." > / var/ftp/OU_IT/.message

[root@feng ~] # echo "welcome to FD." > / var/ftp/OU_FD/.message

[root@feng ~] # echo "welcome to HR." > / var/ftp/OU_HR/.message

User_list:

[root@feng ~] # for name in fus {1.. 9}; do echo $name; done > / etc/vsftpd/user_list

[root@feng ~] # echo ftp > > / etc/vsftpd/user_list

[root@feng ~] # echo manager > > / etc/vsftpd/user_list

Step 11: set file directory access

Access to the ftp directory:

[root@feng ~] # chown root:ftp / var/ftp/

[root@feng ~] # tree / var/ftp

/ var/ftp/ directory permissions directory owner directory belongs to group directory

├── manager drwx- manager manager manager

├── OU_IT drwxr-x--- root IT OU_IT

│ ├── fus1 drwx- fus1 fus1 fus1

│ ├── fus2 drwx- fus2 fus2 fus2

│ ├── fus3 drwx- fus3 fus3 fus3

│ └── pub_it drwxrwx--- root IT pub_it

├── OU_FD drwxr-x--- root FD OU_FD

│ ├── fus4 drwx- fus4 fus4 fus4

│ ├── fus5 drwx- fus5 fus5 fus5

│ ├── fus6 drwx- fus6 fus6 fus6

│ └── pub_fd drwxrwx--- root FD pub_it

├── OU_HR drwxr-x--- root HR OU_H

│ ├── fus7 drwx- fus7 fus7 fus7

│ ├── fus8 drwx- fus8 fus8 fus8

│ ├── fus9 drwx- fus9 fus9 fus9

│ └── pub_hr drwxrwx--- root HR pub_it

└── pub drwxrwxr-x root ftp pub

Step 12: restart the service to make the configuration file effective

[root@feng ~] # ps-ef | grep vsftpd (get the PID-2784 of the vsftpd process)

[root@feng ~] # kill-HUP 2784 (process number of 2784=vsftpd)

Step 13: set vsftpd to boot

[root@feng ~] # chkconfig vsftpd on

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.