Shulou(Shulou.com)06/03 Report--

1. Samba LAN transmission sharing

Pros: real-time modification of content on the server

2. Vsftp: very securet file transferprotocol

2.1. Network text protocol

Features: a, default only ordinary user rights, can be downloaded but not uploaded

B. Upper layer permission is required for any file modification.

C, its own function is very powerful

Use the chroot command to modify the root directory entered by the user

Port: TCP 21-Command Channel-(listening)-persistent connection

TCP 20-data channel-(upload, download)-connect on demand

Connection mode: active mode, passive mode (Linux default)

Features: high efficiency, high speed, but the server's 20 ports are continuously open, so it is easy to be affected by the network and is not safe!

Features: when there are too many requests, the server opens too many random ports, too much pressure; strong security!

Transmission mode: 1, ASCII transmission 2, binary transmission

FTP software:

Server side: 1, proftpd 2, pureftpd

3. Vsftpd has high performance and security.

Client: 1, ftp 2, lftp

Configuration file:

/ etc/vsftpd/vsftpd.conf

Type of user access: anonymous users specify users

3.1.Anonymous user-ftp or anonymous, password: empty or any character

Shared file location: / var/ftp/pub (download only by default)

Win access method: ftp: / / domain name or IP

Note: every time the configuration file is modified, the remote anonymous login must be closed before restarting the service.

[root@localhost ~] # servicevsftpd restart

Example:

1. Log in anonymously

A 、 ftp 192.168.100.128

User name: ftp

Password: empty

B, lftp 192.168.100.128 do not need user name and password

2. Whether anonymous users are allowed to log in to "YES" Yes "NO" No

Disable login to anonymous_enable= NO

Restart the service

Test using client 192.168.100.10

Lftp 192.168.100.128

Ftp 192.168.100.128

3. Anon_upload_enable=YES allows anonymous users to upload

Enable anonymous user login (default permissions can only be downloaded)

Use the command put test on the client side 192.168.100.10

4. Anon_umask=022 anonymous users are allowed to download files uploaded by anonymous users

Files uploaded by anon_umask=073 anonymous users are allowed to download

5. Anon_other_write_enable=YES allows anonymous users to delete files

After logging in using ftp here, you still can't delete it!

Note: when using FTP LFTP, try to use the lftp command to avoid a lot of errors

6. Anon_mkdir_write_enable=YES allows anonymous users to create directories

7. Change the login directory of files shared by anonymous users

Anon_root=/test (the location of the shared directory can be customized)

Test: first create the / test directory on the FTP server, and then create files pp and mm in it

Anonymous users will regard / test as their own root directory /

8. Max_per_ip=1 limits the number of IP links

Exceeding the number of connections will result in the following: not connected

Very important-there are several permission operation prerequisites for the above anonymous users:

Chown ftp / test or chmod 777 / test

That is, to ensure that ftp anonymous users have W permissions on directories and files.

Remember!

3.2. Local users

User useradd bcl needs to be added on the server side first.

Passwd *

Shared file location: / home/bcl/

Win access method: ftp://bcl@IP

The above two login methods are both in WIN and ftp + IP in Linux

Permission configuration

Permission configuration Lab:

1. Create two users: bcl and hyl

Bcl cannot change directories when logging in using ftp

Hyl can change directories by using ftp login

Steps:

1. Enable relevant permission settings

2. Create a user

Add release user hyl to the list of allowed files / etc/vsftpd/chroot_list

[root@RHEL03 ~] # cd / etc/vsftpd/

[root@RHEL03 vsftpd] # touch chroot_list

[root@RHEL03 vsftpd] # vim chroot_list

Only the user name hyl is written in the file

3. Save and restart the service service vsftpd restart

1.4. Verify login information

2. Set welcome information

Only one of the two settings can be displayed at the same time, and it is the welcome message before login.

Ftpd_banner=*** welcome statement

Banner_file=*** welcome file (show the contents of the file, the document is self-made)

Example:

3. Only bcl and hyl login is prohibited

Modify the configuration file / etc/vsftpd/vsftpd.conf to open the blacklist and whitelist

Add the user name bcl hyl to the blacklist and whitelist configuration file / etc/vsftpd/user_list

Verify:

4. Allow bcl login, do not allow hyl login

4.1. modify the configuration file / etc/vsftpd/vsftpd.conf to open the blacklist and whitelist

4.2.Add user name bcl to the blacklist and whitelist profile / etc/vsftpd/user_list without adding hyl

Authentication: bcl can log in, hyl cannot log in

3.3. Virtual user

By setting up virtual users, you can individually restrict the FTP permissions of a certain user, while anonymous users and local users can only restrict the FTP permissions of certain types of people!

Experimental examples:

Create three users, user name: abc-- password: 123456-permission: you can upload files

User name: xyz-- password: 654321 Mui-permission: directory can be created

User name: qwe-- password: 123456789-permission: file name can be modified

The steps of the experiment:

3.3.1. Create user information files and generate database files

Vim / etc/vsftpd/name

The content is:

Abc

123456

Xyz

654321

Qwe

123456789

Convert to a database file (commands are fixed and must be written this way)

[root@RHEL03vsftpd] # db_load-T-t hash-f name name.db

Change the permissions of files name and name.db. Only root can view them.

3.3.3. Establish PAM authentication files that support virtual users, and add virtual user support.

Edit vsftpd.pam

After modification

3.3.4. Add a supporting configuration to the vsftpd.conf file

Create the / etc/vsftpd/dir file, and create the above three user files under the file and edit the corresponding permissions

User abc-- permission setting: anon_upload_enable=YES

User xyz-- permission setting: anon_mkdir_write_enable=YES

User qwe-- permission setting: anon_other_write_enable=YES

3.3.5. Verify the permissions of three users

Note:

1. The virtual user logs in successfully, but the permissions cannot be realized: the relevant permissions of anonymous users enabled in vsftpd.conf will conflict with those enabled in dir, so all permissions should be commented out!

2. When editing the vsftpd.pam authentication file, "name" is the database file name. Make no mistake, otherwise the virtual user will not be able to log in.

3. If the Vsftpd service is not started, there will be the following prompt

4. You can connect successfully and other commands can be used, but you cannot use ls, dir and other view commands, so you need to change the permissions for the shared file / var/ftproot.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.