1.安装ftp服务
1)配置selinux
[root@server ~]# ifconfig ##查看网络配置
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.68.100 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:160b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:16:0b txqueuelen 1000 (Ethernet)
RX packets 166468 bytes 10465829 (9.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13483 bytes 1238653 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@server ~]# vim /etc/sysconfig/selinux ##编辑配置文件
##编辑内容为:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled ##把enforcing改为disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@server ~]# getenforce ##查看配置状况
Enforcing
[root@server ~]# reboot ##重启
[root@server ~]# getenforce
Disabled
2)安装ftp服务的客户端lftp
[root@server yum.repos.d]# cp rhel_dvd.repo my_yum.repo
[root@server yum.repos.d]# vim my_yum.repo ##配置yum源
[root@server yum.repos.d]# yum repolist ##查看配置后获取到的yum仓库
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
repo id repo name status
rhel_dvd Remote classroom copy of dvd 4,751
repolist: 4,751
[root@server yum.repos.d]# yum install lftp ##安装lftp
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package lftp.x86_64 0:4.4.8-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
lftp x86_64 4.4.8-3.el7 rhel_dvd 749 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 749 k
Installed size: 2.4 M
Is this ok [y/d/N]: y
Downloading packages:
lftp-4.4.8-3.el7.x86_64.rpm | 749 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lftp-4.4.8-3.el7.x86_64 1/1
Verifying : lftp-4.4.8-3.el7.x86_64 1/1
Installed:
lftp.x86_64 0:4.4.8-3.el7
Complete!
3)安装ftp服务端vsftpd
[root@server yum.repos.d]# yum install vsftpd.x86_64 ##安装ftp服务服务端vsftpd
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@server yum.repos.d]# systemctl start vsftpd ##开启ftp服务(防火墙要关闭)
[root@server yum.repos.d]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled)
Active: active (running) since Tue 2019-01-22 22:26:49 EST; 55s ago
Process: 3422 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 3423 (vsftpd)
CGroup: /system.slice/vsftpd.service
├─3423 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
├─3440 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
└─3442 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Jan 22 22:26:49 server.westos.com systemd[1]: Started Vsftpd ftp daemon.
4)在真机中测试ftp服务
[kiosk@foundation68 ~]$ rht-vmctl view server ##打开虚拟机图形化界面
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub ##可以看到文件
lftp 172.25.68.100:/> exit
##在虚拟机的服务端文件夹中建立文件
[root@server var]# cd /var/ftp
[root@server ftp]# ls
pub
[root@server ftp]# mkdir qwert ##在/var/ftp中新建目录
[root@server ftp]# ls
pub qwert
##再次测试:
[kiosk@foundation22 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert ##可以看到目录可以被获取到
lftp 172.25.68.100:/> exit
3.ftp服务管理
1)查看配置文件
[root@server ftp]# rpm -qc vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
2)打开配置文件,配置服务
[root@server ftp]# vim /etc/vsftpd/vsftpd.conf
[root@server ftp]# systemctl restart vsftpd.service
anonymous_enable=YES ##匿名用户是否可以登陆
local_enable=YES ##本地用户是否可以登陆
write_enable=YES ##ftp是否对登陆用户可写4. ftp服务报错解析
#报错id #错误
500 #文件系统权限过大
530 #用户认证失败
550 #服务不允许做此功能
553 #本地文件系统权限过小
5.匿名用户上传
1)默认权限测试
##配置服务端文件:
[root@server ftp]# vim /etc/vsftpd/vsftpd.conf
19 write_enable=YES ##本地用户可写
29 anon_upload_enable=YES ##匿名用户上传##服务端:
[root@server ftp]# systemctl restart vsftpd.service ##重启服务
[root@server ftp]# chgrp ftp /var/ftp/pub/ ##更改ftp文件的用户组
[root@server ftp]# chmod 775 /var/ftp/pub/ ##更改用户组权限
[root@server ftp]# ls -dl /var/ftp/pub/
drwxrwxr-x 2 root ftp 19 Jan 23 00:42 /var/ftp/pub/
##客户端测试:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
lftp 172.25.68.100:/pub> put /etc/passwd
2243 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> exit
2)收回权限测试
[root@server ftp]# chmod 755 /var/ftp/pub/ ##回收权限后测试
[root@server ftp]# ls -dl /var/ftp/pub/
drwxr-xr-x 2 root ftp 19 Jan 23 00:42 /var/ftp/pub/
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:/> cd pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> put /etc/group
put: Access failed: 553 Could not create file. (group) ##上传失败,553:本地文件权限过小
lftp 172.25.68.100:/pub> exit
6.匿名用户家目录的修改
[root@server ftp]# mkdir /ftp_westos
[root@server ftp]# cd /ftp_westos/
[root@server ftp_westos]# touch westosfile{1..3}
[root@server ftp_westos]# ls
westosfile1 westosfile2 westosfile3
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
15 anon_root=/ftp_westos ##匿名用户家目录修改[root@server ftp_westos]# systemctl restart vsftpd.service
##客户端:
##修改前:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 19 Jan 23 05:42 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/> exit
##修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile1
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile2
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile3
lftp 172.25.68.100:/> exit
7.匿名用户上传文件默认权限修改
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
16 anon_umask=022[root@server ftp_westos]# systemctl restart vsftpd.service
##客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> put /etc/group
959 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> exit
8.匿名用户建立目录
[root@server ftp_westos]# systemctl restart vsftpd.service
##写入:
anon_mkdir_write_enable=YES[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
##客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> mkdir test1
mkdir: Access failed: 550 Permission denied. (test1)
lftp 172.25.68.100:/pub> exit
##修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> mkdir test2
mkdir ok, `test2' created
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> exit
9.匿名用户下载
##匿名用户下载
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
anon_world_readable_only=NO[root@server ftp_westos]# systemctl restart vsftpd.service
##客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> get passwd
get: Access failed: 550 Failed to open file. (passwd)
lftp 172.25.68.100:/pub> exit
##修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> get passwd
2243 bytes transferred
lftp 172.25.68.100:/pub> exit
10.匿名用户删除
##匿名用户删除
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
anon_other_write_enable=YES[root@server ftp_westos]# systemctl restart vsftpd.service
##客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> rm group
rm: Access failed: 550 Permission denied. (group)
lftp 172.25.68.100:/pub> exit
##修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> rm passwd
rm ok, `passwd' removed
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> exit
11.匿名用户使用的身份修改
[root@server pub]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
[root@server pub]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server pub]# vim /etc/vsftpd/vsftpd.conf
23 chown_uploads=YES
24 chown_username=westos[root@server pub]# systemctl restart vsftpd.service
##客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> ls
lftp 172.25.68.100:/pub> put /etc/passwd
2243 bytes transferred
lftp172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> exit
##修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> put /etc/group
959 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw------- 1 1001 50 959 Jan 23 07:19 group
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> exit
12.最大上传速率的设定
##设定最大上传速率
[root@server pub]# vim /etc/vsftpd/vsftpd.conf
26 anon_max_rate=102400 ##设定为100K[root@server pub]# systemctl restart vsftpd.service
[kiosk@foundation68 ~]$ dd if=/dev/zero of=bigfile bs=1M count=500 ##建立一个500M的bigfile大文件
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 0.695862 s, 753 MB/s
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> put /home/kiosk/bigfile
524288000 bytes transferred in 7 seconds (70.24M/s) ##没有限制70+M/S
lftp 172.25.68.100:/pub> exit
修改后:
[kiosk@foundation68 ~]$ dd if=/dev/zero of=bigfile1 bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 0.00562437 s, 1.9 GB/s
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> put /home/kiosk/bigfile1
10485760 bytes transferred in 102 seconds (100.0K/s) ##限制后100K/S
lftp 172.25.68.100:/pub> exit
13.最大连接数的设定
##最大连接数
[root@server pub]# systemctl restart vsftpd.service
max_clients=2[root@server pub]# vim /etc/vsftpd/vsftpd.conf
客户端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 1
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 2
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 3
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 4
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
修改后:
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 1
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 2
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 3
lftp 172.25.68.100:~> ls
`ls' at 0 [Delaying before reconnect: 27]
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 4
lftp 172.25.68.100:~> ls
`ls' at 0 [Delaying before reconnect: 29]
##可以看到在限定最大连接数前,4台主机后可以正常连接
##在限制最大连接数为2后,只有前两台用户可以正常连接