FTP: File Transfer Protocol
two connections:
command to connect: transfer instruction
data connections: data transmission
port number of TCP 20/21
modes:
Active Mode:
21 Port - Port control
20 port - Data Port
Description:
When the client and the FTP the client server to establish an account and enter a password when connecting, when the correct input, FTP server returns to the client a successful login information 21 port. After the client will log a successful data transmission (successful connection, the client starts listening port of the server 20), then the client generates a random port number for data transmission via FTP server port 21, the port 21 when the received data stream 20 port connects to FTP server port random data stream to the client, data transmission between the two sides.
Passive mode:
21 + random port Port
Description:
Also when the client login is successful, the client opens two random port, the first port is connected to a port of the FTP server 21, then the client sends a PASV command to the FTP server is not allowed 21 port 20 port, so the FTP server will use random port number to respond to client PASV response. At this time, the client uses the second random port number to listen to the data transmission server.
Path mapping:
The user's home directory: each user a URL / maps to the current user's home directory
vsftpd ftp user to run the process, the default user is the recognized ftp users, the default path that is anonymous ftp user user's home directory / var / ftp
environment program:
main program: / usr / sbin / vsftpd
master configuration file: /etc/vsftpd/vsftpd.conf
data root directory: / var / ftp
system module file: /usr/lib/systemd/system/vsftpd.service
Configuring vsftpd:
ftp User:
Anonymous User:
virtual users: non-system users, user account non to be logged-in user account OS
system users: Disable least system users to access ftp services, / etc / vsftpd / ftpusers, PAM (/ etc / pam.d / vsftpd)
User access to the default path through vsftpd service user's own home directory; the default may be that they have access to all paths to switch
profiles:
/etc/vsftpd/vsftpd.conf
anonymous users:
anonymous_enablen = YES
anon_upload_enable = YES
anon_mkdir_write_enable = YES
anon_other_write_enable = YES
user:
local_enable = YES
write_enable = YES
local_umask = 022
Auxiliary configuration file / etc / vsftpd / ftpusers
list of users in this file are prohibited ftp service
chroot_local_user = YES
local users access only access their own home directory
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd / chroot_list
ban, according to the list exists in its file in the user home directory; users need to be removed prior written permission of the home directory
transfer log:
xferlog_enable = YES
xferlog_file = / var / log / xferlog
xferlog_std_format = YES
types of daemons:
Standalone: independent daemon; the self-service process monitor sets by word and receive user access requests.
translent: instantaneous daemon; not started by the time set by the hosting party on behalf of the listener by word, the process does not service access request; if only hosted receive an access request to start service process
Centos 6: xinetd independent daemon /etc/xinetd.d/
Centos 7: systemd behalf is monitored by
the control vsftpd service can be found on the user list:
userlist_enable = YES
Enable / etc / vsftpd / user_list file to control the user can log
userlist_deny =
YES: This means that for the blacklist
NO: white list
upload and download rate:
anon_max-Rate = 0
local_max_rate = 0
concurrent connections limit:
max_clients = 2000
max_per_ip = 50
test:
the local user to upload and download
(1) vsftpd may be used as a local user Linux system FTP user as
the FTP server using the local user, the default will be located in the user's own home directory, and having read and write access
as user access qwertyuiop using ftp, then proceeds to the default directory is / home / qwertyuiop
Create a system user, and set a password, and placed in a test file in the main directory:
the useradd ftptest
the passwd vsftpdtest
echo 'FTP Test'> /home/ftptest/ftptest.txt
create a system user test, and configure the password:
the useradd qwertyuiop
the passwd qwertyuiop
( 2) allows the user to ftptest login and login is successful in its own home directory. User login allowed qwertyuiop
anonymous_enable = NO
local_enable = YES
write_enable = YES
chroot_local_user = YES
chroot_list_enable = NO
the chroot_list_file = / etc / the vsftpd / chroot_list
local_umask = 022
= YES userlist_enable
userlist_deny = NO
will ftptest user to the / etc / vsftpd / user_list file.
(3) allows qwertyuiop user login, located in / data directory After successful login, prohibit ftptest user login
anonymous_enable = NO
local_enable = YES
write_enable = YES
chroot_local_user = YES
chroot_list_enable = NO
the chroot_list_file = / etc / the vsftpd / chroot_list
local_umask = 022
userlist_enable = YES
userlist_deny NO =
local_root = / Data
added to the user qwertyuiop / etc / vsftpd / user_list file. To remove a user from this file ftptest
Note: Each test must restart the service
