Question 1. Anonymous users can upload, download, and delete files through the ftp service and the permission to upload directory files is 704. ( Umask=073 )
experiment procedure:
- View yum source status, install vsftpd package
[root@localhost xiaoming]# yum repolist
2. Turn off the firewall and selinux
[root@localhost xiaoming]# systemctl stop firewalld //关闭防火墙
[root@localhost xiaoming]# setenforce 0 //关闭selinux
[root@localhost xiaoming]# systemctl status firewalld //查看防火墙状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@localhost xiaoming]# getenforce //查看selinux状态
Permissive
3. Edit the content of the configuration file /etc/vsftpd/vsftpd.conf
① Allow anonymous users to log in to the vsftpd host and download files: anonymous_enable=YES
②Allow anonymous users to upload files: anon_upload_enable=YES
③Allow anonymous users to have the authority to create directories: anon_mkdir_write_enable=YES
④Set the permissions of uploading directory files to 704: anon_umask=073
⑤Allow anonymous users to delete files: anon_other_write_enable=YES
4. Settings can upload files in the /var/ftp/pub/ directory
[root@localhost ~]# chmod o+w /var/ftp/pub/
5. Restart the ftp service
[root@localhost ~]# systemctl restart vsftpd
6. Test
①Anonymous user login: Enter ftp://192.168.74.130 on the file explorer or browser to enter the server, anonymous users can log in.
②Download: Enter the pub directory, originally created a file haha, drag the haha file into the local desktop, the download is successful!
③Upload : Create a folder ceshi on the local desktop. Drag the ceshi file into the pub directory and the upload is successful!
④Check the permission of uploading directory files: 704 (Permission mask: 073)
Question 2. When accessing the ftp server through a local user, all users except redhat users are restricted to their home directories. (Note to add allow_writeable_chroot=YES)
experiment procedure:
1. Turn off the firewall and selinux
[root@localhost xiaoming]# systemctl stop firewalld //关闭防火墙
[root@localhost xiaoming]# setenforce 0 //关闭selinux
[root@localhost xiaoming]# systemctl status firewalld //查看防火墙状态
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@localhost xiaoming]# getenforce //查看selinux状态
Permissive
2. Modify the content of the configuration file /var/vsftpd/vsftpd.conf
①Reject anonymous user login: anonymous_enable=NO
②Allow local users to log in: local_enable=YES
③Enable chroot option: allow_writeable_chroot=YES
④ chroot three control files:
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
3. Add the redhat user in the /etc/vsftpd/chroot_list file
[root@localhost xiaoming]# vim /etc/vsftpd/chroot_list
redhat
4. Add user xiaoming and set password
[root@localhost home]# useradd xiaoming //创建用户
[root@localhost home]# passwd xiaoming //设置密码
更改用户 xiaoming 的密码 。
新的 密码:
无效的密码: 密码包含用户名在某些地方
重新输入新的 密码:
抱歉,密码不匹配。
新的 密码:
无效的密码: 密码包含用户名在某些地方
重新输入新的 密码:
passwd:所有的身份验证令牌已经成功更新。
5. Add the file heihei in the home directory of Xiaoming user
[root@localhost home]# cd xiaoming
[root@localhost xiaoming]# echo this is xiaoming > heihei
[root@localhost xiaoming]# ll
总用量 4
-rw-r--r--. 1 root root 17 10月 21 14:27 heihei
6. Restart the ftp service
[root@localhost xiaoming]# systemctl restart vsftpd
7. Test
①Redhat users log in to the ftp service (not restricted to their home directory)
②Other users: xiaoming users log in to the ftp server (limited to their home directory)