General vsFTP service configuration of Linux network service (super detailed illustration, one step, one picture)

FTP service-the protocol used to transfer files

• The FTP server uses TCP port 20 and 21 to communicate with the client by default.
  • Port 20 is used to establish a data connection and transfer file data
  • Port 21 is used to establish a control connection and transmit FTP control commands
• FTP data connection is divided into active mode and passive mode
  • Active mode: the server actively initiates a data connection
  • Passive mode: The server passively waits for a data connection

vsftp configuration

Install vsftpd

• yum install -y vsftpd
  

Make a backup of the /etc/vsftpd configuration file to prevent mistakes

• cd /etc/vsftpd
• cp vsftpd.conf {, .bak}
  

Set up the FTP service accessed by anonymous users (maximum permissions)

• vim /etc/vsftpd/vsftpd.conf
  anonymous_enable=YES #Enable anonymous user access. The default is enabled
  write_enable=YES #Open the write permission of the server (to upload, it must be enabled).
  Anon_umask=022 is enabled by default #Set the permission mask (reverse mask) of data uploaded by anonymous users 666-022=644
  anon_upload_enable=YES #Allow anonymous users to upload files. It has been commented by default and needs to be uncommented
  anon_mkdir_write_enable=YES #Allow anonymous users to create (upload) directories. It has been commented by default and needs to be uncommented
  anon_other_write_enable =YES #Allow delete, rename, overwrite and other operations. Need to add
  

Start service

• systemctl start vsftpd
• netstat -natp | grep 21
  

Turn off the firewall

• systemctl stop firewalld
• setenforce 0d

Establish FTP connection between Windows 10 and Linux

Set the maximum permissions for anonymous access to the pub subdirectory under the root directory of ftp, so that anonymous users can upload data

• chmod 777 /var/ftp/pub
  

Upload files from Windows to Linux

put

Windows anonymously download files in Linux

get

Set the local user authentication method ftp, and prohibit switching to directories other than ftp (the default login directory is the home directory of the local user)

vim /etc/vsftpd/vsftpd.conf
local_enable=YES #Enable local users
anonymous_enable=NO
#Turn off anonymous user access write_enable=YES #Open the write permission of the server (if uploading, it must be turned on)
local_umask=077 #You can set only host users Have the permission of the uploaded file (reverse mask)
chroot_local_user=YES
#Contain access in the user's home directory allow_writeable_chroot=YES #Allow the restricted user's home directory to have write permissions

Modify the configuration file to close anonymous user access

anonymous_enable=NO

• Create a local user

• Log in through a local user
• Local users can log in and switch users at will, there is a certain risk

Forbid local users to switch directories and imprison him in the user's home directory

After modifying the configuration file to restart the service
systemctl restart vsftpd
this time imprisoned in their own homes can not be switched directory

Extend the second way to log in to ftp

• ftp://[email protected]
  

Extension 2 Modify the default root directory for anonymous users and local users to log in

• Configuration increase in /etc/vsftpd/vsftpd.conf file
• anon_root=/var/ww/html #anon_root for anonymous users
• local_root=/var/ww/html #local_root for system users

Extension 3 Use the user_list user list file to set the blacklist and whitelist

• vim etc/vsftpd/user_list

• //Add lisi user at the end

• lysis
  

• vim /etc/vsftpd/vsftpd.conf

• userlist_enable=YSE #Enable user_list user list file

• userlist_dany=NO #Set the white list, and only allow users of the user_list user list file to access. The default is YES, which is a blacklist, disable
  
  systemctl restart vsftpd and
  restart the service after configuration

• At this time, the zhangsan user cannot log in to the lisi user.
  

Writing is not easy to remember one-click triple connection