Here is a brief introduction to the configuration of the FTP service. The simulation is updated from time to time, remember that you are very tired, remember to click three links
- FTP service-protocol used to transfer files
- vsftp configuration
-
- Install vsftpd
- Make a backup of the /etc/vsftpd configuration file to prevent mistakes
- Set up the FTP service accessed by anonymous users (maximum permissions)
- Start service
- Turn off the firewall
- Establish FTP connection between Windows 10 and Linux
- Set the maximum permissions for anonymous access to the pub subdirectory under the root directory of ftp, so that anonymous users can upload data
- Upload files from Windows to Linux
- Windows anonymously download files in Linux
- Set the local user authentication method ftp, and prohibit switching to directories other than ftp (the default login directory is the home directory of the local user)
- Modify the configuration file to close anonymous user access
- Forbid local users to switch directories and imprison him in the user's home directory
- Extend the second way to log in to ftp
- Extension 2 Modify the default root directory for anonymous users and local users to log in
- Extension 3 Use the user_list user list file to set the blacklist and whitelist
- Writing is not easy to remember one-click triple connection
FTP service-the protocol used to transfer files
- The FTP server uses TCP port 20 and 21 to communicate with the client by default.
- Port 20 is used to establish a data connection and transfer file data
- Port 21 is used to establish a control connection and transmit FTP control commands
- FTP data connection is divided into active mode and passive mode
- Active mode: the server actively initiates a data connection
- Passive mode: The server passively waits for a data connection
vsftp configuration
Install vsftpd
- yum install -y vsftpd
Make a backup of the /etc/vsftpd configuration file to prevent mistakes
- cd /etc/vsftpd
- cp vsftpd.conf {, .bak}
Set up the FTP service accessed by anonymous users (maximum permissions)
- vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES #Enable anonymous user access. The default is enabled
write_enable=YES #Open the write permission of the server (to upload, it must be enabled).
Anon_umask=022 is enabled by default #Set the permission mask (reverse mask) of data uploaded by anonymous users 666-022=644
anon_upload_enable=YES #Allow anonymous users to upload files. It has been commented by default and needs to be uncommented
anon_mkdir_write_enable=YES #Allow anonymous users to create (upload) directories. It has been commented by default and needs to be uncommented
anon_other_write_enable =YES #Allow delete, rename, overwrite and other operations. Need to add
Start service
- systemctl start vsftpd
- netstat -natp | grep 21
Turn off the firewall
- systemctl stop firewalld
- setenforce 0d
Establish FTP connection between Windows 10 and Linux
Set the maximum permissions for anonymous access to the pub subdirectory under the root directory of ftp, so that anonymous users can upload data
- chmod 777 /var/ftp/pub
Upload files from Windows to Linux
put
Windows anonymously download files in Linux
get
Set the local user authentication method ftp, and prohibit switching to directories other than ftp (the default login directory is the home directory of the local user)
vim /etc/vsftpd/vsftpd.conf
local_enable=YES #Enable local users
anonymous_enable=NO
#Turn off anonymous user access write_enable=YES #Open the write permission of the server (if uploading, it must be turned on)
local_umask=077 #You can set only host users Have the permission of the uploaded file (reverse mask)
chroot_local_user=YES
#Contain access in the user's home directory allow_writeable_chroot=YES #Allow the restricted user's home directory to have write permissions
Modify the configuration file to close anonymous user access
anonymous_enable=NO
- Create a local user
- Log in through a local user
- Local users can log in and switch users at will, there is a certain risk
Forbid local users to switch directories and imprison him in the user's home directory
After modifying the configuration file to restart the service
systemctl restart vsftpd
this time imprisoned in their own homes can not be switched directory
Extend the second way to log in to ftp
- ftp://[email protected]
Extension 2 Modify the default root directory for anonymous users and local users to log in
- Configuration increase in /etc/vsftpd/vsftpd.conf file
- anon_root=/var/ww/html #anon_root for anonymous users
- local_root=/var/ww/html #local_root for system users
Extension 3 Use the user_list user list file to set the blacklist and whitelist
-
vim etc/vsftpd/user_list
-
//Add lisi user at the end
-
lysis
-
vim /etc/vsftpd/vsftpd.conf
-
userlist_enable=YSE #Enable user_list user list file
-
userlist_dany=NO #Set the white list, and only allow users of the user_list user list file to access. The default is YES, which is a blacklist, disable
systemctl restart vsftpd and
restart the service after configuration -
At this time, the zhangsan user cannot log in to the lisi user.