15.0 Introduction to FTP

15.0 Introduction to FTP

• FTP is the English abbreviation of File Transfer Protocol (File Transfer Protocol, referred to as File Transfer Protocol), which is used to control the bidirectional transmission of files on the Internet.
• The main function of FTP is to allow users to connect to a remote computer (the FTP server program is running on these computers), view the files in the remote computer, and then copy the files from the remote computer to the local computer, or transfer the files of the local computer to the remote computer. computer.
• Small companies use FTP more, but large companies do not use FTP because it is not secure.

Since it is not safe, why use ftp?
Because lrzsz has certain limitations, such as: it cannot transfer files larger than 4G. There are also Alibaba Cloud machines. I use one machine to jump to another machine. Now I use rzsz to transfer data, and there will be problems!
Solution: Use ftp to view the files on the ftp server and download and upload locally on the server; (big companies will use git--version management tools and then use automated tools to publish platform releases)

15.2 Use vsftpd to build an ftp server

centos上自带vsftpd
yum install -y vsftpd
useradd -s /sbin/nologin virftp
vim /etc/vsftpd/vsftpd_login //内容如下,奇数行为用户名，偶数行为密码，多个用户就写多行
testuser1
aminglinux
chmod 600 /etc/vsftpd/vsftpd_login
db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
mkdir /etc/vsftpd/vsftpd_user_conf 
cd /etc/vsftpd/vsftpd_user_conf
vim testuser1 //加入如下内容
local_root=/home/virftp/testuser1    ##定义虚拟用户家目录
anonymous_enable=NO      ##不允许匿名用户访问
write_enable=YES    ##可写
local_umask=022    ##定义新文件和目录的umask值，和系统umask值一样；
anon_upload_enable=NO   ##不允许匿名用户上传；
anon_mkdir_write_enable=NO    ##不允许匿名用户可写
idle_session_timeout=600    ##超过600s需要重新登录
data_connection_timeout=120    ##数据传输超时时间120s
max_clients=10    ##最大连接客户端10
mkdir /home/virftp/testuser1
touch /home/virftp/testuser1/aming.txt
chown -R virftp:virftp /home/virftp
vim /etc/pam.d/vsftpd //在最前面加上
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
vim /etc/vsftpd/vsftpd.conf
将anonymous_enable=YES 改为 anonymous_enable=NO
将#anon_upload_enable=YES 改为 anon_upload_enable=NO 
将#anon_mkdir_write_enable=YES 改为 anon_mkdir_write_enable=NO
再增加如下内容
chroot_local_user=YES
guest_enable=YES
guest_username=virftp
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/vsftpd_user_conf
allow_writeable_chroot=YES
systemctl start vsftpd //启动vsftpd服务

yum install -y lftp  
lftp [email protected]  
执行命令ls，看是否正常输出
若不正常查看日志/var/log/messages和/var/log/secure
windows下安装filezilla客户端软件，进行测试

1. Install vsftpd and create a user

[root@Dasoncheng ~]# yum install -y vsftpd
[root@Dasoncheng ~]# ls /etc/vsftpd/
ftpusers  user_list  vsftpd.conf  vsftpd_conf_migrate.sh
[root@Dasoncheng ~]# useradd -s /sbin/nologin virftp
[root@Dasoncheng ~]# vim /etc/vsftpd/vsftpd_login
user1
p@ssw0rd
user2
123456
[root@Dasoncheng ~]# chmod 600 /etc/vsftpd/vsftpd_login
[root@Dasoncheng ~]# db_load -T -t hash -f /etc/vsftpd/vsftpd_login /etc/vsftpd/vsftpd_login.db
[root@Dasoncheng ~]# ls /etc/vsftpd/
ftpusers   vsftpd.conf             vsftpd_login
user_list  vsftpd_conf_migrate.sh  vsftpd_login.db

2. Create a configuration file corresponding to the user

[root@Dasoncheng ~]# mkdir /etc/vsftpd/vsftpd_user_conf
[root@Dasoncheng ~]# cd /etc/vsftpd/vsftpd_user_conf
[root@Dasoncheng vsftpd_user_conf]# vim user1
local_root=/home/virftp/user1    
anonymous_enable=NO
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
idle_session_timeout=600
data_connection_timeout=120
max_clients=10
[root@Dasoncheng vsftpd_user_conf]# mkdir /home/virftp/user1
[root@Dasoncheng vsftpd_user_conf]# touch /home/virftp/user1/gecz.txt
[root@Dasoncheng vsftpd_user_conf]# chown -R virftp:virftp /home/virftp/
[root@Dasoncheng vsftpd_user_conf]# vim /etc/pam.d/vsftpd 
[root@Dasoncheng vsftpd_user_conf]# head -3 /etc/pam.d/vsftpd
#%PAM-1.0  
auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login    ##添加的这下面两行是验证的密码配置文件；
account sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
……

3. Modify the global configuration file

There should be no spaces in the configuration file, I suffered from the chroot line;

[root@Dasoncheng ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO    ##将YES改为NO
anon_upload_enable=NO    ##将前面的#去掉，YES改为NO
anon_mkdir_write_enable=NO    ##将前面的#去掉，YES改为NO
……    ##在尾部添加如下几行：
chroot_local_user=YES
guest_enable=YES    ##开启映射
guest_username=virftp    ##将虚拟用户映射到系统用户virftp
virtual_use_local_privs=YES      ##使用ftp虚拟用户
user_config_dir=/etc/vsftpd/vsftpd_user_conf     ##定义虚拟用户配置文件目录；
allow_writeable_chroot=YES
[root@Dasoncheng ~]# systemctl start vsftpd

[root@Dasoncheng ~]# ps aux |grep vsftp
root      41052  0.0  0.0  53216   576 ?        Ss   14:31   0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root      41058  0.0  0.0 112664   968 pts/1    S+   14:34   0:00 grep --color=auto vsftp
[root@Dasoncheng ~]# netstat -lntp |grep ftp
tcp6       0      0 :::21                   :::*                    LISTEN      41052/vsftpd
[root@Dasoncheng ~]# lftp [email protected]
Password: 
lftp [email protected]:/> ?    ##列出当前可使用的命令
    !<shell-command>                     (commands)
    alias [<name> [<value>]]             attach [PID]
    bookmark [SUBCMD]                    cache [SUBCMD]
……
……
lftp [email protected]:~> ls        ##这个就是我之前创建的文件
-rw-r--r--    1 1003     1003            0 Feb 26 06:41 gecz.txt
lftp [email protected]:/> get gecz.txt     ##get下载，默认是当前目录
lftp [email protected]:/> quit
[root@Dasoncheng ~]# ls
1.txt  anaconda-ks.cfg  ccc       logs       wordpress-4.9.4-zh_CN.tar.gz
aaa    bbb              gecz.txt  wordpress

15.3 Two ways for Xshell to connect to ftp:

The protocol for xshell to connect to ftp is ssh, and it doesn't have to do with port 21 without installing an ftp server!

Method 1 (SFTP):

• set up xshell
  
  
• Default local directory:
  
• Configure the local directory here:
  

Method 2 (XFTP)--recommended:

• Install xftp software:
  
• xshell connection status press ctrl+alt+f
  
• This interface appears; (double-click or drag to transfer files!)
  

15.4 Use pure-ftpd to build ftp service

The reason why this pure-ftpd is used to build: mainly because of its lightness and simplicity (the first choice for customers or small partners);

 yum install -y epel-release
 yum install -y pure-ftpd
 vim /etc/pure-ftpd/pure-ftpd.conf//找到pureftpd.pdb这行，把行首的#删除
 systemctl stop vsftpd
 systemctl start pure-ftpd
 mkdir /data/ftp
 useradd -u 1010 pure-ftp
 chown -R pure-ftp:pure-ftp /data/ftp
 pure-pw useradd ftp_usera -u pure-ftp  -d /data/ftp
 pure-pw mkdb
 pure-pw list/userdel/usermod/passwd

1. Install pure-ftpd

[root@DasonCheng ~]# yun install -y epel-release ^C    //这里我已经安装过了；
[root@DasonCheng ~]# yum install -y pure-ftpd

2. Configure pure-ftpd

[root@DasonCheng ~]# vim /etc/pure-ftpd/pure-ftpd.conf 
PureDB                        /etc/pure-ftpd/pureftpd.pdb     //去掉前面的#号，使其生效 指定其密码配置文件；

3. Start the pure-ftpd service

[root@DasonCheng ~]# ps aux|grep ftp
root      28769  0.0  0.0  52708   696 ?        Ss   08:31   0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root      29489  0.0  0.0 112664   972 pts/1    S+   10:41   0:00 grep --color=auto ftp
[root@DasonCheng ~]# systemctl stop vsftpd    // 因为vsftp和pure-ftp使用的都是21端口，所以关闭vsftpd；
[root@DasonCheng ~]# systemctl start pure-ftpd
[root@DasonCheng ~]# ps aux|grep pure-ftp
root      29506  0.0  0.1 201916  1192 ?        Ss   10:42   0:00 pure-ftpd (SERVER)

4. Test:

[root@Dasoncheng ~]# mkdir /data/ftp
[root@Dasoncheng ~]# useradd -u 1010 pure-ftp
[root@Dasoncheng ~]# chown -R pure-ftp:pure-ftp /data/ftp/
[root@Dasoncheng ~]# pure-pw useradd ftp_usera -u pure-ftp -d /data/ftp
Password: 
Enter it again: 
[root@Dasoncheng ~]# pure-pw --help ^C
[root@Dasoncheng ~]# pure-pw mkdb
[root@Dasoncheng ~]# pure-pw list /userdel/usermod/passwd
ftp_usera           /data/ftp/./                                               
[root@Dasoncheng ~]# touch /data/ftp/123.txt
[root@Dasoncheng ~]# lftp [email protected]
Password: 
lftp [email protected]:~> ls    
drwxr-xr-x    2 1010       pure-ftp           21 Feb 26 16:07 .
drwxr-xr-x    2 1010       pure-ftp           21 Feb 26 16:07 ..
-rw-r--r--    1 1010       pure-ftp            0 Feb 26 16:07 123.txt
[root@Dasoncheng ~]# touch /data/ftp/456.txt
[root@Dasoncheng ~]# lftp [email protected]
Password: 
lftp [email protected]:~> ls    
drwxr-xr-x    2 1010       pure-ftp           36 Feb 26 16:14 .
drwxr-xr-x    2 1010       pure-ftp           36 Feb 26 16:14 ..
-rw-r--r--    1 1010       pure-ftp            0 Feb 26 16:07 123.txt
-rw-r--r--    1 0          0                   0 Feb 26 16:14 456.txt
lftp [email protected]:/> quit
[root@Dasoncheng ~]# chown pure-ftp:pure-ftp /data/ftp/456.txt 
[root@Dasoncheng ~]# lftp [email protected]
Password: 
lftp [email protected]:~> ls    
drwxr-xr-x    2 1010       pure-ftp           36 Feb 26 16:14 .
drwxr-xr-x    2 1010       pure-ftp           36 Feb 26 16:14 ..
-rw-r--r--    1 1010       pure-ftp            0 Feb 26 16:07 123.txt
-rw-r--r--    1 1010       pure-ftp            0 Feb 26 16:14 456.txt   ##文件属主为uid，属组为pure-ftp 这是pure-ftpd的一个特性！