FTP: File Transfer protocol
ftp is not just one connection, it is two connections based on tcp, command connection and data connection.
Two modes of data connection:
- Active mode: The server actively connects to the client through port 20, the client listens on the port + 1 where the connection is established on the server, and the server works on tcp/20
- The client uses its own port with the server to connect to the client's random port + 1
ftp is a file transfer protocol, what form does the data pass through? Data is transmitted on the physical line in the form of streams, mainly text (file stream) and binary. In order to ensure the security of data, there are sftp (ftp based on ssh protocol provided by ssh), ftps (ftp based on ssl)
There are three ways to log in to the ftp server:
- system user: the user of the ftp server
- Virtual user: account password stored in mysql or hash file
- Anonymous users: The ftp server enables anonymous users, that is, you can log in as anonymous
ftp has 5 different status codes:
- 1xx: Information code
- 2xx: success status code
- 3xx: status code for further prompting completion information
- 4xx: Client error (temporary error)
- 5xx: Server-side error (permanent error)
install vsftpd
vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. vsftpd is the name of a server running on a UNIX-like operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc. It is a completely free, open source ftp server software that supports many other Features not supported by the FTP server. For example: very high security requirements, bandwidth limitations, good scalability, virtual users can be created, IPv6 support, high speed.
Features:
- vsftpd starts the service as a general identity, so the use permission for the Linux system is low, and the harm to the Linux system is relatively reduced. In addition, vsftpd also uses the chroot() function to change the root directory, so that system tools will not be misused by the vsftpd service;
- Any vsftpd command that requires higher execution authority is controlled by a special upper-level program (parent process), the higher-level execution authority function enjoyed by the upper-level program has been restricted quite low, and does not affect Linux itself. system shall prevail;
- All requests from clients who want to use the vsftpd command with higher execution authority provided by this upper-level program are regarded as "untrustworthy requirements" to be processed, and must be confirmed after a considerable degree of identity confirmation. Use the functions of the upper program. For example, chown(), Login requirements, etc.;
- In addition, in the upper-level program mentioned above, the function of chroot() is still used to limit the user's execution authority.
Install:
yum -y install vsftpdService Script /etc/rc.d/init.d/vsftpd
Configuration File /etc/vsftp/vsftpd.conf
Main Program File /usr/sbin/vsftpd
Data File/var/ftp
configuration file/etc/vsftpd/vsftp.conf
#禁锢用户,默认为no,yes为开启禁锢,chroot为家目录
chroot_local_user={yes | no}
#禁锢用户列表user_list的用户
chroot_list_enable={yes | no}
#user_list中的将用户禁锢在其家目录,也可对其设定黑白名单,黑名单不允许user_list登录,白名单允许user_list登陆
#黑名单:userlist_enable=YES,userlist_deny=YES
#白名单:userlist_enable=YES,userlist_deny=NO
#禁锢部分用户,将禁锢的用户名添加到chroot文件,一行一个用户名。
#与禁锢用户列表不能同时使用,两者选择一个
chroot_list_file=/etc/vsftpd/chroot
#是否需要本地用户登录
local_enable={yes | no}
#启动匿名用户登录
anonymous_enable=YES
#允许匿名用户有写权限
anon_upload_enable=YES
#允许匿名用户有删除权限
anon_other_write_enable=YES
#允许匿名用户创建文件夹权限
anon_mkdir_write_enable=YES
#注意:`在启用写入功能时,ftp用户对相应的本地文件系统也有相应的写入权限;生效的权限取决于文件系统权限和服务权限的交集`
#用户登录欢迎信息
ftpd_banner=Welcome to my ftp
banner_file=/etc/vsftpd/bannerfile #在文件中写欢迎信息
dirmessage_enable=YES #在目录中创建.messages隐藏文件,里面写欢迎信息
#/etc/vsftpd/ftpusers中的用户不允许使用ftp服务器
#这是在/etc/pam.d/vsftpd中定义的
#连接限制
max_clients #最大并发连接数
max_per_ip #相同的ip可同时发起并发请求数
#传输速率,单位“字节/秒”
anon_max_rate #匿名用户的传输速率
local_max_rate #本地用户传输速率
#上传文件的umask
anon_umask #匿名用户上传文件的umask
local_umask #本地用户上传文件的umask
#修改匿名用户上传文件的属主属组
chown_uploads=YES
chown_username=用户名