Window Server configuration FTP service (isolated users and non-isolated users)

1. Purpose of the experiment

Build an FTP service in Window server 2019 , so that the client can access files on the server through anonymous or user accounts, and realize download and upload.

2. Implementation principle

FTP (File Transfer Protocol) is a protocol for transferring files between two computers on a TCP/IP network, so that files can be shared between hosts.

3. Experimental steps

1. Install FTP server

Configure a static IP for the server

Open [Server Manager], click [Add Roles and Features].

Enter the [Server Role] interface, the FTP function of Windows Server is part of the IIS role, so check [Web Server (IIS)]. [FTP Server] and [Administrative Tools] are all ticked

Enter the [Function] interface, select it by default, and click [Next].

Enter the [Confirmation] interface, after confirming that it is correct, click [Install].

Open [Server Manager], click the [Tools] bar in the upper right corner, find [Internet Information Services (IIS) Manager] and click.

2. Add "Do not isolate users" site

Expand the menu on the left, right-click 【Website】, and select 【Add FTP Site】.

Enter the [Add FTP site] interface, and enter the FTP site name and the physical path of its directory. The physical path is the location of the directory that needs to be shared. Click [Next].

Enter the [Binding and SSL Settings] interface, and the IP addresses are all unassigned by default, that is, you can use any IP on the server that is not assigned to other FTP sites to access. If an IP address is selected, the FTP server can only be accessed through the selected IP address.

Port selection defaults to port 21. Select [No SSL] here.

Enter the [Identity Verification and Authorization Information Interface], in the identity verification, check Anonymous; allow users to access select all users; check permissions to read. Finally click 【Finish】.

Return to the [Website] interface, and the new FTP site "Unisolated Users" in the list has been created and started successfully.

Test FTP site

Before testing, feel free to create or copy a few files and folders into the root directory of the FTP.

Open another computer as a client

Test with resource manager

On a computer in the same LAN as the FTP server, use the resource manager to connect to FTP. Enter: ftp://192.168.23.137 to connect.

You can see that the client successfully accesses the shared files on the server

It can also be accessed through the command line window, and the username anonymous is entered as an anonymous user.

3. Add "Quarantine Users" site

Expand the menu on the left, right-click 【Website】, and select 【Add FTP Site】.

Enter the [Add FTP site] interface, and enter the FTP site name and the physical path of its directory. The physical path is the location of the directory that needs to be shared. Click [Next].

The default port 21 is already occupied, change it to 9000 here. Select [No SSL] here.

Select Basic for authentication, that is, an account password is required to access the server, and select all users for authorization

Return to the [Website] interface, and the new FTP site "Quarantine User" in the list has been created and successfully started.

(1), configure the user name directory (disable the global virtual directory)

Set up 3 users zhangsan, lisi, and wangwu, and require zhagnsan and lisi users to only access their own directories, and access the company's public file software through virtual directory mapping; wangwu can access lisi" and zhangsan user directories at the same time, but for the lisi directory It can only be downloaded but not uploaded. For the zhangsan directory, it can be uploaded but not downloaded.

There is a feature of the FTP server, that is, if you want the client to use the account password to access the shared file, you must create a folder named localuser under the root directory of the shared folder, and you need to create a new folder with the user name under the localuser folder. folder with the same name

create user

First create 3 users in users and groups

zhangsan, lisi, wangwu

Then create a new localuser folder under the ftp folder of the root directory, and then create three new folders with the same name as the user name under the localuser folder

Back to the server, you can see that there is an additional localuser in the "isolated user" directory

There are three users in the localuser directory

Configure the virtual directory public file software

Because at this time we are in the state of disabling the global virtual directory for user isolation

So if you want every user to access a shared file, you need to configure a virtual directory under each user directory

Right click on the user lisi folder - add a virtual directory

Enter an alias, select a folder path

When it is finished, you can see that there is an additional virtual directory software under the lisi folder

The same goes for other user additions

Configure zhagnsan and lisi users to only access their own directories, and wangwu can simultaneously access lisi" and zhangsan user directories

What is configured at this time is that each user can only access its own directory. To enable one of the users to access the directories of the other two users, a virtual directory needs to be configured for localuser

Right click on localuser - add virtual directory

Enter the user name, the path points to localuser

After completion, you can see that the wangwu directory contains directories of other users

Verification Test

First click on the site and select FTP directory browsing on the right

Configure as follows

Enter ftp://192.168.23.137:9000 in Client Explorer

You can see that you can only access public folders and your own directories

Logging in with zhangsan account is the same

But if you log in with the wangwu account, you can access the folders of the other two users.

Configure wangwu to access the directory of lisi to only download but not upload. For the directory of zhangsan, it can be uploaded but not downloaded.

Go back to the wangwu directory of the localuser directory of the server

Click the lisi directory under the wangwu directory, and select FTP authorization rules on the right

Configured to read, that is, when the wangwu user accesses the files in the lisi directory, he can only download but not upload

Configure the rule of the zhangsan directory under the wangwu directory to write, that is, when the wangwu user accesses the files under the zhangsan directory, they can only upload but not download

Verification Test

Use the command line window to access the FTP server on the client

You can see that there are 4 folders

Test whether the lisi folder can be uploaded or downloaded

Enter the lisi folder, you can see that there is a lis.txt file

download to local

Success, there is an additional lis.txt file in the local C:\\Users\Administrator directory

Try to upload aaa.txt to lisi folder

It was found that it could not be uploaded, even trying to create a new folder did not work

Test whether the zhagnsan folder can be uploaded or downloaded

It is found that you can switch to the zhagnsan directory, but the content cannot be listed, that is, it cannot be read

Try to upload aaa.txt to zhangsan folder

The discovery was successful, but it still cannot be read

Go back to the server to see if the upload was successful

You can see that there is an additional aaa.txt file on the zhangsan folder on the server

(2), user name physical directory (enable global virtual directory)

The same three users zhangsan, lisi, wangwu, each user can only access their own directory, and each user has a virtual directory software.

Similar to the previous step, but delete the virtual directory wangwu under the localuser directory

In this way, each user can access their own directory

However, accessing public folders is easier

Right click on the site - add virtual directory

After the completion, you can see that there is an additional software directory under the site, and then delete the virtual directory previously configured for each user individually