The content of the article is just my understanding of FTP!
Introduction to FTP
File Transfer FTP (File Transfer FTP), as a transfer protocol for network shared files, is widely used in network application software.
FTP protocol
FTP is one of the protocol cluster protocols of TCP/IP, and its main function is to realize file transfer between remote hosts through the network.
1. Use the Vsftpd server
Vsftpd (Very Secure FTP) is a common software for Linux systems.
1.1 Installation and startup of Vsftpd server
The name of Vsftpd in the yum source is called vsftpd
yum install -y vsftpd* //* stands for downloading all packages about vsftpd
1.2 User types of Vsftpd server
The user types of Vsftpd are mainly divided into anonymous users, local users and virtual users.
(1) Anonymous user: If the Vsftpd server provides anonymous access function, the default anonymous access user is anonymous or ftp, and the password is empty. After the anonymous user logs in, the working directory is /var/ftp
(2) Local user: Local user information is stored in the /etc/passwd file. After entering the user name and password, the local user can log in to vsftpd and directly enter the user's host directory.
(3) Virtual user: a dedicated user who aims to have an account in the vsftpd server, and this account can only be used for file transfer services, also known as guest users. This type of user can log in authorized by entering the user name and password.
2. Vsftpd server test
The operating mode of the FTP server is based on server and client. After the server has installed the Vsftpd software package, it can be tested through the client.
1. First download vsftpd and its related services
yum install -y vsftpd* ftp*
2. Then open the port of the ftp service, so that the firewall allows the ftp service
firewall-cmd --zone=public --add-port=21/tcp --per
systemctl restart vsftpd firewalld
3. Test as an anonymous user on the virtual machine, use the ftp command, and then enter the ip address of the machine, the user name is ftp, the password is empty, and the login process is as follows.
[root@linux2 ~]# ftp 192.168.123.102
Connected to 192.168.123.102 (192.168.123.102).
220 (vsFTPd 3.0.2)
Name (192.168.123.102:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> ls
192.168.123.102 in the above command is the ip address of the vsftpd server
The terminal prints the information "230 Login successful." indicating that the login is successful
3.Common FTP commands
Order | illustrate |
---|---|
ls | View the files in the server's current directory |
mkdir [directory name] | Create a new directory on the server |
put filename | Upload a specified file to the server |
mput list of filenames | Upload multiple files to server |
chmod | Change file permissions on the server |
? or help | Display help information for internal commands |
open domain name or IP address | Establish a connection to the specified server |
close | Terminate the remote process and return the command status |
bye or quit | launch server |
4. Configuration file of Vsftp server
It is relatively simple to configure the basic Vsftpd server. You only need to install the Vsftpd software correctly, start Vsftpd directly and release the port. However, if you want to further build the Vsftpd service, you must master the configuration file of the Vsftpd server.
document | illustrate |
---|---|
/etc/vsftpd/vsftpd.conf | Vsftpd server main configuration file |
/etc/vsftpd/ftpusers | List of users prohibited from accessing the Vsftp server |
/etc/vsftpd/user_list | Whether the specified user can access the FTP server depends on the setting of the userlist_deny option |
/etc/vsftpd/chroot_list | directory access control file |
These files are described in detail below
1. vsftpd.conf file
vsftpd.conf is located in the /etc/vsftpd directory. Like most configuration files, the vsftpd.conf file begins with the symbol "#" to comment information, and we can use tools such as Vim to modify it. Remove the comment in Vsftpd to display the configuration content of the file as follows:
[root@linux2 ~]# grep -v "#" /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YESpam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
The common options in this file are introduced below. Reasonable use of these options is the prerequisite for ensuring FTP security and stability.
options | illustrate |
---|---|
anonymous_enable | Set whether to allow anonymous users to log in to the server |
local_enable | Set whether to allow local users to log in to the server |
write_enable | Set whether to allow write operations |
local_umask | Set the umask value of the file created by the local user |
anon*_upload_enable* | Set whether to allow anonymous users to upload files |
anon*_mkdir_write_enable* | Set whether to allow anonymous users to create directories |
xferlog_enable | Whether to activate the log function |
chown_uploads | Modify owner of files uploaded by anonymous users |
chown_username=whoever | When chown_uploads=YES is enabled, specify as the main user account, whoever means your ftp user |
chroot*_local_user* | Set whether to restrict all users to their home directories |
chroot*_list_enable* | Set whether to enable the list of restricted users |
chroot*_list_file* | Set whether to restrict/exclude the list of users in the main directory, the restriction/exclusion is determined by the chroot local user value |
allow*_writeable_choot* | Set write permissions for the chroot directory |
2. ftpusers file
The /etc/vsftpd/ftpusers file is used to specify the list of users who cannot access the vsftp server. The format of this file is in the form of one line for each user, and the users contained in it are usually the super users and system users of the system.
3. user_list file
The /etc/vsftpd/user list file is also used to keep the user list. Whether the specified user can access the vsftp service depends on the parameters of the userlistdeny option. When the parameter of the userlist_deny option=YES, all users written in this file will not be able to Don’t even think about logging in to the vsftp service, but when userlist_deny=No, these users will get up, which means that only these users can access the vsftp service, so you must pay attention to the parameters of this option. Very important.
If you want to restrict some specified local users from accessing the FTP service, you can add the following content to do so:
Enter the last line of /etc/vaftpd/vsftpd.conf to add
userlist_enable=YES
userlist_deny=YES
userlistfile=/etc/vsftpd/user_list
Enter /etc/vsftpd/user_list to add the local users you need to deny access
toto (meaning each specified user occupies a separate line)
If you need to specify several local users to access the FTP service, you can add the following content to do so:
Enter the last line of /etc/vaftpd/vsftpd.conf to add
userlist_enable=YES
userlist_deny=NO
userlistfile=/etc/vsftpd/user_list
Enter /etc/vsftpd/user_list to add the local users you need to deny access
toto (meaning each specified user occupies a separate line)
4.chroot_list file
By default, anonymous users will be locked in the default FTP directory, while local users can access content other than their home directory. For security reasons, users can be restricted to only access their home directory through the chroot_list file, and can also be used The difference is that you can not only access your own directory but also access content other than the main directory.
The chroot list file design chrootlocal user and chroot*_list_enable two options*
chroot*_list_file points to /etc/sftpd/chroot_list* by default
The chroot_list file has two functions
- is to restrict the users in the user list to only be in their home directory
- Users in the list can not only access their own home directory, but also jump out of the home directory and access other directories.
When chroot*_list_enable=YES, users in chroot_list can only be in this directory*
When chroot*_list_enable=NO, directories in chroot_list can access content other than the home directory*
5. Use of Vsftp server
The installation, startup and main configuration files of the Vsftpd server are introduced above, and the specific application of the server will be introduced through specific examples below.
1. Anonymous users access the Vsfto server
The experimental environment is the IP address of the Centos7 server is 192.168.123.101 and the host name is linux1
Step 1: Install Vsftp service and open the service
yum install -y vsftpd
systemctl restart vsftpd
Log in with the ftp anonymous user as follows:
[root@linux2 ~]# ftp 192.168.123.101
Connected to 192.168.123.101 (192.168.123.101).
220 (vsFTPd 3.0.2)
Name (192.168.123.101:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> ls
227 Entering Passive Mode (192,168,123,101,101,29).
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 6 Oct 13 2020 pub
226 Directory send OK.
Login is successful, use the ls command to browse the default FTP directory (/var/ftp)
1. First create two text files 1.txt and 2.txt in the FTP default directory /var/pub
[root@ayaka ~]# cd /var/ftp/pub/
[root@ayaka pub]# touch 1.txt
[root@ayaka pub]# touch 2.txt
[root@ayaka pub]# ls
1.txt 2.txt2. Enter the /pub directory on the client
ftp> ls
227 Entering Passive Mode (192,168,123,101,75,103).
150 Here comes the directory listing.
-rw-r–r-- 1 0 0 0 May 09 10:37 1.txt
-rw-r–r-- 1 0 0 0 May 09 10:37 2.txt
Download files from the Vsftpd server to the client
Enter the pub directory and use the get command to download the files 1.txt and 2.txt to the current directory. The successful download process is as follows
220 (vsFTPd 3.0.2)
Name (192.168.123.101:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd pub
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192,168,123,101,25,132).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 50 May 09 10:54 1.txt
-rw-r--r-- 1 0 0 0 May 09 10:37 2.txt
226 Directory send OK.
ftp> !pwd
/root
ftp> get 1.txt
local: 1.txt remote: 1.txt
227 Entering Passive Mode (192,168,123,101,145,74).
150 Opening BINARY mode data connection for 1.txt (50 bytes).
226 Transfer complete.
50 bytes received in 0.000134 secs (373.13 Kbytes/sec)
ftp> !ls
1 1.txt anaconda-ks.cfg
ftp>
Test to create a directory on the Vsftp server
ftp> mkdir toto
550 Permission denied.
ftp
Through the above operations, it can be concluded that by default, anonymous users generally only have permission to download files from the server server, and cannot upload files or perform other operations
Then how to make him have authority, then we will configure vsftpd to upload files or perform other operations
Change the vsftpd.conf file, enable anonymous user uploads, and create directory permissions
Uncomment the following two parameters
29 #anon_upload_enable=YES //Allow anonymous file upload files
34 #anon_mkdir_write_enable=YES //Allow anonymous users to create directories
Save and exit after uncommenting and restart the vsftpd service to make it take effect
systemctl restart vsftpd
Create an anonymous user upload directory
You need to create a directory under the /var/ftp directory, modify the permissions of the directory, and allow anonymous users to have write permissions
[root@ayaka pub]# mkdir /var/ftp/hub
[root@ayaka pub]# chmod o+w /var/ftp/hub
upload directory
Use the put command to upload local files to the FTP server. The specific process is as follows.
[root@linux2 ~]# ftp 192.168.123.101
Connected to 192.168.123.101 (192.168.123.101).
220 (vsFTPd 3.0.2)
Name (192.168.123.101:root): ftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd hub //进入目录hub
250 Directory successfully changed.
ftp> !ls //执行本机Shell命令,显示当前内容
1 1.txt anaconda-ks.cfg file1.txt
ftp> put 1 //上传文件1
local: 1 remote: 1
227 Entering Passive Mode (192,168,123,101,176,227).
150 Ok to send data.
226 Transfer complete.
1664 bytes sent in 0.000814 secs (2044.23 Kbytes/sec)
ftp> ls -l //查看hub目录中的文件列表
227 Entering Passive Mode (192,168,123,101,85,50).
150 Here comes the directory listing.
-rw------- 1 14 50 1664 May 09 11:26 1
226 Directory send OK.
ftp> mkdir tomato //创建目录
257 "/hub/tomato" created //创建目录成功
ftp> ls
227 Entering Passive Mode (192,168,123,101,99,18).
150 Here comes the directory listing.
-rw------- 1 14 50 1664 May 09 11:26 1
drwx------ 2 14 50 6 May 09 11:35 tomato
226 Directory send OK.
ftp>
2. Local users access the Vsftp server
A local user is a user with a user account on the FTP server, which is equivalent to a real user in the FTP server. It authorizes login by entering its own account number and password. When the user successfully logs in to the server, its login directory is the user's home Directory, the user's permission to operate the main directory, can download or upload files.
Below we will use examples to introduce the process of local users logging in to the server to download and upload files.
Local users access the Vsftp server. In this example, the IP address of the Vsftp server is 192.168.123.101 and the host name of the client is Client.
The Vsftp server creates user ftpuser, and creates files toto and yoyo in the user's home directory. The commands are as follows
[root@ayaka pub]# useradd ftpuser
[root@ayaka pub]# echo "123" | passwd --stdin ftpuser //Set the password of ftpuser to 123
[root@ayaka pub]# su - ftpuser //login user ftpuser
[ftpuser@ayaka ~]$ touch toto.txt
[ftpuser@ayaka ~]$ touch yoyo.txt
After using a local user to log in to the Vsftpd server, the login directory is the user's home directory /home/ftpuser, the specific process is as follows
[root@linux2 ~]# ftp 192.168.123.102
Connected to 192.168.123.102 (192.168.123.102).
220 (vsFTPd 3.0.2)
Name (192.168.123.102:root): ftpuser
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp> ^Z
[2]+ 已停止 ftp 192.168.123.102
[root@linux2 ~]#
[root@linux2 ~]# ftp 192.168.123.101
Connected to 192.168.123.101 (192.168.123.101).
220 (vsFTPd 3.0.2)
Name (192.168.123.101:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,123,101,56,176).
150 Here comes the directory listing.
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 toto.txt
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 yoyo.txt
226 Directory send OK.
ftp> pwd
257 "/home/ftpuser"
ftp>
Create a directory
The user ftpuser creates the directory tomato, the specific operation is as follows
ftp> mkdir tomato
257 "/home/ftpuser/tomato" created
ftp> ls
227 Entering Passive Mode (192,168,123,101,244,9).
150 Here comes the directory listing.
drwxr-xr-x 2 1000 1000 6 May 09 11:52 tomato
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 toto.txt
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 yoyo.txt
226 Directory send OK.
ftp>
Upload local files
User ftpuser uploads local files to the specified directory on the server, the specific operations are as follows:
ftp> !ls -l
总用量 16
-rw-r--r--. 1 root root 1664 10月 23 2020 1
-rw-r--r--. 1 root root 50 5月 9 18:56 1.txt
-rw-------. 1 root root 1295 5月 7 19:16 anaconda-ks.cfg
-rw-r--r--. 1 root root 7 5月 9 19:20 file1.txt
ftp> !pwd
/root
ftp> put anaconda-ks.cfg //上传本地文件
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (192,168,123,101,101,125).
150 Ok to send data.
226 Transfer complete.
1295 bytes sent in 0.00108 secs (1194.65 Kbytes/sec)
ftp> ls -l //浏览远程目录,验证上传文件是否为本地文件
227 Entering Passive Mode (192,168,123,101,149,213).
150 Here comes the directory listing.
-rw-r--r-- 1 1000 1000 1295 May 09 11:55 anaconda-ks.cfg
drwxr-xr-x 2 1000 1000 6 May 09 11:52 tomato
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 toto.txt
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 yoyo.txt
226 Directory send OK.
ftp>
Download server file to local
Use ftpuser to download the file toto to the local current directory, download the file yoyo to the local directory /tmp, and rename it to toto.bak. The specific operation is as follows
ftp> get toto
local: toto remote: toto
227 Entering Passive Mode (192,168,123,101,206,168).
550 Failed to open file.
ftp> ls
227 Entering Passive Mode (192,168,123,101,98,221).
150 Here comes the directory listing.
-rw-r--r-- 1 1000 1000 1295 May 09 11:55 anaconda-ks.cfg
drwxr-xr-x 2 1000 1000 6 May 09 11:52 tomato
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 toto.txt
-rw-rw-r-- 1 1000 1000 0 May 09 11:44 yoyo.txt
226 Directory send OK.
ftp> get toto.txt //下载文件到本地目录
local: toto.txt remote: toto.txt
227 Entering Passive Mode (192,168,123,101,46,209).
150 Opening BINARY mode data connection for toto.txt (0 bytes).
226 Transfer complete.
ftp> !ls -l //浏览本地目录,验证下载文件操作是否成功
总用量 16
-rw-r--r--. 1 root root 1664 10月 23 2020 1
-rw-r--r--. 1 root root 50 5月 9 18:56 1.txt
-rw-------. 1 root root 1295 5月 7 19:16 anaconda-ks.cfg
-rw-r--r--. 1 root root 7 5月 9 19:20 file1.txt
-rw-r--r--. 1 root root 0 5月 9 19:59 toto.txt
// 下载文件yoyo.txt 到 本地目录/tmp下 并重命名为yoyo.bak
tp> get yoyo.txt /tmp/yoyo.bak
local: /tmp/yoyo.bak remote: yoyo.txt
227 Entering Passive Mode (192,168,123,101,46,136).
150 Opening BINARY mode data connection for yoyo.txt (0 bytes).
226 Transfer complete.
ftp> lcd /tmp 进入本地目录/tmp
Local directory now /tmp
ftp> !ls //浏览验证本地目录是否有yoyo.bak
ks-script-e7_otA yoyo.bak
systemd-private-7da9c4fa89d64f18a66b1cf3053c3ff6-chronyd.service-JoFutU yum.log
vmware-root_797-4257069498
ftp>