Basic settings, principles and installation of Centos7-FTP
Table of contents
- Basic settings, principles and installation of Centos7-FTP
-
- 1. The basic configuration of the FTP service includes the following items:
- 2. The settings in this chapter only allow users in the whitelist (users in the user_list file) to access the ftp operation process reference
-
- 2.1.Install ftp
- 2.2 Back up the main configuration file:
- 2.3 Edit the main configuration file and enable the whitelist:
- 2.4. Edit the list file user_list and add zhangsan and lisi:
- 2.5. Turn off the firewall:
- 2.6. Start the ftp service:
- 2.7 Verification
- 2.8 Check running status and automatic startup
- 2.9 Configure FTP service restriction permissions
- 3. Summary
1. The basic configuration of the FTP service includes the following items:
User permission configuration: You can restrict FTP user access permissions and file upload and download permissions by configuring user accounts and directory access permissions.
Port configuration: FTP service needs to open TCP ports 21 (control port) and 20 (data port), which can be configured accordingly in network devices such as firewalls and routers.
SSL/TLS encryption configuration: You can configure the FTP service to enable the SSL/TLS encryption protocol to ensure the security of data transmission. You can use the openssl command to generate certificates and related configurations.
PASV passive mode configuration: When the FTP server is placed behind a firewall, PASV passive mode needs to be used to bypass the firewall restrictions.
Anonymous access configuration: You can configure the FTP server to support anonymous access by setting allowed directories and access permissions to implement the function.
2. The settings in this chapter only allow users in the whitelist (users in the user_list file) to access the ftp operation process reference
2.1.Install ftp
If ftp is not installed, install the vsftpd software package: as follows
[root@localhost ~]# yum -y install vsftpd
#Successful installation is displayed
2.2 Back up the main configuration file:
[root@localhost ~]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
#Backup is to prevent the original system files from being damaged during the operation.
[root@localhost ~]# ls /etc/vsftpd
#Otherwise it fails
3. Remove the lines starting with #:
[root@localhost ~]# grep -v “^#” /etc/vsftpd/vsftpd.conf.bak > /etc/vsftpd/vsftpd.conf
2.3 Edit the main configuration file and enable the whitelist:
To enable the whitelist of the FTP service, you can limit the IP addresses or IP address ranges that FTP users can access by adding allow/deny rules in the main configuration file. When editing the main configuration file /etc/vsftpd.conf
In order to enable the whitelist, you need to modify the listen_address configuration item and add allow/deny rules to list legal IP addresses or IP address segments, as shown below:
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
2.4. Edit the list file user_list and add zhangsan and lisi:
[root@localhost ~]# vi /etc/vsftpd/user_list
6. Add local accounts zhangsan and lisi to the system:
[ root@localhost~]# useradd list
[root@localhost ~]# passwd lisi
7. View existing system local ordinary accounts:
[root@localhost ~]# tail -3 /etc/passwd
2.5. Turn off the firewall:
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# setenforce 0
2.6. Start the ftp service:
If startup fails when configuring the FTP service to enable whitelisting, it may be caused by syntax errors in the configuration file or incorrect rule settings.
2.7 Verification
Enter the ftp protocol and server IP address in the address bar of the physical machine resource manager:
At this time, click OK, right-click to find login, and enter the password you just created for the account.
12. Try to upload the file, and it succeeds:
2.8 Check running status and automatic startup
The following command checks the running status of the FTP service
sudo systemctl status vsftpd
In order to ensure that the FTP service starts automatically when the system starts, you can use the following command to enable the self-starting function of the FTP service:
sudo systemctl enable vsftpd
After the modification is completed, save the modification and use the following command to restart the FTP service:
sudo systemctl restart vsftpd
2.9 Configure FTP service restriction permissions
To configure the FTP service, you can edit the /etc/vsftpd/vsftpd.conf file to modify FTP user access rights and file upload and download restrictions, etc.
anonymous_enable=YES # 允许匿名访问
local_enable=YES # 允许本地用户访问
write_enable=YES # 允许上传文件
chroot_local_user=YES # 将用户限制在主目录中,避免用户越权访问
local_umask=022 # 文件上传的权限掩码,表示将文件权限设置为-rw-r--r-- pasv_enable=YES # 允许PASV被动模式
pasv_min_port=12020 # PASV被动模式最小端口号
pasv_max_port=12025 # PASV被动模式最大端口号
ssl_enable=YES # 启用SSL/TLS加密
ssl_cert_file=/etc/vsftpd/vsftpd.crt # SSL证书文件
ssl_key_file=/etc/vsftpd/vsftpd.key # SSL证书私钥文件
It should be noted that the above configuration may not be suitable for all environments and needs, and can be modified accordingly according to the actual situation. After modifying the configuration file, you need to restart the vsftpd service for the modification to take effect. Modify the above parameters carefully, otherwise ftp will not operate properly.
The above are the basic steps for installing FTP service on CentOS7. You can configure it according to your actual situation.
3. Summary
FTP (File Transfer Protocol) is a standard network protocol used to transfer files between computers. The following is a summary of FTP configuration on Linux systems:
-
Install FTP server: In Linux systems, we can use vsftpd, ProFTPD and other FTP server software to support FTP services. We need to install the FTP server software on the Linux system using a package manager such as yum.
-
Configure FTP server: After installing the FTP server, we need to configure the FTP server to support user access and file transfer. In the FTP server, we can specify the FTP root directory, manage users, assign permissions, etc. The FTP server can be configured in the /etc/vsftpd/vsftpd.conf file.
-
Add FTP user: We need to add a user to the FTP server to allow users to upload and download files. In Linux systems, we can use the useradd and passwd commands to create FTP users, and specify the FTP root directory through the chroot command.
-
Firewall configuration: In Linux systems, we usually need to open the ports required by the FTP server to allow transfers. We can configure corresponding rules in the firewall in the Linux system to ensure normal communication between the FTP client and server.
-
Test the FTP service: After setting up and configuring the FTP server, we need to test whether it is working properly. We can use an FTP client tool (such as FileZilla) to connect to the FTP server and use the FTP client to perform operations such as file upload and download to test whether the configuration is functioning properly.
In short, configuring an FTP server in a Linux system involves many aspects and requires proficiency in FTP server software, user management, file transfer, firewall configuration and other technologies. However, once configured, we can transfer files and share data quickly and securely.