FTP server usage and configuration

Enterprise 2023-10-03 06:43:21 views: null

vsftp installation configuration

Environment configuration

  • Server: CentOS 7.6 vsftpd

  • Client: Windows 10 xftp

服务端

yum -y install epel-release.noarch

 yum -y install vsftpd* pam* db4*


systemctl restart vsftpd

#修改配置前备份文件
[root@node1 ~]# cd /etc/vsftpd/
[root@node1 vsftpd]# ls
ftpusers  user_list  vsftpd.conf  vsftpd_conf_migrate.sh
[root@node1 vsftpd]# cp vsftpd.conf{,.bak}
[root@node1 vsftpd]# ls
ftpusers  user_list  vsftpd.conf  vsftpd.conf.bak  vsftpd_conf_migrate.sh
   
#查看配置文件
[root@node1 vsftpd]# cat vsftpd.conf | grep -v ^#
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

vsftpd configure anonymous user

Edit configuration file

[root@node1 vsftpd]# vi vsftpd.conf


write_enable=YES
anon_umask=022    
anonymous_enable=YES 
anon_upload_enable=YES
anon_mkdir_write_enable=YES   
anon_other_write_enable=YES   
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Common anonymous configuration items

anonymous_enable=YES # 是否允许匿名用户访问
anon_umask=022 # 匿名用户所上传文件的权限掩码
anon_root=/var/ftp # 设置匿名用户的FTP根目录
anon_upload_enable=YES # 是否允许匿名用户上传文件
anon_mkdir_write_enable=YES # 是否允许匿名用户允许创建目录
anon_other_write_enable=YES # 是否允许匿名用户有其他写入权
(改名,删除,覆盖)
anon_max_rate=0 # 限制最大传输速率(字节/秒)0为
无限制

Restart service

[root@node1 vsftpd]# systemctl restart vsftpd
[root@node1 vsftpd]# ps aux | grep  vsftpd
root      91454  0.0  0.0  53180   576 ?        Ss   11:54   0:00 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
root      91738  0.0  0.0 112724   988 pts/0    S+   11:55   0:00 grep --color=auto vsftpd

Be careful to turn off the firewall

Turn off firewall and SELinux scripts with one click

#!/bin/bash

# 关闭防火墙
echo "正在关闭防火墙..."
sudo systemctl stop firewalld
sudo systemctl disable firewalld
echo "防火墙已关闭并禁用。"

# 检查 SELinux 状态
sestatus=$(sestatus | grep "SELinux status" | awk '{print $3}')

if [ "$sestatus" == "enabled" ]; then
    # 关闭 SELinux
    echo "正在关闭 SELinux..."
    sudo setenforce 0
    sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
    echo "SELinux 已关闭。"
else
    echo "SELinux 已经处于禁用状态,无需操作。"
fi

echo "脚本执行完毕。"


[root@node1 ~]# vi script
[root@node1 ~]# chmod u+x script 
[root@node1 ~]# ./script 
正在关闭防火墙...
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
防火墙已关闭并禁用。
正在关闭 SELinux...
SELinux 已关闭。
脚本执行完毕。

Modify permissions to implement file upload

[root@node1 ~]# cd /var/ftp/
[root@node1 ftp]# ls
pub
[root@node1 ftp]# ll
总用量 0
drwxr-xr-x. 2 root root 6 69 2021 pub
[root@node1 ftp]# chown -R ftp.ftp pub/
[root@node1 ftp]# ll
总用量 0
drwxr-xr-x. 2 ftp ftp 6 69 2021 pub           
 
#记住重启服务生效
[root@node1 ftp]# systemctl restart vsftpd


#使用xftp尝试上传与下载文件

Insert image description here

Insert image description here

Insert image description here

Configure user login

Configure system user login

#新建两个用户并设置密码
[root@node1 ~]# useradd admin1
[root@node1 ~]# useradd admin2
  • Modify configuration file
 vi /etc/vsftpd/vsftpd.conf


local_enable=YES
local_umask=077
chroot_local_user=YES
allow_writeable_chroot=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=NO
tcp_wrappers=YES
  • Common configuration
local_enable=YES # 是否允许本地系统用户访问
local_umask=022 # 本地用户所上传文件的权限掩码
local_root=/var/ftp # 设置本地用户的FTP根目录
chroot_list_enable=YES # 表示是否开启chroot的环境,默认
没有开启
chroot_list_file=/etc/vsftpd/chroot_list # 表示写
在/etc/vsftpd/chroot_list文件里面的用户是不可以出chroot环境的。默认是可以的。
Chroot_local_user=YES # 表示所有写
在/etc/vsftpd/chroot_list文件里面的用户是可以出chroot环境的,和上面的相反。
local_max_rate=0 # 限制最大传输速率(字节/秒)0为
无限制
  • Add user whitelist
[root@node1 vsftpd]# vi /etc/vsftpd/user_list 
[root@node1 vsftpd]# cat /etc/vsftpd/user_list | grep admin
admin1
admin2
   #重启服务
[root@node1 vsftpd]# systemctl restart vsftpd
  • test
#新建文件
[root@node1 ~]# cd /home/admin1
[root@node1 admin1]# touch test.txt
[root@node1 admin1]# systemctl restart vsftpd

Insert image description here

Insert image description here

Configure virtual users

  • Create a virtual FTP user account

    [root@node1 ~]# useradd -s /sbin/nologin vu

  • Create virtual user directory

[root@node1 ~]# useradd -s /sbin/nologin vu
[root@node1 ~]# cd /etc/vsftpd/
[root@node1 vsftpd]# ls
ftpusers  user_list  vsftpd.conf  vsftpd.conf.bak  vsftpd_conf_migrate.sh
[root@node1 vsftpd]# vi user
[root@node1 vsftpd]# cat user
test
123456
  • Create data file
[root@node1 vsftpd]# db_load -T -t hash -f user user.db
 [root@node1 vsftpd]# ls
ftpusers  user  user.db  user_list  vsftpd.conf  vsftpd.conf.bak  vsftpd_conf_migrate.sh
  • Create PAM authentication files to support virtual users
[root@node1 vsftpd]# vi /etc/pam.d/vsftpd.vu 

auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/user
account required /lib64/security/pam_userdb.so db=/etc/vsftpd/user
  • Modify configuration file
[root@node1 vsftpd]# vi vsftpd.conf


write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
userlist_enable=YES
tcp_wrappers=YES
allow_writeable_chroot=YES
guest_enable=YES
guest_username=vu
pam_service_name=vsftpd.vu
local_enable=YES
local_umask=077
chroot_local_user=YES
virtual_use_local_privs=YES
user_config_dir=/etc/vsftpd/user_dir

[root@node1 vsftpd]# mkdir /etc/vsftpd/user_dir
[root@node1 vsftpd]# ls
ftpusers  user  user.db  user_dir  user_list  vsftpd.conf  vsftpd.conf.bak  vsftpd_conf_migrate.sh
[root@node1 vsftpd]# cd user_dir/
[root@node1 user_dir]# vi test   
[root@node1 user_dir]# cat test
cal_root=/etc/vsftpd/data # 虚拟用户数据的存放路径
  • Create a virtual user data storage directory
[root@node1 user_dir]# cd ..
[root@node1 vsftpd]# mkdir data
[root@node1 vsftpd]# chmod 777 data/
  • Log in to test after restarting the service
systemctl restart vsftpd
[root@node1 data]# touch a.txt
[root@node1 data]# pwd
/etc/vsftpd/data

Insert image description here

Guess you like

Origin blog.csdn.net/weixin_51882166/article/details/131641911
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com