Article directory
1. Introduction to FTP server
FTP (File Transfer Protocol) full nameFile Transfer Protocol, which is used for A set of standard protocols for file transfer, which works at the seventh layer of the OSI model, TCP The fourth layer of the model is theapplication layer.
The port number of the FTP service is:TCP 20/21
There are two ways in which FTP works:
- Active mode
Port 21: Control port
Port 20: Data transmission port - Passive mode
Port 21: Control port
Random port: Data transmission port
Note:
Active and passive mode, describes the data transmission process
Active and passive mode, right of choice On the client
Active and passive mode, the so-called active or passive is from the perspective of the server
2. Set up FTP service
In the previous blog we introducedWEB server, which was underWindows server 2003, as shown below: When installing the WEB service software on the virtual machine, the FTP service software is also installed
In fact, the computer is alreadyFTP server at this time. We can verify it and open Windows XP Virtual machine, open [My Computer] on the desktop, as shown below
Enter the command in the address bar:ftp://10.1.1.2, here10.1. 1.2 YesWindows server 2003 The IP address of this virtual machine, and then press Enter, we can see that there is no The error is reported because there is nothing in the default site
Let’s go back to the 2003 virtual machine, look at the FTP software, and find the location of the default site. Right-click [Default FTP Site] and click [Properties in the drop-down list >】
Click [Home Directory], you can see the path of the FTP default site as shown below
Then click on the desktop [My Computer], find the default site path, and you can see that it is indeed empty
We can create some new files in it, as shown below
Go back to the XP virtual machine, open [My Computer], and enter in the address bar:ftp://10.1.1.2, then press Enter, as shown below
You can see that the file you just created is available in the site. We can drag it out directly and put it into the XP computer, that is, download it.
Just now we saw that the default site is under the C drive. We can also publish content under other drives. Go back to the 2003 virtual machine, open the D drive, and you can see the login folder, which contains a login management page. If I am now the administrator of a website and need to regularly update the content on this page, I want to entrust someone else to help me manage this site, so that I can be busy with other things.
At this time, if it is not safe to directly give him my administrator account and password, I canPublish this folder to an FTP site, and then create an FTP account and password for him so that he can operate remotely. We will now publish login. The steps are as follows:
- Right-click [Default FTP Site] and click [Properties in the drop-down list >】
- Point 击【本目录】、Point 击【浏览 】
- 找到D盘下的login,Point 击【confirmation】
- You can see that it has been changed, click [Confirm]
- Go back to the XP computer, in the FTP connection interface, right-click on a blank space, and click [Refresh]< in the drop-down list /span>
- You can see that it has become the login page file in thelogin folder in the D drive, so that if other users want to assist To manage this server, you don’t need to get the server’s account and password. You only need to manage it through FTP connection, and upload, download, update, etc. the site
If you buy a website online in the future, the other company will not only provide us with a completed website, but also provide an FTP account that allows us to upload and update web page content through FTP.
Seeing the page just now, some friends may be curious: Didn’t it say that you create an account and password for the other party? Why did he log in to the FTP site directly through the URL? This is because we did not set it up. The default for the FTP site is anonymous login. We can take a look.
Go back to the 2003 virtual machine, right-click [Default FTP Site], and click [Attributes】
Click [Security Account], you can see that it is checked by default [Allow Anonymous connection]
Of course, in actual production work, anonymous connections are definitely not allowed, and separate accounts and passwords are created for different users. This is different from the WEB site we introduced before.WEB sites are generally connected anonymouslyEveryone has a deep understanding of this. When we access web pages, except for some that require creating a username and password (such as VIP members, etc.), we usually access the web page directly. There is no such thing as entering a username and password when encountering a web page.
Next, we will continue to study the FTP software. Let’s start from scratch and right-click on the original [Default FTP site] , click [Delete] in the drop-down list, and click [Yes], delete it
Right-click [FTP Site] and click [New in the drop-down list ], click [FTP site]
Point 击【下一步】
Write whatever you want here, and click [Next]
Click the drop-down triangle on the right, select the IP address of this machine, and then click [Next]
Point 击【下一步】
Here is the path to enter your home directory
We open [My Computer] and create a new folder in the D drive. Name it whatever you want, here it is called < /span>xiaoshiyi
Click into the created folder and create two folders in it, one called Data Upload and one called < a i=3>Data download. Let company employees access one to upload their own data, and the other to download company resources
Then go back to the home directory path setting page, click [Browse], go in and find the < under the D drive a i=3>xiaoshiyi folder, click [OK]
Point 击【下一步】
This page is to select the user's access rightsFTP access, but after the user accesses this folder, there are also local folders a>NTFS permissionsconstraints,Take the intersection of the two. This is similar to the permissions in the file sharing service introduced by the blogger before. File sharing has its own sharing permissions. After sharing, it is also subject to the NTFS permissions of the local file. It is also the intersection of the two. We set the file sharing permissions to full control, and then set different permissions for the local files separately. In this way, the local file permissions determine the end user's usage permissions. The same is true here. We check them all and click [< a i=1>Next step】
Point 击【Complete】
In this way, the FTP site is published.
But it’s not over yet. Since I don’t want to give my server administrator account and password to others, I need to create a username and password for the other party to perform remote FTP operations. Enter the console with cmd and create a The username isuser01, and the password is123456, as shown below
Create another usernameadmin with password 123, as shown below
Then go back to the D drive and set the permissions for the two folders in the xiaoshiyi folder, in order to allow file The folder only has download permission. The setting steps are as follows:data download folder, and data upload user only Can have upload permission for user01 user has full control of both folders, thenadmin
- Right-clickxiaoshiyi folder and click [Properties< in the drop-down list a i=4>】
- Click [Security], click [Users] , because the two users we created belong to the Users group, we can see that the user permissions of this group can access the files in the folder. Read, that is, the two users just created have permission to see the two folders inside, and they can also download. Reading means downloading
- Enterxiaoshiyi Set permissions for the two folders separately, right-click [Data Upload], click [Properties] in the drop-down list
- Points [Safe】, Points [High quality]
- The default is to inherit parent permissions by checking. Here weuncheck the check and click [< in the pop-up window a i=3>Copy], then click [OK]. This is because we need to separately set other permissions for users on this folder. First, cancel the permissions inherited from the parent, so that we can redefine the permissions
- Select [Users] and click [Delete] , add users yourself, different users, different permissions
- Point 击【Addition】
- hand user01 和 admin Both personal additions have come , Intermediate useminute codeinterval, point value >
- Select the user [user01] and check [List folder directoriesApply], which means that the user only has the permission to upload and see the folder, but does not have the permission to download], click [Write] and [
- Select the [admin] user and check the following permissions [Full Control]OK], so that all permissions will be selected, click [
- Right-click [Data Download] and click [Properties in the drop-down list 】
- Points [Safe】, Points [High quality]
- Uncheck [Allow parent...] and click [Copy< a i=4>], click [OK], which meansCancel inheritance
- Selection【Users】组,Point 击【删切 ], Users group
- Point 击【Addition】
- Import admin 和 user01 用户,两个之Time use
- Select the [admin] user and check [Full Control], select all permissions, and click [Apply]
- Select the user [user01], check the following three permissions, and click [OK a>], meansuser01 The user can only download to this folder and cannot execute upload permission
In this way, the two folders finally have different permissions for different users. The data upload folder only has upload permissions for user user01. admin users have full control permissions; the data download folder has full control permissions for user01 users only have download permissions, while admin users have full control permissions;
Go back to the FTP software, right-click [xiaoshiyi], and click [Attributes】
Click [Secure Account] and uncheck [Allow anonymous connections< a i=4>], click [Yes] in the pop-up window, click [Confirm< a i=8>】
Next to verify, return to the XP virtual machine, click [My Computer] and enter in the address bar ftp://10.1.1.2, press Enter and you will see the following picture, asking us to enter the user name and password
Please contact us user01 Japanese secret 123456, Point 击【registration】
After entering, you can see the two folders placed on the 2003 virtual machine.
It’s just that it’s empty. In order to verify permissions, we go back to the 2003 virtual machine and create new files in the two folders.
Go back to the XP virtual machine and refresh the FTP link interface.
Click on the data upload folder and try to drag the file out to download. An error is reported and the download cannot be done becauseuser01 The user does not want the file The files in the folder do not have download permission
Create a new folder on the XP computer desktop and try to drag it into the data upload folder of the FTP file site. It is found that the upload can be successful becauseuser01 Users can have upload permissions on the data upload folder
Click on the data download folder, try to drag out the file download, go to the desktop, and find that the download can be successful, becauseuser01 user Have download permissions for the data download folder
I tried dragging the new folder on the desktop into the data download folder of the FTP site and found an error becauseuser01 The user did not have the data downloaded. Upload permissions for download folder
Next verify the permissions of another useradmin. This is different from the previous file sharing service. If you want to switch to another account for file sharing To log in, you must log out and log in again to the client to make him forget the previous file sharing login user. FTP cannot remember the last logged-in user., unless checked to let him remember, we can directly right-click the blank space of the current FTP connection interface and click [Login 】, you can switch to another user to log in
Name for importing admin 和mitsho 123,Point 击【Registration】
I still see these two folders
We click on the data upload folder and directly test whether the files inside can be downloaded. Drag all the files inside to the desktop. It will prompt whether to overwrite because there is a new folder on the desktop. Click [ Yes】
You can see that the download was successful
We created a new picture on the desktop, then dragged it into the site, and found that it could also be uploaded successfully.
Then try deleting it. You can also delete it because admin user has full control over the folder
Open the data download folder, upload the desktop picture, and find that there is no problem
Clear all the original data on the desktop, then drag out all the files in the data download and download them to the desktop, and find that there is no problem.
There is no problem in deleting all of them, which proves that the admin user we set has no problem with full control permissions on the folder
That’s it,FTP serverEveryone will set it up and install it on the computerIIS The software's FTP plug-in just creates and publishes the site you want to publish. Give the FTP permissions to the highest level, and then set the NTFS permissions on the file. Although this method is more complicated, it is very stable.Very suitable for enterprise production environment. Third-party FTP software, especially some small software, is unstable and is fine for temporary use, but will crash when there are more people.
Let me summarize for youdeployment of FTP server several aspects that should be paid attention to, as follows
1. Configure static IP
2. Install the IIS-FTP plug-in (the above two steps are in my previous blog [IIS WEB Server Detailed explanation (Part 1)] All operations are completed)
3. Use the default site or create a new site
注意:用户最终权限为FTP权限与NTFS权限取交集
建议:FTP权限全部勾选,然后具体的在NTFS里做权限设置
4. Uncheck Anonymous access
The experiments we just conducted were all done in a virtual machine. If I were on my real computer now, my computer would beWindows10 System, I want to share some data on my computer with other friends on the same LAN. If you use a network disk or USB disk to copy and then download, the download speed is very slow, and then you have to install IIS software on your own computer, which is also very troublesome. Because IIS software is a patent of the server system in the Microsoft family. It can also be installed on win7 and win10, but its functions are very limited and difficult to find.
Next, I will introduce you to a small FTP software.You can use it by double-clicking it to open it without installing it locally.. It is also suitable for ordinary users to operate and is very user-friendly. The name of the software is FTPserver.exe, and the size is only a few tens of kilobytes. After double-clicking to open it, the interface is as follows:
The port number in cannot be changed. The maximum number of connectionsIt is the maximum number of users that can be connected. You can change this yourself.Account name and account passwordSet one yourself. This is the account name and password of the software, not The username and password we created on the computer above. If other clients want to remotely access the content shared by my FTP software, they only need to give them the username and password set here. Access Directory< /span>]Start Service contains the directory where the files you want to share are located. Compared with the setting method we just set, the permission settings are more friendly to novices. Just click on them yourself. What permissions do you want to give these users? Check what you want, and then click [
To access my FTP shared files, the user only needs to open any computer disk directory on his computer and enter ftp://my computer’s IP in the address bar above. , then press Enter, you can see the login page, enter the user name and password I gave him , and click Login You can see the shared content.
It doesn’t stop there. How many users are currently connecting to my computer’s FTP shared files? The bottom of the software will also display the current number of connections.
说明:这个软件在使用时,会获取当前要共享的文件目录的完全控制权限,继而给共享的普通用户进行权限分配。所以电脑的防火墙可能会拦截,要正常使用,可以暂时关掉防火墙,如果需要这个软件的可以在评论区留言找博主领取。