vsftd service
role: to provide file sharing services between hosts can be applied to the Internet, realize the function field for a server to download company documents, does not distinguish between the client, can be used in windows and linux in
ftp file transfer protocol, simply, is to support ftp server ftp server protocol
In the use of ftp, users often encounter two concepts:
upload (upload) files is to copy files from your computer to the remote host
download (download) a file is copied from the remote host file to your own computer
ftp operation mode is divided into two categories:
1. Active Mode
2. passive mode
Two modes of reference object for the server
Particular use two ports
ftp 21 connection data 20
Active
C (1025) connected to the channel port ----------- -----------> S port 21
has been online
advance Open 1026 (data port)
S 20 data port data channel ---------------- ------------> 1026 C
Open Close-demand
The client uses more than 1024 ports (1025) port 21 connection to the server, and will be turned on after a greater than 1024 port allows connection to a server, the server that the client is ready to port, port 20 is connected with the client, create a data when the link state is in active connection server client transfer mode called active solid
Passive
C (1025) connected to the channel port ----------- -----------> S port 21
in advance Open 1028 (data port)
has been Online
C 1026 ---------------- data channel data port ----------> 1028 data port S
The client uses the port is greater than 1024 (1025) port 21 connected to the server, the server after receiving a request to open a port is greater than 1024 (1028) to wait for the client connection, the client notifies the port 1028 is waiting for a connection, the client state to the information server after opening a new port (1026) connected to the 1028, the server creates a data link connection to the client in a passive solid-called passive transmission mode
The ftp server
vsftpd
ftp client software
lftp
ftp
Three types of users
Local users: users exist on the server
anonymous users: anonymous users actually have a corresponding system user ftp is the user default anonymous user corresponding to the user anonymous user mapped to user ftp
virtual user
Sure you have completed the following tasks:
1. Closed firewall
2. Closed SELinux
3. Closed NetworkManager
4. Configured fixed ip address
5.yum configured
Environment:
server ip: 192.168.1.252 host name: server.uplooking.com
client ip: 192.168.1.251 host name: client.uplooking.com
1. Check the package is installed
[root @ server mnt] # rpm -qa | grep vsftp
2. Install the package
[root @ server mnt] # yum install vsftpd -y
File Viewer software installation produced
[root @ Server mnt] # -ql vsftpd RPM
/etc/logrotate.d/vsftpd log cutting
/etc/pam.d/vsftpd pam authentication
/etc/rc.d/init.d/vsftpd start script
/ etc / vsftpd configuration file directory
/ etc / vsftpd / ftpusers access control
/ etc / vsftpd / user_list access control
/etc/vsftpd/vsftpd.conf main configuration file
/ usr / sbin / vsftpd daemon
/ var / ftp anonymous users home directory
/ var / ftp / pub default upload and download directory
3. Start services
[root @ server mnt] # /etc/init.d/vsftpd restart
4. Check whether the service is listening
[root @ Server mnt] # netstat -tulnp | grep vsftpd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 3943 / vsftpd
Providing downloadable file
[root @ Server mnt] # cd / var / the FTP / Pub /
[root @ Server Pub] # echo "is available for purchase to the FTP" >> ftp.txt
[root @ Server Pub] # CAT ftp.txt
is available for purchase the FTP to
[root @ Server Pub] # echo 111222> 1.txt
[root @ Server Pub] CAT 1.txt #
111222
Profile Description
vim /etc/vsftpd/vsftpd.conf
----------------- anonymous user ----------------------------
allows anonymous users access the FTP
anonymous_enable = YES
Anonymous users can upload
anon_upload_enable = YES
Anonymous users can create folders
anon_mkdir_write_enable = YES
Support anonymous user can delete directories and files (you can only delete empty directories the Test rmdir)
anon_other_write_enable = YES
Anonymous users can only download files readable want to download the file must have read permissions
anon_world_readable_only = YES
When anonymous users to upload files when you can change the upload file owner
chown_uploads = YES
chown_username = root
Umask anonymous users to upload the file
permissions file permissions anon_umask = 077 600 700 directory
rw-rw rwxrwxrwx-RW-
-rwxrwx -rwxrwx
rwx------ 700 rw------- 600
Global Configuration ------------------------- ----------------------
enter when the directory for a message that
dirmessage_enable = YES
if you want to switch when the remote directory for a message that you need to create a .message message in the directory
example: vim /var/ftp/pub/.message
---- is available for purchase to the FTP
- --- please do not upload unknown file
Log Settings
xferlog_enable = YES to start the log
location and file name xferlog_file = / var / log / xferlog set the log storage
xferlog_std_format = YES // start, the log will be written in a standard format xferlog
Active mode port
connect_from_port_20 = YES
After connecting the session timeout space 600 seconds without operating exit
idle_session_timeout = 600
Downloaded data connection timeout limit large file download time of the file can not be longer than 120 seconds
data_connection_timeout = 120
Prior to modify the default security user security user the FTP
nopriv_user = ftpsecure
Disabling asynchronous transfer
async_abor_enable = YES
Defined landing ftp banner
ftpd_banner = Welcome to blah FTP service.
Recursion is not allowed to display
ls_recurse_enable = YES
Ipv4 address listen
listen = YES
------------- ----------------------------------- local users -----------------------------
allow local users to access the FTP
local_enable = YES
It allows local users to upload
write_enable = YES
Umask local users to upload files
local_umask = 022
------ ----------- restrict users path switching
owner does not switch
chroot_local_user = YES feature on the switch
chroot_list_enable = NO
the chroot_list_file = / etc / the vsftpd / chroot_list
Blacklist
chroot_local_user = NO
chroot_list_enable = YES open list function
chroot_list_file = / etc / vsftpd / chroot_list list file in this user detention
Whitelist
chroot_local_user = YES
chroot_list_enable = YES
the chroot_list_file = / etc / the vsftpd / chroot_list list of files in this file the user can switch the directory
[root@server pub]# vim /etc/vsftpd/chroot_list
jim
-----------------------------Access control------------------- --------------------------
1. support pam authentication
pam_service_name = vsftpd pam authentication name
Blacklist list in user is not allowed to access the ftp service
vim / etc / vsftpd / ftpusers
jim
All users etc / within / vsftpd / user_list file does not allow access ftp
blacklist
userlist_enable = YES whether to enable document control
userlist_deny = YES whether users in the file can access the ftp service
/ etc / vsftpd / user_list
All users etc / within / vsftpd / user_list file to allow access ftp
whitelist
userlist_enable = YES whether to enable document control
userlist_deny = NO whether users in the file can access the ftp service
/ etc / vsftpd / user_list
vim /etc/vsftpd/user_list
jim
tcp_wrappers = YES enabled
Tcp_wrappers can be used to make access control
ldd /usr/sbin/vsftpd | grep libwra
libwrap.so.0 => /lib64/libwrap.so.0 (0x00007fb74c5fb000)
/etc/hosts.deny refused hostname / ip address / network / domain name
vsftpd: 192.168.1.5
/etc/hosts.allow to allow only
-------------------------- restrict user access to resources -------------------- -
max_clients = 3 // limit concurrent client connections 3
the Default: 2000
max_per_ip = 2 // same IP address limits the number of concurrent connections 2
the Default: 50
anon_max_rate = 2000 // maximum transmission rate limit anonymous user bytes the default is 0 unlimited
the default: 0
local_max_rate = 2000 // limiting local user maximum transmission rate, the default is 0 bytes unlimited
the default: 0
listen_address = 192.168.1.252 // set the listening ip address
Clients use
1. Check the package is installed
[root @ client tmp] # rpm -qa | grep ftp
2. Install Package
yum install ftp lftp -y
View package resulting file
[root @ Client tmp] # -ql the FTP RPM
/ usr / bin / the FTP
[root @ Client tmp] # RPM -ql lftp
/etc/lftp.conf
/ usr / bin / lftp
lftp 192.168.1.252
Usage: lftp [OPTS]
[root @ Client tmp] # lftp 192.168.1.252
lftp 192.168.1.252:~>?
// local command!
lcd // switch local directory
ls [<args>] //查看远程文件
cd <rdir> //切换远程目录
cat [-b] <files> //查看远程文件内容
more <files> //查看远程文件内容
exit [<code>|bg] //退出
get [OPTS] <rfile> [-o <lfile] 下载
mget [OPTS] <files> //批量下载
put [OPTS] <lfile> [-o <rfile>] //上传
mput [OPTS] <files> //批量上传
mirror [OPTS] [remote [local]] //下载上传目录
mkdir [-p] <dirs> //远程创建目录
pwd [-p] //显示远程绝对路径
mv <file1> <file2> //剪切远程文件
rm [-r] [-f] <files> //删除远程文件
mrm <files> //批量删除远程文件
rmdir [-f] <dirs> //删除远程目录
192.168.1.252 lftp: /> LS
drwxr XR-X-2 0 0 4096 On Apr Pub. 17 15:38
lftp 192.168.1.252: /> pwd
ftp://192.168.1.252/
lftp 192.168.1.252: /> Pub CD /
lftp 192.168.1.252:/pub> LS
-rw-r-- R & lt-0. 1. 17 0. 7 On Apr 15:38 1.txt
-rw-r--. 1 0 0-R & lt On Apr 15 15:37 ftp.txt. 17
lftp 192.168 .1.252: / Pub> CAT 1.txt
111222
7 bytes Transferred
lftp 192.168.1.252:/pub> CAT ftp.txt
is available for purchase to ftp
15 bytes Transferred
lftp 192.168.1.252:/pub> GET ftp.txt // ftp download remote files .txt to the local current working directory
15 bytes Transferred
lftp 192.168.1.252:/pub> Exit
[root @ Client tmp] # LS
1.txt a.txt ftp.txt
[root @ Client tmp] # CAT ftp.txt
welcome to ftp
Implementation files
[@ Client the root tmp] # 192.168.1.252 lftp
lftp 192.168.1.252:~> LS
drwxr XR-X-2 0 0 4096 On Apr Pub. 17 15:38
lftp 192.168.1.252: /> Pub CD /
lftp 192.168 .1.252: / Pub> LS
-rw-r-- R & lt-0. 1. 17 0. 7 On Apr 15:38 1.txt
-rw-r--. 1 0 0-R & lt On Apr 15 15:37 ftp.txt. 17
lftp 192.168. 1.252: / Pub> GET 1.txt -o / mnt // download remote files to a local 1.txt specify the working directory / opt
7 bytes Transferred
lftp 192.168.1.252:/pub> Exit
[root @ Client tmp] # cd / mnt
[root @ Client mnt] # LS
1.txt hgfs RedHat
[root @ Client mnt] # CAT 1.txt
111222
Use ftp:
[root @ Client Desktop] # ftp 192.168.1.252
Connected to 192.168.1.252 (192.168.1.252).
220 (vsFTPd 2.2.2)
the Name (192.168.1.252:root): // ftp anonymous user login
331 Please specify password The.
password: // direct the transport anonymous user password is not lost
230 the Login successful.
the Remote System IS the UNIX type.
the Using binary MODE to Transfer Files.
FTP> LS
227 Entering Passive Mode (192,168,1,252,77,71).
150 . Comes here Wallpaper at The Directory Listing
drwxr-xrwx 3 0 0 Apr 18 4096 10:21 Pub
. 226 Directory the send the OK
the FTP> // View help?
Commands May BE Abbreviated Commands are.:
! Local operation
lcd switched local directory
mkdir to create a directory
bye to exit
exit exit
get download
put upload
cd Change directory
ls view files
rmdir remove directory
delete delete files
ftp>
Anonymous users
to upload files and create directories of
the server:
[root @ Server Pub] # vim /etc/vsftpd/vsftpd.conf
anon_upload_enable = YES - Anonymous users can upload
anon_mkdir_write_enable = YES - anonymous users can create folders
[Root @ server pub] # /etc/init.d/vsftpd restart to restart the service
[root@server pub]# ll -d /var/ftp/pub/
drwxr-xr-x 2 root root 4096 4月 17 23:38 /var/ftp/pub/
[Root @ server pub] # chmod o + w / var / ftp / pub / modify permissions
[root@server pub]# ll -d /var/ftp/pub/
drwxr-xrwx 2 root root 4096 4月 17 23:38 /var/ftp/pub/
Client:
upload the file
[root @ Client mnt] # echo "the Test Client" >> clienttest.txt
[root @ Client mnt] # 192.168.1.252 lftp
lftp 192.168.1.252:~> LS
drwxr-xrwx 0 0 2 Apr 4096 15:38 Pub. 17
lftp 192.168.1.252: /> Pub CD /
lftp 192.168.1.252:/pub> LS
-rw-r-- R & lt-0. 1. 17 0. 7 On Apr 15:38 1.txt
-rw-R & lt-R & lt -. 1. 17 0 0 On Apr 15 15:37 ftp.txt
lftp 192.168.1.252:/pub> PUT clienttest.txt
12 is Transferred bytes
lftp 192.168.1.252:/pub> LCD / etc
LCD successful, local directory = / etc
lftp 192.168 .1.252: / Pub> PUT the passwd
1613 bytes Transferred
lftp 192.168.1.252:/pub> PUT /etc/yum.repos.d/test.repo
529 bytes Transferred
lftp 192.168.1.252:/pub> mkdir test1
mkdir success, to establish `test1 '
Realize delete the file
server:
[root @ Server Pub] # vim /etc/vsftpd/vsftpd.conf
anon_other_write_enable = YES - supports anonymous user can delete directories and files
[Root @ server pub] # /etc/init.d/vsftpd restart to restart the service
客户端:
[root@client opt]# lftp 192.168.1.252
lftp 192.168.1.252:~> ls
drwxr-xrwx 5 0 0 4096 Apr 18 09:44 pub
lftp 192.168.1.252:/> cd pub/
lftp 192.168.1.252:/pub> ls
-rw-r–r-- 1 0 0 7 Apr 17 15:38 1.txt
-rw------- 1 14 50 0 Apr 18 09:42 client.txt
drwx------ 2 14 50 4096 Apr 18 09:44 client1
-rw------- 1 14 50 12 Apr 17 16:34 clienttest.txt
-rw-r–r-- 1 0 0 15 Apr 17 15:37 ftp.txt
-rwxrwxrwx 1 0 0 664 Apr 18 09:32 gshadow
-rw------- 1 14 50 1613 Apr 17 16:37 passwd
drwxr-xr-x 2 0 0 4096 Apr 18 09:32 server1
-rw------- 1 14 50 529 Apr 17 16:38 test.repo
drwx------ 2 14 50 4096 Apr 17 16:42 test1
lftp 192.168.1.252:/pub> rm client.txt
rm successful, delete client.txt' lftp 192.168.1.252:/pub> rmdir test1/ rmdir 成功, 删除test1 / '
lftp 192.168.1.252:/pub> rm -r client1
rm successful, delete client1 `'
lftp 192.168.1.252:/pub> Exit
Local user
user ordinary users do not need to do any settings, use on the server side
Server:
1. Provide regular user
useradd jim
useradd tom
2. Set a password for the user
passwd jim
passwd tom
Client
Usage: lftp [OPTS]
-u [,] using the specified user name / password to authenticate
lftp -u jim,1 192.168.1.252
lftp [email protected]:~>