FTP transfers
Three kinds of analysis:
username -> UID: / etc / passwd to convert a user name to a UID library.
hostname ---> IP: DNS services , / etc / hosts to convert host names into IP addresses
service name -> ports: / etc / services to convert the service name to port number
As long as there is a data storage format, we can help to preserve this relationship, he can be called parsing library.
But we put different libraries, which he relies is not the same program.
Different parsing library requires a different way of inquiry. (Nsswitch)
Commonly used file-sharing services
FTP: File Transfer Protocol, listening in 21 ports. File-sharing services. Work at the application layer. An ancient transport protocol.
RPC: Remote Procedure Call, Remote Procedure Call: allows two processes located on different hosts can implement data communication based on binary format. .
NFS ( Network File System ): network file system, he relies on RPC mechanism work.
Samba: He is the CIFS / SMB protocol implementation, which enables cross-platform file sharing, comparison of the underlying share mechanism.
ftp profile:
Independent of the application layer services, relies on the Internet to complete the communication. No longer depend on other additional mechanisms.
To achieve based on TCP protocol,
Ftp two kinds of connections:
Command connection (control connection): always online, when the client wants to establish a data transfer upload and download with an FTP server, it first to the server TCP 21 to initiate port a request to establish a connection, FTP server accepts requests from clients, complete the connection of the process of establishing such a connection is called the FTP control connection.
Listening tcp agreement of 21 ports.
Data Connection: When a client initiates a data download request, only to open the link, when the data download is complete, close the connection. Turns on demand, on-demand closed.
Listening port:
Active mode: ftp server actively with their 20 number of the port / TCP to connect the client (consider a firewall)
Passive mode: a random port,
--- firewall connection tracking control and data connections for contact resistance, but are two respective connections.
ftp data transmission mode:
Support for text and binary transmission transmission, and data transmission should follow the format of the file itself, by both the client and server negotiate ------- automatic mode itself.
VSFTP profile location
vsftp: server-side program that supports active mode, passive mode, binary transfer, text transmission .... ,
Profile directory: / etc / vsftpd /
ftp server script: /etc/init.d/vsftpd
The main program ftp: / usr / sbin / vsftpd /
ftp master configuration file /etc/vsftpd/vsftpd.conf
User Authentication
vsftp based PAM ( Pluggable Authentication Module ) user authentication
PAM configuration file:
/etc/pam.d/*.conf 、 /lib/security/* 模块 、 /lib64/security/* 模块、
支持虚拟用户
Linux提供ftp服务的根目录:/var/ftp,除root用户,其他用户没有写权限。
/etc/pam.d/vsftpd :针对用户。可以让所有的账号都不能登录ftp,只有你允许的账号登录ftp。
/etc/hosts.deny :允许或拒绝某一IP地址或主机名的访问,也可以是某个IP地址段或区域内的一些用户。
ftp主文件解析(/etc/vsftpd/vsftpd.conf)
anonymous_enable=yes/no:匿名用户访问
local_enable =yse/no:本地用户是否可以登录
weite_enable=yes/no:本地账号是否可以写入
local_umask=022:上传文件的umask值是多少
anon_upload_enable=yes/no:匿名用户是否可以上传文件
anon_mkdir_write_enable=yes/no:匿名账号是否可以创建目录
chroolt_list_enable=yes/no:规定用户只能在自己的家目录,不可以随便随便乱逛!
chroot_list_file_=/..........:给规定用户加的条件,一定要再次打开这个!
若共享不了记得关: setenforce 0
添加用户:useradd bochuang -s /sbin/nologin -d /var/ftp