Content Highlights:
A, vsftpd Overview
Two, the FTP, SFTP, vsftp, the difference between these four vsftpd
Third, the anonymous ftp user login
Fourth, the use of local users to log ftp
Fifth, create a virtual user account using ftp
A, vsftpd Overview
vsftpd is an abbreviation for "very secure FTP daemon", security is one of its greatest feature. vsftpd is the name of the server running on a UNIX-like operating system that can run on Linux, BSD, Solaris, HP-UNIX systems above, is such a completely free, open source ftp server software, supported by many other FTP server does not support features.
1, Features
Very high security requirements, bandwidth restrictions, good scalability, you can create virtual users, support for IPv6, the high rate of small and light, easy to use security.
Two ftp, sftp, vsftp, vsftpd four difference,
ftp is an acronym for File Transfer Protocol, and File Transfer Protocol, a standard protocol for file transfer over the network, using a client / server model. It belongs to the application layer of the network transmission protocol.
sftp is an abbreviation for SSH File Transfer Protocol, Secure File Transfer Protocol;
vsftp is based on a ftp server software used on the GPL release of Unix-like systems, which stands for Very Secure FTP can be seen from the name, the original intention of those who are prepared security code;
vsftpd is very secure FTP daemon acronym, security is one of its greatest feature. vsftpd is the name of the server running on a UNIX-like operating system that can run on, such as Linux, BSD, Solaris, HP- UNIX systems above, is a completely free, open source ftp server software;
Third, the anonymous user login ftp (file / var / ftp)
1, install the vsftpd service
[root @ localhost ~] # yum install vsftpd -y ## installation services [root @ localhost ~] # cd / etc / vsftpd / ## This directory is the configuration file directory [root @ localhost vsftpd] # LS ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh [root @ localhost vsftpd] # systemctl Start vsftpd vsftpd service open ## [root @ localhost vsftpd] # systemctl stop firewalld.service ## off the firewall [root @ localhost vsftpd] # setenforce 0 ## close enhancements [root @localhost vsftpd] # ls / var / ftp / ## is switched to the ftp directory pub [root @ localhost vsftpd] # echo "this is test"> /var/ftp/test.txt ## add a text file
2, cmd testing machine with a vsftpd access service (cmd connection ftp) and download the file
C: \ Users \ xy007> ftp 192.168.13.140 ## ftp access service connection to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 the MODE. User (192.168.13.140:(none)): ftp ## anonymous access 331 Please specify the password. Password: Enter ## no password . 230 the Login successful the FTP> pwd ## view the current path 257 "/" root directory ## ftp service ftp> ls -a ## to view the contents of the directory 200 PORT the Command successful. the Consider a using PASV. 150 Here Comes at the directory Listing. . .. Pub the Test. txt ## files in the server 226 Directory the send the OK. the FTP: receive 25 bytes with a time of 0.00 seconds 25000.00 Kbytes / sec. ftp> get test.txt ## to download the file to a local (in which disk access on where to download, you can switch to download disk E:) 200 successful the Consider a using the Command PORT PASV.. 150 Opening BINARY the Data Connection for the MODE test.txt (13 bytes). 226 Transfer Complete. FTP: receive 13 bytes, with 0.00 seconds when 13000.00 Kbytes / second. ftp> put test1.txt ## created a test1.txt c drive then upload to Linux in the Command successful PORT 200. the Consider a using PASV. 550 Permission denied. ## at this time is limited privileges
3, modify anonymous access vsftpd configuration file will open ACCESS
[root @ localhost the FTP] # cd / etc / vsftpd / [root @ localhost vsftpd] # vim vsftpd.conf ## Find open the following options in the configuration file anonymous_enable = YES ## open anonymous user local_enable = YES ## local users write_enable = YES ## written permission local_umask = 022 ## local user wildcards anon_upload_enable = YES ## uploaded permission to open anon_mkdir_write_enable = YES ## can be opened to create a directory and write anon_other_write_enable = YES ## add other heavy a naming and deletion permissions [root @ localhost vsftpd] # systemctl restart vsftpd ## to restart the service [root @ localhost vsftpd] # cd / var / ftp / ## switch to the ftp directory [root @ localhost ftp] # LS Pub test.txt [root @localhost ftp] # ls -l total volume. 4 drwxr XR-2 X-10. 6 the root the root Pub 2018 dated 31 is. -rw-R & lt - r-- the root 13 is the root. 1. 11 dated 5 19:14 test.txt. [Root @ localhost ftp] # chmod 777 pub ## the pub directory permissions to the maximum, not the greatest attention to ftp permissions directly
4, with a test machine cmd ftp access and upload local files to Linux
C: \ Users \ xy007> ftp 192.168.13.140 ## ftp access service connection to 192.168.13.140. 220 (vsFTPd in 3.0.2) 200 is in the UTF8 Always MODE. User (192.168.13.140:(none)): FTP 331 Please the Specify The password. Password: 230 successful.ftp the Login> CD pub / ## 250 switch to the directory pub . Directory successfully changed FTP> ## upload the test1.txt PUT 200 is the using the Consider the PASV PORT Command successful.. 150 Ok to send Data. 226 Transfer Complete. FTP: transmitting 13 bytes, when 0.03 seconds 0.41 kbit / s. ftp> by ## Exit 221 Goodbye. ## You can also use the delete delete files
5, view uploaded files
[root @ localhost ftp] # cd / var / ftp / pub ## to switch to the pub directory [root @ localhost pub] # ls ## View uploaded files test1.txt
Fourth, the use of local users to log ftp (file home directory)
Prevent local users to access the system directory, limit access to only the user's home directory
1. Create System User
[root @ localhost pub] # useradd zhangsan ## to create a user and set the user password [root @ localhost pub] # passwd zhangsan [root @ localhost pub] # ## lisi useradd to create the user and set the user password [root @ localhost pub] # passwd lisi
2, cmd ftp user logs in using the test machine
C: \ Users \ xy007> ftp 192.168.13.140 ## Login ftp service connection to 192.168.13.140. 220 (vsFTPd in 3.0.2) 200 is in the UTF8 Always MODE. User (192.168.13.140:(none)): zhangsan ## using a local user 331 Please specify the password. Password:. Successful 230 the Login FTP> LS / view the user ## directory files under /, directly to the system root directory 200 is PORT Command successful. the Consider the using the PASV. 150 Here Comes the directory Listing. / bin / Boot / dev / etc / Home / lib / the lib64 / Media / mnt / opt / proc / the root / RUN / sbin / SRV / SYS / tmp / usr / Directory var226 the send the OK. FTP: receive 126 bytes, when 7.88 seconds with 0.02 kbit / s.
3, to prevent local users to access the system directory, limit access to only the user's home directory
[root @ localhost pub] # vim /etc/vsftpd/vsftpd.conf ## to modify the configuration file chroot_local_user = YES ## open restrict local access to the system directory module allow_writeable_chroot = YES ## add permissions to write [root @ localhost pub] # systemctl restart vsftpd ## to restart the service
4, the test machine cmd access
C: \ Users \ xy007> ftp 192.168.13.140 ## access ftp connection to 192.168.13.140. 220 (vsFTPd in 3.0.2) 200 is in the UTF8 Always MODE. User (192.168.13.140:(none)): zhangsan ## user zhangsan 331 Please the Specify The password. Password: . Successful 230 the Login FTP> CD / ## switch to the system root directory 250 directory successfully changed. the FTP> LS ## or view found in the user's home directory, the directory can not access other systems, and to enhance the security of the Command successful PORT 200. the Consider a using PASV. 150 Here Comes at the directory Listing . 226 Directory the send the OK.
Settings allow, deny specific users access to ftp
1, a user-list (default deny), allow or deny a particular user logs ftp
[root @ localhost pub] # cd / etc / vsftpd / ## is switched to the configuration file directory vsftpd [vsftpd the root @ localhost] # Vim the vsftpd.conf userlist_enable ## = YES confirmed open user-list [root @ localhost vsftpd] # ls user_list vsftpd.conf vsftpd_conf_migrate.sh ftpusers [root @ localhost vsftpd] # echo "zhangsan" >> the user-list ## will zhangsan user added to the list [root @ localhost vsftpd] # systemctl restart vsftpd ## to restart the service
2, the test with the test machine cmd
C: \ Users \ xy007> ftp 192.168.13.140 connection to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 the MODE. User (192.168.13.140:(none)): zhangsan ## zhangsan Login using 530 Permission denied. Login failed. ## refused to directly log on ftp>
3, set the list to allow only
[@ localhost the root FTP] CD # / etc / vsftpd / [the root @ localhost vsftpd] # ## Vim the vsftpd.conf vsftpd configuration profile userlist_enable = YES userlist_deny NO = ## add the list of allowed [root @ localhost vsftpd] # systemctl restart vsftpd ## to restart the service
4, the test machine cmd test
C: \ Users \ xy007> ftp 192.168.13.140 connection to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 the MODE. User (192.168.13.140:(none)): zhangsan ## with zhangsan to log 331 Please specify the password. Password: . ## 230 the Login successful Login successful ftp> by Goodbye 221. C: \ the Users \ xy007> the FTP 192.168.13.140 connection to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 the MODE. User (192.168.13.140:(none)): lisi ## with lisi to log 530 Permission denied. Login failed. ##Login failed
Fifth, create a virtual user account using ftp (file system vuser user's home directory)
1, create a virtual user file
[root @ localhost vsftpd] # cd / etc / vsftpd / ## switch to the configuration file directory [root @ localhost vsftpd] # vim vuser ## to create a virtual user file lisa ## odd behavior Username 123123 ## even-behavior password tom 123123
2, convert the database files, settings, security permissions
[root @ localhost vsftpd] # db_load -T -t hash -f vuser vuser.db ## vuser converted to ## T converted file database, t type, f specified file [root @ localhost vsftpd] # chmod 600 vuser ## safety, not allowing people to see, set permissions [root @ localhost vsftpd] # chmod 600 vuser.db
3, edit pam authentication module supports virtual user login
[Root @ localhost vsftpd] # useradd -d / opt / vuser -s / sbin / nologin vuser ## to create a system user to specify home directory, you can not log [root @ localhost vsftpd] # vim /etc/pam.d/vsftpd. vu ## compile pam authentication module auth required pam_userdb.so db = / etc / vsftpd / vuser ## identifying the converted file database account password required pam_userdb.so db = / etc / vsftpd / vuser ## connected to the service
4, open the virtual users log in using pam module certification
[root@localhost vsftpd]# vim vsftpd.conf ##修改配置文件 ##G到末行 #pam_service_name=vsftpd ##注释 ##添加下面三行内容guest_enable=YES ##开启来宾用户访问 guest_username=vuser ##使用vuser用户名 pam_service_name=vsftpd.vu ##pam模块 [root@localhost vsftpd]# systemctl restart vsftpd ##重启服务
5,测试机cmd测试
C:\Users\xy007>ftp 192.168.13.140 连接到 192.168.13.140。 220 (vsFTPd 3.0.2) 200 Always in UTF8 mode. 用户(192.168.13.140:(none)): tom ##使用虚拟用户tom登录 331 Please specify the password. 密码: 230 Login successful. ftp> put test1.txt ##上传一个文件 200 PORT command successful. Consider using PASV. 150 Ok to send data. 226 Transfer complete. ftp: 发送 13 字节,用时 0.00秒 13000.00千字节/秒。 ##查看文件的权限为600 [root@localhost vsftpd]# ls -l /opt/vuser/ 总用量 4 -rw-------. 1 vuser vuser 13 11月 5 22:51 test1.txt
6,单独用户配置,指定上传文件的权限644
[root@localhost vsftpd]# vim vsftpd.conf ##大G末行添加 user_config_dir=/etc/vsftpd/vu_dir ##单独用户配置文件夹 [root@localhost vsftpd]# mkdir vu_dir ##创建文件夹 [root@localhost vsftpd]# cd vu_dir/ [root@localhost vu_dir]# vim lisa ##在配置文件夹里创建用户配置文件 anon_umask=022 ##指定上传文件的权限 [root@localhost vu_dir]# systemctl restart vsftpd ##重启服务
7,测试机cmd使用lisa用户登录,查看上传文件权限
C: \ Users \ xy007> ftp 192.168.13.140 connection to 192.168.13.140. 220 (vsFTPd 3.0.2) 200 Always in UTF8 the MODE. User (192.168.13.140:(none)): lisa ## lisa Login using 331 Please specify the password. Password: . 230 the Login successful the FTP> PUT 111.txt ## upload the file . Command 200 is successful the Consider the using the PASV PORT. 150 Ok to send Data. 226 Transfer Complete. FTP: transmitting 13 bytes, with 0.00 seconds when 13000.00 Kbytes / second. [root @ localhost vu_dir] # ls -l / opt / vuser / ## view uploaded files permission of the total amount of 8 -rw-r -. r-- 1 Vuser Vuser 13 11 Yue 5 22:58 111.txt ## lisa upload files permission 644 -rw -------. Vuser Vuser 1 13 11 Yue 5 22:51 test1.txt ## tom upload the file permissions 600