How to set up Linux FTP server

How to set up Linux FTP server

A, vsftp service basis

Before building the FTP server, the first response to the working principle of FTP server software have a basic understanding.

1.FTP Server Overview

FTP server using the default protocol TCP port 20, 21 to communicate with the client. Port 20 is used to establish a data connection, and transmitting the file data; 21 port is used to establish a control connection and an FTP control command. The FTP server master in the process of establishing a data connection, the passive relationship, FTP data connection is divided into active and passive modes, and the meaning of the two main differences are as follows:

Active mode : the server initiates the data connection. First established by the client to the 21-port server's FTP control connections, when the need to transfer data, the client with the PORT command tells the server "I opened a port, you come to connect my" so the server from port 20 to the client of the port and sending a request to establish a data connection. Passive mode: The server passively waits for the data connection. If the firewall blocks the active mode where the network client connections typically use passive mode. First by the client to the server port 21 to establish an FTP control connection, when the need to transfer data, the server PASV command to tell the client, "I opened a port, you connect me to come," so the client to the server port ( non-20) and transmits a request to establish a data connection. In fact well understood, it plainly like two people in love still afraid to let the family know, like, the active mode is: like boys and girls in the field when studying, offer girls the boys out to play, the boys certainly take the initiative Well, they say we go out and play (like the control connection, issued a directive), this time the girls might see mood or not to accept his proposal, if the girls agreed, telling the boys, "I'll meet you at the old place, then you come to the old place I "(like the transmission of data, but also gives an instruction to express whether to reject), then connect the boys the girls go out to play.

Passive mode : boys and girls on vacation, returned home, all under the eyes of the parents, this time tutor girls may be more strict or traditional, the girl's parents would not let the girl fall in love too early, this time with the boys and girls would say, "During the holidays Do not call or a message about me, so I have the opportunity to give you a message, listen to my instructions to act only when I give you a message you can send me a message, or do not send me a message, "it's like passive Like mode, boys can only passively waiting for news of the girls, the girls can not be allowed to give a message.

Closer to home, when after the client has established a data connection to the server, you can upload according to commands sent from the control FTP connection or download files. When transferring files, depending on whether the character conversion into text mode and binary mode.

Text mode : also known as ASCII (American Standard Code for Information Interchange , American Standard Code for Information Exchange) mode, which uses the ASCII character sequence in the standard file transmission, generally for the transmission of plain text files. Binary mode: also known as Binary mode, which does not convert the character sequence file, more suitable transfer programs, files, pictures and other non-plain-text characters. Binary mode is more efficient than text mode, most FTP client tool can automatically select files based on file type transfer mode, without requiring the user to manually specify.

2.FTP user type

Anonymous User : anonymous or ftp, to provide any password (including empty password) can be verified by the server, generally used for public file available for download. Local users: direct users of the system using the machine, information account name and password stored in the passwd, shadow file. Virtual Users: use a separate account / password data file, FTP accounts and association accounts system minimizes can provide better security for the system.

Kind 3.FTP server software

On Windows systems, common FTP server software includes FileZilla Sener, Serv-U, IIS , etc.; while in the Linux system, vsftpd is currently in Linux / UNIX applications of a very wide range of FTP service software.

Name Vsftpd services from "Very Secure FTP Daemon", the software has done a lot for the safety of the design. In addition to safety, vsftpd performance in terms of speed and stability is also very prominent, can support approximately 15,000 users concurrent connections.

Kind 4.FTP client tools

ftp command program: is the easiest FTP client tools, Windows and Linux have ftp command program that can connect to the FTP server for interactive upload and download traffic. Graphical FTP client tools: Windows more commonly used include CuteFTP, FlashFXP, LeapFTP, Filezilla, etc., in graphical client program, the user via the mouse and menus to access, manage FTP resources, without the need to know FTP interaction command and easier to use. Download tools: FlashGet, Wget and so on, including most web browser program, supported by the FTP protocol to download files, but does not have the FTP upload management capabilities, not usually known as an FTP client tools.

Two, vsftpd configuration file

Below, we use the system installed vsftpd RPM build process as an example to learn FTP server, for example: "rpm -ivh vsftpd-3.0.2-21.el7.x86_64.rpm (mount the CD, Packages in the system tray installation) "directory.

By vsftpd RPM package installed, it will automatically add the name vsftpd system services, start, stop vsftpd service is very convenient. The following is the configuration file:

Service Name : vsftpd

The main configuration file : /etc/vsftpd.conf

User control list file

/etc/vsftpd.ftpusers: user listed in this file will be banned from vsftpd server, regardless of whether the user appears in the user_list file, equivalent to blacklist the same. The default have included special user root, bin, daemon, etc. for system operation. (These users should be very special, so let vsftpd log on to the server, to prevent Ethiopian)

/etc/vsftpd.user_list: This file contains the user may be prohibited login, login may be allowed, depending on the settings in the main configuration file vsftpd.conf. When there is "userlist_enable = YES" configuration items, user_list list of files to take effect; If you specify "userlist_deny = YES", then only prevents users from logging in this list; If you specify "userlist_deny = NO", then only the allowed list user login.

Here we take a look at the main configuration file used to the configuration items:

1. Common global CI

listen=YES：	//是否以独立运行的方式监听服务
listen_address=192.168.4.1：	//设置监听的 IP 地址
listen_port=21：	//设置监听 FTP 服务的端口号
write_enable=YES：	//是否启用写入权限
download_enable＝YES：//是否允许下载文件
userlist_enable=YES：//是否启用user_list 列表文件
userlist_deny=YES：//是否禁用 user_list 中的用户
max_clients=0：//限制并发客户端连接数
max_per_ip=0：	//限制同一 IP 地址的并发连接数

2. The usual anonymous FTP configuration items

anonymous_enable=YES：	//启用匿名访问
anon_umask=022：	//匿名用户所上传文件的权限掩码
anon_root=/var/ftp：	//匿名用户的 FTP 根目录
anon_upload_enable=YES：	//允许上传文件
anon_mkdir_write_enable=YES：//允许创建目录
anon_other_write_enable=YES：//开放其他写入权
anon_max_rate=0：//限制最大传输速率（字节/秒）

3. Common local user FTP configuration items

local_enable=YES：	//是否启用本地系统用户local_umask=022：本地用户所上传文件的权限掩码
local_root=/var/ftp：//设置本地用户的 FTP 根目录
chroot_local_user=YES：//是否将用户禁锢在主目录
local_max_rate=0：	//限制最大传输速率（字节/秒）以上列出的都是搭建vsftpd服务器时最常用到的配置项，理解并掌握这些配置项的含义，将更有利于快速部署和优化vsftpd服务器。

Third, the system based on the user's FTP service

vsftpd service can use Linux host system user account to log in as ftp account, including anonymous access and user authentication in two forms.

Icon:

[Picture dump outside the chain fails, the source station may have a security chain mechanism, it is recommended to save the pictures uploaded directly down (img-PPRKZC2X-1581218210452) (/ Users / zhengdongqi / Haizei / Note / Linux / pic / ftp-1.png) ]

1. anonymous ftp access service

Installation vsftpd

sudo apt-get install vsftpd
service vsftpd start

Ready anonymous FTP directory access

The anonymous FTP users have write access to the directory

sudo mkdir /var/ftp/pub
sudo chown ftp /var/ftp/pub/

Open anonymous users to configure and start the vsftpd service

sudo vim /etc/vsftpd.conf
anonymous_enable=YES	#允许匿名访问
local_enable=NO	#不启用本地用户
write_enable=YES #开放服务区的写权限，是全局性的选项，不管是匿名、本地还是虚拟用户
anon_umask=022 #上传数据的权限掩码
anon_upload_enable=YES #允许匿名上传
anon_mkdir_write_enable=YES	#允许匿名用户创建目录
dirmessage_enable=YES

#重启服务
service vsftpd restart
netstat -anpt | grep "vsftpd"

Testing anonymous FTP server

ifconfig #在Linux中查看自己ip

zhengdongqi@ubuntu:~$ ftp 192.168.2.164
Connected to 192.168.2.164.
220 (vsFTPd 3.0.3)
Name (192.168.2.164:zhengdongqi): ftp #用户名为ftp或anonymous
331 Please specify the password.
Password: #输入密码， 可以是空格，或者设置一个
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

After a successful login FTP server, in this interface, you can perform FTP operations to achieve a variety of interactive instruction, for example: cd: Change directory, dir / ls: view the catalog, get: download, put: upload, etc., do? Or help command to view the command help.

2. FTP user authentication service

vsftpd users of the system can be used directly as a Linux host FTP accounts, provide login authentication based on username / password. After the user to use the system user account login FTP server, the default is located in your home directory, and the host has read and write permissions in the directory.

Installation vsftpd

sudo apt-get install vsftpd
service vsftpd start

Configuring user authentication /etc/vsftpd.conf

sudo mkdir /home/uftp		#新建目录/home/uftp作为用户主目录
sudo useradd -d /home/uftp -s /bin/bash uftp #新建用户uftp，制定用户主目录和所用shell
sudo passwd uftp #设置密码
sudo chown uftp:uftp /home/uftp #将目录/home/uftp的所属者和所属组都改为uftp
sudo vim /etc/vsftpd.user_list #新建文件/etc/vsftpd.user_list，用于存放允许访问ftp的用户
sudo vim /etc/vsftpd.conf #编辑VSFTPD配置文件

local_enable=NO	#启用本地用户
write_enable=YES 	#开放服务区的写权限，是全局性的选项，不管是匿名、本地还是虚拟用户
userlist_file=/etc/vsftpd.user_list #添加用户信息
userlist_enable=YES #添加用户信息
userlist_deny=NO 	#添加用户信息

#重启服务
service vsftpd restart

#测试服务
zhengdongqi@ubuntu:~$ ftp 192.168.2.164
Connected to 192.168.2.164.
220 (vsFTPd 3.0.3)
Name (192.168.2.164:zhengdongqi): uftp #输入用户名
331 Please specify the password.
Password:		#输入密码
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.

Combined with flexible control user access to files user_list

First add user_list file the user wants to log in, and then enable user_list user list in the configuration file, and finally restart the service.

sudo vim /etc/vsftpd_list
dog #用户dog
pig #用户pig
pet #用户pet

After modifying the configuration must restart the service

Other common configuration 3.vsftpd services

1) Modify the service vsftpd listen address, port

sudo vim /etc/vsftpd.conf
......
listen=YES	#允许独立监听服务
listen_address=192.168.2.164 #只在一个接口监听服务
listen_port=2121 #监听端口改为2121
systemctl reload vsftpd	#重载服务

2) allows the use of passive mode FTP server

sudo vim /etc/vsftpd.conf
......
pasv_enable=YES	#允许被动模式连接
pasv_min_port=24500	#指定被动模式的下限端口
pasv_max_port=24600	#指定被动模式的上限端口

#重载服务
systemctl reload vsftpd

3) limits the number of concurrent transfer rate of the FTP connection

sudo vim /etc/vsftpd.conf
max_clients=20 #限制并发客户连接最多20个
max_per_ip=2 #限制每个IP地址的连接数最多两个
anon_max_rate=50000	#限制匿名用户传输速率为50KB/S
local_max_rate=200000	#限制本地用户传输速录为200KB/S

#重载服务
systemctl reload vsftpd