1.安装vsftpd
[root@server ~]# yum -y install vsftpd
Installed:
vsftpd-3.0.3-31.el8.x86_64
Complete!
2.查看vsftpd用户认证配置文件
[root@server ~]# ls /etc/pam.d/
atd config-util gdm-autologin gdm-pin other postlogin runuser-l smtp.postfix subscription-manager system-auth vsftpd
chfn crond gdm-fingerprint gdm-smartcard passwd remote samba sshd sudo systemd-user xserver
chsh cups gdm-launch-environment liveinst password-auth rhn_register smartcard-auth sssd-shadowutils sudo-i vlock
cockpit fingerprint-auth gdm-password login polkit-1 runuser smtp su su-l vmtoolsd
[root@server ~]# cat /etc/pam.d/vsftpd
#%PAM-1.0
session optional pam_keyinit.so force revoke
auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed
auth required pam_shells.so
auth include password-auth
account include password-auth
session required pam_loginuid.so
session include password-auth
3.ftp是匿名账户登陆不需要密码,查看匿名账户的位置
[root@server ~]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
[root@server ~]# ls /var/ftp/
pub
4.启动服务查看端口号是否为21,关闭防火墙
[root@server ~]# systemctl enable --now vsftpd
Created symlink /etc/systemd/system/multi-user.target.wants/vsftpd.service → /usr/lib/systemd/system/vsftpd.service.
[root@server ~]# ss -antl
LISTEN 0 50 [::]:139 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 32 *:21 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0
[root@server ~]# systemctl stop firewalld
[root@server ~]# setenforce 0
5.添加一个系统账户并设置一个密码
[root@server vsftpd]# useradd tom
[root@server vsftpd]# echo '123456'|passwd --stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
6.在windows上连接ftp并登陆tom账户,创建一个文件夹,在tom用户的家目录里面可以看到
[root@server vsftpd]# useradd tom
[root@server vsftpd]# echo '123456'|passwd --stdin tom
Changing password for user tom.
passwd: all authentication tokens updated successfully.
[root@server vsftpd]# ls ~tom
新文件夹
7.匿名账户的配置
[root@server vsftpd]# vim vsftpd.conf
#anonymous_enable=NO
anonymous_enable=YES
8.重启服务,此时可以在windows上进入匿名账户,且不需要输入账户密码,匿名账户只有看的权限,其它权限没有
[root@server vsftpd]# systemctl restart vsftpd
9.此时需要让pub目录让ftp账户有读写执行的权限,还要在ftp配置文件里面开启匿名用户上传、创建目录、删除的权限
[root@server vsftpd]# setfacl -m u:ftp:rwx /var/ftp/pub/
[root@server vsftpd]# getfacl /var/ftp/pub/
getfacl: Removing leading '/' from absolute path names
# file: var/ftp/pub/
# owner: root
# group: root
user::rwx
user:ftp:rwx
group::r-x
mask::rwx
other::r-x
[root@server vsftpd]# vim vsftpd.conf
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_umask=022
anon_umask=022
10.再查看匿名账户的权限是否为644
[root@server vsftpd]# ll /var/ftp/pub/
total 0
drwx------. 2 ftp ftp 6 Oct 15 23:10 新文件夹
11.虚拟账户的配置,创建两个虚拟账户和密码,并用db4转化成数据库文件
[root@server vsftpd]# vim feige.list
[root@server vsftpd]# cat feige.list
tom
123456
jerry
654321
[root@server vsftpd]# db_load -T -t hash -f feige.list feige.db
[root@server vsftpd]# ls
feige.db feige.list ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
12.将feige.db这个文件权限设置为600,以免外泄
[root@server vsftpd]# chmod 600 feige.db
[root@server vsftpd]# ll
total 36
-rw-------. 1 root root 12288 Oct 15 23:37 feige.db
-rw-r--r--. 1 root root 24 Oct 15 23:33 feige.list
-rw-------. 1 root root 125 Apr 24 11:01 ftpusers
-rw-------. 1 root root 361 Apr 24 11:01 user_list
-rw-------. 1 root root 5122 Oct 15 23:30 vsftpd.conf
-rwxr--r--. 1 root root 348 Apr 24 11:01 vsftpd_conf_migrate.sh
13.添加虚拟用户的映射账号,创建ftp根目录
[root@server vsftpd]# useradd -d /opt/ftp -s /sbin/nologin vftp
[root@server vsftpd]# chmod 755 /opt/ftp/
[root@server vsftpd]# ll /opt/
total 0
drwxr-xr-x. 3 vftp vftp 78 Oct 15 23:49 ftp
14.为虚拟用户建立PAM认证
[root@server vsftpd]# cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
[root@server vsftpd]# cd /etc/pam.d/
[root@server pam.d]# ls
atd config-util gdm-autologin gdm-pin other postlogin runuser-l smtp.postfix subscription-manager system-auth vsftpd
chfn crond gdm-fingerprint gdm-smartcard passwd remote samba sshd sudo systemd-user vsftpd.bak
chsh cups gdm-launch-environment liveinst password-auth rhn_register smartcard-auth sssd-shadowutils sudo-i vlock xserver
cockpit fingerprint-auth gdm-password login polkit-1 runuser smt
[root@server pam.d]# mv vsftpd{,-bak}
[root@server pam.d]# vim vsftpd
[root@server pam.d]# cat vsftpd
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/feige
account required pam_userdb.so db=/etc/vsftpd/feige
15.修改vsftpd配置文件。添加虚拟用户支持
[root@server vsftpd]# mkdir runtime
[root@server ~]# vim /etc/vsftpd/vsftpd.conf
pam_service_name=vsftpd
userlist_enable=YES
guest_enable=YES
guest_username=vftp
user_config_dir=/etc/vsftpd/runtime
allow_writeable_chroot=YES
16…为虚拟账户jerry设置权限
//设置tom用户可上传文件、创建目录
[root@wangqing ~]# echo 'anon_upload_enable=YES' >> /etc/vsftpd/vusers_dir/tom
[root@wangqing ~]# echo 'anon_mkdir_write_enable=YES' >> /etc/vsftpd/vusers_dir/tom
//设置jerry用户只有默认的下载权限,只需要创建一个名为jerry的空文件即可
[root@localhost ~]# touch /etc/vsftpd/vusers_dir/jerry
17.装备两台主机,都安装rsync
root@client ~]# yum -y install rsync
Package rsync-3.1.3-7.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
[root@server ~]# yum -y install rsync
Updating Subscription Management repositories.
Unable to read consumer identity
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Last metadata expiration check: 1:25:51 ago on Thu 15 Oct 2020 11:02:23 PM CST.
Package rsync-3.1.3-7.el8.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
18.将主机client上面的test传到主机server上面
[root@client ~]# ls
anaconda-ks.cfg test test1
[root@server ~]# ls
anaconda-ks.cfg a.txt feige.facts.d initial-setup-ks.cfg
[root@client ~]# rsync test root@192.168.240.134:/tmp/
[root@server tmp]# ls
systemd-private-962c083fd19c48218a7f0f3a58c937ee-bolt.service-uvF3SV systemd-private-962c083fd19c48218a7f0f3a58c937ee-ModemManager.service-f4e55C vmware-root_1000-2965972329
systemd-private-962c083fd19c48218a7f0f3a58c937ee-colord.service-CML7pe systemd-private-962c083fd19c48218a7f0f3a58c937ee-rtkit-daemon.service-C2UFSK vmware-root_980-2957518026
systemd-private-962c083fd19c48218a7f0f3a58c937ee-fwupd.service-jwkniV test
systemd-private-962c083fd19c48218a7f0f3a58c937ee-geoclue.service-3CG0Ky tracker-extract-files.1000
19.用rsync传输文件并显示过程
[root@client ~]# rsync -avz test1 root@192.168.240.134:/tmp/
sending incremental file list
test1
sent 178 bytes received 35 bytes 142.00 bytes/sec
total size is 136 speedup is 0.64
20.–delete的用法:在源服务器上做的删除操作也会在目标服务器上同步
[root@client ~]# ls
anaconda-ks.cfg test test1
[root@client ~]# rm -rf test1
[root@client ~]# ls
anaconda-ks.cfg test
[root@client ~]# rsync -avz --delete test1 root@192.168.240.134:/tmp/