一.FTP存在的意义
FTP是INTENET上仍在常用的最老的网络协议之一,他为系统提供了通过网络与远程服务器进行的传输方法。
在Redhat entreprise linux6中,FTP服务器包的名称为VSFTPD。也称为vsftpd=very secure file transferprotocol damon
默认配置文件让匿名用户只能下载位于chroot目录中的内容。在/var/ftp中意味着远程FTP客户端以用户anonymous或ftp身份连接到服务器(无需密码),并从ftp服务器上的/var/ftp/目录下载文件(其本地ftp用户可以读取这些文件)
二.FTP服务器的搭建
1.虚拟机环境的配置
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
westos.repo
[root@localhost yum.repos.d]# vim westos.repo
[root@localhost yum.repos.d]# cat westos.repo
[westos]
name=rhel7.3
baseurl=file:///run/media/root/"RHEL-7.3 Server.x86_64"
gpgcheck=0
enabled=1
[root@localhost yum.repos.d]# yum clean all
Loaded plugins: langpacks
Cleaning repos: westos
Cleaning up everything
[root@localhost yum.repos.d]# yum repolist
Loaded plugins: langpacks
westos | 4.1 kB 00:00
(1/2): westos/group_gz | 136 kB 00:00
(2/2): westos/primary_db | 3.9 MB 00:00
repo id repo name status
westos rhel7.3 4,751
repolist: 4,751
2.selinux的配置
[root@localhost ~]# vim /etc/sysconfig/selinux
[root@localhost ~]# cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled ##改为开启形式
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
3.安装ftp服务端
[root@localhost ~]# yum search ftp
Loaded plugins: langpacks
=============================== N/S matched: ftp ===============================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
vsftpd.x86_64 : Very Secure Ftp Daemon
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install vsftpd.x86_64 -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-21.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-21.el7 westos 169 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 169 k
Installed size: 348 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-21.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-21.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-21.el7
Complete!
[root@localhost ~]# systemctl start vsftpd ##开启vsftpd
[root@localhost ~]# systemctl enable vsftpd ##设置为开机自启
ln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'
[root@localhost ~]# lftp 172.25.4.104 ##此时连接不成功原因是无客户端
bash: lftp: command not found...
4.火墙的设置
注意:火墙必须处于开启状态
[root@localhost ~]# systemctl status firewalld.service
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Sat 2019-04-20 05:40:23 EDT; 53min ago
Main PID: 478 (firewalld)
CGroup: /system.slice/firewalld.service
└─478 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Apr 20 05:40:23 localhost systemd[1]: Started firewalld - dynamic firewall ...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]# firewall-cmd --list-all ##查看火墙允许通过服务列表
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh ##无ftp则需要添加
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-config ##打开火墙设置界面
[root@localhost ~]# firewall-cmd --list-all
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ftp ssh ##允许ftp通过添加成功
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
5.安装客户端lftp
[root@localhost ~]# yum install lftp -y
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package lftp.x86_64 0:4.4.8-8.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
lftp x86_64 4.4.8-8.el7 westos 751 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 751 k
Installed size: 2.4 M
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lftp-4.4.8-8.el7.x86_64 1/1
Verifying : lftp-4.4.8-8.el7.x86_64 1/1
Installed:
lftp.x86_64 0:4.4.8-8.el7
Complete![root@localhost userconf]# lftp 172.25.4.104 -u user1
Passwor
[root@localhost ~]# lftp 172.25.4.104
lftp 172.25.4.104:~> ls
drwxr-xr-x 2 0 0 6 Jun 23 2016 pub ##安装成功
6.ftp服务的基本信息
软件安装包: vsftpd
默认发布目录: /var/ftp
协议接口: 21/tcp
服务配置文件: /etc/vsftpd/vsftpd.conf
三.FTP服务的测试
1.匿名用户的测试
(1)匿名用户是否可以登录
anonymous_enable=YES|NO
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> ls
drwxr-xr-x 2 0 0 6 Jun 23 2016 pub
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> ls
Interrupt
(2)匿名用户的上传
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[root@localhost ~]# chgrp ftp /var/ftp/pub
[root@localhost ~]# chmod 775 /var/ftp/pub
[root@localhost ~]# ls -ld /var/ftp/pub/
drwxrwxr-x. 2 root ftp 6 Jun 23 2016 /var/ftp/pub/
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> ls
drwxrwxr-x 2 0 50 6 Jun 23 2016 pub
lftp 172.25.4.104:/> cd /pub
lftp 172.25.4.104:/pub> put /etc/passwd
2190 bytes transferred
lftp 172.25.4.104:/pub> ls
-rw------- 1 14 50 2190 Apr 20 11:47 passwd
(3)匿名用户的下载
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.4.104:/pub> get passwd ##设置为YES则无法下载
get: Access failed: 550 Failed to open file. (passwd)
lftp 172.25.4.104:/pub> get passwd
2190 bytes transferred
lftp 172.25.4.104:/pub> ls ##NO则下载成功
-rw------- 1 14 50 2190 Apr 20 11:47 passwd
(4)匿名用户的删除
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
lftp 172.25.4.104:/pub> rm passwd
rm ok, `passwd' removed
lftp 172.25.4.104:/pub> ls
(5)匿名用户家目录修改
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[root@localhost ~]# touch /mnt/file
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> ls
-rw-r--r-- 1 0 0 0 Apr 20 12:06 file ##更改成功
在更改前所有用户的家目录都在/var/ftp中,将其更改为/mnt中,并在/mnt中创建文件,则登录查看可以看到/mnt中的文件
(6)匿名用户上传权限的更改
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> ls
drwxrwxr-x 2 0 50 6 Apr 20 11:56 pub
lftp 172.25.4.104:/> cd /pub
lftp 172.25.4.104:/pub> put /etc/passwd
2190 bytes transferred
lftp 172.25.4.104:/pub> ls ##未更改前文件权限是600
-rw------- 1 14 50 2190 Apr 20 12:12 passwd
lftp 172.25.4.104:/pub> put /etc/group
946 bytes transferred
lftp 172.25.4.104:/pub> ls ##更改后文件权限为644
-rw-r--r-- 1 14 50 946 Apr 20 12:14 group
-rw------- 1 14 50 2190 Apr 20 12:12 passwd
(7)最大上传速率的更改
未更改
[root@foundation4 mnt]# cd /mnt
[root@foundation4 mnt]# dd if=/dev/zero of=/mnt/file bs=1M count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB) copied, 10.6693 s, 98.3 MB/s
[kiosk@foundation4 ~]$ lftp 172.25.4.104
lftp 172.25.4.104:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.4.104:/pub> put /mnt/file
1048576000 bytes transferred in 29 seconds (34.26M/s) ##上传速率较快
lftp 172.25.4.104:/pub> rm file
rm ok, `file' removed
更改后
[root@localhost mnt]# vim /etc/vsftpd/vsftpd.conf
[root@localhost mnt]# systemctl restart vsftpd.service
(8)最大链接数的更改
未更改前,匿名用户可以无限链接lftp
更改后
2.本地用户的测试
(1)本地用户是否登录
local_enable=YES|NO ##本地用户是否可以登录,默认情况下可以登录
write_enable=YES|NO ##ftp是否对登录用户可写
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
lftp student@172.25.4.104:~> exit
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.service
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
ls: Login failed: 530 This FTP server is anonymous only.
(2)本地用户家目录的修改
修改前本地用户家目录为home
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
lftp student@172.25.4.104:~> pwd
ftp://student@172.25.4.104/%2Fhome/student
修改后,将家目录修改至/var/ftp
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.servic
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
(3)限制本地用户浏览目录
设置前本地用户可以在其根下浏览到所有目录
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> cd /pub
cd: Access failed: 550 Failed to change directory. (/pub)
lftp student@172.25.4.104:~> cd /
cd ok, cwd=/
lftp student@172.25.4.104:/> ls
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jan 07 2015 boot
drwxr-xr-x 19 0 0 3000 Apr 20 12:30 dev
drwxr-xr-x 134 0 0 8192 Apr 20 13:02 etc
drwxr-xr-x 3 0 0 20 Jan 07 2015 home
lrwxrwxrwx 1 0 0 7 May 07 2014 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 May 07 2014 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 13 2014 media
drwxr-xr-x 2 0 0 6 Apr 20 12:39 mnt
drwxr-xr-x 3 0 0 15 Jan 07 2015 opt
dr-xr-xr-x 155 0 0 0 Apr 20 11:34 proc
dr-xr-x--- 15 0 0 4096 Apr 20 13:31 root
drwxr-xr-x 36 0 0 1160 Apr 20 13:02 run
lrwxrwxrwx 1 0 0 8 May 07 2014 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 13 2014 srv
dr-xr-xr-x 13 0 0 0 Apr 20 11:34 sys
drwxrwxrwt 30 0 0 4096 Apr 20 13:08 tmp
drwxr-xr-x 13 0 0 4096 May 07 2014 usr
drwxr-xr-x 23 0 0 4096 Apr 20 11:35 var
设置以后则在其根下看不到所有目录,即用户被锁到自己家目录中
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.servic
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> cd /
cd ok, cwd=/
lftp student@172.25.4.104:/> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
(4)用户黑名单的建立
当将用户写入黑名单则此用户无法登录
[root@localhost ~]# cd /etc/vsftpd/
[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh ##user_list用户临时黑名单;ftpusers用户黑名单
将student用户写入黑名单
[root@localhost vsftpd]# vim ftpusers
[root@localhost vsftpd]# cat ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
student
[root@localhost vsftpd]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
ls: Login failed: 530 Login incorrect. ##出现530报错即为用户认证失败
(5)用户白名单设定
用户白名单建立 ##userlist_deny=NO
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
[root@localhost ~]# systemctl restart vsftpd.servic
[root@localhost vsftpd]# lftp 172.25.4.104 -u student
Password:
lftp student@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
四.FTP虚拟用户的创建
1.创建虚拟用户
(1)创建虚拟用户账户身份及密码
[root@localhost ~]# vim /etc/vsftpd/westosfile ##文件名称任意
[root@localhost ~]# cat /etc/vsftpd/westosfile
user1 ##创建3个用户,密码均为123
123
user2
123
user3
123
(2)文件转为db格式,即用户名及密码的加密
[root@localhost ~]# vim /etc/vsftpd/westosfile
[root@localhost ~]# cat /etc/vsftpd/westosfile
user1
123
user2
123
user3
123
[root@localhost ~]# cd /etc/vsftpd
[root@localhost vsftpd]# db_load -T -t hash -f westosfile westosfile.db
[root@localhost vsftpd]# ls
ftpusers vsftpd.conf westosfile
user_list vsftpd_conf_migrate.sh westosfile.db ##出现db格式文件即加密成功
(3)添加配置文件注明用户在哪个文件,由哪个验证文件验证用户名和密码
[root@localhost vsftpd]# vim /etc/pam.d/westos
(4)vsftpd配置文件的修改
[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf
[root@localhost vsftpd]# systemctl restart vsftpd.service
(5)新建虚拟用户的验证
[root@localhost vsftpd]# lftp 172.25.4.104 -u user1
Password:
lftp user1@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
lftp user1@172.25.4.104:/> exit
[root@localhost vsftpd]# lftp 172.25.4.104 -u user2
Password:
lftp user2@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
lftp user2@172.25.4.104:/> exit
[root@localhost vsftpd]# lftp 172.25.4.104 -u user3
Password:
lftp user3@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 42 Apr 20 12:48 pub
lftp user3@172.25.4.104:/> exit
2.虚拟用户家目录的独立
(1)创建虚拟用户的家目录
[root@localhost vsftpd]# mkdir /var/ftphomedir
[root@localhost vsftpd]# cd /var/ftphomedir
[root@localhost ftphomedir]# mkdir user{1..3}
[root@localhost ftphomedir]# ll /var/ftphomedir/user1
total 0
[root@localhost ftphomedir]# ll /var/ftphomedir/user2
total 0
[root@localhost ftphomedir]# ll /var/ftphomedir/user3
total 0
[root@localhost ftphomedir]# touch /var/ftphomedir/user1/user1file
[root@localhost ftphomedir]# touch /var/ftphomedir/user2/user2file
[root@localhost ftphomedir]# touch /var/ftphomedir/user3/user3file
(2)vsftpd配置文件的修改
[root@localhost vsftpd]# vim /etc/vsftpd/vsftpd.conf
[root@localhost vsftpd]# systemctl restart vsftpd.service
(3)虚拟用户家目录的验证
更改前家目录均在/pub下
[root@localhost /]# lftp 172.25.4.104 -u user1
Password:
lftp user1@172.25.4.104:~> ls
-rw-r--r-- 1 0 0 0 Apr 20 15:08 user1file
lftp user1@172.25.4.104:/> exit
[root@localhost /]# lftp 172.25.4.104 -u user2
Password:
lftp user2@172.25.4.104:~> ls
-rw-r--r-- 1 0 0 0 Apr 20 15:08 user2file
lftp user2@172.25.4.104:/> exit
[root@localhost /]# lftp 172.25.4.104 -u user3
Password:
lftp user3@172.25.4.104:~> ls
-rw-r--r-- 1 0 0 0 Apr 20 15:10 user3file
lftp user3@172.25.4.104:/> exit
3.虚拟用户帐号的独立配置
(1)建立虚拟用户自己的配置文件
[root@localhost /]# vim /etc/vsftpd/vsftpd.conf
[root@localhost /]# systemctl restart vsftpd.service
[root@localhost /]# mkdir /etc/vsftpd/userconf
[root@localhost /]# cd /etc/vsftpd/userconf/
[root@localhost userconf]# ls
[root@localhost userconf]# vim user1
[root@localhost userconf]# cp /etc/vsftpd/vsftpd.conf user1
[root@localhost userconf]# vim user1
(2)将主配置文件中关于匿名用户的命令注释掉,防止因为两个配置文件主导对命令执行造成影响,注释掉以后只由虚拟账户的配置文件控制命令
(3)建立user的/pub
[root@localhost userconf]# mkdir /var/ftphomedir/user1/pub
[root@localhost userconf]# touch /var/ftphomedir/user1/pub/file1
[root@localhost userconf]# chmod 775 /var/ftphomedir/user1/pub
[root@localhost userconf]# ls -lR /var/ftphomedir/user1/pub
/var/ftphomedir/user1/pub:
total 0
-rw-r--r-- 1 root root 0 Apr 20 12:39 file1
[root@localhost userconf]# chgrp ftp /var/ftphomedir/user1/pub
(4)验证
[root@localhost userconf]# lftp 172.25.4.104 -u user1
Password:
lftp user1@172.25.4.104:~> ls
drwxrwxr-x 2 0 50 18 Apr 20 16:39 pub
-rw-r--r-- 1 0 0 0 Apr 20 15:08 user1file
lftp user1:/> cd /pub
lftp user1:/pub> put /etc/passwd
2190 bytes transferred
lftp user1:/pub> ls
-rw------- 1 14 50 2190 Apr 20 11:47 passwd ##验证成功
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
