Table of Contents
1 Introduction to FTP and Vsftp
1.1 Introduction to FTP
1.2 Vsftp introduction
1.3 Login types of Vsftp
2 Vsftp installation configuration
2.1 Change source
2.2 Install epel source
2.3 Install Vsftpd and related dependencies
2.4 vsftpd configuration file description
2.5 Detailed explanation of vsftpd configuration
2.6 Back up configuration files
3 vsftpd configure anonymous users
3.1 Edit configuration file
3.2 Commonly used anonymous FTP configuration items
3.3 Start vsftp service
3.4 Login verification
3.5 Modify permissions to upload
3.5.1 Modify permissions
3.5.2 Upload files
4 vsftp configure local (system) user
4.1 Create test user
4.2 Modify configuration file
4.3 Commonly used local user FTP configuration items
4.4 Add users to whitelist
4.5 Login test
5 vsftp configure virtual user
5.1 Create a virtual FTP user account
5.2 Create virtual user files
5.3 Create data files
5.4 Establish PAM authentication files to support virtual users
5.5 Modify configuration file
5.6 Commonly used global configuration items
5.7 Establish independent configuration directories and files for users
5.8 Create virtual user data storage location
5.9 Restart vsftp service
5.10 Login test
1 Introduction to FTP and Vsftp
1.1 FTP Introduction
FTP protocol, File Transfer Protocol, is a protocol used for file transfer on the network. It is a standard way of transferring files to and from different computers on a network. The FTP protocol is an application layer protocol in the TCP/IP protocol suite. It utilizes a client-server model, communicating through two different ports. The FTP client connects to the FTP server through port 21, and then performs data transmission on port 20. The FTP protocol supports multiple authentication methods, including plain text, password, SSL/TLS, etc. FTP has been widely used in file transfer. It is used to manage website web pages, perform software upgrades and backups, etc.
The FTP service is Client/Server (referred to as C/S) mode. It is called software that realizes external sharing and transmission of FTP files based on the FTP protocol.
It is the source of the FTP server. The client program is based on the FTP protocol and is called an FTP client. The FTP client can upload and download files to the FTP server.
The current mainstream FTP server software includes: Vsftpd, ProFTPD, PureFTPd, Wuftpd, Server-U FTP, FileZilla Server and other software. Among them, the more widely used FTP server software in Unix/Linux is Vsftpd.
1.2 Introduction to Vsftp
VSFTP, which stands for Very Secure FTP, is a highly secure FTP server software. It is an FTP server optimized for security and performance, featuring fast speed, stability, ease of use and high security. VSFTP is free software released under the GPL license and can be used on most UNIX-like systems. VSFTP supports IPv6, SSL/TLS encrypted transmission, and also provides a variety of authentication methods, including local users, PAM, LDAP, etc. At the same time, VSFTP also supports virtual users and virtual directories, making it easier for administrators to manage users. In short, VSFTP is a powerful and secure FTP server software that is very popular among system administrators and developers.
1.3 Vsftp login type
VSFTP provides three different login methods for system users, anonymous users, and virtual users. All virtual users will be mapped to a system user. The file directory when accessed is the home directory of this system user. Anonymous users are also virtual users. The mapped system user is ftp. Detailed information can be obtained through man vsftpd.conf (manual )View.
2 Vsftp installation configuration
2.1 Change source
Change the local source of your machine to the domestic Alibaba source. (The later installation process is relatively quick)
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
2.2 Install epel source
yum -y install epel-release
As shown in the picture, the installation is successful~
2.3 Install Vsftpd and related dependencies
yum -y install vsftpd* pam* db4*
vsftpd: ftp software
pam: authentication module
db4: Support file database
When “Complete!” is displayed, the installation is successful!
2.4 vsftpd configuration file description
|
Configuration File |
Function |
|
/etc/vsftpd/vsftpd.conf |
vsftpd core configuration file |
|
/etc/vsftpd/ftpusers |
Used to specify which users cannot access the FTP server |
|
/etc/vsftpd/user_list |
Specify the user list file that is allowed to use vsftpd |
|
/etc/vsftpd/vsftpd_conf_migrate_sh |
It is some variables and setting scripts for vsftpd operation |
|
/etc/ftp/ |
Root directory for anonymous users by default |
2.5 vsftpd configuration details
|
Attributes |
attribute value |
meaning |
|
anonymous_enable |
YES/NO |
Whether to allow anonymous users to log in to FTP. If this setting is commented, it will be allowed by default. |
|
local_enable |
YES/NO |
Whether to allow local system users to log in |
|
write_enable |
YES/NO |
Whether to enable any form of FTP writing command and upload files |
|
local_umask |
xxx |
The umask setting of the local user. If the setting is commented out, the default is 077, but it is generally set to 022. |
|
anon_upload_enable |
YES/NO |
Whether to allow anonymous users to upload files. If you want to set it to allow, you need to turn on write_enable first, otherwise it will be invalid. In addition, the corresponding directory must have write permissions. |
|
anon_mkdir_write_enable |
YES/NO |
Whether to allow anonymous users to create new directories |
|
dirmessage_enable |
YES/NO |
When entering a certain directory, send a message prompt to the remote user |
|
xferlog_enable |
YES/NO |
Whether to enable upload/download logging |
|
connect_from_port_20 |
YES/NO |
Whether to use port 20 to connect to FTP |
|
chown_uploads |
YES/NO |
Whether files uploaded anonymously are owned by a specified user chown_username |
|
chown_username |
Valid username |
Files uploaded anonymously are owned by this setting user |
|
xferlog_file |
valid path |
Set the save location of the log file, the default is /var/log/xferlog |
2.6 Backup Configuration File
Back up the configuration file before modifying the configuration of vsftpd. (If you don’t back it up, you will have to delete files and users after misconfiguration, which is very troublesome)
Enter /etc/vsftpd/
cd /etc/vsftpd/
ls command to view
Clear /tmp/
cd /tmp/
rm -rf *
cd -: Return to the directory where you were before entering this directory
cd -
Start backup
cp vsftpd.conf{,.bak}
Use the ls command to check and find that there are more vsftpd.conf.bak
3 vsftpd Configure anonymous users
3.1 Edit configuration file
vi vsftpd.conf
After entering, you will find a lot of comments (with #). You need to modify the following content, but it is very troublesome. It is recommended to delete them all and enter the following content directly.
write_enable=YES anon_umask=022 anonymous_enable=YES anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
Expand
If the user using vsftp is a local user, modify the value of local_umask in the configuration file accordingly.
If the user using vsftp is an anonymous user, the value of anon_umask in the configuration file should be modified accordingly.
3.2 Commonly used anonymous FTP configuration items
anonymous_enable=YES # Whether to allow anonymous users to access
anon_umask=022 # Permission mask for files uploaded by anonymous users
anon_root=/var/ftp #Set the FTP root directory of anonymous users
anon_upload_enable=YES # Whether to allow anonymous users to upload files
anon_mkdir_write_enable=YES # Whether to allow anonymous users to create directoriesanon_other_write_enable=YES # Whether to allow anonymous users to have other write rights (rename, delete, overwrite)
anon_max_rate=0 # Limit the maximum transmission rate (bytes/second) 0 means no limit
3.3 Start vsftp service
Restart the vsftpd service
systemctl restart vsftpd
[If an error is reported at this time, it must be because there was a mistake in the configuration file just now. Go back and edit it again. 】
Check whether there is a vsftpd process.
Method 1:
ps aux | grep vsftpd
Method 2:
Download the net tool first
yum -y install net-tools
Check
netstat -lnpt | grep vsftpd
3.4 Login Verification
Method 1: Tool access
Log in using the Xftp tool. (need to download in advance)
After entering Xftp, click to establish a connection, enter the IP address of the host, change the port number to 21, and click to connect. The FTP User Authentication window appears, click Anonymous User Login–OK.
The pub folder appears, indicating that we have succeeded~
Method 2: Browser access
First turn off the firewall.
systemctl stop firewalld
Enter ftp://+IP address in the browser to access. [Everyone’s IP is different. If you don’t know the IP address, use the ip a command to check it]
ftp:// + IP address
3.5 Modify permissions to upload
3.5.1 Modify permissions
Enter /var/ftp/
cd /var/ftp/
Check with ls command
Check the owner and group of the pub folder
ll -d pub/
Modify owner and group
chown -R ftp.ftp pub/
After the modification is completed, check again. If root changes to ftp, it means the modification is successful.
After the modification is completed, be sure to restart the vsftpd service (it will not take effect without restarting the service)
systemctl restart vsftpd
3.5.2 Upload files
Method 1:Xftp tool
Close the connection window you just opened and log in again. (Because the owner and group have been modified)
Or use anonymous login. After successful login, go to the pub directory, right-click “New RTF Document” on the desktop–Transfer, and the “New RTF Document.rtf” file appears in the pub directory, indicating that we are successful!
You can also use the ls command to view it at this time.
Method 2: Browser
First create a file abc.txt
touch /var/ftp/abc.txt
Or use ftp:// + IP address to access the browser.
The abc.txt file appears, indicating that we have succeeded~
4 vsftp configure local (system) user
4.1 Create test user
Create two users zhansan and lisi
useradd zhansan
useradd lisi
set password
passwd zhansan
passwd lisi
4.2 Modify configuration file
vi /etc/vsftpd/vsftpd.conf
Delete the original content and edit the following content:
local_enable=YES local_umask=077 chroot_local_user=YES allow_writeable_chroot=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO tcp_wrappers=YES
Save and exit after editing is complete.
Restart vsftp service
systemctl restart vsftpd
[If you encounter: Job for vsftpd.service failed because the control process exited with error code. See “systemctl status vsftpd.service” and “journalctl -xe” for details. Please check another article to solve the problem :http://t.csdnimg.cn/TXZhw】
4.3 Commonly used local user FTP configuration items
local_enable=YES # Whether to allow local system users to access
local_umask=077 #Permission mask for files uploaded by local users
local_root=/var/ftp #Set the FTP root directory of local users
chroot_list_enable=YES # Indicates whether to enable the chroot environment. It is not enabled by default.
chroot_list_file=/etc/vsftpd/chroot_list # Indicates that users written in the /etc/vsftpd/chroot_list file cannot leave the chroot environment. The default is OK.
Chroot_local_user=YES # Indicates that all users written in the /etc/vsftpd/chroot_list file can exit the chroot environment, which is the opposite of the above.local_max_rate=0 # Limit the maximum transmission rate (bytes/second) 0 means no limit
4.4 Add users to the whitelist
vi /etc/vsftpd/user_list
Add zhangsan and lisi at the end of the file
zhansan lisi
After the addition is complete, restart the vsftp service
systemctl restart vsftpd
4.5 Login Test
Method 1: Use Xftp tool
I used anonymous login again and found that I could not log in, and the “User authentication failed, do you want to try again” page was displayed.
Click No.
On the “FTP User Authentication” page, enter zhangsan or lisi as the user name and enter the password to log in.
cd /home/lisi/
Create zhangsan.txt file
touch lisi.txt
Restart vsftp service
systemctl restart vsftpd
After restarting, log in again in the Xftp tool.
Found the lisi.txt file, successful!
Method 2: Use Xshell tool
Click New
The following interface appears. Choose a name and enter the IP address of the host. Then click Connect.
Enter the username lisi in the following interface and choose to remember the username.
enter password. Select Remember password and click Confirm.
After entering, we checked with the ls command and found that there were no files.
As in method 1, we create the lisi.txt file under the root user and restart the vsftp service, and then check it.
root user terminal
lisi user terminal
I found that there was not one originally, but now the lisi.txt file appears, which means we succeeded~
5 vsftp configure virtual user
5.1 Create a virtual FTP user account
useradd -s /sbin/nologin vu
5.2 Create virtual user file
cd /etc/vsftpd/
vi user
Add the following:
zhao 12345 zhang 12345
Odd lines represent usernames, and even lines represent passwords. [Remember, the following account number and password cannot be written on the same line]
5.3 Create data file
Create a database file in Berkeley DB format through the db_load tool.
db_load -T -t hash -f user user.db
-f specifies the original data file
-T allows Berkeley DB applications to convert DB data files using text format
-t hash basic method of reading files
Check with ls command.
user.db appears, proving that we succeeded
5.4 Create a PAM authentication file that supports virtual users
vi /etc/pam.d/vsftpd.vu
Write the configuration file, don’t write the final path wrong!
auth required /lib64/security/pam_userdb.so db=/etc/vsftpd/user account required /lib64/security/pam_userdb.so db=/etc/vsftpd/user
[Corresponding to the user.db file just generated]
5.5 Modify configuration file
vi vsftpd.conf
Write the following content.
write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=YES userlist_enable=YES tcp_wrappers=YES allow_writeable_chroot=YES guest_enable=YES guest_username=vu pam_service_name=vsftpd.vu local_enable=YES local_umask=077 chroot_local_user=YES virtual_use_local_privs=YES user_config_dir=/etc/vsftpd/user_dir
5.6 Commonly used global configuration items
listen=YES #Whether to monitor the service in an independent mode
listen_address=192.168.10.112 #Set the IP address for listening to the FTP service
listen_port=21 #Set the port number for listening to the FTP service
write_enable=YES #Whether to enable write permission (upload, delete files)
download_enable=YES #Whether downloading files is allowed
dirmessage_enable=YES #User switches directory to display .message file
xferlog_enable=YES # Enable log files and record to /var/log/xferlog
xferlog_std_format=YES # Enable the standard xferlog log format. Disabling this option will use vsftpd’s own format.
connect_from _port_20=YES # Allow server active mode (establish data connection from port 20)
pasv_enabTe=YES # Allow server passive mode
pasv_max_port=24600 # Set the maximum port number of the passive mode server
pasv_min_port=24500 # Set the minimum port for yellow dynamic mode service
pam_service_name=vsftpd #PAM file location for user authentication(/etc/pam.d/vsftpd.vu)
userlist_enable=YES # Whether to enable the user_list list file
userlist_deny=YES # Whether to disable users in user_listmax_cIients=0 #Limit the number of concurrent client connections
max_per_ip=0 # Limit the number of connections from the same IP address
tcp_wrappers=YES #Whether to enable tcp_wrappers host access controlchown_username=root #Indicates that the owner of files uploaded by anonymous users is root, which is closed by default.
ascii_upload_enable=YES # Indicates whether the user is allowed to upload a binary file. It is not allowed by default.
ascii_download_enable=YES #Represents whether users are allowed to download binary files. It is not allowed by default.
nopriv_user=vsftpd #Set the host user that supports the vsftpd service to the manually created vsftpd userasync_abor_enable=YES #Set to support asynchronous transmission function
ftpd_banner=welcome to Awei FTP servers # Set the login banner of vsftpd
guest_enable=YES #Set to enable virtual user functionguest_username=ftpuser #Specify the host user of the virtual user
virtual_use_local_privs=YES # Set the virtual user’s permissions to match their host user’s
user_config_dir=/etc/vsftpd/vconf # Set the virtual user’s personal vsftp configuration file storage path
5.7 Create independent configuration directories and files for users
mkdir /etc/vsftpd/user_dir
ls command to view
Go into the folder you just created
cd /etc/vsftpd/user_dir
vi zhaouser
vi zhao
Enter the following command (storage path of virtual user data)
local_root=/etc/vsftpd/data
5.8 Create a virtual user data storage location
cd ..return to the previous directory
cd ..
Create data directory
mkdir data
Authorize
chmod 777 data/
5.9 Restart vsftp service
systemctl restart vsftpd
5.10 Login Test
Use the Xftp tool, username zhao, password 12345, to log in.
cd /etc/vsftpd/data
Create a zhao.txt folder.
touch zhao.txt
Key points:
Local users and virtual users cannot log in at the same time because there is only one authentication method.
The local one is pam_service_name =vsftpd
virtual is pam_service_name=vsftpd.vu
Log in again in the Xftp tool and find the zhao.txt file, which means it is successful~
id zhao
Check if there is a zhao user. No, O(∩_∩)O haha~
It’s not easy to create, so give it a try~
