Summary:
FTP (File Transfer Protocol) is a file transfer protocol, which is a protocol based on TCP and adopts the client/server mode. Through the FTP protocol, users can perform operations such as uploading or downloading files on the FTP server. Although there are many sites downloaded through the HTTP protocol, because the FTP protocol can well control the number of users and the allocation of broadband, and upload and download files quickly and conveniently, FTP has become the preferred server for file upload and download in the network. At the same time, it is also an application program, through which users can connect their computers to all servers running the FTP protocol around the world, and access a large number of programs and information on the servers. The function of the FTP service is to realize the remote transmission of complete files. The features are as follows:
(1) FTP uses two parallel connections: a control connection and a data connection. The control connection transmits control commands between two hosts, such as user identity, password, and command to change directories. Data connections are used only for transferring data.
(2) During a session, the FTP server must maintain the user status, that is, the control connection with a certain user cannot be disconnected. In addition, when the user is active in the directory tree, the server must track the user’s current directory, so FTP limits the number of concurrent users.
(3) FTP supports file transfer along any direction. After the user establishes a connection with a remote computer, the user can obtain a remote file or transfer a local file to the remote machine.
FTP server (File Transfer Protocol Server) is a computer that provides file storage and access services on the Internet, and they provide services in accordance with the FTP protocol. FTP is File Transfer Protocol (File Transfer Protocol). As the name suggests, it is a protocol specially used to transfer files. Simply put, a server that supports the FTP protocol is an FTP server.
1. Overview of FTP server
1. The role of FTP server
An FTP server is a server that provides file transfer services. Its functions mainly include the following points:
(1) Storing files: The FTP server can store files that need to be transferred. Users can connect to the FTP server through the FTP client and upload or download the required files.
(2) Manage files: The FTP server can manage files, such as creating, deleting, renaming and other operations.
(3) Provide file access control: the FTP server can control file access, such as restricting user access rights, controlling user upload and download rights, and so on.
(4) Provide anonymous access: The FTP server can provide anonymous access, allowing users to perform anonymous file transfers through the FTP client.
(5) Monitoring of file transfers: The FTP server can record and monitor file transfers, such as recording log information of file transfers, for subsequent auditing and management.
(6) Support multi-user simultaneous transfer: FTP server can support multiple users to transfer files at the same time, so as to improve the efficiency of file transfer.
(7) Network backup: The FTP server can be used as a storage server for network backup to back up important data of a company or organization.
(8) Virtual host: The FTP server can be used as a virtual host to provide services such as Web server and mail server.
(9) Software distribution: the FTP server can be used as a software distribution server to distribute software to the FTP server for users to download.
(10) File archiving: The FTP server can be used as a file archiving server to store historical files, which is convenient for users to consult and retrieve.
(11) File Synchronization: The FTP server can be used as a file synchronization server for synchronizing files between different locations or networks.
2. FTP system composition
FTP server system consists of server software, client software and FTP communication protocol. Common software for FTP servers: vsftpd, wu-ftpd, Proftpd, Microsoft IIS FTP, Serv-U, etc.
3. Working process of FTP server
A complete FTP file transfer requires the establishment of two types of connections, one for file transfer commands, called control connections, and the other for real file transfers, called data connections.
(1) Control connection
When the client wants to establish upload and download data transmission with the FTP server, it first initiates a connection establishment request to the TCP21 port of the server, and the FTP server accepts the request from the client and completes the establishment process of the connection. Such a connection is called FTP control connect
(2) Data connection
After the FTP control connection is established, files can be transferred, and the connection for transferring files is called an FTP data connection. FTP data connection is the process of FTP data transmission, it has two transmission modes: active mode (PORT/standard) and passive mode
(PASV).Active mode:
Passive mode:
2. FTP server construction
Preparations before setting up the FTP server:
The establishment of the FTP server is closely related to the establishment of the DNS server. If the DNS server is not established, see the article:
https://mp.csdn.net/mp_blog/creation/editor/129963557
The configuration file of the DNS server needs to be changed a little:
Open the forward configuration file and make some changes —
systemctl restart named //Restart DNS service
The network card of the FTP client may be carefully configured (the DNS server resolves the domain name or IP address for the FTP client) —
NIC configuration for FTP client –
[root@Server ~]# cd /etc/sysconfig/network-scripts/
[root@Server network-scripts]#
[root@Server network-scripts]# vim ifcfg-ens33TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.10
GATEWAY=192.168.1.2
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=721bf751-0fac-4c74-9ade-9f591c0f5ebf
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.1.10
1. Install FTP software
Server: yum install vsftpd Client: yum install ftp
2. Start ftp service
systemctl start vsftpd //Start FTP service systemctl enable vsftpd //Set FTP to start automatically systemctl status vsftpd //View the status of the FTP service
3. Firewall settings
firewall-cmd --list-all //View the services that the firewall has allowed to pass firewall-cmd --permanent --add-service=ftp //Add the FTP service that is allowed to pass through the firewall firewall-cmd --reload //Reload the firewall to make the newly added firewall policy take effect
4. Configure local users
① Not limited to users in their own root directory (root directory –/home/username/)
FTP server: adduser user1 //add common user passwd user //Set the password of the user1 user echo "user1_file" > /home/user1/user.txt //Create a test file (for download) and write the content mkdir /var/ftp/public //Create a test directory FTP client: echo "test_file" > test1.txt //Create a test file (for uploading) and write contentClient test:
So how to upload files in directories other than the home directory? See the following operations: (take /var/ftp/public as an example)
FTP server: chmod o + w /var/ftp/public //Give other users write permission on the /var/ftp/public directory chcon -t public_content_rw_t /var/ftp/public //If you want the FTP directory you set to upload files If so, SELINUX needs to be set setsebool -P ftpd_full_access on //Modify the Boolean value status and open FTP access getsebool -a | grep ftp //Filter Boolean information related to FTP " ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> on //Enable it ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off tftp_anon_write --> off tftp_home_dir --> off "Client test:
①Restrict users in their own root directory (root directory—/home/username/)
adduser webadmin //add common user passwd webadmin //Set the password of ordinary user webadmin mkdir /webdata/ //Create a directory (this directory will be used as the root directory of the user webadmin) chmod o + w /webdata/ //Give other users write permission to the /var/ftp/public directory echo "webadmin_file" > /webdata/webadmin.txt //Create a test file (for upload) and write the content vim /etc/vsftpd/vsftpd.conf //Configure the main configuration file of the FTP server, the modified and added content is placed outside the code vim /etc/vsftpd/chroot_list " webadmin " systemctl restart vsftpd //restart FTP service getsebool -a | grep ftp //Filter Boolean information related to FTP " ftpd_anon_write --> off ftpd_connect_all_unreserved --> off ftpd_connect_db --> off ftpd_full_access --> on //Just turn it on, if it is off, type one more command: setsebool -P ftpd_full_access on ftpd_use_cifs --> off ftpd_use_fusefs --> off ftpd_use_nfs --> off ftpd_use_passive_mode --> off httpd_can_connect_ftp --> off httpd_enable_ftp_server --> off tftp_anon_write --> off tftp_home_dir --> off "vim /etc/vsftpd/vsftpd.conf //The main configuration file configuration of the FTP server
Client test:
On this basis, we can also expand the functions of the FTP server:
① It is forbidden to upload files with the suffixes .doc .docx .xlsx;
② Limit the user’s maximum download speed to 100kb/s;
③ The maximum number of people online with the same IP is 2;
④ The number of user processes/number of users who log in at the same time from one IP address does not exceed 2.
FTP server: vim /etc/vsftpd/vsftpd.conf //Configure the main configuration file of the FTP server, add content at the end of the file " local_max_rate=100000 //Limit the user's maximum download speed to 100kb/s max_per_ip=2 //The maximum number of people online with the same IP is 2 max_clients=2 //The number of user processes/users who log in at the same time from one IP address does not exceed 2 deny_file={*.doc,*.docx,*.xlsx} //Prohibit uploading files with extensions .doc .docx .xlsx " systemctl restart vsftpd //restart FTP serviceClient test:
touch doc_file.doc //Create a test file with the suffix .docTo ensure the confidentiality and integrity of data transmitted between the client and the server, the FTP server can be reinforced using the SSL/TLS protocol.
FTP server: vim /etc/vsftpd/vsftpd.conf //Edit the main configuration file of the FTP server and add content at the end of the file " userlist_enable=YES tcp_wrappers=YES ssl_enable=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_private_key_file=/etc/ssl/serverkey1/vsftpd.pem rsa_cert_file=/etc/ssl/serverkey1/vsftpd.pem allow_anon_ssl=NO force_local_logins_ssl=YES force_local_data_ssl=YES "Client test:
So, how to log in to the FTP server safely?
yum install epel-release filezilla -y //Install filezilla software on the FTP client Details reminder: Repeat the installation twice, because the first time is initialization, and the second time is a normal installation.After installation, the icon will be displayed:
Click on the software FileZilla to enter the internal
① Open the site manager
②Create a new site first, write in the site information, and finally click Connect
Here is the login with the IP address —
You can also log in with a domain name —
③Enter password
connection succeeded:
You can still upload and download files here:
At this point, the FTP server is built!