Construction of FTP server (Linux)

Summary:

FTP (File Transfer Protocol) is a file transfer protocol, which is a protocol based on TCP and adopts the client/server mode. Through the FTP protocol, users can perform operations such as uploading or downloading files on the FTP server. Although there are many sites downloaded through the HTTP protocol, because the FTP protocol can well control the number of users and the allocation of broadband, and upload and download files quickly and conveniently, FTP has become the preferred server for file upload and download in the network. At the same time, it is also an application program, through which users can connect their computers to all servers running the FTP protocol around the world, and access a large number of programs and information on the servers. The function of the FTP service is to realize the remote transmission of complete files. The features are as follows:

(1) FTP uses two parallel connections: a control connection and a data connection. The control connection transmits control commands between two hosts, such as user identity, password, and command to change directories. Data connections are used only for transferring data.

(2) During a session, the FTP server must maintain the user status, that is, the control connection with a certain user cannot be disconnected. In addition, when the user is active in the directory tree, the server must track the user’s current directory, so FTP limits the number of concurrent users.

(3) FTP supports file transfer along any direction. After the user establishes a connection with a remote computer, the user can obtain a remote file or transfer a local file to the remote machine.

FTP server (File Transfer Protocol Server) is a computer that provides file storage and access services on the Internet, and they provide services in accordance with the FTP protocol. FTP is File Transfer Protocol (File Transfer Protocol). As the name suggests, it is a protocol specially used to transfer files. Simply put, a server that supports the FTP protocol is an FTP server.

1. Overview of FTP server

1. The role of FTP server

An FTP server is a server that provides file transfer services. Its functions mainly include the following points:

(1) Storing files: The FTP server can store files that need to be transferred. Users can connect to the FTP server through the FTP client and upload or download the required files.

(2) Manage files: The FTP server can manage files, such as creating, deleting, renaming and other operations.

(3) Provide file access control: the FTP server can control file access, such as restricting user access rights, controlling user upload and download rights, and so on.

(4) Provide anonymous access: The FTP server can provide anonymous access, allowing users to perform anonymous file transfers through the FTP client.

(5) Monitoring of file transfers: The FTP server can record and monitor file transfers, such as recording log information of file transfers, for subsequent auditing and management.

(6) Support multi-user simultaneous transfer: FTP server can support multiple users to transfer files at the same time, so as to improve the efficiency of file transfer.

(7) Network backup: The FTP server can be used as a storage server for network backup to back up important data of a company or organization.

(8) Virtual host: The FTP server can be used as a virtual host to provide services such as Web server and mail server.

(9) Software distribution: the FTP server can be used as a software distribution server to distribute software to the FTP server for users to download.

(10) File archiving: The FTP server can be used as a file archiving server to store historical files, which is convenient for users to consult and retrieve.

(11) File Synchronization: The FTP server can be used as a file synchronization server for synchronizing files between different locations or networks.

2. FTP system composition

FTP server system consists of server software, client software and FTP communication protocol. Common software for FTP servers: vsftpd, wu-ftpd, Proftpd, Microsoft IIS FTP, Serv-U, etc.

3. Working process of FTP server

A complete FTP file transfer requires the establishment of two types of connections, one for file transfer commands, called control connections, and the other for real file transfers, called data connections.
(1) Control connection
When the client wants to establish upload and download data transmission with the FTP server, it first initiates a connection establishment request to the TCP21 port of the server, and the FTP server accepts the request from the client and completes the establishment process of the connection. Such a connection is called FTP control connect
(2) Data connection
After the FTP control connection is established, files can be transferred, and the connection for transferring files is called an FTP data connection. FTP data connection is the process of FTP data transmission, it has two transmission modes: active mode (PORT/standard) and passive mode
(PASV).

Active mode:

Passive mode:

2. FTP server construction

Preparations before setting up the FTP server:

The establishment of the FTP server is closely related to the establishment of the DNS server. If the DNS server is not established, see the article:

https://mp.csdn.net/mp_blog/creation/editor/129963557

The configuration file of the DNS server needs to be changed a little:

Open the forward configuration file and make some changes —

systemctl restart named //Restart DNS service

The network card of the FTP client may be carefully configured (the DNS server resolves the domain name or IP address for the FTP client) —

NIC configuration for FTP client –

[root@Server ~]# cd /etc/sysconfig/network-scripts/
[root@Server network-scripts]#
[root@Server network-scripts]# vim ifcfg-ens33

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
IPADDR=192.168.1.10
GATEWAY=192.168.1.2
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=721bf751-0fac-4c74-9ade-9f591c0f5ebf
DEVICE=ens33
ONBOOT=yes
DNS1=192.168.1.10

1. Install FTP software

Server: yum install vsftpd
Client: yum install ftp

2. Start ftp service

systemctl start vsftpd //Start FTP service
systemctl enable vsftpd //Set FTP to start automatically
systemctl status vsftpd //View the status of the FTP service

3. Firewall settings

firewall-cmd --list-all //View the services that the firewall has allowed to pass
firewall-cmd --permanent --add-service=ftp //Add the FTP service that is allowed to pass through the firewall
firewall-cmd --reload //Reload the firewall to make the newly added firewall policy take effect

4. Configure local users

① Not limited to users in their own root directory (root directory –/home/username/)

FTP server:
adduser user1 //add common user
passwd user //Set the password of the user1 user
echo "user1_file" > /home/user1/user.txt //Create a test file (for download) and write the content
mkdir /var/ftp/public //Create a test directory

FTP client:
echo "test_file" > test1.txt //Create a test file (for uploading) and write content

Client test:

So how to upload files in directories other than the home directory? See the following operations: (take /var/ftp/public as an example)

FTP server:
chmod o + w /var/ftp/public //Give other users write permission on the /var/ftp/public directory
chcon -t public_content_rw_t /var/ftp/public //If you want the FTP directory you set to upload files
                                                 If so, SELINUX needs to be set
setsebool -P ftpd_full_access on //Modify the Boolean value status and open FTP access
getsebool -a | grep ftp //Filter Boolean information related to FTP
"
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on //Enable it
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off
"

Client test:

①Restrict users in their own root directory (root directory—/home/username/)

adduser webadmin //add common user
passwd webadmin //Set the password of ordinary user webadmin
mkdir /webdata/ //Create a directory (this directory will be used as the root directory of the user webadmin)
chmod o + w /webdata/ //Give other users write permission to the /var/ftp/public directory
echo "webadmin_file" > /webdata/webadmin.txt //Create a test file (for upload) and write the content

vim /etc/vsftpd/vsftpd.conf //Configure the main configuration file of the FTP server, the modified and added content is placed outside the code

vim /etc/vsftpd/chroot_list
"
webadmin
"
systemctl restart vsftpd //restart FTP service

getsebool -a | grep ftp //Filter Boolean information related to FTP
"
ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on //Just turn it on, if it is off, type one more command: setsebool -P ftpd_full_access on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> off
"

vim /etc/vsftpd/vsftpd.conf //The main configuration file configuration of the FTP server

Client test:

On this basis, we can also expand the functions of the FTP server:

① It is forbidden to upload files with the suffixes .doc .docx .xlsx;

② Limit the user’s maximum download speed to 100kb/s;

③ The maximum number of people online with the same IP is 2;

④ The number of user processes/number of users who log in at the same time from one IP address does not exceed 2.

FTP server:
vim /etc/vsftpd/vsftpd.conf //Configure the main configuration file of the FTP server, add content at the end of the file
"
local_max_rate=100000 //Limit the user's maximum download speed to 100kb/s
max_per_ip=2 //The maximum number of people online with the same IP is 2
max_clients=2 //The number of user processes/users who log in at the same time from one IP address does not exceed 2
deny_file={*.doc,*.docx,*.xlsx} //Prohibit uploading files with extensions .doc .docx .xlsx

"

systemctl restart vsftpd //restart FTP service

Client test:

touch doc_file.doc //Create a test file with the suffix .doc

To ensure the confidentiality and integrity of data transmitted between the client and the server, the FTP server can be reinforced using the SSL/TLS protocol.

FTP server:
vim /etc/vsftpd/vsftpd.conf //Edit the main configuration file of the FTP server and add content at the end of the file
"
userlist_enable=YES
tcp_wrappers=YES
ssl_enable=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_private_key_file=/etc/ssl/serverkey1/vsftpd.pem
rsa_cert_file=/etc/ssl/serverkey1/vsftpd.pem
allow_anon_ssl=NO
force_local_logins_ssl=YES
force_local_data_ssl=YES
"

Client test:

So, how to log in to the FTP server safely?

yum install epel-release filezilla -y //Install filezilla software on the FTP client

Details reminder:
Repeat the installation twice, because the first time is initialization, and the second time is a normal installation.

After installation, the icon will be displayed: