文档总结15-linux中的vsftpd服务

来源：互联网发布：计算机远程控制软件编辑：程序博客网时间：2024/05/22 00:25

vsftpd服务

1.什么是ftp

FTP 是File Transfer Protocol（文件传输协议）的英文简称，而中文简称为“文传协议”。用于Internet上的控制文件的双向传输。同时，它也是一个应用程序（Application）。基于不同的操作系统有不同的FTP应用程序，而所有这些应用程序都遵守同一种协议以传输文件。在FTP的使用当中，用户经常遇到两个概念：”下载”（Download）和”上传”（Upload）。”下载”文件就是从远程主机拷贝文件至自己的计算机上；”上传”文件就是将文件从自己的计算机中拷贝至远程主机上。用Internet语言来说，用户可通过客户机程序向（从）远程主机上传（下载）文件。

2.安装ftp

[root@localhost Desktop]# yum install vsftpd.x86_64 -yLoaded plugins: langpacksResolving Dependencies--> Running transaction check---> Package vsftpd.x86_64 0:3.0.2-10.el7 will be installed......Installed:  vsftpd.x86_64 0:3.0.2-10.el7                                                  Complete![root@localhost Desktop]# systemctl start vsftpd[root@localhost Desktop]# systemctl status vsftpdvsftpd.service - Vsftpd ftp daemon   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled)   Active: active (running) since Tue 2017-10-31 07:16:14 EDT; 7s ago   ......[root@localhost Desktop]# systemctl stop firewalld[root@localhost Desktop]# systemctl enable vsftpdln -s '/usr/lib/systemd/system/vsftpd.service' '/etc/systemd/system/multi-user.target.wants/vsftpd.service'[root@localhost Desktop]# lftp 172.25.254.11lftp 172.25.254.11:~>     ##能登陆并且显示，表示安装成功

3.vsftpd文件信息

/var/ftp ##默认发布目录
/etc/vsftpd ##配置目录

[root@localhost ~]# ls /var/ftp/pub[root@localhost ~]# ls /etc/vsftpd/ftpusers  user_list  vsftpd.conf  vsftpd_conf_migrate.sh[root@localhost ~]# lftp 172.25.254.11lftp 172.25.254.11:~> lsdrwxr-xr-x    2 0        0               6 Aug 03  2015 publftp 172.25.254.11:/>

4.vsftpd服务的配置参数

1).匿名用户设定

[root@server ~]# vim /etc/vsftpd/vsftpd.conf # Allow anonymous FTP? (Beware - allowed by default if you comment this out).anonymous_enable=NO             ##匿名用户登陆限制[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> ls              `ls' at 0 [Sending commands...] ##匿名用户登陆被限制

<匿名用户上传>

[root@server ~]# vim /etc/vsftpd/vsftpd.conf # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_accessanon_upload_enable=YESchgrp ftp /var/ftp/pubchmod 775 /var/ftp/pub[root@server ~]# mkdir /var/ftp/upload[root@server ftp]# chown ftp upload/[root@server ftp]# lltotal 0drwxr-xr-x. 2 root root 6 Aug  3  2015 pubdrwxr-xr-x. 2 ftp  root 6 Nov  7 23:18 upload[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> cd upload/lftp 172.25.254.11:/upload> put /etc/passwd2102 bytes transferredlftp 172.25.254.11:/upload> ls-rw-------    1 14       50           2102 Nov 08 04:22 passwd

<匿名用户家目录修改>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YESanon_root=/ftpub[root@server ftp]# mkdir /ftpub[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> lslftp 172.25.254.11:/>

<匿名用户上传文件默认权限修改>

[root@server ftp]# vim /etc/vsftpd/vsftpd.confanonymous_enable=YESanon_umask=022[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> cd upload/lftp 172.25.254.11:/upload> put /etc/shadow1298 bytes transferred                                           lftp 172.25.254.11:/upload> ls-rw-------    1 14       50           2102 Nov 08 04:22 passwd-rw-r--r--    1 14       50           1298 Nov 08 04:57 shadow

<匿名用户建立目录>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf # new directories.anon_mkdir_write_enable=YES[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> cd upload/lftp 172.25.254.11:/upload> mkdir testmkdir ok, `test' createdlftp 172.25.254.11:/upload> ls-rw-------    1 14       50            880 Nov 08 04:38 group-rw-------    1 14       50           2102 Nov 08 04:22 passwd-rw-r--r--    1 14       50           1298 Nov 08 04:57 shadowdrwxr-xr-x    2 14       50              6 Nov 08 05:01 test

<匿名用户下载>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YESanon_umask=022anon_world_readable_only=YES[root@server ftp]# systemctl restart vsftpd.service [root@server ftp]# chmod 755 /var/ftp/upload/*[root@server ftp]# ll /var/ftp/upload/total 12-rwxr-xr-x. 1 ftp ftp  880 Nov  7 23:38 group-rwxr-xr-x. 1 ftp ftp 2102 Nov  7 23:22 passwd-rwxr-xr-x. 1 ftp ftp 1298 Nov  7 23:57 shadowdrwxr-xr-x. 2 ftp ftp    6 Nov  8 00:01 test[root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> cd upload/lftp 172.25.254.11:/upload> get passwd 2102 bytes transferred

<匿名用户删除>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anon_world_readable_only=YESanon_other_write_enable=YES[root@server ftp]# systemctl restart vsftpd.service [root@desktop ~]# lftp 172.25.254.11lftp 172.25.254.11:~> cd upload/lftp 172.25.254.11:/upload> rm -fr test/rm ok, `test/' removedlftp 172.25.254.11:/upload> ls-rwxr-xr-x    1 14       50            880 Nov 08 04:38 group-rwxr-xr-x    1 14       50           2102 Nov 08 04:22 passwd-rwxr-xr-x    1 14       50           1298 Nov 08 04:57 shadow

<匿名用户使用的用户身份修改>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YESchown_uploads=YESchown_username=studentchown_upload_mode=0644[root@server ftp]# systemctl restart vsftpd.service

<最大上传速率>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YESanon_max_rate=102400[root@server ftp]# systemctl restart vsftpd.service

<最大链接数>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf anonymous_enable=YESmax_clients=2[root@server ftp]# systemctl restart vsftpd.service

2)本地用户设定

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf # When SELinux is enforcing check for SE bool ftp_home_dirlocal_enable=NO                 ##本地用户登陆限制[root@server ftp]# systemctl restart vsftpd.service

<限制本地用户浏览/目录>
所有用户被锁定到自己的家目录中

[root@server ftp]# vim /etc/vsftpd/vsftpd.conf# the user does not have write access to the top level directory within the# chroot)chroot_local_user=YES[root@server ftp]# chmod  u-w /home/*[root@server ftp]# systemctl restart vsftpd.service

用户黑名单建立

[root@server ftp]# vim /etc/vsftpd/vsftpd.confchroot_local_user=NOchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list[root@server ftp]# systemctl restart vsftpd.service

用户白名单建立

[root@server ftp]# vim /etc/vsftpd/vsftpd.confchroot_local_user=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list[root@server ftp]# systemctl restart vsftpd.service

<限制本地用户登陆>

vim /etc/vsftpd/ftpusers        ##用户黑名单# Users that are not allowed to login via ftprootbin......

2).ftp虚拟用户的设定

<创建虚拟帐号身份>

[root@server ftp]# vim /etc/vsftpd/loginusers       ##新建虚拟用户文件,文件名称任意ftpuser1123ftpuser2123ftpuser3123[root@server ftp]# db_load -T -t hash -f /etc/vsftpd/loginusers loginusers.db [root@server ftp]# vim /etc/pam.d/ckvsftpd          ##新建文件插件识别db,文件名称任意account     required    pam_userdb.so   db=/etc/vsftpd/loginusersauth        required    pam_userdb.so   db=/etc/vsftpd/loginusers[root@server ftp]# vim /etc/vsftpd/vsftpd.confpam_service_name=ckvsftpdguest_enable=YES[root@server ftp]# systemctl restart vsftpd.service lftp ftpuser1@172.25.254.11:~> lftp 172.25.254.11 -u ftpuser1Password: lftp ftpuser1@172.25.254.11:~>

<虚拟帐号身份指定>

[root@server ftp]# vim /etc/vsftpd/vsftpd.confguest_username=ftpuser[root@server ftp]#chmod u-w /home/ftpuser

<虚拟帐号家目录独立设定>

[root@server ftp]# vim /etc/vsftpd/vsftpd.conflocal_root=/ftpuserhome/$USERuser_sub_token=$USER[root@server ftp]#mkdir /ftpuserhome[root@server ftp]#chgrp ftpuser /ftpuserhome[root@server ftp]#chmod g+s /ftpuserhome[root@server ftp]#mkdir /ftpuserhome/ftpuser{1..3}

阅读全文

0 0