• Linux搭建ftp服务器简单教程及使用方法


    参考文章:https://www.waitig.com/linux-or-centos-install-vsftpd-and-setup-it.html

    步骤概括如下:

    安装:yum install vsftpd

    操作: service vsftpd start|stop|restart

    配置部分(重点):

           1. 为了系统安全,一般会建立一个ftp用户,此用户不能登陆系统,且只能访问自己主目录下的文件。

                 useradd  -d  /var/ftp/test     -g ftp -s   /sbin/nologin    ftpuser

                 其中,-d命令是指定用户主目录,-g是指定用户分组,-s /sbin/nologin 是禁止用户登陆系统,最后ftpuser是本次新建用户的用户名。

                 然后设置密码:passwd fptuser

          2.  配置用户可登陆名单,并将新建用户添加进入ftp可登陆名单中。

             配置用户名单的方式是:打开配置文件,找到如下两行行,去掉其注释符号。

                  chroot_list_enable=YES

                 # (default follows)

                 chroot_list_file=/etc/vsftpd/chroot_list

             这样就定义了一个用户名单,只有名单中的用户可以登陆系统。 

        3. 创建这个/etc/vsftpd/chroot_list   文件,将可以访问的用户名   ftpuser  添加进去。然后重启ftp服务即可。

     操作解释:

          -d  /var/ftp/test   ----------------------------------    远程机器访问这台ftp服务器的根目录,文件列表与这个目录一致。

          useradd/passwd   --------------------------------- 本地的用户名和密码

         /etc/vsftpd/chroot_list   ---------------------------  将本地用户名XX作为ftp用户名
                

    ftp及scp命令的使用

    参考文章:http://www.cnblogs.com/weafer/archive/2011/06/13/2079509.html

    ftp :

         1.  ftp 192.168.26.66

         2. 输入用户名和密码

         3.get  下载

            格式:get [remote-file] [local-file]
      将文件从远端主机中传送至本地主机中.

           注意:文件都下载到了linux主机的当前目录下。比如,在 /root/yint下运行的ftp命令,则文件都下载到了/root/yint 下。

         4.put  上传

            格式: put local-file [remote-file]

            注意:上传文件都来自于主机的当前目录下。比如,在 /root/test下运行的ftp命令,则只有在/root/test下的文件linux才会 上传到服务器e: ose 下。

    scp:

        scp是安全的文件拷贝,基于ssh的登录

        假定你想把本地计算机/home下的一个名为a.tar.tz的文件拷贝到远程服务器192.168.0.2上的/home/tmp。而且你在远程服务器 上的帐号名为root。可以用这个命令:
    scp /home/a.tar.tz root@192.168.0.2:/home/tmp/

        

    ----------------------------------------------------------

    附录: (参考链接:http://www.linuxsv.org/training/l23_linux_ftp.html)

    FTP File Transfer Protocol allows file transfer between hosts on a network without having to login on a standard shell directly on the remote host. The file transfer is done using a standard set of simple commands without encryption, so it must be used only in a not hostile environment. Features like 'scp' that uses ssh protocol for encrypted file transfer can be used to file transfers on a hostile environment like Internet.

    FTP Server

    In order to configure a host as a FTP server the package vsftp must be installed, configured through /etc/vsftpd/vsftpd.conf and configured to be started at boot.

    # yum install vsftpd
    # chkconfig vsftpd on
    # /etc/init.d/vsftpd start

    /etc/vsftpd/vsftpd.conf

    This is the main configuration file and specifies the way that the FTP server runs. The most important parameters that can be configured are the following :

    anonymous_enable=YES
    It allows FTP transfer using the anonymous user with password anonymous.

    local_enable=YES
    Local accounts are valid FTP accounts.

    write_enable=YES
    Enables write operations on FTP.

    #anon_upload_enable=YES
    It allows anonymous user to upload files. By default this line is commented so the anonymous user by default con not upload files to the FTP server.

    #chroot_list_enable=YES
    With chroot_local_user=YES you can configure users who are logged on FTP server to be confined in to their home directory on the FTP server. Disabled by default.

    pam_service_name=vsftpd
    Configures Pluggable Authentication Modules (PAM) security for FTP.

    userlist_enable=YES
    Keeps users such as root and system user listed on /etc/vsftpd/user_list from logging into the FTP server. It must be activated always !!!

    tcp_wrappers=YES
    Supports the use of security commands in /etc/hosts.allow and /etc/hosts.deny through tcpwrappers

    FTP Security

    Firewall

    The FTP server listen on port 21 TCP so it must be open on the firewall .

    -A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT


    In the case of FTP server is also required to load the nat iptable module that keep track all FTP connections and allows it. This configuration is applied on /etc/sysconfig/iptables-config file :

    IPTABLES_MODULES="nf_conntrack_ftp"-->/etc/sysconfig/iptables-config

    # /etc/init.d/iptables restart

    SElinux

    There are five directives associated with making FTP server work with SELinux in targeted mode:

    # setsebool -P allow_ftpd_full_access 1
    If this parameter is enabled ftpd will run on a SElinux context without any restriction.

    # setsebool -P allow_ftpd_anon_write 1
    Supports the writing of files to directories configured with the public_content_rw_t SELinux setting.

    # setsebool -P allow_ftpd_use_cifs 1
    Allows the use of files shared via CIFS on an FTP server.

    # setsebool -P allow_ftpd_use_nfs 1
    Allows the use of files shared via NFS on an FTP server.

    # setsebool -P ftp_home_directory 1
    Supports FTP read/write access to user home directories.

    In addition any directory that is going to be used on read-write FTP operations it must be labelled as 'public_content_rw_t' SElinux attribute in order to work correctly in SElinux targered mode .

    # chcon -R -t public_content_rw_t /var/pub/ftp

    FTP anonymous server

    In this section we are going to configure a FTP server on rhel6 server and only allow anonymous login. Only downloading data from FTP server must be allowed files, uploading must be forbidden.

    # cat /etc/vsftpd/vsftp.conf | grep -v ^#

    anonymous_enable=YES
    local_enable=NO
    write_enable=NO
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_std_format=YES
    listen=YES
    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES


    Configure the firewall as defined on 'FTP Security'. If SElinux is running on targered mode the easy way applied in this case is give full access to the ftpd daemon on SElinux context :

    # setsebool -P allow_ftpd_full_access 1

    Lets create a file on the root of the ftp directory /var/ftp/pub. This file will be downloaded by anonymous user.

    # dd if=/dev/null of=/var/ftp/pub/file bs=1024 count=1000

    And finally restart the ftp service. Make sure the service starts correctly watching logs on /var/log/messages.

    # /etc/init.d/vsftpd restart

    From another host login to the FTP server on rhel6 as anonymous user using the FTP client 'lftp'. Download file created previously and verify that uploading is forbidden.

    node01> lftp 192.168.1.10
    lftp 192.168.1.10:~> cd pub
    cd ok, cwd=/pub
    lftp 192.168.1.10:/pub> ls
    -rw-r--r-- 1 0 0 10240000 Feb 22 20:36 file
    lftp 192.168.1.10:/pub> get file
    10240000 bytes transferred


    By default the FTP client 'lftp' login as anonymous. From there file has been downloaded correctly. Lets try to download a file :

    lftp 192.168.1.10:/pub> put anaconda-ks.cfg
    put: Access failed: 550 Permission denied. (anaconda-ks.cfg)


    Uploads are not allowed.

    lftp 192.168.1.10:/> cd /var
    cd: Access failed: 550 Failed to change directory. (/var)


    Navigate outside the FTP server is not allowed.

    Try to login as other user as anonymous and verify that only anonymous logins are permitted.

    node01> lftp -u john
    Password:
    lftp john@:~> ls
    ls: Not connected


    The same is we try as root and other users ... only anonymous logins are allowed.

    FTP non-anonymous server

    In this case we are going to configure an FTP server on rhel6 that must only allow logins to all system users less the listed on /etc/vsftpd/user_list . Download/upload must be allowed for these users.

    cat /etc/vsftpd/vsftpd.conf | grep -v ^#

    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    local_umask=022
    dirmessage_enable=YES
    xferlog_enable=YES
    connect_from_port_20=YES
    xferlog_std_format=YES
    listen=YES
    pam_service_name=vsftpd
    userlist_enable=YES
    tcp_wrappers=YES


    Configure the firewall as defined on 'FTP Security'. In this case we are going to configure ftpd to run on SElinux environment. This is not the easy way as in previous example :

    # setsebool -P allow_ftpd_full_access 0
    # setsebool -P allow_ftpd_anon_write 1
    # setsebool -P allow_ftpd_use_cifs 1
    # setsebool -P allow_ftpd_use_nfs 1
    # setsebool -P ftp_home_dir 1


    Lets create a file on 'john' /home dir of the ftp directory /home/john. This file will be downloaded by user john.

    # cp /var/ftp/pub/file /home/john
    # chown john:john /home/john/file


    And finally restart the ftp service. Make sure the service starts correctly watching logs on /var/log/messages.

    # /etc/init.d/vsftpd restart

    From another host login to the FTP server on rhel6 as 'john' user using the FTP client 'lftp'. Download file created previously and verify that uploading is allowed on john /home.

    node01> lftp -u john 192.168.1.10
    Password:
    lftp john@192.168.1.10:~> ls
    -rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file
    lftp john@192.168.1.10:~> get file
    10240000 bytes transferred
    lftp john@192.168.1.10:~> put install.log
    21820 bytes transferred
    lftp john@192.168.1.10:~> ls
    -rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file
    -rw-r--r-- 1 1001 1001 21820 Feb 23 20:06 install.log
    lftp john@192.168.1.10:~> cd /var
    lftp john@192.168.1.10:/var>


    As can be seen 'john' user can download/upload files on /home/john through FTP. But 'john' still has access to directories outside his home, on Lab1 we will configure the FTP server to chroot users onto his home directory.

    Users listed on /etc/vsftpd/user_list are not allowed to login on FTP server :

    node01> lftp -u root 192.168.1.10
    Password: lftp root@192.168.1.10:~> dir
    `ls' at 0 [Delaying before reconnect: 20]
    ...

    FTP Client

    As has been seen in previous sections the lftp RPM can be used as FTP Client.

    # yum install lftp

    In order to login as user 'john' on FTP server 192.168.1.10 :

    lftp -u john 192.168.1.10
    Password:
    lftp john@192.168.1.10:~>


    If no user is specified the FTP login is done using the anonymous user.

    In order to execute a remote command on the FTP server as 'ls' :

    lftp john@192.168.1.10:~> ls
    -rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file
    -rw-r--r-- 1 1001 1001 21820 Feb 23 20:06 install.log


    In order to execute a local command on the FTP client as 'ls' :

    lftp john@192.168.1.10:~> ! ls
    file install.log install.log.syslog test


    To download a file from FTP server use 'get' command :

    lftp john@192.168.1.10:~> get file
    10240000 bytes transferred


    To upload a file from FTP client to the FTP server use 'put' command :

    lftp john@192.168.1.10:~> put install.log
    21820 bytes transferred


    More info on 'man lftp'.

    Questions

    1.- By default FTP data transfer is encrypted (true/false).

    2.- FTP protocol can be used to transfer files between Linux, Unix and Microsoft Windows S.O. (true/false).

    3.- In order to get working an FTP server through a firewall the only action required is open 21/TCP port (true/false).

    4.- Which configuration parameter on file /etc/vsftpd/vsftpd.conf must be configured in order to allow anonymous login on the FTP server?.

    5.- Which configuration parameter on file /etc/vsftpd/vsftpd.conf must be configured in order disable local logins on the FTP server?.

    6.- Which configuration parameter on file /etc/vsftpd/vsftpd.conf must be configured in order disable logins from users listed in /etc/vsftpd/vsftpd.conf on the FTP server?.

    7.- Which command can be used in order to disable SElinux protection to the ftpd service?.

    8.- Which command can be used in order to give SElinux access to users logged through FTP client on their home directories on the FTP server?.

    9.- Which command can be used in order to connect to the FTP server using anonymous account?.

    A - lftp 192.168.1.10
    B - lftp -u anonymous 192.168.1.10
    C - Both of them
    D - None of them

    10.- Which configuration parameter on /etc/vsftpd/vsftpd.conf makes that the only users listed on /etc/vsftpd/user_list are allowed to connect to the FTP server ?.

    A - userlist_deny=YES
    B - userlist_deny=NO
    C - /etc/export
    D - /etc/fstab

  • 相关阅读:
    Python 描述符(descriptor) 杂记
    Celery 使用简介
    异步任务神器 Celery 简明笔记
    高性能框架gevent和gunicorn在web上的应用及性能测试
    Flask + Gunicorn + Nginx 部署
    Mysql查看最大连接数和修改最大连接数
    配置 influxDB 鉴权及 HTTP API 写数据的方法
    Java 字符串拼接 五种方法的性能比较分析 从执行100次到90万次
    linux端口开放指定端口的两种方法
    java自带的监控工具VisualVM一
  • 原文地址:https://www.cnblogs.com/alapha/p/7481625.html
Copyright © 2020-2023  润新知