CentOS 7 FTP服务搭建
本项目使用VSFTPD配置FTP服务器,实现以下功能:
- 开放实体用户登陆。使用者登陆FTP的时候显示欢迎消息;系统帐号不允许登陆;允许实体用户进行上传、下载、建立目录及修改文件;设置用户新建文件、目录的umask为002。
- 仅允许匿名登陆。匿名登陆时显示欢迎消息;仅开放anonymous登陆,且不需要密码;限制文件转输速度为30KB/s;文件连接过程超过60秒没有回应就断开连接;anonymous超过10分钟没有动作就断线;最大同时上线人数限制为50人,同一IP的最大连线数为5。
实验环境准备
服务器:Centos 7
客户端:window2003
selinux: 关闭
ps:最坏情况下可以选择selinux对FTP不做任何限制
setsebool -P ftpd_connect_all_unreserved 1
1. 安装vsFTP
yum -y install vsftpd
2. 配置VSFTP文件
打开vsftpd的配置文件
vi /etc/vsftpd/vsftpd.conf
8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
9 # capabilities.
10 #
11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
12 anonymous_enable=NO //禁止匿名登陆
13 #
14 # Uncomment this to allow local users to log in.
15 # When SELinux is enforcing check for SE bool ftp_home_dir
16 local_enable=YES
17 #
18 # Uncomment this to enable any form of FTP write command.
19 write_enable=YES
20 #
21 # Default umask for local users is 077. You may wish to change this to 022,
22 # if your users expect that (022 is used by most other ftpd's)
23 local_umask=002 //新建目录的权限为775
24 #
# listens on IPv4 sockets. This directive cannot be used in conjunction
113 # with the listen_ipv6 directive.
114 listen=YES //ipv4网络开启
115 #
116 # This directive enables listening on IPv6 sockets. By default, listening
117 # on the IPv6 "any" address (::) will accept connections from both IPv6
118 # and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6
119 # sockets. If you want that (perhaps because you want to listen on specific
120 # addresses) then you must run two copies of vsftpd with two configuration
121 # files.
122 # Make sure, that one of the listen options is commented !!
123 #listen_ipv6=YES //注释ipv6网络
123 #listen_ipv6=YES
124
125 pam_service_name=vsftpd
126 userlist_enable=YES
127 tcp_wrappers=YES
128 banner_file=/etc/vsftpd/welcome.txt //设置欢迎信息
129 //限制用户登陆的权限
130 userlist_enable=YES
131 userlist_deny=YES
132 userlist_file=/etc/vsftpd/user_list
重启服务
service vsftpd restart
编辑欢迎信息
vi /etc/vsftpd/welcome.txt
#####################
i'am coming!!!FTP
####################
~
建立一个测试FTP服务的新用户
[root@www vsftpd]# useradd ftpuser
[root@www vsftpd]# passwd ftpuser
Changing password for user ftpuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
3. 测试FTP与root用户登录登陆
FTP用户登录成功
root用户登录失败
匿名用户登录失败
4. chroot的使用
通过chroot可以设置某些帐号登陆后不允许离开他的家目录。设定的方法很简单,修改vsftpd.conf,增加以下的项目:
94 # You may specify an explicit list of local users to chroot() to their home
95 # directory. If chroot_local_user is YES, then this list becomes a list of
96 # users to NOT chroot().
97 # (Warning! chroot'ing can be very dangerous. If using chroot, make sure that
98 # the user does not have write access to the top level directory within the
99 # chroot)
100 #chroot_local_user=YES
101 chroot_list_enable=YES //去掉注释
102 # (default follows)
103 chroot_list_file=/etc/vsftpd/chroot_list //去掉注释
104 #
创立chroot_list文件并写入用户名字ftpuser
vi /etc/vsftpd/choot_list
ftpuser
~
~
重启服务即可
sevice vsftpd restart
5. 设置下载带宽与最大同时连接人数
vi /etc/vsftpd/vsftpd.conf
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd/user_list
local_max_rate=100000
max_clients=10
max_per_ip=1
重启即可生效
6. 允许匿名登录
创立浏览文件
[root@www vsftpd]# mkdir /var/ftp/linux
[root@www vsftpd]# mkdir /var/ftp/gnu
进入配置文件
vi /etc/vsftpd/vsftpd.conf
开放匿名登录并限制匿名网宽
11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
12 anonymous_enable=YES
13 no_anon_password=YES
14 anon_max_rate=30000
设置自动掉线时间
61 # You may change the default value for timing out an idle session.
62 idle_session_timeout=600
63 #
64 # You may change the default value for timing out a data connection.
65 data_connection_timeout=120
66 #
7. 测试匿名者登录
登录成功
8. 文件上传下载测试
max_clients=10
max_per_ip=1
#允许匿名用户上传文件的目录
write_enable=YES
anon_other_write_enable=YES
anon_mkdir_write_enable=YES
anon_upload_enable=YES
[root@www vsftpd]# mkdir /var/ftp/upload //创建upload目录
[root@www vsftpd]# chown ftp /var/ftp/upload/ //修改目录的所有者为ftp
测试成功
168
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
