*************部署ftp文件分享服务***************
00000000配置实验环境0000000000
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /root/diskpass
[root@localhost ~]# chmod 600 /root/diskpass
[root@localhost ~]# ll /root
total 16
-rw-------. 1 root root 8619 5月 6 2014 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 4月 22 21:15 Desktop
-rw-------. 1 root root 9 4月 22 21:41 diskpass
drwxr-xr-x. 2 root root 6 4月 22 21:15 Documents
drwxr-xr-x. 2 root root 6 4月 22 21:15 Downloads
drwxr-xr-x. 2 root root 6 4月 22 21:15 Music
drwxr-xr-x. 2 root root 6 4月 22 21:15 Pictures
drwxr-xr-x. 2 root root 6 4月 22 21:15 Public
drwxr-xr-x. 2 root root 6 4月 22 21:15 Templates
drwxr-xr-x. 2 root root 6 4月 22 21:15 Videos
[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass
Enter any passphrase:
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# reboot
Connection to 172.25.254.140 closed by remote host.
Connection to 172.25.254.140 closed.
[root@localhost ~]# yum search ftp
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: ftp ===============================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
vsftpd.x86_64 : Very Secure Ftp Daemon
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install vsftpd.x86_64 ##安装ftp服务
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl enable firewalld
[root@localhost ~]# firewall-cmd --list-all ##查看火墙状态
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##永久地允许ftp服务访问
success
[root@localhost ~]# firewall-cmd --reload ##重新加载火墙信息
success
[root@localhost ~]# systemctl start vsftpd
*************ftp服务调试******************
1111111匿名用户可登陆111111111
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
anonymous_enable=NO ##不允许匿名用户登陆
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp 172.25.254.140:~> ls
Interrupt ##登录失败
2222222本地用户可登陆22222222
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
local_enable=NO ##不允许本地用户登陆
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp 172.25.254.140:~> ls
Interrupt ##登录失败
333333本地用户可写入333333333
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
write_enable=NO ##不允许本地用户写入
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
[root@localhost ~]# touch /home/student/file ##
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp student@172.25.254.140:~> ls
-rw-r--r-- 1 0 0 0 Apr 23 02:38 file
lftp student@172.25.254.140:~> rm -r file
rm: Access failed: 550 Permission denied. (file) ##服务本身拒绝此操作
44444444上传控制44444444
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
29 anon_upload_enable=YES ##用户可以上传(去掉注释)
33 anon_mkdir_write_enable=YES ##用户可创建目录(去掉注释)
34 anon_other_write_enable=YES ##用户可删除,重命名等(加上此条)
35 anon_world_readable_only=NO ##用户不是只读权限【可下载】(加上此条)
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140
lftp 172.25.254.140:/> cd /pub
cd ok, cwd=/pub
lftp 172.25.254.140:/pub> mkdir test
mkdir ok, `test' created
lftp 172.25.254.140:/pub> ls
-rw------- 1 14 50 2367 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:11 test
lftp 172.25.254.140:/pub> get passwd
2367 bytes transferred
lftp 172.25.254.140:/pub> rm -r test
rm ok, `test' removed
55555555修改上传文件权限55555555
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chown_uploads=YES ##允许修改上传文件权限
chown_username=student ##设置上传文件所有人为student
chown_upload_mode=0644 ##设置上传文件权限为644
anon_umask=022
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
lftp 172.25.254.140:/pub> put /etc/group
993 bytes transferred
lftp 172.25.254.140:/pub> ls
-rw-r--r-- 1 1000 50 993 Apr 23 03:28 group ##student用户uid为1000
-rw------- 1 1000 50 2367 Apr 23 03:24 passwd
666666666上传文件速率控制666666666
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
anon_max_rate=102400 ##设置上传速率最大为100M
[root@foundation40 ~]# dd if=/dev/zero of=/mnt/bigfile bs=1024 count=10000
10000+0 records in
10000+0 records out
10240000 bytes (10 MB) copied, 0.0135613 s, 755 MB/s ##真机里截取大文件准备测试上传速率
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
lftp 172.25.254.140:/pub> put /mnt/bigfile ##上传大文件测试速率
777777限制本地用户在自己家目录中777777
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
——————————开启黑名单————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##写入用户名不可切换到根目录
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
——————————开启白名单————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##写入用户名可切换到根目录
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
88888888888限制本地用户登录888888888888
[root@localhost ~]# vim /etc/vsftpd/ftpusers ##永久黑名单,凡是被写入的用户,无论什么情况下都不能登陆ftp
[root@localhost ~]# vim /etc/vsftpd/user_list ##临时黑名单(有可能转化成白名单)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
userlist_deny=no ##加上此句,将/etc/vsftpd/user_list转化成白名单(当白名单与黑名单同时出现某用户时,则永久黑名单生效)
00000000配置实验环境0000000000
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /root/diskpass
[root@localhost ~]# chmod 600 /root/diskpass
[root@localhost ~]# ll /root
total 16
-rw-------. 1 root root 8619 5月 6 2014 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 4月 22 21:15 Desktop
-rw-------. 1 root root 9 4月 22 21:41 diskpass
drwxr-xr-x. 2 root root 6 4月 22 21:15 Documents
drwxr-xr-x. 2 root root 6 4月 22 21:15 Downloads
drwxr-xr-x. 2 root root 6 4月 22 21:15 Music
drwxr-xr-x. 2 root root 6 4月 22 21:15 Pictures
drwxr-xr-x. 2 root root 6 4月 22 21:15 Public
drwxr-xr-x. 2 root root 6 4月 22 21:15 Templates
drwxr-xr-x. 2 root root 6 4月 22 21:15 Videos
[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass
Enter any passphrase:
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# reboot
Connection to 172.25.254.140 closed by remote host.
Connection to 172.25.254.140 closed.
[root@localhost ~]# yum search ftp
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: ftp ===============================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
vsftpd.x86_64 : Very Secure Ftp Daemon
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install vsftpd.x86_64 ##安装ftp服务
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl enable firewalld
[root@localhost ~]# firewall-cmd --list-all ##查看火墙状态
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##永久地允许ftp服务访问
success
[root@localhost ~]# firewall-cmd --reload ##重新加载火墙信息
success
[root@localhost ~]# systemctl start vsftpd
*************ftp服务调试******************
1111111匿名用户可登陆111111111
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
anonymous_enable=NO ##不允许匿名用户登陆
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp 172.25.254.140:~> ls
Interrupt ##登录失败
2222222本地用户可登陆22222222
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
local_enable=NO ##不允许本地用户登陆
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp 172.25.254.140:~> ls
Interrupt ##登录失败
333333本地用户可写入333333333
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##编辑配置文件
write_enable=NO ##不允许本地用户写入
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
[root@localhost ~]# touch /home/student/file ##
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陆服务器(能显示服务器内容才算登陆成功)
lftp student@172.25.254.140:~> ls
-rw-r--r-- 1 0 0 0 Apr 23 02:38 file
lftp student@172.25.254.140:~> rm -r file
rm: Access failed: 550 Permission denied. (file) ##服务本身拒绝此操作
44444444上传控制44444444
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
29 anon_upload_enable=YES ##用户可以上传(去掉注释)
33 anon_mkdir_write_enable=YES ##用户可创建目录(去掉注释)
34 anon_other_write_enable=YES ##用户可删除,重命名等(加上此条)
35 anon_world_readable_only=NO ##用户不是只读权限【可下载】(加上此条)
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140
lftp 172.25.254.140:/> cd /pub
cd ok, cwd=/pub
lftp 172.25.254.140:/pub> mkdir test
mkdir ok, `test' created
lftp 172.25.254.140:/pub> ls
-rw------- 1 14 50 2367 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:11 test
lftp 172.25.254.140:/pub> get passwd
2367 bytes transferred
lftp 172.25.254.140:/pub> rm -r test
rm ok, `test' removed
55555555修改上传文件权限55555555
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chown_uploads=YES ##允许修改上传文件权限
chown_username=student ##设置上传文件所有人为student
chown_upload_mode=0644 ##设置上传文件权限为644
anon_umask=022
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
lftp 172.25.254.140:/pub> put /etc/group
993 bytes transferred
lftp 172.25.254.140:/pub> ls
-rw-r--r-- 1 1000 50 993 Apr 23 03:28 group ##student用户uid为1000
-rw------- 1 1000 50 2367 Apr 23 03:24 passwd
666666666上传文件速率控制666666666
****服务端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
anon_max_rate=102400 ##设置上传速率最大为100M
[root@foundation40 ~]# dd if=/dev/zero of=/mnt/bigfile bs=1024 count=10000
10000+0 records in
10000+0 records out
10240000 bytes (10 MB) copied, 0.0135613 s, 755 MB/s ##真机里截取大文件准备测试上传速率
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
****客户端******
lftp 172.25.254.140:/pub> put /mnt/bigfile ##上传大文件测试速率
777777限制本地用户在自己家目录中777777
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
——————————开启黑名单————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##写入用户名不可切换到根目录
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
——————————开启白名单————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##写入用户名可切换到根目录
[root@localhost ~]# systemctl restart vsftpd.service ##重启服务
88888888888限制本地用户登录888888888888
[root@localhost ~]# vim /etc/vsftpd/ftpusers ##永久黑名单,凡是被写入的用户,无论什么情况下都不能登陆ftp
[root@localhost ~]# vim /etc/vsftpd/user_list ##临时黑名单(有可能转化成白名单)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
userlist_deny=no ##加上此句,将/etc/vsftpd/user_list转化成白名单(当白名单与黑名单同时出现某用户时,则永久黑名单生效)