#####FTP的搭建####
ftp 文本传输链接
http 超文本传输链接
1.配置环境
vim westos.repo
yum clean all
yum repolist ##查看yum软件包
vim /etc/sysconfig/selinux
reboot ##重启
getenforce ##查看环境是否配置成功
#####部署ftp服务###
- yum search ftp ##查看是否有ftp软件包
yum install vsftpd.x86_64 -y ##yum安装ftp
2.systemctl start vsftpd ##打开vsftpd
systemctl enable vsftpd ##设置开机能自动使用
firewall-cmd --list-all ##列出防火墙使用
firewall-config ##出现防火墙设置图界面 (选择ftp Permanent)
(firewall-config:2583): Gtk-WARNING **: cannot open display: ##可能出现的报错
systemctl status firewalld ##防火墙状态必须打开
systemctl status vsftpd.service ##vsftp打开
firewall-cmd --list-all
3.lftp 172.25.254.66 ##lftp是用来查看ftp的,lftp没有的话用yum 安装
yum insatll lftp -y
[root@localhost ~]# lftp 172.25.254.146
lftp 172.25.254.146:~> ls
drwxr-xr-x 2 0 0 6 Jun 23 2016 pub
lftp 172.25.254.146:/> quit ##退出
ftp服务的基本信息
软件安装包 : vsftp
默认发布目录: /var/ftp
协议接口: 21/tcp
服务配置文件:/etc/vsftpd/vsftpd.conf
报错id的解析:
500 ##文件系统权限过大
530 ##用户认证失败
550 ##服务本身未能开放
553 ##本地文件系统权限过小
###4匿名用户管理
vim /etc/vsftpd/vsftpd.conf
匿名用户
anonymous_enable=YES|NO #匿名用户是否可以登陆
local_enable=YES|NO #本地用户是否可以登陆
ls: Login failed: 530 This FTP server is anonymous only. ##报错530,用户认证失败
write_enable=YES|NO #ftp 是否对登陆用户可写
##<匿名用户的上传>
vim /etc/vsftpd/vsftpd.conf
write_enable=yes
anon_upload=yes
chgrp ftp /var/ftp/pub
chmod 775 /var/ftp/pub
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf
[root@foundation66 ~]# ll -d /var/ftp/pub/
drwxr-xr-x 2 root root 6 Mar 7 2014 /var/ftp/pub/
[root@foundation66 ~]# chmod 755 /var/ftp/pub/
[root@foundation66 ~]# chgrp ftp /var/ftp/pub/
[root@foundation66 ~]# ls -ld /var/ftp/pub/
drwxr-xr-x 2 root ftp 6 Mar 7 2014 /var/ftp/pub/
[root@foundation66 ~]# chmod 775 /var/ftp/pub/
[root@foundation66 ~]# ll -d /var/ftp/pub/
drwxrwxr-x 2 root ftp 6 Mar 7 2014 /var/ftp/pub/
[root@foundation66 ~]# lftp 172.25.254.66
lftp 172.25.254.66:~> ls
drwxrwxr-x 2 0 50 6 Mar 07 2014 pub
lftp 172.25.254.66:/> cd pub/
lftp 172.25.254.66:/pub> put /etc/passwd
2005 bytes transferred
lftp 172.25.254.66:/pub> ls
-rw------- 1 14 50 2005 Apr 16 19:01 passwd
lftp 172.25.254.66:/pub> quit
[root@foundation66 ~]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
匿名用户下载
anon_world_readable_only=YES|NO ##设定参数值为no表示匿名用户下可以下载
匿名用户删除
anon_other_write_enable=YES|NO
##匿名用户家目录的修改
anon_root=/direcoty
##匿名用户上传文件默认权限修改
anon_umask=xxx
##匿名用户建立目录
anon_mkdir_write_enable=YES|NO
匿名用户使用身份的修改
chown_uploads=YES
chown_username=student
chown_upload_mode=0644
最大上传速率
anon_max_rate=102400
最大链接数
max_cliebts=2
2.本地用户设定
local_enable=YES|NO ##本地用户登录限制
本地用户家目录修改
local_root=/directory
#本地用户上传文件权限
local_umask=xxx
##限制本地用户浏览根/下的家目录
所有用户被锁定到自己的家目录中
chroot_local_user=YES
chmod u-w /home/* ##改变家目录的权限,否则无法锁定本地用户
[root@foundation66 ~]# useradd westos ##新建用户westos
[root@foundation66 ~]# passwd westos ##westos密码设定
Changing password for user westos.
New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@foundation66 ~]# ll /home/
total 15
drwx------ 2 root root 12288 May 12 2017 lost+found
drwx------. 5 student student 1024 May 12 2017 student
drwx------ 4 westos westos 1024 Apr 17 06:18 westos
[root@foundation66 ~]# chmod u-w /home/*
[root@foundation66 ~]# ll /home/
total 15
dr-x------ 2 root root 12288 May 12 2017 lost+found
dr-x------. 5 student student 1024 May 12 2017 student
dr-x------ 4 westos westos 1024 Apr 17 06:18 westos
用户黑名单的建立
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
用户白名单的建立
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf
[root@foundation66 ~]# systemctl restart vsftpd
[root@foundation66 ~]# lftp 172.25.254.66 -u westos ##westos访问不了家目录
Password:
lftp westos@172.25.254.66:~> ls
-rw-r--r-- 1 0 0 0 Apr 16 22:22 westosfile
lftp westos@172.25.254.66:/> ls /
-rw-r--r-- 1 0 0 0 Apr 16 22:22 westosfile
lftp westos@172.25.254.66:/> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u student
Password:
lftp student@172.25.254.66:~> ls /
lrwxrwxrwx 1 0 0 7 May 07 2014 bin -> usr/bin
dr-xr-xr-x 4 0 0 4096 Jul 10 2014 boot
drwxr-xr-x 19 0 0 2880 Apr 16 17:18 dev
drwxr-xr-x 134 0 0 8192 Apr 16 22:18 etc
drwxr-xr-x 5 0 0 1024 Apr 16 22:18 home
lrwxrwxrwx 1 0 0 7 May 07 2014 lib -> usr/lib
lrwxrwxrwx 1 0 0 9 May 07 2014 lib64 -> usr/lib64
drwxr-xr-x 2 0 0 6 Mar 13 2014 media
drwxr-xr-x 2 0 0 17 Apr 16 19:46 mnt
drwxr-xr-x 4 0 0 31 Jun 26 2018 opt
dr-xr-xr-x 162 0 0 0 Apr 17 2019 proc
dr-xr-x--- 18 0 0 4096 Apr 16 22:34 root
drwxr-xr-x 35 0 0 1160 Apr 16 17:55 run
lrwxrwxrwx 1 0 0 8 May 07 2014 sbin -> usr/sbin
drwxr-xr-x 2 0 0 6 Mar 13 2014 srv
dr-xr-xr-x 13 0 0 0 Apr 17 2019 sys
drwxrwxrwt 46 0 0 4096 Apr 16 19:29 tmp
drwxr-xr-x 13 0 0 4096 Mar 02 05:52 usr
drwxr-xr-x 23 0 0 4096 Apr 16 17:30 var
lftp student@172.25.254.66:~> quit
#限制本地用户登陆
vim /etc/vsftpd/ftpusers ##用户黑名单(加入用户名,不能登陆)
vim /etc/vsftpd/user_list ##用户临时黑名单
用户白名单设定(vim /etc/vsftpd/vsftpd.conf )
userlist_enable=YES
userlist_deny=NO
/etc/vssftpd/user_list ##参数设定,此文件变成白名单,只有名单内的可以进入
[root@foundation66 ~]# vim /etc/vsftpd/ftpusers (加入student)
[root@foundation66 ~]# lftp 172.25.254.66 -u student ##本地用户student
Password:
lftp student@172.25.254.66:~> ls
ls: Login failed: 530 Login incorrect. ##不能登陆
lftp student@172.25.254.66:~> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u westos ##本地用户westos
Password:
lftp westos@172.25.254.66:~> ls
-rw-r--r-- 1 0 0 0 Apr 16 22:22 westosfile
lftp westos@172.25.254.66:/> quit
[root@foundation66 ~]# vim /etc/vsftpd/user_list (##加入student)
[root@foundation66 ~]# lftp 172.25.254.66 -u westos
Password:
lftp westos@172.25.254.66:~> ls
-rw-r--r-- 1 0 0 0 Apr 16 22:22 westosfile
lftp westos@172.25.254.66:~> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u student
Password:
lftp student@172.25.254.66:~> ls
ls: Login failed: 530 Permission denied. ##student不被允许登陆
lftp student@172.25.254.66:~> quit
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf ##黑名单变成白名单,只有白名单内的可登陆
userlist_enable=YES
userlist_deny=NO
[root@foundation66 ~]# systemctl restart vsftpd
[root@foundation66 ~]# lftp 172.25.254.66 -u student
Password:
lftp student@172.25.254.66:~>
lftp student@172.25.254.66:~> ls
lftp student@172.25.254.66:~> ls
lftp student@172.25.254.66:~> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u westos
Password:
lftp westos@172.25.254.66:~> ls
ls: Login failed: 530 Permission denied.
lftp westos@172.25.254.66:~> quit
#ftp虚拟用户的设定
1.创建虚拟帐号身份
vim /etc/vsftpd/westosfile
user1 ##用户名
123 ##密码
user2
123
user3
123
2.db_load -T -t hash -f /etc/vsftpd/westosfile /etc/vsftpd/westosfile.db ##建立密码识别程序
3.vim /etc/pam.d/westos ##编辑文件用户识别方式
用户 识别通过
account required pam_userdb.so db=/etc/vsftpd/westosfile
auth required pam_userdb.so db=/etc/vsftpd/westosfile
4.vim /etc/vsftpd/vsftpd.conf
pam_service_name=westos
guest_enable=YES
[root@foundation66 ~]# vim /etc/vsftpd/westosfile
[root@foundation66 ~]# cat /etc/vsftpd/westosfile
user1
123
user2
123
user3
123
[root@foundation66 ~]# db_load -T -t hash -f /etc/vsftpd/westosfile /etc/vsftpd/westosfile.db
[root@foundation66 ~]# vim /etc/pam.d/westos
[root@foundation66 ~]# cat /etc/pam.d/westos
account required pam_userdb.so db=/etc/vsftpd/westosfile
auth required pam_userdb.so db=/etc/vsftpd/westosfile
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf
[root@foundation66 ~]# systemctl restart vsftpd
[root@foundation66 ~]# lftp 172.25.254.66 -u user1
Password:
lftp user1@172.25.254.66:~> ls
drwxrwxr-x 2 0 50 29 Apr 16 21:45 pub
lftp user1@172.25.254.66:/> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u user2
Password:
lftp user2@172.25.254.66:~> ls
drwxrwxr-x 2 0 50 29 Apr 16 21:45 pub
lftp user2@172.25.254.66:/> quit
虚拟账户家目录独立设定
vim /etc/vsftpd/vsftpd.conf
local_root=/ftphome/KaTeX parse error: Expected 'EOF', got '#' at position 7: USER #̲#登陆时识别/ftphome/USER
user_sub_token=KaTeX parse error: Expected 'EOF', got '#' at position 7: USER #̲#注释USER 与脚本中的识别作用一样
mkdir /ftphome/user1/user1dir -p
mkdir /ftphome/user2/user2dir -p
[root@foundation66 ~]# mkdir /ftphome/user1/user1dir -p
[root@foundation66 ~]# mkdir /ftphome/user2/user2dir -p
[root@foundation66 ~]# mkdir /ftphome/user3/user3dir -p
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf
pam_service_name=westos
guest_enable=YES
userlist_enable=YES
guest_username=ftp
tcp_wrappers=YES
local_root=/ftphome/$USER
user_sub_token=$USER
[root@foundation66 ~]# systemctl restart vsftpd
[root@foundation66 ~]# lftp 172.25.254.66 -u user1
Password:
lftp user1@172.25.254.66:~> ls
drwxr-xr-x 2 0 0 6 Apr 17 00:22 user1dir
lftp user1@172.25.254.66:/> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u user2
Password:
lftp user2@172.25.254.66:~> ls
drwxr-xr-x 2 0 0 6 Apr 17 00:23 user2dir
lftp user2@172.25.254.66:/> quit
[root@foundation66 ~]# lftp 172.25.254.66 -u user3
Password:
lftp user3@172.25.254.66:~> ls
drwxr-xr-x 2 0 0 6 Apr 17 00:23 user3dir
lftp user3@172.25.254.66:/> quit
虚拟帐号独立配置
vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/userconf
mkdir -p /etc/vsftpd/userconf
[root@foundation66 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/userconf
:
[root@foundation66 ~]# systemctl restart vsftpd
[root@foundation66 ~]# mkdir /etc/vsftpd/userconf
[root@foundation66 ~]# cd /etc/vsftpd/userconf/
[root@foundation66 userconf]# ls
[root@foundation66 userconf]# vim user1
[root@foundation66 userconf]# cp /etc/vsftpd/vsftpd.conf user1
cp: overwrite ‘user1’? y
[root@foundation66 userconf]# vim user1
anon_upload_enable=YES
anon_other_write_enable=YES
[root@foundation66 userconf]# chmod g+w /ftphome/user1/user1dir
[root@foundation66 userconf]# ll -ld /ftphome/user1/user1dir
drwxrwxr-x 2 root root 6 Apr 17 08:22 /ftphome/user1/user1dir
[root@foundation66 userconf]# chgrp ftp /ftphome/user1/user1dir
[root@foundation66 userconf]# systemctl restart vsftpd
[root@foundation66 userconf]# lftp 172.25.254.66 -u user1Password:
lftp user1@172.25.254.66:~> ls
drwxrwxr-x 2 0 50 6 Apr 17 00:22 user1dir
lftp user1@172.25.254.66:/> cd user1dir
lftp user1@172.25.254.66:/user1dir> put /etc/passwd
2048 bytes transferred
lftp user1@172.25.254.66:/user1dir> ls
-rw-r--r-- 1 1000 50 2048 Apr 17 01:25 passwd
lftp user1@172.25.254.66:/user1dir> quit