- [root@mail ~]# yum -y install vsftpd
- Loaded plugins: refresh-packagekit, rhnplugin
- This system is not registered with RHN.
- RHN support will be disabled.
- Setting up Install Process
- Resolving Dependencies
- --> Running transaction check
- ---> Package vsftpd.i686 0:2.2.2-11.el6 set to be updated
- --> Finished Dependency Resolution
- Dependencies Resolved
- ================================================================================
- Package Arch Version Repository Size
- ================================================================================
- Installing:
- vsftpd i686 2.2.2-11.el6 rhel-source 157 k
- Transaction Summary
- ================================================================================
- Install 1 Package(s)
- Upgrade 0 Package(s)
- Total download size: 157 k
- Installed size: 344 k
- Downloading Packages:
- vsftpd-2.2.2-11.el6.i686.rpm | 157 kB 00:00
- Running rpm_check_debug
- Running Transaction Test
- Transaction Test Succeeded
- Running Transaction
- Installing : vsftpd-2.2.2-11.el6.i686 1/1
- Installed:
- vsftpd.i686 0:2.2.2-11.el6
- Complete!
- [root@mail ~]# service vsftpd start
- 为 vsftpd 启动 vsftpd: [确定]
- [root@mail ~]# chkconfig vsftpd on #设置开机即启动ftp服务
- [root@mail ~]# lftp 192.169.1.98
- -bash: lftp: command not found
- [root@mail ~]# yum -y install lftp
- Loaded plugins: refresh-packagekit, rhnplugin
- This system is not registered with RHN.
- RHN support will be disabled.
- Setting up Install Process
- Resolving Dependencies
- --> Running transaction check
- ---> Package lftp.i686 0:4.0.9-1.el6 set to be updated
- --> Finished Dependency Resolution
- Dependencies Resolved
- ================================================================================
- Package Arch Version Repository Size
- ================================================================================
- Installing:
- lftp i686 4.0.9-1.el6 rhel-source 735 k
- Transaction Summary
- ================================================================================
- Install 1 Package(s)
- Upgrade 0 Package(s)
- Total download size: 735 k
- Installed size: 2.3 M
- Downloading Packages:
- lftp-4.0.9-1.el6.i686.rpm | 735 kB 00:00
- Running rpm_check_debug
- Running Transaction Test
- Transaction Test Succeeded
- Running Transaction
- Installing : lftp-4.0.9-1.el6.i686 1/1
- Installed:
- lftp.i686 0:4.0.9-1.el6
- Complete!
- [root@mail ~]# touch /var/ftp/pub/a #匿名用户的默认登陆目录为/var/ftp/pub/
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls
- drwxr-xr-x 2 0 0 4096 Aug 14 14:19 pub
- lftp 192.169.1.98:/> cd pub/
- lftp 192.169.1.98:/pub> ls
- -rw-r--r-- 1 0 0 0 Aug 14 14:19 a
- lftp 192.169.1.98:/pub> quit
- #要实现匿名用户的读写,要有几个条件
- 1.要给/var/ftp/pub/目录other写权限
- 2./etc/vsftpd/vsftpd.conf 修改anon_upload_enable=YES
- 3.要关闭selinux,或给目录打上标签
- 4.创建文件夹另外需要/etc/vsftpd/vsftpd.conf 修改anon_mkdir_write_enable=YES
- [root@mail ~]# chmod o+w /var/ftp/pub/
- [root@mail ~]# vim /etc/vsftpd/vsftpd.conf #anon_upload_enable=YES
- [root@mail ~]# ls
- anaconda-ks.cfg install.log Package 公共的 视频 文档 音乐
- Finished install.log.syslog Running 模板 图片 下载 桌面
- [root@mail ~]# service vsftpd restart
- 关闭 vsftpd: [确定]
- 为 vsftpd 启动 vsftpd: [确定]
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> cd pub/
- lftp 192.169.1.98:/pub> mkdir anon_dir1
- mkdir: Access failed: 550 Permission denied. (anon_dir1)
- lftp 192.169.1.98:/pub> put install.log
- put: Access failed: 553 Could not create file. (install.log) #只修改两项,此时创建目录和上传都是不行的
- lftp 192.169.1.98:/pub> quit
- [root@mail ~]# setenforce 0 #关闭selinux
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> cd pub/
- lftp 192.169.1.98:/pub> ls
- -rw-r--r-- 1 0 0 0 Aug 14 14:19 a
- lftp 192.169.1.98:/pub> put install.log
- 41465 bytes transferred
- lftp 192.169.1.98:/pub> mkdir anon_dir1 #上传可以了,但是创建目录还是不行的
- mkdir: Access failed: 550 Permission denied. (anon_dir1)
- lftp 192.169.1.98:/pub> quit
- [root@mail ~]# vim /etc/vsftpd/vsftpd.conf #修改anon_mkdir_write_enable=YES
- [root@mail ~]# service vsftpd restart
- 关闭 vsftpd: [确定]
- 为 vsftpd 启动 vsftpd: [确定]
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> cd pub/
- lftp 192.169.1.98:/pub> ls
- -rw-r--r-- 1 0 0 0 Aug 14 14:19 a
- -rw------- 1 14 50 41465 Aug 14 14:30 install.log
- lftp 192.169.1.98:/pub> mkdir anon_dir1 #这下上传和创建目录都可以了
- mkdir 成功, 建立 `anon_dir1'
- lftp 192.169.1.98:/pub> ls
- -rw-r--r-- 1 0 0 0 Aug 14 14:19 a
- drwx------ 2 14 50 4096 Aug 14 14:32 anon_dir1
- -rw------- 1 14 50 41465 Aug 14 14:30 install.log
- lftp 192.169.1.98:/pub> quit
- [root@mail ~]# ls -l /var/ftp/pub/
- 总用量 48
- -rw-r--r--. 1 root root 0 8月 14 22:19 a
- drwx------. 2 ftp ftp 4096 8月 14 22:32 anon_dir1
- -rw-------. 1 ftp ftp 41465 8月 14 22:30 install.log #匿名用户以ftp的身份上传文件和创建文件夹
- #默认目录/var/ftp/pub,需要注意的是在redhat6里面,
- #也可以修改匿名用户的默认的登陆目录,但是目录结构要有一定的规范。
- #1.目录必须是三级。2.前两级目录必须是755权限。
- #在/etc/vsftpd/vsftpd.conf中的anon_root=第一级目录(在碰到诡异问题时候可以像这样解决,但有时候写第二级或第三级也行)
- #
- [root@mail ~]# vim /etc/vsftpd/vsftpd.conf
- [root@mail ~]# tail -1 /etc/vsftpd/vsftpd.conf
- anon_root=/data1/
- [root@mail ~]# mkdir -p /data1/data2/data3
- [root@mail ~]# service vsftpd restart
- 关闭 vsftpd: [确定]
- 为 vsftpd 启动 vsftpd: [确定]
- [root@mail ~]# chmod o+w /data1/data2/data3/
- [root@mail ~]# setenforce 0
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls
- drwxr-xr-x 3 0 0 4096 Aug 15 03:40 data2
- lftp 192.169.1.98:/> cd data2/
- lftp 192.169.1.98:/data2> ls
- drwxr-xrwx 2 0 0 4096 Aug 15 03:40 data3
- lftp 192.169.1.98:/data2> cd data3/
- lftp 192.169.1.98:/data2/data3> ls
- lftp 192.169.1.98:/data2/data3> put
- .ICEauthority .gnupg/ .ssh/ .xauthzWxTwM
- .bash_history .gstreamer-0.10/ .tcshrc Finished
- .bash_logout .gtk-bookmarks .themes/ Package
- .bash_profile .gvfs/ .thumbnails/ Running
- .bashrc .icons/ .viminfo anaconda-ks.cfg
- .cache/ .imsettings.log .xauthPOZYeE install.log
- .config/ .lesshst .xauthUmfkv2 install.log.syslog
- .cshrc .lftp/ .xauthZPDirN 下载/
- .dbus/ .local/ .xauthdwewZF 公共的/
- .elinks/ .nautilus/ .xauthhXO72Z 图片/
- .esd_auth .printer-groups.xml .xauthjJSo1Z 文档/
- .gconf/ .pulse/ .xauthkCfxzH 桌面/
- .gconfd/ .pulse-cookie .xauthmGZjkB 模板/
- .gnome2/ .recently-used.xbel .xauthrcABFo 视频/
- .gnote/ .rnd .xauthsvl3SP 音乐/
- lftp 192.169.1.98:/data2/data3> put anaconda-ks.cfg
- 1388 bytes transferred
- lftp 192.169.1.98:/data2/data3> ls
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- lftp 192.169.1.98:/data2/data3> cd ..
- lftp 192.169.1.98:/data2> ls
- drwxr-xrwx 2 0 0 4096 Aug 15 03:40 data3
- lftp 192.169.1.98:/data2> put Package
- put: Access failed: 553 Could not create file. (Package)
- lftp 192.169.1.98:/data2> put install.log #因为data2没有写权限,即使有,也不能上传目录
- put: Access failed: 553 Could not create file. (install.log)
- lftp 192.169.1.98:/data2> cd data3/
- lftp 192.169.1.98:/data2/data3> ls
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- lftp 192.169.1.98:/data2/data3> mkdir anon_dir1
- mkdir 成功, 建立 `anon_dir1'
- lftp 192.169.1.98:/data2/data3> ls
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- drwx------ 2 14 50 4096 Aug 15 03:42 anon_dir1
- lftp 192.169.1.98:/data2/data3> cd /etc #不能跳到本机的其他目录
- cd: Access failed: 550 Failed to change directory. (/etc)
- lftp 192.169.1.98:/data2/data3> quit
- [root@mail ~]# vim /etc/vsftpd/vsftpd.conf
- [root@mail ~]# tail -1 /etc/vsftpd/vsftpd.conf #anon_root写第二级目录试试
- anon_root=/data1/data2/
- [root@mail ~]# service vsftpd restart
- 关闭 vsftpd: [确定]
- 为 vsftpd 启动 vsftpd: [确定]
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls #默认登陆进来是第二级
- drwxr-xrwx 3 0 0 4096 Aug 15 03:42 data3
- lftp 192.169.1.98:/> cd data3/
- lftp 192.169.1.98:/data3> ls
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- drwx------ 2 14 50 4096 Aug 15 03:42 anon_dir1
- lftp 192.169.1.98:/data3> put install.log
- 41465 bytes transferred
- lftp 192.169.1.98:/data3> mkdir anon_dir2 #可以上传,可以创建
- mkdir 成功, 建立 `anon_dir2'
- lftp 192.169.1.98:/data3> cd ..
- lftp 192.169.1.98:/> cd
- cd 成功, 当前目录=/
- lftp 192.169.1.98:/> ls
- drwxr-xrwx 3 0 0 4096 Aug 15 03:42 data3
- lftp 192.169.1.98:/> pwd
- ftp://192.169.1.98/
- lftp 192.169.1.98:/> quit
- [root@mail ~]#
- --------------------selinux---------------------
- [root@mail ~]# --------selinux----------^C
- [root@mail ~]# setenforce 1 #打开selinux
- [root@mail ~]# lftp 192.169.1.98 #连ls都不可以了
- lftp 192.169.1.98:~> ls
- ls: 登录失败: 500 OOPS: cannot change directory:/data1/data2
- lftp 192.169.1.98:~> quit
- [root@mail ~]# getsebool -a|grep ftp #查看一下跟ftp有关的selinux
- allow_ftpd_anon_write --> off
- allow_ftpd_full_access --> off
- allow_ftpd_use_cifs --> off
- allow_ftpd_use_nfs --> off
- ftp_home_dir --> off
- ftpd_connect_db --> off
- httpd_enable_ftp_server --> off
- sftpd_anon_write --> off
- sftpd_enable_homedirs --> off
- sftpd_full_access --> off
- sftpd_write_ssh_home --> off
- tftp_anon_write --> off
- [root@mail ~]# setsebool -P allow_ftpd_anon_write on #打开allow_ftpd_anon_write试试
- [root@mail ~]# lftp 192.169.1.98 #还是不行的
- lftp 192.169.1.98:~> ls
- ls: 登录失败: 500 OOPS: cannot change directory:/data1/data2
- lftp 192.169.1.98:~> quit
- [root@mail ~]# setsebool -P allow_ftpd_full_access on #把allow_ftpd_full_access也打开
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls
- drwxr-xrwx 4 0 0 4096 Aug 15 03:46 data3
- lftp 192.169.1.98:/> cd data3/
- lftp 192.169.1.98:/data3> ls
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- drwx------ 2 14 50 4096 Aug 15 03:42 anon_dir1
- drwx------ 2 14 50 4096 Aug 15 03:46 anon_dir2
- -rw------- 1 14 50 41465 Aug 15 03:46 install.log
- lftp 192.169.1.98:/data3> mkdir anon_dir3
- mkdir 成功, 建立 `anon_dir3'
- lftp 192.169.1.98:/data3> put install.log.syslog #这下上传和创建文件夹都可以了
- 10565 bytes transferred
- lftp 192.169.1.98:/data3> quit
- [root@mail ~]#
- #但是allow_ftpd_full_access为on权限还是太大,能不能保证put,mkdir正常到情况下,进一步减小权限,可以!
- #给目录和文件都打上标签
- [root@mail ~]# setsebool -P allow_ftpd_full_access off #先把这个关了
- [root@mail ~]# ls -dZ /data1/data2/data3/ #data3的标签为default_t
- drwxr-xrwx. root root unconfined_u:object_r:default_t:s0 /data1/data2/data3/
- [root@mail ~]# ls -dZ /var/ftp/pub/ #看一下默认目录的标签,为public_content_t
- drwxr-xrwx. root root system_u:object_r:public_content_t:s0 /var/ftp/pub/
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/ #给目录打这个标签
- [root@mail ~]# chcon -t public_content_t /data1/data2/ #data2也打
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls
- ls: 登录失败: 500 OOPS: cannot change directory:/data1/data2
- lftp 192.169.1.98:~> quit
- [root@mail ~]# chcon -t public_content_t /data1/ #登陆后还是不行,给data1也打上
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls #这时候可以了
- drwxr-xrwx 5 0 0 4096 Aug 15 05:42 data3
- lftp 192.169.1.98:/> cd data3/
- lftp 192.169.1.98:/data3> ls #但是ls看不到任何东西
- lftp 192.169.1.98:/data3> quit
- #因为里面文件的标签跟public_content_t不兼容,所以给文件也打上,注意加-R递归的改有时候不起作用
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/anaconda-ks.cfg
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/anon_dir1/
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/anon_dir2/
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/anon_dir3/
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/install.log
- [root@mail ~]# chcon -t public_content_t /data1/data2/data3/install.log.syslog
- [root@mail ~]# lftp 192.169.1.98
- lftp 192.169.1.98:~> ls
- drwxr-xrwx 5 0 0 4096 Aug 15 05:42 data3
- lftp 192.169.1.98:/> cd data3/
- lftp 192.169.1.98:/data3> ls #这下都能看到了
- -rw------- 1 14 50 1388 Aug 15 03:41 anaconda-ks.cfg
- drwx------ 2 14 50 4096 Aug 15 03:42 anon_dir1
- drwx------ 2 14 50 4096 Aug 15 03:46 anon_dir2
- drwx------ 2 14 50 4096 Aug 15 05:41 anon_dir3
- -rw------- 1 14 50 41465 Aug 15 03:46 install.log
- -rw------- 1 14 50 10565 Aug 15 05:42 install.log.syslog
- lftp 192.169.1.98:/data3>
架设ftp服务器
最新推荐文章于 2021-04-29 22:50:42 发布