FTP file transfer service in Linux

This is the 9th day of my participation in Gwen Challenge

An overview of the

File Transfer Protocol (FTP) is a typical C/S application-layer Protocol. The File Transfer function is implemented by the server software and the client software.

FTP connection and transfer mode

By default, the FTP server uses TCP ports 20 and 21 to communicate with clients. Port 20 is used to establish data connections and transfer file data. Port 21 Is used to establish control connections and transfer FTP control commands.

Active mode: The server actively initiates a data connection. First, the client establishes the FTP control connection to PORT 21 of the server. When data needs to be transmitted, the client uses the PORT command to inform the server “I have opened a certain PORT, you come to connect me”. Then the server sends a request to the PORT of the client from PORT 20 and establishes a data connection.
Passive mode: The server passively waits for data connections. Passive mode is usually used if the firewall on the client’s network forbids active mode connections. First of all, the client establishes the FTP control connection to port 21 of the server. When data needs to be transmitted, the server tells the client with PASV command “I open a port, you come to connect me”, so the client sends a request to the port of the server and establishes a data connection.

Once the data connection is established between the client and the server, files can be uploaded or downloaded based on FTP commands sent from the control connection. When transferring files, they can be divided into text mode and binary mode according to whether character conversion is performed.

Text mode: Also known as THE ASCII (American Standard Code for Information Interchange) mode, this mode uses THE ASCII Standard character sequence during file transfer. It is generally used only for plain text file transfer.
Binary mode: Also known as Binary mode, this mode does not convert the character sequence ina file. It is more suitable for transferring programs, images, and other files with non-plain text characters.

FTP User Type

When an FTP client software is used to access the server, a special user account is usually used. The user name is FTP or Anonymous. Any password (including null password) provided by the user can be authenticated by the server. Generally used to provide public file downloads and so on.

In addition to anonymous users who do not require password authentication, the FTP server can directly use the local system user accounts for authentication. These users are often referred to as “local users”. An anonymous user also has a local system user account “FTP”, but for the VSFTPD service, a local user refers to a user other than the anonymous user.

Some FTP server software can also maintain a separate user database file, rather than using system user accounts directly. These FTP user accounts, located in a separate database file, are called “virtual users.” Using virtual users minimizes the association between FTP accounts and Linux accounts, improving system security.

Type of FTP server software

On Windows, common FTP server software includes FileZilla Sener and Serv-U. On Linux, VSFTPD is widely used in Linux/UNIX. The software is heavily designed for security features. In addition to security, VSFTPD also stands out in terms of speed and stability. Up to 15000 users can be connected concurrently.

Type of FTP client tools

Windows and Linux have FTP command programs by default. You can connect to the FTP server for interactive upload and download communication. In addition, there are a number of graphical FTP client tools. Common Windows oss include CuteFTP, FlashFXP, LeapFTP, and Filezilla.

Environmental preparation

Mount the CD and set up the YUM repository.

[root@localhost ~]# cd /
[root@localhost /]# ls
bin   cgroup  etc   lib    lost+found  misc  net  proc  sbin     srv  tmp  var
boot  dev     home  lib64  media       mnt   opt  root  selinux  sys  usr
[root@localhost /]# mkdir /181201
[root@localhost /]# mount /dev/cdrom /181201/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@localhost /]# alias vi='/usr/bin/vim'
[root@localhost /]# which -a vi vim
alias vi='/usr/bin/vim'
 /usr/bin/vim
/bin/vi
/usr/bin/vim
[root@localhost /]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
CentOS-Base.repo  CentOS-Debuginfo.repo  CentOS-Media.repo  CentOS-Vault.repo
[root@localhost yum.repos.d]# mkdir a
[root@localhost yum.repos.d]# mv C* a
[root@localhost yum.repos.d]# ls
a
[root@localhost yum.repos.d]# mv a/CentOS-Debuginfo.repo .
[root@localhost yum.repos.d]# ls
a  CentOS-Debuginfo.repo
[root@localhost yum.repos.d]# cp CentOS-Debuginfo.repo yum.back
[root@localhost yum.repos.d]# ls
a  CentOS-Debuginfo.repo  yum.back
[root@localhost yum.repos.d]# vi CentOS-Debuginfo.repo
[debug]
name=CentOS-6 - Debuginfo
baseurl=file:///181201
gpgcheck=0
enabled=1
Copy the code

Install the VSFTPD service

[root@localhost yum.repos.d]# yum -y install vsftpd* Loaded plugins: Fastestmirror, refresh - packagekit, security debug | 4.0 kB 00:00... The debug/primary_db | 4.4 MB 00:00... Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package vsftpd.x86_64 0:22.2.2-11.EL6_4.1 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Installing: VSFTPD x86_64 2.2.2-11.EL644.1 Debug 151 K Transaction Summary ========================================================================================== Install 1 Package(s) Total download size: 151 k Installed size: 331 k Downloading Packages: Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : X86_64 1/1 Verifying: vsftpd-2.2.2-11.el64.1.x86_64 1/1 Installed: VSFTPD. X86_64 0-2. 2.2 11. El6_4. 1 Complete! [root@localhost yum.repos.d]#Copy the code

Install the DB_Load tool and create users (alphanumeric accounts, even-numbered passwords).

[root@localhost yum. Repos. D]# RPM -ivh /181201/Packages/ db4-utils-4.7.25-18.el644.x86_64. RPM Warning: /181201 Packages/ db4-utils-4.7.25-18.el644.x86_64. RPM: Header V3 RSA/SHA1 Signature, key ID C105b9de NOKEY Preparing... # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # [100%] package db3 utils - 4.7.25-18. El6_4. X86_64 is already installed [root@localhost yum.repos.d]# cd /etc/vsftpd/ [root@localhost vsftpd]# vi user xiao 666 ming 666 hua 666Copy the code

Encrypt user files and establish PAM authentication files that support virtual users;

[root@localhost vsftpd]# db_load -T -t hash -f user user.db
[root@localhost vsftpd]# useradd -s /sbin/nologin 181201
[root@localhost vsftpd]# vi /etc/pam.d/vsftpd.181201
auth       required     /lib64/security/pam_userdb.so db=/etc/vsftpd/user
account    required     /lib64/security/pam_userdb.so db=/etc/vsftpd/user
Copy the code

Add support for virtual users in the VSFTPD configuration file and start the VSFTPD service.

[root@localhost VSFTPD]# vi vsftpd.conf write_enable=YES anon_umask=022 Anonymous_enable =YES // Whether anonymous access is allowed anon_upload_enable=YES // Whether anonymous users are allowed to upload files anon_mkdir_write_enable=YES Anon_other_write_enable =NO // Whether to allow anonymous users to have other write permissions. Dirmessage_enable =YES // Contents of the. Message file (if any) xferlog_enable=YES // Enable xferlog, By default, /var/log/xferlog is recorded. Connect_from_port_20 =YES xferlog_std_format=YES Enable the standard Xferlog log format. VSFTPD's own log format listen=YES // whether to listen on the service userlist_enable=NO in a standalone manner // Whether to enable the user_list userlist file tcp_wrappers=YES TCP_Wrappers Host access control guest_enable=YES // Enable the user mapping function Guest_USERNAME =181201 // Specify the mapped system username pam_service_name=vsftpd.181201 // Specify the new PAM authentication file chroot_local_user=YES // Whether to imlock FTP local users in the host directory local_umask=077 // Set the default permission mask local_enable=YES for the files uploaded by local users // Whether to allow local system users to access virtual_use_local_privs=YES user_config_dir= /etc/vsftp/user_dir // To find the independence of each user [root@localhost VSFTPD]# Run the following command to restart the VSFTPD service: service VSFTPD restart Restart the VSFTPD service: [confirm] Restart the VSFTPD service: [confirmCopy the code

Create a separate profile for the virtual user and assign permissions to it (the profile should have user configuration directory support, as shown in the top line above starting the service) and specify the root directory for the user wang

[root@localhost vsftpd]# mkdir /20181201 [root@localhost vsftpd]# chown 181201:181201 /20181201/ [root@localhost VSFTPD]# chmod 777/20181201 / [root@localhost VSFTPD]# ls-ldh /20181201/ DRWXRWXRWX. 2 181201 181201 4.0k 6月 4 08:04 /20181201/ [root@localhost vsftpd]# mkdir /etc/vsftpd//user_dir [root@localhost vsftpd]# cd user_dir/ [root@localhost user_dir]# vi wang local_root=/20181201Copy the code

Testing the anonymous FTP server: After configuring VSFTPD and starting the service, you can use the FTP client tool for verification. On a Windows host, you can enter the URL address in the Computer address box. On the Linux character interface, you can run the FTP command to test the IP address.

[root@localhost ~]# FTP 172.20.10.6 Connected to 172.20.10.6. 220 (vsFTPd 2.2.2) Name (172.20.10.6:root): 331 Please specify the password. password: // The password can be entered arbitrarily, Remote system type is UNIx. Using binary mode to transfer files. FTP > mkdir 201812011255 // Two directories 257 "/201812011312" created FTP > mkdir 201812011256 257 "/201812011313" created FTP > // Operation prompt after successful loginCopy the code

Then check whether the two newly created directories exist in the default directory on the FTP server.

[root@localhost ~]# cd /home/181201/
[root@localhost 181201]# ls
201812011312  201812011313
[root@localhost 181201]#
Copy the code

In this paper, to the end.

Original is not easy, if you think this article is useful to you, please kindly like, comment or forward this article, because this will be my power to output more high-quality articles, thank you!

See you next time!

Related Posts

MongoDB from site to Buddha (introduction, installation, add, delete, change and check)

SQL > select count (*);

High performance MySQL Notes (1)