4. FTP service configuration and principle

One ,FTP File transfer protocol

• ftp A set of standard protocols for file transfer over the network , It works in OSI The seventh layer of the model ,TCP The fourth layer of the model , The application layer , Use TCP Transmission, not UDP, The client has to go through a “ Three handshakes ” The process of , Ensure that the connection between the client and the server is reliable , And it's connection oriented , Provide reliable guarantee for data transmission

• FTP The server defaults to TCP Agreed 20 21 Port to communicate with the client

• VSFTP Full name (very secure FTP)

• VSFTP Pattern ：C / S Pattern

• 20 Ports are used to establish data connections , And transfer file data

• 21 Ports are used to establish control connections , And transmit FTP Control command

1.1FTP Data connection is divided into active mode and passive mode

• Active mode （POST）： The server initiates the data connection actively

• Passive mode （PASV）： The server passively waits for data connections

Working principle diagram ：

1.2 Set anonymous user access to FTP service （ Maximum authority ）

• 1. Turn off firewall , Core protection , To configure DNS, install vsftpd service , Back up and start the service and startup

 Turn off firewalls and enhanced security 
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# setenforce 0
[[email protected] ~]# echo "nameserver 114.114.114.114 " >> /etc/resolv.conf

[[email protected] ~]# yum install vsftpd -y   // install vsftpd service 
[[email protected] ~]# cd /etc/vsftpd/
[[email protected] ~]# cp vsftpd.conf vsftpd.conf.bak    // Backup 

 Start the service and set the auto start 
[[email protected] ~]# systemctl start vsftpd
[[email protected] ~]# systemctl enable vsftpd

• 2. What is the main purpose of entering the configuration file

[[email protected] ~]# vim /etc/vsftpd/vsftpd.conf 
anonymous enable=YES		// Enable anonymous user access , The default is on 
write_enable=YES			// Open server write permissions ( To upload , Must be turned on ). The default is on 
anon_umask=022				// Set the right of anonymous users to upload data I Limit mask ( Unmask )
anon_upload_enable=YES		// Allow other users . Upload files . Default annotated , Need to uncomment 
anon_ mkdir_write_enable=YES	// Allow anonymous users to create ( Upload ) Catalog . Default annotated , Need to uncomment 
anon_other_write_enable =YES	// Allow deletion of 、 rename 、 Covering and other operations . Need to add 
chmod 777 7var/ftp/pub/			// Access is anonymous ftp Under the root directory of pub Set the maximum permissions for subdirectories , So that anonymous users can upload data 

• 3. Anonymous access testing
• First in centos in ,pub Write something in it , Convenient in windows Test connection to FTP Check whether the upload or download is successful when the host

• Switch to win10 win+r, Enter a command to open the command prompt

   establish ftp Connect 
  ftp 192.168.113.125
  # Anonymous access , The user is called ftp, The password is empty. , Enter directly to complete the login 
  
  ftp>pwd			// Anonymous access ftp The root directory of is Linux Systematic /var/ftp/ Catalog 
  ftp>ls			// View current directory 
  ftp>cd pub		// Switch to pub Catalog 
  ftp>get file name 	// Download the file to the current windows Local directory 
  ftp>put file name 	// Upload files to ftp Catalog 
  ftp>quit		// sign out 
  

  

Downloaded to my computer C pan

• Upload the tape in the test centos

First create a new text entry

Upload ,pwd Check it and upload it to centos Where?

To centos Check whether to upload the directory found in

1.3 Set up local user authentication access ftp, And prohibit switching to ftp Other directories ( The default login root directory is the home directory of the local user )

• Enter the configuration file to modify

[[email protected] ~]# vim /etc/vsftpd/vsftpd.conf 
local_enable=Yes			// Enable local users 
anonymous_enable=NO			// Turn off anonymous user access 
write_ enable=YES			// Open the write right of the server I limit （ To upload , Must be turned on )
local_umask=077				// It can be set that only the host user has the permission to upload the file ( Unmask )
chroot_local user=YES		// Lock access to the user's Host Directory 
allow_writeable chroot=YES	// Allow restricted user home directory to have write permission 

#anon_mkdir_write_enable=YES	// Comment out 
#anon_other_write_enable=YES	// Comment out 
local_root=/var/www/xtj2        // Add a path , Change the login location 
[[email protected] vsftpd]# mkdir -p /var/www/xtj2  //vim After configuration, recursively create this directory 
[[email protected] vsftpd]# chmod -R 777 /var/www/xtj2   // Recursively give permissions to the created directory 
[[email protected] vsftpd]# useradd dxj2                 // Create a user 
[[email protected] vsftpd]# echo "100700" | passwd --stdin dxj2   // No interaction to password 


[[email protected] ~]# systemctl restart vsftpd    // Restart the service 

ftp 192.168.113.125                       // Get into Windows The subsequent operations are as follows 

Cancel the comment , Add allow the restricted user home directory to have write permission

Comment out

anon_ mkdir_write_enable=YES	// Allow anonymous users to create ( Upload ) Catalog 
anon_other_write_enable =YES	// Allow other users to delete 、 rename 、 Covering and other operations 

Add a path , Change the login location ,

vim After configuration, recursively create this directory

Recursively give all permissions to the created directory

Create a user , No interaction to password

Restart the service

Get into windows Upload files , Previously created file

At this point, it is uploaded to the specified directory

img-iIpaaBry-1655646674656)]

Restart the service

[ Outside the chain picture transfer in …(img-rkwzy0wK-1655646674656)]

Get into windows Upload files , Previously created file

[ Outside the chain picture transfer in …(img-WEpPvdjB-1655646674657)]

At this point, it is uploaded to the specified directory