当前位置：网站首页>ECS 7-day practical training camp (Advanced route) -- day01 -- setting up FTP service based on ECS

ECS 7-day practical training camp (Advanced route) -- day01 -- setting up FTP service based on ECS

2022-06-25 19:06:00 【Student Zhao who loves learning】

be based on ECS build FTP service

install vsftpd

Run the following command to install vsftpd.

yum install -y vsftpd

When returning to the interface shown in the following figure , Indicates successful installation

picture .png

2. Run the following command to set FTP The service starts automatically .

systemctl enable vsftpd.service

3. start-up FTP service .

systemctl start vsftpd.service

4. Run the following command to see FTP The port the service listens on .

netstat -antup | grep ftp

The interface shown in the figure below appears , Express FTP Service started , The port number of listening is 21. here ,vsftpd Anonymous access is enabled by default , You don't need to enter your user name and password to log in FTP The server , But no permission to modify or upload files .
picture .png

To configure vsftpd

vsftpd（very secure FTP daemon） It's one in Linux The most popular... In the distribution FTP The server .vsftpd Support anonymous access and local user mode . Anonymous access any user can access the built FTP service ; The local user mode only supports the added local users to access the built FTP service .

explain : Anonymous user mode and local user mode can only be configured at the same time .

 Anonymous user mode

1. Modify the configuration file vsftpd.conf.

	vim /etc/vsftpd/vsftpd.conf

Press i Key to enter edit mode , Anonymous upload permission anon_upload_enable=YES The notes of .
picture .png

2. Press ESC Key to exit edit mode , Input :wq Save and exit vim.

3. change /var/ftp/pub Directory permissions , by FTP Users add write permissions .

	chmod o+w /var/ftp/pub/

4. restart FTP service .

	systemctl restart vsftpd.service

picture .png
Local user mode

1. by FTP The service creates a Linux user .

	adduser ftptest

Set the password for the user .

	passwd ftptest

picture .png

2. Create a supply for FTP The file directory used by the service .

mkdir /var/ftp/test

3. change /var/ftp/test The directory is owned by ftptest.

	chown -R ftptest:ftptest /var/ftp/test

4. modify vsftpd.conf The configuration file .

To configure FTP For active mode, execute the following command :

sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf # Prohibit anonymous login FTP The server  
sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf # monitor IPv4 sockets 
sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf # lsnrctl stop IPv6 sockets 
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf # All users are restricted to the home directory  
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf # Enable the list of exceptional users  
sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf # Specify exception user list file , Users in the list are not locked in the home directory  
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf 
echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf # Set the directory where local users log in

To configure FTP For passive mode, execute the following command ：

sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf # Prohibit anonymous login FTP The server  
sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf # monitor IPv4 sockets 
sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf # lsnrctl stop IPv6 sockets 
sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf # All users are restricted to the home directory  
sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf # Enable the list of exceptional users  
sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf # Specify exception user list file , Users in the list are not locked in the home directory  
echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf 
echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf # Set the directory where local users log in  

echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf # Turn on passive mode  
echo "pasv_address=<FTP Server public network IP Address >" >> /etc/vsftpd/vsftpd.conf # In this tutorial ECS Server resilience IP 
echo "pasv_min_port=20" >> /etc/vsftpd/vsftpd.conf # Set passive mode , Establish the minimum range of ports available for data transmission  
echo "pasv_max_port=21" >> /etc/vsftpd/vsftpd.conf # Set passive mode , Establish the maximum port range available for data transmission 

5.   stay /etc/vsftpd Create under directory chroot_list file , And write the list of exceptional users in the file .

Use vim Command to edit chroot_list file , Add the list of exceptional users . Users in this list will not be locked in the home directory , You can access other directories .
vim /etc/vsftpd/chroot_list

explain : When there are no exceptional users , You have to create chroot_list file , Content can be empty .