linuxroot------ftp服务

虚拟机前期准备vim/etc/sysconfig/selinux修改SELINUX=disablerebootserver虚拟机的版本[root@localhost~]#hostnamectl静态主机名：n/a瞬态主机名：localhost图标名称：computer-vm机箱：vm机器ID：946cb0e817ea4adb916183df8c4fc817引导ID：58602a448b314991b98037e3a3330feb虚拟化：kvm操作系统：RedHatEnterpriseLinuxServer7.0(Maipo)CPE操作系统名称：cpe://o:redhat:enterprise_linux:7.0:GA:serverKernel1.Linux-3.230.Linuxel7.Architec_64x86_64vim/etc/yum.repos.d/yum.repo[rhel7.0]name=rhel7.0baseurl=http://172.25.254.22/rhel7.0gpgcheck=01.ftp启用yuminstallvsftpd-ysystemctlstartvsftpdsystemctlenablevsftpdfirewall-cmd--permanent--add-service=ftp#开启防火墙后，启用ftp服务（永久）firewall-cmd--reload作用：进入ftp://172.25.254.1222的基本信息访问URL中的.ftp数据端口：21数据传输端口：>1024随机端口[root@localhost~]#netstat-antlupe|grepvsftpdtcp600:::21:::*LISTEN0476103199/vsftpd默认发布目录：/var/ftp访问方式lftp172.25.254.122##匿名登录-->/var/ftplftp172.25.254.122-ustudent##用户登录-->/home/student配置文件:/etc/vsftpd/vsftpd.conf[root@localhost~]#rpm-qcvsftpd/etc/logrotate.d/vsftpd/etc/pam.d/vsftpd/etc/vsftpd/ftpusers/etc/vsftpd/user_list/etc/vsftpd/vsftpd.conf3.ftp的安全部署anonymous_enable=YES|NO#匿名用户是否可以登录local_enable=YES|NO#本地用户是否可以登录write_enable=YES|NO#本地用户每次修改后都可以写入配置文件，都需要重新启用systemctlrestartvsftpddefaultlocaluserwritable:常见错误：530Authenticationfailed550服务本身不支持500用户权限太大553用户权限太小4.匿名用户匿名用户主目录/var/ftp/pub1.匿名用户可以上传chmod775/var/ftp/pubchgrpftp/var/ftp/pubvim/etc/vsftpd/vsftpd.conf29anon_upload_enable=YESsystemctlrestartvsftpd172.25.254.122虚拟机:[root@localhost~]#ll-d/var/ftp/pubdrwxrwxr-x2rootftp6Aug32015/var/ftp/pub172.25.254.22真机：[kiosk@foundation22Desktop]$lftp172.25.254.122lftp172.25.254.122:~>cd/pubcdok,cwd=/publftp172。25.254.122:/pub>lslftp172.25.254.122:/pub>put/etc/passwd#匿名用户可以写文件2323字节传输lftp172.25.254.122:/pub>ls-rw------1145023238月3日01:12passwdlftp172.25.254.122:/pub>exit2。匿名用户可以下载添加anon_world_readable_only=NOlftp172.25.254.122:/pub>ls-rw-------11450980Aug0301:39group-rw-------114502323Aug0301:12passwdlftp172.25.254.122:/pub>getpasswd2323bytestransferred3.匿名用户创建目录取消注释non_mkdir_write_enable=YESlftp172.25.254.122:/pub>mkdtestok,`test'createdlftp172.25.254.122:/pub>ls------11450980Aug0301:39group-rw------114502323Aug0301:12passwddrwx------214506Aug0301:41测试4。匿名用户可以删除和重命名吗？添加anon_other_write_enable=YESlftp172.25.254.122:/pub>ls-rw-------11450980Aug0301:39group-rw-------114502323Aug0301:12passwddrwx-----214506Aug0301:41testlftp172.25.254.122:/pub>mvpasswdwestrenamesuccessfulftp172.25.254.122:/pub>rm-rtest/rmok,`test/'remotelftp172.25.254.122:/pub>ls-rw------11450980Aug0301:39group-rw------114502323Aug0301:12西5。匿名用户使用的用户身份修改默认为ftp修改chown_uploads=YESchown_username=student6。最大上传速率anon_max_rate=1024000#以字节结束，1M[root@foundation22html]#ddif=/dev/zeroof=/etc/starbs=1Mcount=1010+0recordsin10+0recordsout10485760bytes(10MB)复制，0.00550747秒，1.9GB/s7。最大连接数max_clients=18。匿名用户家目录anon_root=/sheen虚拟机[root@localhost~]#mkdir/sheen[root@localhost~]#touch/sheen/file[root@localhost~]#vim/etc/vsftpd/vsftpd.conf[root@localhost~]#systemctlrestartvsftpd真机[kiosk@foundation22Desktop]$lftp172.25.254.122lftp172.25.254.122:~>ls-rw-r--r--10008月3日02:31文件5。本地用户1.本地用户主目录修改local_root=/directory2。本地用户上传文件权限local_umask=xxx3。限制本地用户锁定在自己家目录chroot_local_user=YESshell:chmodu-w/home/*4.Userblacklisttouch/etc/vsftpd/chroot_listvim/etc/vsftpd/chroot_list-->studentchroot_local_user=NOchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list5.用户白名单chroot_local_user=YESchroot_list_enable=YESchroot_list_file=/etc/vsftpd/chroot_list6.限制本地用户登录vim/etc/vsftpd/user_list#用户临时黑名单vim/etc/vsftpd/ftpusers#永久黑名单7.用户白名单设置userlist_enable=YESuserlist_deny=NOvim/etc/vsftpd/user_list#参数设置，这个文件成为白名单，该文件内的用户可以登录。六、FTP虚拟用户设置1、创建虚拟账户身份vim/etc/vsftpd/sheenfile#文件名任意sheen1123star123db_load-T-thash-f/etc/vsftpd/sheenfile/etc/vsftpd/sheenfile.db#加密vim/etc/pam.d/sheen#认证文件，需要任意名账号pam_userdb.sodb=/etc/vsftpd/sheenfileauth需要pam_userdb.sodb=/etc/vsftpd/sheenfilevim/etc/vsftpd/vsftpd.conf131pam_service_name=sheenuserlist_enable=YEStcp_wrappers=YESguest_enable=YES#开启认证功能guest_username=ftp#以ftp登录真机[kiosk@foundation22Desktop]$lftp172.25.254.122-usheen1密码:lftpsheen1@172.25.254.122:~>lsdrwxrwxr-x2043Aug0302:18publftpsheen1@172.25.254.122:/>exit[kiosk@foundation22Desktop]$lftp172.25.254.122-ustarPassword:lftpstar@172.25.254.122:~>lsdrwxrwxr-x043Aug02:18publfpstar@172.25.254.122:/>exit2。虚拟账户独立主目录设置vim/etc/vsftpd/vsftpd.conflocal_root=/ftphome/$USERuser_sub_token=$USERmkdir/ftphome/sheen1/sheen1dir-p#这里两个目录要和匿名用户身份一致mkdir/ftphome/star/stardir-pecho$USER#在SHELL中输出用户[kiosk@foundation22Desktop]$echo$USERkiosk真机[kiosk@foundation22Desktop]$lftp172.25.254.122-ustarPassword:lftpstar@172.25.254.122:~>lsdrwxr-xr-x2006Aug0305:41stardirlftpstar@172.25.254.122:/>exit[kiosk@foundation22Desktop]$lftp172.25.254.122-usheen1密码：lftpsheen1@172.25.254.122:~>lsdrwxr-xr-x2006Aug0305:41sheen1dir3。虚拟账户配置独立chgrpftp/ftphome/-Rchmod775/ftphome/sheen1/sheen1dir/chmod775/ftphome/star/stardir/vim/etc/vsftpd/vsftpd.conf添加最后一行，注释掉匿名用户user_config_dir的权限=/etc/vsftpd/confdirmkdir/etc/vsftpd/confdir-pvim/etc/vsftpd/confdir/sheen1#虚拟用户的权限文件anon_upload_enable=YESanon_world_readable_only=NOanon_mkdirYES_write_enable=anon_other_write_enable=YESsystemctlrestartvsftpd[found2真桌面]$systemctllftp172.25.254.122-usheen1密码：lftpsheen1@172.25.254.122:~>lsdrwxrwxr-x205019Aug0306:34sheen1dirlftpsheen1@172.25.254.122:/>cdsheen1dir12.25.254.122:/>cdsheen1dir12.25.254.122:/>cdsheen1dir12.25.254.122:/>cdsheen1dir12.25.254.122sheen1dir>put/etc/passwdput:Access5创建文件。(passwd)lftpsheen1@172.25.254.122:/sheen1dir>put/etc/group980bytestransferredlftpsheen1@172.25.254.122:/sheen1dir>ls-rw------1100050980Aug0306:43group-rw------11000502323Aug0306:34passwdlftpsheen1@172.25。254.122:/sheen1dir>rm-rfpasswdrmok,`passwd'removedlftpsheen1@172.25.254.122:/sheen1dir>put/etc/passwd2323bytestransferredlftpsheen1@172.25.254.122:/sheen1dir>ls-rw-------1100050980Aug0306:43group-rw------11000502323Aug0306:43passwdlftpsheen1@172.25.254.122:/sheen1dir>mvgroupwrenamesuccessfullftpsheen1@172.25.254.122:/sheen1dir>ls-rw------11000502323Aug0306:43passwd-rw------1100050980Aug0306:43wlftpsheen1@172.25.254.122:/sheen1dir>退出[kiosk@foundation22桌面]$lftp172.25.254.122-ustar密码：lftpstar@172.25.254.122:~>lsdrwxrwxr-x20506Aug0305:41stardirlftpstar@172.25.254.122:/>cd/stardir/lftpstar@172.25.254.122:/stardir>lslftpstar@172.25.254.122:/stardir>put/etc/passwdput:访问失败：550权限被拒绝。(passwd)lftpstar@172.25.254.122:/stardir>lslftpstar@172.25.254.122:/stardir>退出