部署ftp 文件共享服务

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了部署ftp 文件共享服务相关的知识,希望对你有一定的参考价值。

第九单元

部署ftp 文件共享服务

1 安装ftp

yum install  vsftpd   -y

systemctl  start  vsftpd

Systemctl  stop firewalld

Systemctl  enable  vsftpd

lftp ip         ##能登陆并且显示,表示安装成功

如果不想关闭防火墙,就将其列入firewall-cmd --list-all

过程如下:

[[email protected] Desktop]# getenforce

Disabled

[[email protected] Desktop]# systemctl start firewalld

[[email protected] Desktop]# systemctl enable firewalld

[[email protected] Desktop]# firewall-cmd --list-all

public (default, active)

  interfaces: eth0

  sources:

  services: dhcpv6-client ssh

  ports:

  masquerade: no

  forward-ports:

  icmp-blocks:

  rich rules:


[[email protected] Desktop]# firewall-cmd --permanent --add-service=ftp

success

[[email protected] Desktop]# firewall-cmd --reload

success

2.vsftpd文件信息

/var/ftp     ##默认发布目录

/etc/vsftpd  ##配置目录

3.vsftpd服务的配置参数

1)匿名用户设定

anonymous_enable=YES|NO##匿名用户登陆限制

 

#<匿名用户上传>

vim /etc/vsftpd/vsftpd.conf

write_enable=YES

anon_upload_enable=YES

chgrp ftp /var/ftp/pub      ###不写的话会出现553错误##

chmod 775 /var/ftp/pub

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# ll -d /var/ftp/pub/

drwxr-xr-x 2 root root 6 Mar  7  2014 /var/ftp/pub/

[[email protected] Desktop]# id ftp

uid=14(ftp) gid=50(ftp) groups=50(ftp)

[[email protected] Desktop]# chgrp ftp /var/ftp/pub/

[[email protected] Desktop]# chmod 775 /var/ftp/pub/

[[email protected] Desktop]# ll -d /var/ftp/pub/

drwxrwxr-x 2 root ftp 6 Mar  7  2014 /var/ftp/pub/

[[email protected] Desktop]# lftp 172.25.254.212

lftp 172.25.254.212:~> ls

drwxrwxr-x    2 0        50              6 Mar 07  2014 pub

lftp 172.25.254.212:/> cd pub/

lftp 172.25.254.212:/pub> ls

lftp 172.25.254.212:/pub> put /etc/passwd

2048 bytes transferred

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:00 passwd    ###14,50分别指ftp用户的uid和gid###

 

#<匿名用户家目录修改>

anon_root=/direcotry

技术分享

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# mkdir /westos

[[email protected] Desktop]# touch /westos/file{1..3}

[[email protected] Desktop]# lftp 172.25.254.150

lftp 172.25.254.150:~> ls

-rw-r--r--    1 0        0               0 Apr 26 12:30 file1

-rw-r--r--    1 0        0               0 Apr 26 12:30 file2

-rw-r--r--    1 0        0               0 Apr 26 12:30 file3

lftp 172.25.254.150:/>

 

#<匿名用户上传文件默认权限修改>

anon_umask=xxx

技术分享

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# id westos

uid=1001(westos) gid=1001(westos) groups=1001(westos)

[[email protected] Desktop]# lftp 172.25.254.150

lftp 172.25.254.150:~> ls

drwxrwxr-x    2 0        50             19 Apr 26 12:26 pub

lftp 172.25.254.150:/> cd pub/

lftp 172.25.254.150:/pub> ls

-rw-------    1 14       50           2005 Apr 26 12:26 passwd

lftp 172.25.254.150:/pub> put /etc/group

865 bytes transferred

lftp 172.25.254.150:/pub> ls

-rw-r--r--    1 14       50            865 Apr 26 12:46 group

-rw-------    1 14       50           2005 Apr 26 12:26 passwd

lftp 172.25.254.150:/pub>

 

 

 

#<匿名用户建立目录>

anon_mkdir_write_enable=YES|NO

技术分享

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.212

lftp 172.25.254.212:~> ls

drwxrwxr-x    2 0        50             19 Apr 23 03:00 pub

lftp 172.25.254.212:/> cd pub/

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:00 passwd

lftp 172.25.254.212:/pub> mkdir test

mkdir ok, `test‘ created

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:00 passwd

drwx------    2 14       50              6 Apr 23 03:13 test

lftp 172.25.254.212:/pub>

 

#<匿名用户删除>

anon_other_write_enable=YES|NO


过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.212

lftp 172.25.254.212:~> ls

drwxrwxr-x    3 0        50             30 Apr 23 03:13 pub

lftp 172.25.254.212:/> cd pub/

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:00 passwd

drwx------    2 14       50              6 Apr 23 03:13 test

lftp 172.25.254.212:/pub> rm passwd

rm ok, `passwd‘ removed

lftp 172.25.254.212:/pub> ls

drwx------    2 14       50              6 Apr 23 03:13 test

lftp 172.25.254.212:/pub> rm -r test/

rm ok, `test/‘ removed

lftp 172.25.254.212:/pub> ls

lftp 172.25.254.212:/pub>

 

 

#<匿名用户下载>

anon_world_readable_only=YES|NO ##设定参数值为no表示匿名用户可以下载

 

 

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.212

lftp 172.25.254.212:~> ls

drwxrwxr-x    2 0        50              6 Apr 23 03:26 pub

lftp 172.25.254.212:/> cd pub/

lftp 172.25.254.212:/pub> ls

lftp 172.25.254.212:/pub> put /etc/passwd

2048 bytes transferred

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:30 passwd

lftp 172.25.254.212:/pub> get /etc/passwd

get: Access failed: 550 Failed to open file. (/etc/passwd)

lftp 172.25.254.212:/pub> ls

-rw-------    1 14       50           2048 Apr 23 03:30 passwd

lftp 172.25.254.212:/pub> get passwd

2048 bytes transferred

lftp 172.25.254.212:/pub>

 

#<匿名用户使用的用户身份修改>

chown_uploads=YES

chown_username=student

 

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.150

lftp 172.25.254.150:~> ls

drwxrwxr-x    2 0        50             31 Apr 26 12:46 pub

lftp 172.25.254.150:/> cd pub/

lftp 172.25.254.150:/pub> ls

-rw-r--r--    1 14       50            865 Apr 26 12:46 group

-rw-------    1 14       50           2005 Apr 26 12:26 passwd

lftp 172.25.254.150:/pub> put /etc/inittab

491 bytes transferred      

lftp 172.25.254.150:/pub> ls

-rw-r--r--    1 14       50            865 Apr 26 12:46 group

-rw-------    1 14       50            491 Apr 26 12:57 inittab

-rw-------    1 14       50           2005 Apr 26 12:26 passwd

lftp 172.25.254.150:/pub> put /etc/inittab

put: Access failed: 553 Could not create file. (inittab)

lftp 172.25.254.150:/pub>

 

 

 

#<最大上传速率>

anon_max_rate=102400

技术分享

技术分享

 

#<最大链接数>

max_clients=2

 

2)本地用户设定

local_enable=YES|NO##本地用户登陆限制

write_enable=YES|NO##本地用户写权限限制

 技术分享

过程如下:

[[email protected] Desktop]# touch /home/westos/file{1..2}

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file1

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

lftp [email protected]:~> rm -fr file1

rm ok, `file1‘ removed

lftp [email protected]:~> ls

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

lftp [email protected]:~> quit

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

lftp [email protected]:~> rm -fr file2

lftp [email protected]:~> ls

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

lftp [email protected]:~>

 

 

#<本地用户家目录修改>

local_root=/directory

技术分享

过程如下:

[[email protected] Desktop]# mkdir /harry

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# touch /harry/harryfile1

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:25 harryfile1

lftp [email protected]:~> quit

[[email protected] Desktop]# lftp 172.25.254.150 -u redhat

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:25 harryfile1

lftp [email protected]:~>

 

#<本地用户上传文件权限>

local_umask=xxx

技术分享

过程如下:

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

lftp [email protected]:~> put /etc/passwd

2132 bytes transferred

lftp [email protected]:~> ls

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~> quit

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~> put /etc/group

894 bytes transferred

lftp [email protected]:~> ls

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~>

 

#<限制本地用户浏览/目录>

所有用户被锁定到自己的家目录中

chroot_local_user=YES

技术分享

chmod u-w /home/*

过程如下:

限制前:

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~> cd /

cd ok, cwd=/

lftp [email protected]:/> ls

lrwxrwxrwx    1 0        0               7 May 07  2014 bin -> usr/bin

dr-xr-xr-x    4 0        0            4096 Jul 10  2014 boot

drwxr-xr-x   18 0        0            2820 Apr 26 12:15 dev

drwxr-xr-x  134 0        0            8192 Apr 26 13:27 etc

drwxr-xr-x    2 0        0              23 Apr 26 13:25 harry

drwxr-xr-x    6 0        0              58 Apr 26 13:16 home

lrwxrwxrwx    1 0        0               7 May 07  2014 lib -> usr/lib

lrwxrwxrwx    1 0        0               9 May 07  2014 lib64 -> usr/lib64

drwxr-xr-x    2 0        0               6 Mar 13  2014 media

drwxr-xr-x    2 0        0              20 Apr 26 13:01 mnt

drwxr-xr-x    3 0        0              15 Jul 10  2014 opt

dr-xr-xr-x  158 0        0               0 Apr 26 12:14 proc

dr-xr-x---   14 0        0            4096 Apr 26 13:44 root

drwxr-xr-x   35 0        0            1140 Apr 26 12:16 run

lrwxrwxrwx    1 0        0               8 May 07  2014 sbin -> usr/sbin

drwxr-xr-x    2 0        0               6 Mar 13  2014 srv

dr-xr-xr-x   13 0        0               0 Apr 26 12:14 sys

drwxrwxrwt   12 0        0            4096 Apr 26 13:44 tmp

drwxr-xr-x   13 0        0            4096 May 07  2014 usr

drwxr-xr-x   23 0        0            4096 Apr 26 12:14 var

drwxr-xr-x    2 0        0              42 Apr 26 12:30 westos

lftp [email protected]:/>

限制后:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# chmod u-w /home/*

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:/> cd /

lftp [email protected]:/> ls

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:/> quit

[[email protected] Desktop]#

 

用户黑名单建立

chroot_local_user=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

技术分享

技术分享

 

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[r[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# vim /etc/vsftpd/chroot_list

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

ls: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

lftp [email protected]:~> quit

[[email protected] Desktop]# lftp 172.25.254.150 -u redhat

Password:

lftp [email protected]:~> ls       

lftp [email protected]:~>

 

用户白名单建立

chroot_local_user=YES

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

技术分享

技术分享

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# vim /etc/vsftpd/chroot_list

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~> quit

[[email protected] Desktop]# lftp 172.25.254.150 -u redhat

Password:

lftp [email protected]:~> ls       

ls: Login failed: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

lftp [email protected]:~>

 

#<限制本地用户登陆>

vim /etc/vsftpd/ftpusers##用户永久黑名单

技术分享

过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/ftpusers

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

ls: Login failed: 530 Login incorrect.          

lftp [email protected]:~> quit

 

 

vim /etc/vsftpd/user_list##用户临时黑名单可变成白名单

技术分享

临时黑名单过程如下:

[[email protected] Desktop]# vim /etc/vsftpd/user_list

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

ls: Login failed: 530 Permission denied.          

lftp [email protected]:~> quit

变成白名单:

技术分享

[[email protected] Desktop]# vim /etc/vsftpd/vsftpd.conf

[[email protected] Desktop]# systemctl restart vsftpd.service

[[email protected] Desktop]# lftp 172.25.254.150 -u westos

Password:

lftp [email protected]:~> ls       

-rw-r--r--    1 0        0               0 Apr 26 13:10 file2

-rw-------    1 1001     1001          894 Apr 26 13:36 group

-rw-r--r--    1 1001     1001         2132 Apr 26 13:35 passwd

lftp [email protected]:~>

 

#<ftp虚拟用户的设定>

 

创建虚拟帐号身份)

vim   /etc/vsftpd/loginusers##文件名称任意

ftpuser1

123

ftpuser2

123

ftpuser3

123

技术分享 

db_load  -T  -t hash  -f /etc/vsftpd/loginusers loginusers.db

 

vim /etc/pam.d/ckvsftpd##文件名称任意

accountrequiredpam_userdb.sodb=/etc/vsftpd/loginusers

authrequiredpam_userdb.sodb=/etc/vsftpd/loginusers

 技术分享

vim /etc/vsftpd/vsftpd.conf

pam_service_name=ckvsftpd

guest_enable=YES

 技术分享

过程如下:

[[email protected] vsftpd]# pwd

/etc/vsftpd

[[email protected] vsftpd]# vim ftpuserfile

[[email protected] vsftpd]# db_load -T -t hash -f ftpuserfile

usage: db_load [-nTV] [-c name=value] [-f file]

[-h home] [-P password] [-t btree | hash | recno | queue] db_file

usage: db_load -r lsn | fileid [-h home] [-P password] db_file

[[email protected] vsftpd]# db_load -T -t hash -f ftpuserfile ftpuserfile.db

[[email protected] vsftpd]# cd /etc/pam.d/

[[email protected] pam.d]# vim ftpuser

[[email protected] pam.d]# vim /etc/vsftpd/vsftpd.conf

[[email protected] pam.d]# systemctl restart vsftpd.service

[[email protected] pam.d]# lftp 172.25.254.212 -u westos

Password:

lftp [email protected]:~> ls       

ls: Login failed: 530 Login incorrect.          

lftp [email protected]:~> quit

[[email protected] pam.d]# lftp 172.25.254.212 -u user1

Password:

lftp [email protected]:~> ls         

lftp [email protected]:/> quit

[[email protected] pam.d]# lftp 172.25.254.212 -u user2

Password:

lftp [email protected]:~> ls        

lftp [email protected]:/> quit

[[email protected] pam.d]# lftp 172.25.254.212 -u user3

Password:

lftp [email protected]:~> ls        

lftp [email protected]:/> quit

[[email protected] pam.d]#

 

虚拟帐号身份指定)

guest_username=ftpuser

chmod u-w /home/ftpuser

 

 

虚拟帐号家目录独立设定)

vim /etc/vsftpd/vsftpd.conf

local_root=/ftpuserhome/$USER

user_sub_token=$USER

 

mkdir /ftpuserhome

chgrp ftpuser /ftpuserhome

chmod g+s /ftpuserhome

mkdir /ftpuserhome/ftpuser{1..3}

 

过程如下:

[[email protected] ~]# mkdir /ftpdir/user{1..3} -p

[[email protected] ~]# mkdir /ftpdir/user{1..3}/upload

[[email protected] ~]# touch /ftpdir/user1/userfile1

[[email protected] ~]# touch /ftpdir/user2/userfile2

[[email protected] ~]# touch /ftpdir/user3/userfile3

[[email protected] ~]# vim /etc/vsftpd/vsftpd.conf

[[email protected] ~]# systemctl restart vsftpd.service

[[email protected] ~]# lftp 172.25.254.212 -u user3

Password:

lftp [email protected]:~> ls        

drwxr-xr-x    2 0        0               6 Apr 23 07:31 upload

-rw-r--r--    1 0        0               0 Apr 23 07:32 userfile3

lftp [email protected]:/> quit

[[email protected] ~]# lftp 172.25.254.212 -u user2

Password:

lftp [email protected]:~> ls        

drwxr-xr-x    2 0        0               6 Apr 23 07:31 upload

-rw-r--r--    1 0        0               0 Apr 23 07:32 userfile2

lftp [email protected]:/> lftp 172.25.254.212 -u user1

Password:

lftp [email protected]2.25.254.212:~> ls

drwxr-xr-x    2 0        0               6 Apr 23 07:31 upload

-rw-r--r--    1 0        0               0 Apr 23 07:32 userfile1

lftp [email protected]:/>

 


以上是关于部署ftp 文件共享服务的主要内容,如果未能解决你的问题,请参考以下文章

第九单元 部署 ftp 文件共享服务

linux --FTP服务器,部署YUM仓库,NFS共享服务

NFS 网络共享文件服务搭建

Linux之FTP文件共享服务

文件共享服务之FTP

实操: WDS网络装机