時(shí)間:2023-02-20 11:06:01 | 來源:建站知識(shí)
時(shí)間:2023-02-20 11:06:01 來源:建站知識(shí)
FTP文件服務(wù)器: 前面我們學(xué)習(xí)了dhcp服務(wù)和dns服務(wù),本章,我們一起來學(xué)習(xí)一個(gè)文件服務(wù)器--FTP
在線咨詢
vsftp安裝[root@localhost ~]# dnf -y install vsftpd ftp?vsftp開機(jī)啟動(dòng)[root@localhost ~]# systemctl enable vsftpdCreated symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.?啟動(dòng)vsftp服務(wù)[root@localhost ~]# systemctl start vsftpd?驗(yàn)證啟動(dòng)[root@localhost ~]# lsof -i :21COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEvsftpd 1951 root 4u IPv6 32837 0t0 TCP *:ftp (LISTEN)# Example config file /etc/vsftpd/vsftpd.conf## The default compiled in settings are fairly paranoid. This sample file# loosens things up a bit, to make the ftp daemon more usable.# Please see vsftpd.conf.5 for all compiled in defaults.## READ THIS: This example file is NOT an exhaustive list of vsftpd options.# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's# capabilities.##匿名用戶訪問,YES是允許,NO是拒絕# Allow anonymous FTP? (Beware - allowed by default if you comment this out).anonymous_enable=NO## Uncomment this to allow local users to log in.# 本地用戶登錄,YES是允許,NO是拒絕.默認(rèn)訪問的是本地用戶家目錄,如果你開啟了selinux# 請(qǐng)?jiān)O(shè)置開啟布爾值ftp_home_dir為ON# When SELinux is enforcing check for SE bool ftp_home_dirlocal_enable=YES##允許本地用戶上傳# Uncomment this to enable any form of FTP write command.write_enable=YES## Default umask for local users is 077. You may wish to change this to 022,# 上傳的權(quán)限是022,使用的是umask權(quán)限。對(duì)應(yīng)的目錄是755,文件是644# if your users expect that (022 is used by most other ftpd's)local_umask=022?## Uncomment this to allow the anonymous FTP user to upload files. This only# has an effect if the above global write enable is activated. Also, you will# obviously need to create a directory writable by the FTP user.# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access# 開啟匿名用戶上傳功能,默認(rèn)是拒絕的#anon_upload_enable=YES## Uncomment this if you want the anonymous FTP user to be able to create# new directories.# 開啟匿名用戶創(chuàng)建文件或文件夾權(quán)限#anon_mkdir_write_enable=YES## Activate directory messages - messages given to remote users when they# go into a certain directory.# 開啟目錄歡迎消息,一般對(duì)命令行登陸有效dirmessage_enable=YES## Activate logging of uploads/downloads.# 開啟上傳和下載日志記錄功能xferlog_enable=YES##使用標(biāo)準(zhǔn)模式# Make sure PORT transfer connections originate from port 20 (ftp-data).connect_from_port_20=YES## If you want, you can arrange for uploaded anonymous files to be owned by# a different user. Note! Using "root" for uploaded files is not# recommended!# 聲明匿名用戶上傳文件的所有者# 允許更改匿名用戶上傳文件的所有者#chown_uploads=YES#所有者為whoever#chown_username=whoever## You may override where the log file goes if you like. The default is shown# below.# 日志文件路徑#xferlog_file=/var/log/xferlog## If you want, you can have your log file in standard ftpd xferlog format.# Note that the default log file location is /var/log/xferlog in this case.# 日志文件采用標(biāo)準(zhǔn)格斯xferlog_std_format=YES## You may change the default value for timing out an idle session.# 會(huì)話超時(shí)時(shí)間#idle_session_timeout=600## You may change the default value for timing out a data connection.# 數(shù)據(jù)傳輸超時(shí)時(shí)間#data_connection_timeout=120## It is recommended that you define on your system a unique user which the# ftp server can use as a totally isolated and unprivileged user.# FTP子進(jìn)程管理用戶#nopriv_user=ftpsecure## Enable this and the server will recognise asynchronous ABOR requests. Not# recommended for security (the code is non-trivial). Not enabling it,# however, may confuse older FTP clients.# 是否允許客戶端發(fā)起“async ABOR”請(qǐng)求,該操作是不安全的默認(rèn)禁止。#async_abor_enable=YES## By default the server will pretend to allow ASCII mode but in fact ignore# the request. Turn on the below options to have the server actually do ASCII# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains# the behaviour when these options are disabled.# Beware that on some FTP servers, ASCII support allows a denial of service# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd# predicted this attack and has always been safe, reporting the size of the# raw file.# ASCII mangling is a horrible feature of the protocol.# 該選項(xiàng)用于指定是否允許上傳時(shí)以ASCII模式傳輸數(shù)據(jù)#ascii_upload_enable=YES#該選項(xiàng)用于指定是否允許下載時(shí)以ASCII模式傳輸數(shù)據(jù)#ascii_download_enable=YES## You may fully customise the login banner string:# FTP文本界面登陸歡迎詞#ftpd_banner=Welcome to blah FTP service.## You may specify a file of disallowed anonymous e-mail addresses. Apparently# useful for combatting certain DoS attacks.# 是否開啟拒絕的Email功能#deny_email_enable=YES# (default follows)# 指定保存被拒接的Email地址的文件#banned_email_file=/etc/vsftpd/banned_emails## You may specify an explicit list of local users to chroot() to their home# directory. If chroot_local_user is YES, then this list becomes a list of# users to NOT chroot().# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that# the user does not have write access to the top level directory within the# chroot)# 是否開啟對(duì)本地用戶chroot的限制,YES為默認(rèn)所有用戶都不能切出家目錄,NO代表默認(rèn)用戶都可以切出家目錄# 設(shè)置方法類似于:YES拒絕所有,允許個(gè)別 NO 允許所有拒絕個(gè)別#chroot_local_user=YES#開啟特例列表#chroot_list_enable=YES# (default follows)# 如果chroot_local_user的值是YES則該文件中的用戶是可以切出家目錄,如果是NO,該文件中的用戶則不能切出家目錄# 一行一個(gè)用戶。#chroot_list_file=/etc/vsftpd/chroot_list## You may activate the "-R" option to the builtin ls. This is disabled by# default to avoid remote users being able to cause excessive I/O on large# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume# the presence of the "-R" option, so there is a strong case for enabling it.# 是否開啟ls 遞歸查詢功能 ls -R#ls_recurse_enable=YES## When "listen" directive is enabled, vsftpd runs in standalone mode and# listens on IPv4 sockets. This directive cannot be used in conjunction# with the listen_ipv6 directive.# 是否開啟ftp獨(dú)立模式在IPV4listen=NO## This directive enables listening on IPv6 sockets. By default, listening# on the IPv6 "any" address (::) will accept connections from both IPv6# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6# sockets. If you want that (perhaps because you want to listen on specific# addresses) then you must run two copies of vsftpd with two configuration# files.# Make sure, that one of the listen options is commented !!# 是否開啟ftp獨(dú)立模式在ipv6listen_ipv6=YES??#啟用pam模塊驗(yàn)證pam_service_name=vsftpd#是否開啟userlist功能.?#是否啟用用戶列表功能userlist_enable=YES通過配置文件的分析,VSFTP不允許匿名訪問,本地用戶可以下載和上傳。如果允許匿名用戶登錄的話需要將anonymous_enable=YES,然后重新啟動(dòng)服務(wù)文本界面匿名登陸[root@localhost ~]# ftp 192.168.11.16Connected to 192.168.11.16 (192.168.11.16).220 (vsFTPd 3.0.3)Name (192.168.11.16:root): ftp #用戶名可以是ftp也可以是anonymous331 Please specify the password.Password: #密碼為空230 Login successful. #顯示登陸成功Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,11,16,90,35).150 Here comes the directory listing.drwxr-xr-x 2 0 0 6 May 14 2019 pub226 Directory send OK.通過ls可以列出當(dāng)前目錄下有哪些內(nèi)容 看到有一個(gè)目錄叫pubftp> pwd257 "/" 通過pwd命令查看當(dāng)前路徑 注意這里顯示的是FTP的根目錄?ftp> bye221 Goodbye.退出使用bye命令?文本界面本地用戶登錄[root@localhost ~]# ftp 192.168.11.16Connected to 192.168.11.16 (192.168.11.16).220 (vsFTPd 3.0.3)Name (192.168.11.16:root): hello331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,11,16,130,240).150 Here comes the directory listing.drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 下載drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 公共drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 圖片drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 文檔drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 桌面drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 模板drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 視頻drwxr-xr-x 2 1001 1001 6 Jan 15 08:56 音樂226 Directory send OK.ftp> pwd257 "/home/hello" is the current directory鍵入help命令可以查看所有可使用的命令ftp> helpCommands may be abbreviated. Commands are:?! debug mdir sendport site$ dir mget put sizeaccount disconnect mkdir pwd statusappend exit mls quit structascii form mode quote systembell get modtime recv suniquebinary glob mput reget tenexbye hash newer rstatus tickcase help nmap rhelp tracecd idle nlist rename typecdup image ntrans reset userchmod lcd open restart umaskclose ls prompt rmdir verbosecr macdef passive runique ?delete mdelete proxy send??!+linux命令 執(zhí)行系統(tǒng)命令!ls /opt 顯示linux系統(tǒng)中/opt目錄下的內(nèi)容ftp> !ls /optdhcp dns rh??lcd linux系統(tǒng)中的當(dāng)前目錄lcd /root 將linux系統(tǒng)中的當(dāng)前目錄切換到/root下ftp> lcd /rootLocal directory now /root??put 上傳命令,mput批量上傳命令上傳initial-setup-ks.cfg文件到hello家目錄下ftp> put initial-setup-ks.cfg local: initial-setup-ks.cfg remote: initial-setup-ks.cfg227 Entering Passive Mode (192,168,11,16,96,132).150 Ok to send data.226 Transfer complete.1803 bytes sent in 0.00135 secs (1333.58 Kbytes/sec)可以看到上傳成功了?驗(yàn)證一下上傳結(jié)果ftp> ls227 Entering Passive Mode (192,168,11,16,173,142).150 Here comes the directory listing.-rw-r--r-- 1 1000 1000 1803 Feb 26 07:01 initial-setup-ks.cfgdrwxr-xr-x 2 1000 1000 6 Jan 11 01:37 下載drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 公共drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 圖片drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 文檔drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 桌面drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 模板drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 視頻drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 音樂226 Directory send OK.看見了吧?切換linux當(dāng)前目錄到/tmpftp> lcd /tmpLocal directory now /tmp???get下載命令,mget批量下載下載initial-setup-ks.cfg到linux系統(tǒng)當(dāng)前目錄/tmpftp> get initial-setup-ks.cfglocal: initial-setup-ks.cfg remote: initial-setup-ks.cfg227 Entering Passive Mode (192,168,11,16,229,134).150 Opening BINARY mode data connection for initial-setup-ks.cfg (1803 bytes).226 Transfer complete.1803 bytes received in 2.9e-05 secs (62172.41 Kbytes/sec)?列出linux目錄/tmp的內(nèi)容,看到了下載的文件initial-setup-ks.cfgftp> !ls /tmp/dhcp tracker-extract-files.0initial-setup-ks.cfg VMwareDnDsystemd-private-8e7a99ea89c14ab396d66116970fe04d-chronyd.service-sghHHs vmware-rootsystemd-private-8e7a99ea89c14ab396d66116970fe04d-colord.service-wK7h08 yum_save_tx.2019-02-20.16-10.Z6uXqR.yumtxsystemd-private-8e7a99ea89c14ab396d66116970fe04d-cups.service-cokBro yum_save_tx.2019-02-21.09-03.08zIbU.yumtxsystemd-private-8e7a99ea89c14ab396d66116970fe04d-rtkit-daemon.service-6wt1S0 yum_save_tx.2019-02-22.11-10.prawAT.yumtx?ftp> close221 Goodbye.ftp> lsNot connected.可以使用close斷開連接,當(dāng)連接斷開希望再次連接直接使用open命令即可ftp> open 192.168.11.16Connected to 192.168.11.16 (192.168.11.16).220 (vsFTPd 3.0.2)Name (192.168.11.16:root): hello331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,11,16,192,88).150 Here comes the directory listing.-rw-r--r-- 1 1000 1000 1803 Feb 26 07:01 initial-setup-ks.cfgdrwxr-xr-x 2 1000 1000 6 Jan 11 01:37 下載drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 公共drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 圖片drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 文檔drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 桌面drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 模板drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 視頻drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 音樂226 Directory send OK.???delete命令可以刪除屬于自己的文件刪除initial-setup-ks.cfg文件ftp> delete initial-setup-ks.cfg250 Delete operation successful.ftp> ls227 Entering Passive Mode (192,168,11,16,168,142).150 Here comes the directory listing.drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 下載drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 公共drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 圖片drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 文檔drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 桌面drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 模板drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 視頻drwxr-xr-x 2 1000 1000 6 Jan 11 01:37 音樂226 Directory send OK.a、修改配置文件 [root@hello pam.d]# egrep -v "^#" /etc/vsftpd/vsftpd.conf anonymous_enable=YESlocal_enable=YESwrite_enable=YESlocal_umask=022dirmessage_enable=YESxferlog_enable=YESconnect_from_port_20=YESxferlog_std_format=YESchroot_local_user=YESlisten=NOlisten_ipv6=YES??#虛擬用戶配置選項(xiàng)#pam登陸驗(yàn)證pam_service_name=vftp#允許虛擬用戶功能guest_enable=YES#虛擬用戶映射到本地用戶helloguest_username=hello#這里我通過指令改變了默認(rèn)設(shè)置,允許虛擬用戶寫allow_writeable_chroot=YES ?#本地用戶的根目錄#這里是定義虛擬用戶主目錄,用戶和組必須指定為宿主用戶hellolocal_root=/home/hello??#允許虛擬用戶和本地用戶權(quán)限一致virtual_use_local_privs=YES?#如果虛擬用戶和本地用戶權(quán)限不同,可以通過以下的指令來設(shè)置指令,配置文件和登陸名同步即可。#user_config_dir=/etc/vsftpd/vconf.d/????b、生成虛擬用戶賬號(hào)密碼文件奇數(shù)行數(shù)賬戶,偶數(shù)行是密碼[root@hello ~]# cat /etc/vsftpd/vuservuser01123456vuser02123456?使用db_load轉(zhuǎn)成db格式[root@hello ~]# db_load -T -t hash -f /etc/vsftpd/vuser /etc/vsftpd/vuser.db要求權(quán)限是600[root@hello ~]# chmod 600 /etc/vsftpd/vuser.db?c、配置pam認(rèn)證,注意先后順序[root@hello ~]# cat /etc/pam.d/vftp #虛擬用戶登錄auth sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuseraccount sufficient /lib64/security/pam_userdb.so db=/etc/vsftpd/vuser#本地登陸session optional pam_keyinit.so force revokeauth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeedauth required pam_shells.soauth include password-authaccount include password-authsession required pam_loginuid.sosession include password-auth???d、重啟服務(wù)生效[root@hello ~]# systemctl restart vsftpd[root@hello ~]# cat /etc/vsftpd/chroot_list vuser01vuser02?e、驗(yàn)證登陸[root@hello ~]# ftp 192.168.11.16Connected to 192.168.11.16 (192.168.11.16).220 Welcome to ayitula FTP service.Name (192.168.11.16:root): vuser01331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,11,16,82,91).150 Here comes the directory listing.226 Transfer done (but failed to open directory).??登陸成功了.關(guān)鍵詞:服務(wù),文件
客戶&案例
營銷資訊
關(guān)于我們
微信公眾號(hào)
