Linux应用:FTP
一、安装FTP及相关配制
[root@test ~]# yum install vsftpd
==============================================
Package Arch Version Repository
==============================================
Installing:
vsftpd i386 2.0.5-16.el5 FTP134.200-32b 1
Transaction Summary
===========================
Total download size: 140 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.0.5-16.el5.i386.rpm | 140 kB 00:00
Finished Transaction Test
Installed:
vsftpd.i386 0:2.0.5-16.el5
Complete!
[root@test ~]# rpm -q vsftpd
vsftpd-2.0.5-16.el5
[root@test ~]# rpm -ql vsftpd
/etc/logrotate.d/vsftpd.log
/etc/pam.d/vsftpd
/etc/rc.d/init.d/vsftpd
/etc/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd_conf_migrate.sh
/usr/sbin/vsftpd
...
/var/ftp
/var/ftp/pub
[root@test upload]# vi /etc/vsftpd/vsftpd.conf
# 允许匿名用户登录
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=YES
# 允许系统用户登录
# Uncomment this to allow local users to log in.
local_enable=YES
# 允许系统用户写权限用户登录
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# 允许匿名用户上传
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
anon_upload_enable=YES
# 允许匿名用户写权限、其它权限
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# 显示.messages中的自定义信息
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
# 打开日志功能
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
# 修改上传名的权限
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
# 打开日志功能之 定义日志名
# The name of log file when xferlog_enable=YES and xferlog_std_format=YES
# WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
xferlog_file=/var/log/vsftpd.log
# 启动日志标准格式
# Switches between logging into vsftpd_log_file and xferlog_file files.
# NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
# 禁锢部分用户在家目录下(方法一)
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES 定义启用
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list 定义到列表中方可生效
# 禁锢所有用户在家目录下(方法二)
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES # userlist中的用户名控制启用,规则参照下一个命令
userlist_deny=YES # 若=NO白名单,若=YES则为黑名单
tcp_wrappers=YES
[root@test vsftpd]# ls /etc/vsftpd/
chroot_list ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@test vsftpd]# cat user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
[root@test vsftpd]#
二、安装FTP认证登录
FTP中同时有系统读写权限和文件共享读写权限时,FTP帐号才有读写权限;
[root@test ftp]# ls -ld /var/ftp/pub/
drwxr-xr-x 2 root root 4096 May 13 2009 /var/ftp/pub/
[root@test ftp]# ls -ld /var/ftp/
drwxr-xr-x 3 root root 4096 Jan 12 10:48 /var/ftp/
[root@test ftp]# mkdir upload
[root@test ftp]# ls
pub upload
[root@test ftp]# ls -ld /var/ftp/upload/
drwxr-xr-x 2 root root 4096 Jan 12 15:30 /var/ftp/upload/
[root@test ftp]# setfa
setfacl setfattr
[root@test ftp]# setfacl -m u:ftp:rwx /var/ftp/upload/ #新增ftp帐号的所有权限
[root@test ftp]# getfacl /var/ftp/upload/
getfacl: Removing leading '/' from absolute path names
# file: var/ftp/upload
# owner: root
# group: root
user::rwx
user:ftp:rwx
group::r-x
mask::rwx
other::r-x
[root@test ftp]#
[root@test ssl]# pwd
/etc/vsftpd/ssl
[root@test ssl]# ll
total 16
-rw-r--r-- 1 root root 4541 Jan 13 08:48 vsftpd.crt
-rw-r--r-- 1 root root 1005 Jan 13 08:48 vsftpd.csr
-rw------- 1 root root 1675 Jan 13 08:39 vsftpd.key
[root@test ssl]# cd ..
[root@test vsftpd]# ls
chroot_list ftpusers ssl user_list vsftpd.conf vsftpd.conf.bak vsftpd_conf_migrate.sh
[root@test vsftpd]# vi vsftpd.conf
# ssl or tls
ssl_enable=YES
ssl_sslv3=YES
ssl_tlsv1=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key
验证登录:
[root@test vsftpd]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
[root@test vsftpd]# ftp 10.109.131.209
Connected to 10.109.131.209.
220 (vsFTPd 2.0.5)
504 Unknown AUTH type.
504 Unknown AUTH type.
KERBEROS_V4 rejected as an authentication type
Name (10.109.131.209:root): ftp #正常登录
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,109,131,209,46,95)
150 Here comes the directory listing.
drwxr-xr-x 2 0 0 4096 May 13 2009 pub
drwxrwxr-x 3 0 0 4096 Jan 12 08:08 upload
226 Directory send OK.
ftp> bye
221 Goodbye.
[root@test vsftpd]# ftp 10.109.131.209
Connected to 10.109.131.209.
220 (vsFTPd 2.0.5)
504 Unknown AUTH type.
504 Unknown AUTH type.
KERBEROS_V4 rejected as an authentication type
Name (10.109.131.209:root): hadoop #登录失败
530 Non-anonymous sessions must use encryption.
Login failed. #非匿名用户强制使用认证登录
ftp>
ftp> bye
221 Goodbye.
[root@test vsftpd]# ls #版本FileZilla3.2.7
三、mysql认证登录FTP
1.安装pam_mysql
[root@test pki]# rpm -q mysql-devel
mysql-devel-5.0.77-3.el5
[root@test pki]# rpm -q mysql
mysql-5.0.77-3.el5
[root@test ~]# tar xf pam_mysql-0.7RC1.tar.gz
[root@test ~]# cd pam_mysql-0.7RC1
[root@test pam_mysql-0.7RC1]# ./configure --with-mysql=/usr --with-openssl
[root@test pam_mysql-0.7RC1]# make
[root@test pam_mysql-0.7RC1]# make install
make[1]: Entering directory `/root/pam_mysql-0.7RC1'
/bin/sh ./mkinstalldirs /usr/lib/security
/bin/sh ./libtool --mode=install /usr/bin/install -c pam_mysql.la /usr/lib/security/pam_mysql.la
/usr/bin/install -c .libs/pam_mysql.so /usr/lib/security/pam_mysql.so
/usr/bin/install -c .libs/pam_mysql.lai /usr/lib/security/pam_mysql.la
PATH="$PATH:/sbin" ldconfig -n /usr/lib/security
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib/security
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
make[1]: Nothing to be done for `install-data-am'.
make[1]: Leaving directory `/root/pam_mysql-0.7RC1'
[root@test pam_mysql-0.7RC1]# cp /usr/lib/security/pam_mysql.* /lib/security/
2. 连接MYSQL
[root@test ~]# mysql -uroot -p
mysql> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.00 sec)
mysql> use vsftpd;
Database changed
mysql> CREATE TABLE users (
-> id SMALLINT AUTO_INCREMENT NOT NULL,
-> name CHAR(20) BINARY NOT NULL,
-> password CHAR(48) BINARY NOT NULL,
-> PRIMARY key(id) );
Query OK, 0 rows affected (0.01 sec)
mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| id | smallint(6) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
mysql> mysql> desc users;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| id | smallint(6) | NO | PRI | NULL | auto_increment |
| name | char(20) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.00 sec)
mysql> GRANT SELECT ON vsftpd.* TO vsftpd@localhost IDENTIFIED BY 'vsftpd';
Query OK, 0 rows affected (0.00 sec) #设置权限
mysql> GRANT SELECT ON vsftpd.* TO vsftpd@127.0.0.1 IDENTIFIED BY 'vsftpd';
Query OK, 0 rows affected (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> INSERT INTO users (name,password) VALUE ('tom','tom'),('jerry','jerry');
Query OK, 2 rows affected (0.00 sec) #新增两个用户
Records: 2 Duplicates: 0 Warnings: 0
mysql> SELECT * FROM users;
+----+-------+----------+
| id | name | password |
+----+-------+----------+
| 1 | tom | tom |
| 2 | jerry | jerry |
+----+-------+----------+
2 rows in set (0.00 sec)
验证创建的数据是否正确:
[root@test ~]# mysql -uvsftpd -p
Enter password: vsftpd #验证登录
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases; #验证数据库vsftpd
+--------------------+
| Database |
+--------------------+
| information_schema |
| vsftpd |
+--------------------+
2 rows in set (0.01 sec)
mysql> use vsftpd;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables; #验证表users
+------------------+
| Tables_in_vsftpd |
+------------------+
| users |
+------------------+
1 row in set (0.00 sec)
mysql> select * from users; #验证新增用户
+----+-------+----------+
| id | name | password |
+----+-------+----------+
| 1 | tom | tom |
| 2 | jerry | jerry |
+----+-------+----------+
2 rows in set (0.00 sec)
3. 建立pam认证所需文件
[root@test ~]# vi /etc/pam.d/vsftp.mysql
auth required /lib/security/pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=0
account required /lib/security/pam_mysql.so user=vsftpd passwd=123456 host=localhost db=vsftp table=users usercolumn=name passwdcolumn=passwd crypt=0
[root@test ~]# useradd -s /sbin/nologin -d /var/ftproot vuser
[root@test ~]# ls -ld /var/ftproot/
drwx------ 3 vuser vuser 4096 Jan 13 15:55 /var/ftproot/
[root@test ~]# chmod go+rx /var/ftproot/
[root@test ~]# ls -ld /var/ftproot/
drwxr-xr-x 3 vuser vuser 4096 Jan 13 15:55 /var/ftproot/
[root@test ~]# vi /etc/vsftpd/vsftpd.conf
... #红色为修改部分
pam_service_name=vsftpd.mysql
userlist_enable=YES
tcp_wrappers=YES
# ssl or tls
ssl_enable=YES
ssl_sslv3=YES
ssl_tlsv1=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
rsa_cert_file=/etc/vsftpd/ssl/vsftpd.crt
rsa_private_key_file=/etc/vsftpd/ssl/vsftpd.key
guest_enable=YES
guest_username=vuser
[root@test ~]# service vsftpd restart
Shutting down vsftpd: [ OK ]
Starting vsftpd for vsftpd: [ OK ]
待续。。。
转载于:https://blog.51cto.com/wangfx/1892038
Linux应用:FTP相关推荐
- Linux篇---ftp服务器的搭建
一.前述 企业中linux搭建ftp服务器还是很实用的,所以本文针对centoos7和centoos6搭建服务器教程做个总结. 二.具体 1.显示如下图则表示已安装 vsftp软件.如果未显示则需要安 ...
- linux的ftp服务器
2019独角兽企业重金招聘Python工程师标准>>> ftp服务器在网上较为常见,Linux ftp命令的功能是用命令的方式来控制在本地机和远程机之间传送文件,这里详细介绍Linu ...
- linux ftp 团队认证,linux下ftp和ftps以及ftp基于mysql虚拟用户认证服务器的搭建
linux下ftp和ftps以及ftp基于mysql虚拟用户认证服务器的搭建 1.FTP协议:有命令和数据连接两种 命令连接,控制连接:21/tcp 数据连接: 主动模式,运行在20/tcp端口 和 ...
- Linux 部署ftp报530 错误解决方案
Linux 部署ftp报530 错误解决方案 参考文章: (1)Linux 部署ftp报530 错误解决方案 (2)https://www.cnblogs.com/austinspark-jessyl ...
- manjaro 宝塔面板_宝塔Linux面板FTP无法连接的解决办法
导读 这篇文章主要介绍了详解宝塔Linux面板FTP无法连接的解决办法,文章中详细的介绍了FTP无法连接的解决方法,对大家的学习或者工作具有一定的参考学习价值 如果使用的是阿里云服务器,需要在安全组设 ...
- linux打理ftp用户,Linux中如何添加/删除FTP用户并设置权限
在linux中添加ftp用户,并设置相应的权限,操作步骤如下: 1.环境:ftp为vsftp.被设置用户名为test.被限制路径为/home/test 2.创建建用户:在root用户下: userad ...
- Linux下FTP服务器搭建
Linux下FTP服务器搭建 一.FTP介绍 二.环境介绍 三.FTP服务端搭建步骤 1.安装相关软件包 2.启动FTP并检查状态 3.检查服务端口运行状态 4.修改FTP配置文件 5.关闭selin ...
- linux中的ftp是什么意思,什么是linux的ftp
vsftpd是一款在Linux发行版中最受推崇的FTP服务器程序. 特点是小巧轻快,安全易用.并且是一个完全免费开放源码的ftp软件 ftp的作用: FTP(File Transfer Protoco ...
- linux修改ftp锁定目录,解决linux下ftp指定访问目录无法修改的问题
他的系统是CentOS,是RH派系的.我把vsftpd安装配置好了,以为大功告成,但客户端访问提示如下错误: 500 OOPS: cannot change directory:/home/ftp 原 ...
- linux下ftp服务阶段实验(3)
linux下ftp服务阶段实验(3) 3. (1)匿名用户的FTP根目录是/ftp,只能下载,下载速度为100Kbps (2)本地用户hello的FTP根目录为/hello,可以上传下载,家 ...
最新文章
- 江苏省三级偏软考试大纲
- Roger Ver:BCH比BCE更适合机构投资者
- oracle 11g 下载地址
- jira confluence 作用 ppt_有没有一个PPT技巧让自己觉得人生都亮了?
- JavaScript-2.4 改进的Hello程序,使用div,---ShinePans
- [RMQ] [线段树] POJ 3368 Frequent Values
- 漫剪AE插件丨一键分屏VE Super Grid插件
- 代码安全之代码混淆及加固(Android)
- python经济统计_Python商务与经济统计学-方差分析
- 计算机round是什么函数,round函数怎么用例子
- java复制行_Java 复制Word表格中的行或列
- java 6面骰子_java 垒骰子
- iOS获取高德地图实现持续定位功能
- 【java有限状态机选型】
- 我是如何在毕业不久只用1年就升为开发组长的?
- 【146期】面试官问:说一说 RabbitMQ 的几种工作模式和优化建议?
- 机器人企业如何在激流勇进的市场中,深耕落地,突出重围?
- 教师招聘 计算机技能测试,技能测试-计算机(教师招考真题).doc
- 影视后期学哪种计算机语言,小白想入行影视后期,首先要学哪款软件?
- Python回文联(例题)——判断字符串参数是否为回文联