Linux Engineer Study Notes Practice 10: FTP Server

FTP using TCP protocol
21-port transmission control information
20-port data
Authentication information transmission used expressly
Anonymous anonymous users
binary mode of transfer procedures, photographs, and other binary file
ascii text file舆mode
Install vsftpd
1. Download the source code vsftpd-2.0.5.tar.gz
2. Compile the source code, can refer to the help file INSTALL
# tar zxvf vsftpd-2.0.5.tar.gz
# cd vsftpd-2.0.5
# make
# make install
3. The installation configuration file
# cp vsftpd.conf / etc
# cp RedHat / vsftpd.pam / etc / pam.d / ftp
4. Edit configuration file / etc / vsftpd.conf
5. To start the server
# / usr / local / sbin / vsftpd &

Configuration file
listen = YES servers operate independently
The default server configuration file, does not allow other users to log on, can only log in anonymous, anonymous log in need to build / var / ftp directory
finger user information to view tool
confirm whether there is any finger ftp this ftp user

Anonymous users can log on, it is necessary to create a ftp user and / var / ftp directory
# mkdir / var / ftp
# chown root.root / var / ftp
# chmod og-w / var / ftp
In order to boot automatically vsftpd in / etc / rc.local add / usr / local / sbin / vsftpd &
# netstat-tnl view of local service has been activated
vsftpd can be run in two ways
To allow independent operation of vsftpd, xinetd way to close
# chkconfig vsftpd off
vsftpd configuration file
anonymous_enabled = YES # Allow anonymous login
local_enable = YES # Allow local user login
write_enable = YES # Allow client to write
local_umask = 022 # local user umask value of new documents
anon_upload_enable = YES # Allow anonymous users to upload files
anon_mkdir_write_enable = YES # Allow anonymous users to create directory
dirmessage_enable = YES # Allow the use of directory information
ftpd_banner = Welcome to redhat # Login Welcome Message
ls_recure_enable = YES # Allow client to use the command ls-R
listen = YES # monitor mode
Modify configuration files, restart vsftpd service
# killall -9 vsftpd forced termination
# / usr / local / sbin / vsftpd & Start
# id redhat Show redhat user information (group id, group-owned)
# mkdir / var / ftp / incoming # for anonymous users upload incoming directory
# chgrp ftp incoming
# chmod g + w incoming

chroot environment (the user can not change the home directory, home directory can not view other directory, you can hide the location of the main directory)
/ etc / vsftpd.conf:
chroot_list_enable = YES
chroot_list_file = / etc / vsftpd.chroot_list
If the chroot_local_user = YES, the local all users into a chroot environment, its default value is NO.

/ etc / vsftpd.chroot_list: (lock the main directory of the user list)
redhat
chiaitlab

# killall-HUP vsftpd

User control
# vi / etc / vsftpd.conf Add
userlist_enable = YES Enable user list
userlist_file = / etc / ftpusers file location definition of the user list
userlist_deny = YES refused user list
List = NO only allows the user login
To achieve the same effect above, but also can modify / etc / pam.d / vsftpd file. For refusal to list the default user:
auth required / lib / security / pam_listfile.so item = user sense = deny file = / etc / ftpusers onerr = succeed
Deny if the above can be changed to allow the user to allow the list.
# vi / etc / ftpusers
Edit the user list will be added to the user control into a user and his
# ldd vsftpd show dependent shared libraries
By default the compiler does not support PAM module is installed by ldd / usr / sbin / vsftpd see depends on whether the libpam.so.0, if there is evidence support PAM.

RPM is installed through the CD-ROM (second)
# rpm-ivh vsftpd-2.0.4-1.2.i386.rpm
Configuration file and the user list in the / etc / vsftpd directory
pam service name / etc / pam.d / vsftpd
vsftpd in / usr / sbin / vsftpd
refused ftp default user id 500 The following registry

Virtual Account
DB Library for storage by the user and password, look at whether there is a corresponding system package
# rpm-qa | grep db4
db4-devel third set
db4 first disc
db4-utils first four plate

1. Users.txt to build a virtual account
tom
123
jack
123
Each user and his password
# db_load-T-t hash-f users.txt / etc / vsftpd / vsftpd_login.db
# chmod 600 / etc / vsftpd / vsftpd_login.db
2. Modify / etc / pam.d / vsftpd to increase (the other commented out)
auth required pam_userdb.so db = / etc / vsftpd / vsftpd_login
account required pam_userdb.so db = / etc / vsftpd / vsftpd_login
3. To build a virtual account number directory
# useradd vuser
!! Note that the compiler is installed vsftpd, the first check whether the installation of the pam-devel (FC5 disk in section 4), otherwise the definition of a compiler option pam, but still can not use pam services, to determine what is best to use ldd
4. Edit / etc / vsftpd / vsftpd.conf
anonymous_enable = NO
local_enable = YES
write_enable = YES
anon_upload_enable = NO
anon_mkdir_write_enable = NO
anon_other_write_enable = NO
guest_enable = YES
guest_username = vuser

Proftpd
# tar jxvf proftpd-1.2.9.tar.gz2
# cd proftpd-1.2.9
#. / configure with the system to generate the configuration file
# make to compile the source code compiled into a binary file
# make install
# / usr / local / sbin / proftpd
Configuration files: / etc / local / etc / proftpd.conf

vi to use skills:
yy Copy current line
p paste
/ Search
n Find Next
Find and Find Next with the use of
shift + D in the current line to delete all characters after the cursor

# netstat-tnlp show the process and the ID

Grub settings for passwords, modify or prevent users from editing the Grub boot menu
# grub-md5-crypt generates a md5 encrypted string
# grub-md5-crypt>> / etc / grub.conf
# vi / etc / grub.conf
password - md5 $ 1 # 123abckdfj343k $ 1 # 123abckdfj343k above encrypted string generated
So at boot time, it is necessary to guide the menu editor must enter a password, in the guide menu, add s, can be single-user mode.

find /-perm -002 Find files with permissions of other people permission to write files, 0 users, groups, regardless of
find /-perm +6000 to find documents, regardless of user, group other, as long as the authority contained in 6 (read and write) that meet the requirements.
- That the authority must have a bit of
+ That the authority may or may not include spaces