参考文章:https://www.waitig.com/linux-or-centos-install-vsftpd-and-setup-it.html

步骤概括如下:

安装:yum install vsftpd

操作: service vsftpd start|stop|restart

配置部分(重点):

1. 为了系统安全,一般会建立一个ftp用户,此用户不能登陆系统,且只能访问自己主目录下的文件。

useradd  -d  /var/ftp/test     -g ftp -s   /sbin/nologin    ftpuser

其中,-d命令是指定用户主目录,-g是指定用户分组,-s /sbin/nologin 是禁止用户登陆系统,最后ftpuser是本次新建用户的用户名。

然后设置密码:passwd fptuser

2.  配置用户可登陆名单,并将新建用户添加进入ftp可登陆名单中。

配置用户名单的方式是:打开配置文件,找到如下两行行,去掉其注释符号。

chroot_list_enable=YES

# (default follows)

chroot_list_file=/etc/vsftpd/chroot_list

这样就定义了一个用户名单,只有名单中的用户可以登陆系统。

3. 创建这个/etc/vsftpd/chroot_list   文件,将可以访问的用户名   ftpuser  添加进去。然后重启ftp服务即可。

操作解释:

-d  /var/ftp/test   ----------------------------------    远程机器访问这台ftp服务器的根目录,文件列表与这个目录一致。

useradd/passwd   --------------------------------- 本地的用户名和密码

/etc/vsftpd/chroot_list   ---------------------------  将本地用户名XX作为ftp用户名

ftp及scp命令的使用

参考文章:http://www.cnblogs.com/weafer/archive/2011/06/13/2079509.html

ftp :

1.  ftp 192.168.26.66

2. 输入用户名和密码

3.get  下载

格式:get [remote-file] [local-file]
  将文件从远端主机中传送至本地主机中.

注意:文件都下载到了linux主机的当前目录下。比如,在 /root/yint下运行的ftp命令,则文件都下载到了/root/yint 下。

4.put  上传

格式: put local-file [remote-file]

注意:上传文件都来自于主机的当前目录下。比如,在 /root/test下运行的ftp命令,则只有在/root/test下的文件linux才会 上传到服务器e:\rose 下。

scp:

scp是安全的文件拷贝,基于ssh的登录

假定你想把本地计算机/home下的一个名为a.tar.tz的文件拷贝到远程服务器192.168.0.2上的/home/tmp。而且你在远程服务器 上的帐号名为root。可以用这个命令:
scp /home/a.tar.tz root@192.168.0.2:/home/tmp/

----------------------------------------------------------

附录: (参考链接:http://www.linuxsv.org/training/l23_linux_ftp.html)

FTP File Transfer Protocol allows file transfer between hosts on a network without having to login on a standard shell directly on the remote host. The file transfer is done using a standard set of simple commands without encryption, so it must be used only in a not hostile environment. Features like 'scp' that uses ssh protocol for encrypted file transfer can be used to file transfers on a hostile environment like Internet.

FTP Server

In order to configure a host as a FTP server the package vsftp must be installed, configured through /etc/vsftpd/vsftpd.conf and configured to be started at boot.

# yum install vsftpd

# chkconfig vsftpd on

# /etc/init.d/vsftpd start

/etc/vsftpd/vsftpd.conf

This is the main configuration file and specifies the
way that the FTP server runs. The most important parameters that can be
configured are the following :

anonymous_enable=YES

It allows FTP transfer using the anonymous user with password anonymous.

local_enable=YES

Local accounts are valid FTP accounts.

write_enable=YES

Enables write operations on FTP.

#anon_upload_enable=YES

It allows anonymous user to upload files. By default this line is
commented so the anonymous user by default con not upload files to the
FTP server.

#chroot_list_enable=YES

With chroot_local_user=YES you can configure users who are logged
on FTP server to be confined in to their home directory on the FTP
server. Disabled by default.

pam_service_name=vsftpd

Configures Pluggable Authentication Modules (PAM) security for FTP.

userlist_enable=YES

Keeps users such as root and system user listed on
/etc/vsftpd/user_list from logging into the FTP server. It must be
activated always !!!

tcp_wrappers=YES

Supports the use of security commands in /etc/hosts.allow and /etc/hosts.deny through tcpwrappers

FTP Security

Firewall

The FTP server listen on port 21 TCP so it must be open on the firewall .

-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

In the case of FTP server is also required to load the nat
iptable module that keep track all FTP connections and allows it. This
configuration is applied on /etc/sysconfig/iptables-config file :

IPTABLES_MODULES="nf_conntrack_ftp"-->/etc/sysconfig/iptables-config

# /etc/init.d/iptables restart

SElinux

There are five directives associated with making FTP server work with SELinux in targeted mode:

# setsebool -P allow_ftpd_full_access 1

If this parameter is enabled ftpd will run on a SElinux context without any restriction.

# setsebool -P allow_ftpd_anon_write 1

Supports the writing of files to directories configured with the public_content_rw_t SELinux setting.

# setsebool -P allow_ftpd_use_cifs 1

Allows the use of files shared via CIFS on an FTP server.

# setsebool -P allow_ftpd_use_nfs 1

Allows the use of files shared via NFS on an FTP server.

# setsebool -P ftp_home_directory 1

Supports FTP read/write access to user home directories.

In addition any directory that is going to be used on read-write
FTP operations it must be labelled as 'public_content_rw_t' SElinux
attribute in order to work correctly in SElinux targered mode .

# chcon -R -t public_content_rw_t /var/pub/ftp

FTP anonymous server

In this section we are going to configure a FTP
server on rhel6 server and only allow anonymous login. Only downloading
data from FTP server must be allowed files, uploading must be forbidden.

# cat /etc/vsftpd/vsftp.conf | grep -v ^#

anonymous_enable=YES

local_enable=NO

write_enable=NO

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_std_format=YES

listen=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

Configure the firewall as defined on 'FTP Security'. If
SElinux is running on targered mode the easy way applied in this case is
give full access to the ftpd daemon on SElinux context :

# setsebool -P allow_ftpd_full_access 1

Lets create a file on the root of the ftp directory /var/ftp/pub. This file will be downloaded by anonymous user.

# dd if=/dev/null of=/var/ftp/pub/file bs=1024 count=1000

And finally restart the ftp service. Make sure the service starts correctly watching logs on /var/log/messages.

# /etc/init.d/vsftpd restart

From another host login to the FTP server on rhel6 as anonymous
user using the FTP client 'lftp'. Download file created previously and
verify that uploading is forbidden.

node01> lftp 192.168.1.10

lftp 192.168.1.10:~> cd pub

cd ok, cwd=/pub

lftp 192.168.1.10:/pub> ls

-rw-r--r-- 1 0 0 10240000 Feb 22 20:36 file

lftp 192.168.1.10:/pub> get file

10240000 bytes transferred

By default the FTP client 'lftp' login as anonymous. From there
file has been downloaded correctly. Lets try to download a file :

lftp 192.168.1.10:/pub> put anaconda-ks.cfg

put: Access failed: 550 Permission denied. (anaconda-ks.cfg)

Uploads are not allowed.

lftp 192.168.1.10:/> cd /var

cd: Access failed: 550 Failed to change directory. (/var)

Navigate outside the FTP server is not allowed.

Try to login as other user as anonymous and verify that only anonymous logins are permitted.

node01> lftp -u john

Password:

lftp john@:~> ls

ls: Not connected

The same is we try as root and other users ... only anonymous logins are allowed.

FTP non-anonymous server

In this case we are going to configure an FTP server
on rhel6 that must only allow logins to all system users less the listed
on /etc/vsftpd/user_list . Download/upload must be allowed for these
users.

cat /etc/vsftpd/vsftpd.conf | grep -v ^#

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_std_format=YES

listen=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

Configure the firewall as defined on 'FTP Security'. In this case we are going to configure ftpd to run on SElinux environment. This is not the easy way as in previous example :

# setsebool -P allow_ftpd_full_access 0

# setsebool -P allow_ftpd_anon_write 1

# setsebool -P allow_ftpd_use_cifs 1

# setsebool -P allow_ftpd_use_nfs 1

# setsebool -P ftp_home_dir 1

Lets create a file on 'john' /home dir of the ftp directory /home/john. This file will be downloaded by user john.

# cp /var/ftp/pub/file /home/john

# chown john:john /home/john/file

And finally restart the ftp service. Make sure the service starts correctly watching logs on /var/log/messages.

# /etc/init.d/vsftpd restart

From another host login to the FTP server on rhel6 as 'john'
user using the FTP client 'lftp'. Download file created previously and
verify that uploading is allowed on john /home.

node01> lftp -u john 192.168.1.10

Password:

lftp john@192.168.1.10:~> ls

-rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file

lftp john@192.168.1.10:~> get file

10240000 bytes transferred

lftp john@192.168.1.10:~> put install.log

21820 bytes transferred

lftp john@192.168.1.10:~> ls

-rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file

-rw-r--r-- 1 1001 1001 21820 Feb 23 20:06 install.log

lftp john@192.168.1.10:~> cd /var

lftp john@192.168.1.10:/var>

As can be seen 'john' user can download/upload files on
/home/john through FTP. But 'john' still has access to directories
outside his home, on Lab1 we will configure the FTP server to chroot users onto his home directory.

Users listed on /etc/vsftpd/user_list are not allowed to login on FTP server :

node01> lftp -u root 192.168.1.10

Password:
lftp root@192.168.1.10:~> dir

`ls' at 0 [Delaying before reconnect: 20]

...

FTP Client

As has been seen in previous sections the lftp RPM can be used as FTP Client.

# yum install lftp

In order to login as user 'john' on FTP server 192.168.1.10 :

lftp -u john 192.168.1.10

Password:

lftp john@192.168.1.10:~>

If no user is specified the FTP login is done using the anonymous user.

In order to execute a remote command on the FTP server as 'ls' :

lftp john@192.168.1.10:~> ls

-rw-r--r-- 1 1001 1001 10240000 Feb 22 22:08 file

-rw-r--r-- 1 1001 1001 21820 Feb 23 20:06 install.log

In order to execute a local command on the FTP client as 'ls' :

lftp john@192.168.1.10:~> ! ls

file install.log install.log.syslog test

To download a file from FTP server use 'get' command :

lftp john@192.168.1.10:~> get file

10240000 bytes transferred

To upload a file from FTP client to the FTP server use 'put' command :

lftp john@192.168.1.10:~> put install.log

21820 bytes transferred

More info on 'man lftp'.

Questions

1.- By default FTP data transfer is encrypted (true/false).

2.- FTP protocol can be used to transfer files between Linux, Unix and Microsoft Windows S.O. (true/false).

3.- In order to get working an FTP server through a firewall the only action required is open 21/TCP port (true/false).

4.- Which configuration parameter on file
/etc/vsftpd/vsftpd.conf must be configured in order to allow anonymous
login on the FTP server?.

5.- Which configuration parameter on file
/etc/vsftpd/vsftpd.conf must be configured in order disable local logins
on the FTP server?.

6.- Which configuration parameter on file
/etc/vsftpd/vsftpd.conf must be configured in order disable logins from
users listed in /etc/vsftpd/vsftpd.conf on the FTP server?.

7.- Which command can be used in order to disable SElinux protection to the ftpd service?.

8.- Which command can be used in order to give
SElinux access to users logged through FTP client on their home
directories on the FTP server?.

9.- Which command can be used in order to connect to the FTP server using anonymous account?.

A - lftp 192.168.1.10
B - lftp -u anonymous 192.168.1.10
C - Both of them
D - None of them

10.- Which configuration parameter on
/etc/vsftpd/vsftpd.conf makes that the only users listed on
/etc/vsftpd/user_list are allowed to connect to the FTP server ?.

A - userlist_deny=YES
B - userlist_deny=NO
C - /etc/export
D - /etc/fstab

Linux搭建ftp服务器简单教程及使用方法的更多相关文章

  1. 使用Linux搭建FTP服务器实现文件共享

    使用Linux搭建FTP服务器实现文件共享... ---------------- Linux中的文件共享:FTPVSFTPDVSFTPD虚拟用户 FTP可以用在Linux与Linux 和Window ...

  2. Linux启动ftp服务器530 Permission denied解决方法(已试,行)

    Linux启动ftp服务器530 Permission denied解决方法重新在虚拟机下安装了linux.现在我想启动linux自带的ftp服务器:#service  vsftpd  start . ...

  3. Linux 搭建FTP服务器

    介绍 本章主要介绍在Linux中搭建FTP服务器的过程,需要掌握的要点是配置文件的合理配置. 知识点 在linux中使用的FTP是vsftp FTP可以有三种登入方式分别是: 匿名登录方式:不需要用户 ...

  4. Linux搭建SVN服务器详细教程

    前言 本文讲解Linux系统下如何搭建SVN服务器,详细说明各配置项的功能,最终实现可管控多个项目的复杂配置. SVN是subversion的缩写,是一个开放源代码的版本控制系统,通过采用分支管理系统 ...

  5. centos6.3搭建FTP服务器图文教程

    今天下午不忙,没什么事,看到我大红盟linux版块如此冷清,心不能忍,做了个FTP服务器的搭建教程,大家可以看看, 不会做视频,就图文交叉了,写得不好,望谅解.以后有时间再出一个LNMP的教程. 不磨 ...

  6. Linux搭建FTP服务器

    一.搭建环境 阿里云 CentOS 7.3 64位 二.FTP协议基础知识 2.1 简介 FTP 是 File Transfer Protocol(文件传输协议)的英文简称,而中文简称为"文 ...

  7. Linux搭建FTP服务器实战

    首先准备一台Linux系统机器(虚拟机也可), 检测出是否安装了vsftpd软件: rpm -qa |grep vsftpd 如果没有输出结果,就是没有安装. 使用命令安装,安装过程中会有提示,直接输 ...

  8. linux搭建FTP服务器并整合Nginx

    操作系统:Centos7 1.1.服务器配置 # 关闭SELINUX,把SELINUX=enforcing改为SELINUX=disabled,reboot重启服务器生效 vim /etc/sysco ...

  9. Linux篇---ftp服务器的搭建

    一.前述 企业中linux搭建ftp服务器还是很实用的,所以本文针对centoos7和centoos6搭建服务器教程做个总结. 二.具体 1.显示如下图则表示已安装 vsftp软件.如果未显示则需要安 ...

随机推荐

  1. Git 简要教程

    Git是一个管理系统,管理版本,管理内容(CMS),管理工作等. Git主要还是一个开源的分布式版本控制系统,用于敏捷高效地处理任何或小或大的项目. 工作流程是这样的: 克隆 Git 资源作为工作目录 ...

  2. C++——函数

    C++基础函数 (一)函数的参数传递 在没有调用函数之前,函数的形参并没有占据实际的空间. 1.值传递 传入的仅仅只是一个值--就是把实参的值赋给形参.形参自己会在内存中开辟一个空间! 2.传引用 这 ...

  3. JSON跨域读取那点事(JSONP跨域访问)

    最近在码一个小项目,需要远程读取json.因为需求很少,如果引用jquery使用其getjson方法就显得很浪费嘛= = 这篇文章很详细的解释了JSON跨域读取的前世今生,把原理讲得很透彻.特此分享. ...

  4. 陌上花开 HYSBZ - 3262 (CDQ分治)

    陌上花开 HYSBZ - 3262 有n朵花,每朵花有三个属性:花形(s).颜色(c).气味(m),用三个整数表示. 现在要对每朵花评级,一朵花的级别是它拥有的美丽能超过的花的数量. 定义一朵花A比另 ...

  5. The Preliminary Contest for ICPC Asia Nanjing 2019 B. super_log (广义欧拉降幂)

    In Complexity theory, some functions are nearly O(1)O(1), but it is greater then O(1)O(1). For examp ...

  6. 通过SSH解压缩.tar.gz、.gz、.zip文件的方法

    一般在linux下,常用的压缩格式有如下几个: .tar.gz..gz..zip 解压 .tar.gz 文件命令: tar -zxvf xxx.tar.gz 解压 .gz 文件命令: gunzip x ...

  7. 【ZJOI 2016】旅行者

    题意 http://uoj.ac/problem/184 题解 大概是神题. 网格图上跑最短路有一个经典的优化方式:分治分组跑最短路. 对于这道题,设矩形长为 \(n\),宽为 \(m\),则对 \( ...

  8. Linux命令行——scp命令

     原创声明:本文系博主原创文章,转载或引用请注明出处. scp 一般格式: scp [option] src dst 1. src和dst格式为: [user@]host:/path/to/file ...

  9. git撤销pull命令

    1.运行git reflog命令查看你的历史变更记录 2.然后用git reset --hard HEAD@{n},(n是你要回退到的引用位置)回退. 比如上图可运行 git reset --hard ...

  10. loj2718 「NOI2018」归程[Kruskal重构树+最短路]

    关于Kruskal重构树可以翻阅本人的最小生成树笔记. 这题明显裸的Kruskal重构树. 然后这题限制$\le p$的边不能走,实际上就是要满足走最小边权最大的瓶颈路,于是跑最大生成树,构建Krus ...