A brief analysis of vsftpd service configuration in Linux (anonymous, user, virtual user)

A brief analysis of vsftpd service configuration in Linux (anonymous, user, virtual user)

vsftpd Overview

vsftpd is the abbreviation of "very secure FTP daemon", and security is one of its biggest features. vsftpd is the name of a server running on a UNIX-like operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc. It is a completely free, open source ftp server software that supports many features that other FTP servers do not support.

Features

Very high security requirements, bandwidth restrictions, good scalability, ability to create virtual users, support for IPv6, high speed

Small and light, safe and easy to use.

The difference between ftp, sftp, vsftp and vsftpd

FTP is the abbreviation of File Transfer Protocol, which is a set of standard protocols for transferring files on the Internet, using the client/server model. It belongs to the application layer of the network transmission protocol.

sftp is the abbreviation of SSH File Transfer Protocol, a secure file transfer protocol;

vsftp is an ftp server software used on Unix-like systems based on the GPL. Its full name is Very Secure FTP. As the name suggests, the original intention of the compiler is the security of the code.

vsftpd is the abbreviation of very secure FTP daemon. Security is one of its biggest features. vsftpd is the name of a server running on a UNIX-like operating system. It can run on systems such as Linux, BSD, Solaris, HP-UNIX, etc. It is a completely free, open source ftp server software;

1. Anonymous user logs in to ftp (the file is in /var/ftp)

1. Install vsftpd service

[root@localhost ~]# yum install vsftpd -y ##Install service[root@localhost ~]# cd /etc/vsftpd/ ##This directory is the configuration file directory[root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@localhost vsftpd]# systemctl start vsftpd ##Start vsftpd service[root@localhost vsftpd]# systemctl stop firewalld.service ##Close the firewall[root@localhost vsftpd]# setenforce 0 ##Close the enhanced function[root@localhost vsftpd]# ls /var/ftp/ ##Switch to the ftp directory pub
[root@localhost vsftpd]# echo "this is test" > /var/ftp/test.txt ##Add a text file

2. Use the test machine cmd to access the vsftpd service (cmd connects to ftp) and download files

C:\Users\xy007>ftp 192.168.13.140 ##Access the ftp service and connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): ftp ##Anonymous access 331 Please specify the password.
password: 
##Password without carriage return 230 Login successful.
ftp> pwd ##View the current path 257 "/" ##Root directory of ftp service ftp> ls -a ##View the contents of the directory 200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
.
..
pub
test.txt ##File in the server 226 Directory send OK.
ftp: received 25 bytes in 0.00 sec 25000.00 kb/sec.
ftp> get test.txt ##Download the file to the local computer (download to the disk you access, you can switch disks to download e:)
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for test.txt (13 bytes).
226 Transfer complete.
ftp: received 13 bytes in 0.00 sec 13000.00 kb/sec.
ftp> put test1.txt ##Create a test1.txt in the C drive and upload it to Linux 200 PORT command successful. Consider using PASV.
550 Permission denied. ##This is the configuration of the vsftpd service in Linux with restricted permissions (anonymous, user, virtual user)

3. Modify the vsftpd configuration file to enable the maximum permissions for anonymous access

[root@localhost ftp]# cd /etc/vsftpd/
[root@localhost vsftpd]# vim vsftpd.conf
##Find and enable the following options in the configuration file anonymous_enable=YES ##Enable anonymous users local_enable=YES ##Local users write_enable=YES ##Write permission local_umask=022 ##Local user reverse mask anon_upload_enable=YES ##Upload permission enabled anon_mkdir_write_enable=YES ##Enable directory creation and write access anon_other_write_enable=YES ##Add an other rename and delete permission [root@localhost vsftpd]# systemctl restart vsftpd ##Restart the service [root@localhost vsftpd]# cd /var/ftp/ ##Switch to the ftp directory [root@localhost ftp]# ls
pub test.txt
[root@localhost ftp]# ls -l
Total dosage 4
drwxr-xr-x. 2 root root 6 Oct 31 2018 pub
-rw-r--r--. 1 root root 13 November 5 19:14 test.txt
[root@localhost ftp]# chmod 777 pub ##Give the pub directory the maximum permissions. Note that you cannot directly give the ftp directory the maximum permissions.

4. Use the test machine cmd to access ftp and upload local files to Linux

C:\Users\xy007>ftp 192.168.13.140 ##Access the ftp service and connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User(192.168.13.140:(none)): ftp
331 Please specify the password.
password:
230 Login successful.
ftp> cd pub/ ##Switch to the pub directory 250 Directory successfully changed.
ftp> put test1.txt ##Upload file 200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp: sent 13 bytes in 0.03 s 0.41 kb/s.
ftp> by ##Exit 221 Goodbye.
##You can also use delete to delete files

5. View uploaded files

[root@localhost ftp]# cd /var/ftp/pub ##Switch to the pub directory [root@localhost pub]# ls ##View the uploaded file test1.txt

Second, use the local user to log in to ftp (the file is in the home directory)

Prevent local users from accessing system directories and limit access to user home directories only

1. Create a system user

[root@localhost pub]# useradd zhangsan ##Create a user and set the user password [root@localhost pub]# passwd zhangsan
[root@localhost pub]# useradd lisi ##Create a user and set the user password [root@localhost pub]# passwd lisi

2. Use cmd on the test machine to log in to ftp using the user

C:\Users\xy007>ftp 192.168.13.140 ##Log in to the ftp service and connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): zhangsan ##Use local user 331 Please specify the password.
password:
230 Login successful.
ftp> ls / ##View the directory files under user/ and go directly to the system root directory 200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
/bin
/boot
/dev
/etc
/home
/lib
/lib64
/media
/mnt
/opt
/proc
/root
/run
/sbin
/srv
/sys
/tmp
/usr
/var
226 Directory send OK.
ftp: received 126 bytes in 0.02 sec 7.88 kb/sec.

3. Prevent local users from accessing system directories and limit access to user home directories only

[root@localhost pub]# vim /etc/vsftpd/vsftpd.conf ##Modify the configuration file chroot_local_user=YES ##Enable the module to restrict local access to system directories allow_writeable_chroot=YES ##Add write permissions [root@localhost pub]# systemctl restart vsftpd ##Restart the service

4. Test machine cmd access

C:\Users\xy007>ftp 192.168.13.140 ##Access ftp
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): zhangsan ##User zhangsan
331 Please specify the password.
password:
230 Login successful.
ftp> cd / ##Switch to the system root directory 250 Directory successfully changed.
ftp> ls ## Check and find that it is still in the user's home directory. Other directories of the system cannot be accessed, which enhances security. 200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
226 Directory send OK.
Set to allow or deny specified users to access ftp
1. Set user-list (deny by default) to allow or deny specific users to log in to FTP
[root@localhost pub]# cd /etc/vsftpd/ ##Switch to the vsftpd configuration file directory [root@localhost vsftpd]# vim vsftpd.conf

userlist_enable=YES ##Confirm that user-list is enabled [root@localhost vsftpd]# ls
ftpusers user_list vsftpd.conf vsftpd_conf_migrate.sh
[root@localhost vsftpd]# echo "zhangsan" >> user-list ##Add user zhangsan to the list [root@localhost vsftpd]# systemctl restart vsftpd ##Restart service 2 and test it with the test machine cmd C:\Users\xy007>ftp 192.168.13.140
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): zhangsan ##Log in using zhangsan 530 Permission denied.
Login failed. ##Directly refuse to log in to ftp>

3. Set the list to allow only

[root@localhost ftp]# cd /etc/vsftpd/
[root@localhost vsftpd]# vim vsftpd.conf ##Configure vsftpd configuration file userlist_enable=YES
userlist_deny=NO ##Add list to allow [root@localhost vsftpd]# systemctl restart vsftpd ##Restart service

4. Test machine cmd test

C:\Users\xy007>ftp 192.168.13.140
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): zhangsan ##Use zhangsan to log in to 331. Please specify the password.
password:
230 Login successful. ##Login successful ftp> by
221 Goodbye.

C:\Users\xy007>ftp 192.168.13.140
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): lisi ##Log in using lisi 530 Permission denied.
Login failed. ##Login failed

3. Create a virtual user account using ftp (the file is in the system user vuser's home directory)

1. Create a virtual user file

[root@localhost vsftpd]# cd /etc/vsftpd/ ##Switch to the configuration file directory [root@localhost vsftpd]# vim vuser ##Create a virtual user file lisa ##Odd-numbered user name 123123 ##Even-numbered password tom
123123

2. Convert database files and set security permissions

[root@localhost vsftpd]# db_load -T -t hash -f vuser vuser.db ##Convert vuser to a database file ##T conversion, t type, f specified file [root@localhost vsftpd]# chmod 600 vuser ##For security reasons, do not let others see it, set permissions [root@localhost vsftpd]# chmod 600 vuser.db

3. Edit the pam authentication module to support virtual user login

[root@localhost vsftpd]# useradd -d /opt/vuser -s /sbin/nologin vuser 
##Create a system user, specify the home directory, and cannot log in [root@localhost vsftpd]# vim /etc/pam.d/vsftpd.vu ##Compile the pam authentication module auth required pam_userdb.so db=/etc/vsftpd/vuser ##Identify the converted database file account required pam_userdb.so db=/etc/vsftpd/vuser ##Connect to the password service

4. Enable virtual users and use pam module to authenticate login

[root@localhost vsftpd]# vim vsftpd.conf ##Modify the configuration file##The big G goes to the last line#pam_service_name=vsftpd ##Comment##Add the following three lines guest_enable=YES ##Enable guest user access guest_username=vuser ##Use the vuser username pam_service_name=vsftpd.vu ##pam module [root@localhost vsftpd]# systemctl restart vsftpd ##Restart the service

5. Test machine cmd test

C:\Users\xy007>ftp 192.168.13.140
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): tom ##Login using virtual user tom 331 Please specify the password.
password:
230 Login successful.
ftp> put test1.txt ##Upload a file 200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp: sent 13 bytes in 0.00 sec 13000.00 kb/sec.
##The permission to view the file is 600
[root@localhost vsftpd]# ls -l /opt/vuser/
Total dosage 4
-rw------. 1 vuser vuser 13 November 5 22:51 test1.txt

6. Individual user configuration, specify the permissions for uploading files 644

[root@localhost vsftpd]# vim vsftpd.conf 
##Add user_config_dir=/etc/vsftpd/vu_dir to the last line of the big G ##Individual user configuration folder [root@localhost vsftpd]# mkdir vu_dir ##Create a folder [root@localhost vsftpd]# cd vu_dir/
[root@localhost vu_dir]# vim lisa ##Create a user profile in the configuration folder anon_umask=022 ##Specify permissions for uploaded files [root@localhost vu_dir]# systemctl restart vsftpd ##Restart the service

7. Log in to the test machine cmd as user lisa and check the upload file permissions

C:\Users\xy007>ftp 192.168.13.140
Connect to 192.168.13.140.
220 (vsFTPd 3.0.2)
200 Always in UTF8 mode.
User (192.168.13.140:(none)): lisa ##Login to 331 using lisa. Please specify the password.
password:
230 Login successful.
ftp> put 111.txt ##Upload file 200 PORT command successful. Consider using PASV.
150 Ok to send data.
226 Transfer complete.
ftp: sent 13 bytes in 0.00 sec 13000.00 kb/sec.

[root@localhost vu_dir]# ls -l /opt/vuser/ ##View the total usage of uploaded file permissions 8
-rw-r--r--. 1 vuser vuser 13 November 5 22:58 111.txt ##lisa upload file permissions 644
-rw------. 1 vuser vuser 13 November 5 22:51 test1.txt ##tom uploads file permissions 600

Summarize

The above is the vsftpd service configuration (anonymous, user, virtual user) in Linux introduced by the editor. I hope it will be helpful to everyone. If you have any questions, please leave me a message and the editor will reply to you in time. I would also like to thank everyone for their support of the 123WORDPRESS.COM website!
If you find this article helpful, please feel free to reprint it and please indicate the source. Thank you!

You may also be interested in:
  • LINUX Centos7 build vsftpd service
  • Detailed steps for installing and configuring vsftpd under Linux (recommended)
  • Building an image server on Linux platform using nginx and vsftpd
  • Compile and install vsftpd server on Linux (local user authentication method)
  • Some questions about vsftpd under Linux server
  • Tutorial on installing and configuring Nginx on Linux server
  • Linux CentOS server installation and initial configuration tutorial
  • Steps to configure the mongodb environment in Linux server

<<:  Axios cancel request and avoid duplicate requests

>>:  MySQL 8.0.15 installation and configuration method graphic tutorial

Recommend

HTML multimedia application: inserting flash animation and music into web pages

1. Application of multimedia in HTML_falsh animat...

How to decrypt Linux version information

Displaying and interpreting information about you...

The meaning of the 5 types of spaces in HTML

HTML provides five space entities with different ...

Win10 configuration tomcat environment variables tutorial diagram

Before configuration, we need to do the following...

Sample code for implementing PC resolution adaptation in Vue

Table of contents plan Install Dependencies Intro...

How to allow remote connection in MySql

How to allow remote connection in MySql To achiev...

Software Testing - MySQL (VI: Database Functions)

1.MySQL functions 1. Mathematical functions PI() ...

How to uninstall MySQL 8.0 version under Linux

1. Shut down MySQL [root@localhost /]# service my...

vue3.0+echarts realizes three-dimensional column chart

Preface: Vue3.0 implements echarts three-dimensio...

How to handle concurrent updates of MySQL data

Will UPDATE lock? Will the SQL statement be locke...

Detailed explanation of MySQL to obtain statistical data for each day and each hour of a certain period of time

Get daily statistics When doing a project, you ne...

How to use Docker containers to implement proxy forwarding and data backup

Preface When we deploy applications to servers as...

Java uses Apache.POI to export HSSFWorkbook to Excel

Use HSSFWorkbook in Apache.POI to export to Excel...

Sharing of experience on repairing MySQL innodb exceptions

A set of MySQL libraries for testing. The previou...

How to pass W3C validation?

In addition to setting regulations for various ta...