ftp文件服务安装部署_ftp://192.168.33.123

ftp文件服务

1) ftp文件服务器简介

vsftpd 是“very secure FTP daemon”的缩写，是一个完全免费的、开放源代码的ftp服务器软件。特点 是：非常高的安全性需求、带宽限制、良好的可伸缩性等。

工作原理：

vsftpd使用ftp协议，该协议属于应用层协议。它是典型的c/s架构，ftp服务端用来存储文件，ftp客户端 可以通过ftp协议连接服务端实现上传和下载资源。

ftp使用tcp的21端口进行命令传输，然后用tcp 的20端口进行数据传输（主动模式）。默认是被动模 式。

2) 安装部署

服务端：

[root@node6 ~]# yum install vsftpd -y   #安装服务端

[root@node6 ~]# systemctl start vsftpd   #启动服务

[root@node6 ~]# netstat -tnl           #查看端口

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address           Foreign Address         State      

tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN     

tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     

tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN     

tcp6       0      0 :::111                  :::*                    LISTEN     

tcp6       0      0 :::21                   :::*                    LISTEN     

tcp6       0      0 :::22                   :::*                    LISTEN     

tcp6       0      0 ::1:25                  :::*                    LISTEN     

[root@node6 lib]# cd /var/ftp/         #ftp家目录

[root@node6 ftp]# ll

total 0

drwxr-xr-x. 2 root root 6 Oct 31  2018 pub
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

客户端：

root@localhost yum.repos.d]# yum install ftp lftp -y   #安装客户端 推荐使用lftp

[root@localhost yum.repos.d]# ftp 192.168.136.131     # ftp客户端连接（匿名用户登录，用户名：ftp，且不需要输入密码）

Connected to 192.168.136.131 (192.168.136.131).

220 (vsFTPd 3.0.2)

Name (192.168.136.131:root): ftp

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> ls

227 Entering Passive Mode (192,168,136,131,108,22).

150 Here comes the directory listing.

drwxr-xr-x    2 0        0               6 Oct 30  2018 pub

226 Directory send OK.

ftp> pwd    #查看服务器路径

257 "/"

ftp> !pwd   #查看本地路径

/etc/yum.repos.d
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

lftp登录方式：

92.168.136.131   # lftp客户端连接

lftp 192.168.136.131:~> ls

-rw-r--r--    1 0        0             465 Apr 15 01:47 fstab

drwxr-xrwx    3 0        0             141 Apr 15 03:29 pub

lftp 192.168.136.131:/> lcd /tmp/         #切换本地目录

lcd ok, local cwd=/tmp

lftp 192.168.136.131:/> ls

-rw-r--r--    1 0        0             465 Apr 15 01:47 fstab

drwxr-xrwx    3 0        0             141 Apr 15 03:29 pub

lftp 192.168.136.131:/> get fstab        #下载单个文件

`fstab' at 0 (0%) [Delaying before reconnect: 17]  

465 bytes transferred in 30 seconds (15b/s)        

lftp 192.168.136.131:/> 

lftp 192.168.136.131:/> ls

-rw-r--r--    1 0        0             465 Apr 15 01:47 fstab

drwxr-xrwx    3 0        0             141 Apr 15 03:29 pub

lftp 192.168.136.131:/> cd test         #切换服务器路径

cd ok, cwd=/test

lftp 192.168.136.131:/test> ls

-rw-r--r--    1 0        0               0 Apr 15 09:09 file1

-rw-r--r--    1 0        0               0 Apr 15 09:09 file10

-rw-r--r--    1 0        0               0 Apr 15 09:09 file2

-rw-r--r--    1 0        0               0 Apr 15 09:09 file3

-rw-r--r--    1 0        0               0 Apr 15 09:09 file4

-rw-r--r--    1 0        0               0 Apr 15 09:09 file5

-rw-r--r--    1 0        0               0 Apr 15 09:09 file6

-rw-r--r--    1 0        0               0 Apr 15 09:09 file7

-rw-r--r--    1 0        0               0 Apr 15 09:09 file8

-rw-r--r--    1 0        0               0 Apr 15 09:09 file9

lftp 192.168.136.131:/test> mget file*    #批量下载文件

Total 10 files transferred              

lftp 192.168.136.131:/test>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

默认配置只能进行文件的读取和下载，不能进行写入和上传文件：

lftp 192.168.136.131:/test> mkdir abc

mkdir: Access failed: 550 Permission denied. (abc)

lftp 192.168.136.131:/test> put file1

put: Access failed: 550 Permission denied. (file1)

lftp 192.168.136.131:/test>

可以看到上传命令和创建命令都失败了，没有相应的权限！
1
2
3
4
5
6
7
8
9
10
11

服务端修改配置文件：

[root@node6 test]# vim /etc/vsftpd/vsftpd.conf

\# Example config file /etc/vsftpd/vsftpd.conf

\#

\# The default compiled in settings are fairly paranoid. This sample file

\# loosens things up a bit, to make the ftp daemon more usable.

\# Please see vsftpd.conf.5 for all compiled in defaults.

\#

\# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

\# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

\# capabilities.

\#

\# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

\#

\# Uncomment this to allow local users to log in.

\# When SELinux is enforcing check for SE bool ftp_home_dir

local_enable=YES

\#

\# Uncomment this to enable any form of FTP write command.

write_enable=YES

\#

\# Default umask for local users is 077. You may wish to change this to 022,

\# if your users expect that (022 is used by most other ftpd's)

local_umask=022

\#

\# Uncomment this to allow the anonymous FTP user to upload files. This only

\# has an effect if the above global write enable is activated. Also, you will

\# obviously need to create a directory writable by the FTP user.

\# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access

anon_upload_enable=YES     #add匿名用户上传

\#

\# Uncomment this if you want the anonymous FTP user to be able to create

\# new directories.

anon_mkdir_write_enable=YES   #add匿名用户创建

anon_other_write_enable=YES   #add匿名用户删除

\#

\# Activate directory messages - messages given to remote users when they

 

重启服务，再次进入，发现还是没法创建目录，但是报错信息不一样，如下：

lftp 192.168.136.131:/test> mkdir abc     #创建文件夹失败

mkdir: Access failed: 550 Create directory operation failed. (abc)

lftp 192.168.136.131:/test> put file1      #上传文件失败

put: Access failed: 553 Could not create file. (file1)

lftp 192.168.136.131:/test> lcd

lcd ok, local cwd=/root

这是因为目录没有写权限，给test目录授权，如下：

[root@node6 ftp]# ll

total 4

-rw-r--r--. 1 root root 465 Apr 15 09:47 fstab

drwxr-xrwx. 3 root root 141 Apr 15 11:29 pub

drwxr-xr-x. 2 root root 137 Apr 15 17:09 test

[root@node6 ftp]# chmod o+w test/

[root@node6 ftp]# ll test/ -d

drwxr-xrwx. 2 root root 137 Apr 15 17:09 test/

[root@node6 ftp]#

 

 

lftp 192.168.136.131:/test> mkdir abc   #创建目录

mkdir ok, `abc' created

lftp 192.168.136.131:/test> ls

drwx------    2 14       50              6 Apr 15 09:26 abc

-rw-r--r--    1 0        0               0 Apr 15 09:09 file1

-rw-r--r--    1 0        0               0 Apr 15 09:09 file10

-rw-r--r--    1 0        0               0 Apr 15 09:09 file2

-rw-r--r--    1 0        0               0 Apr 15 09:09 file3

-rw-r--r--    1 0        0               0 Apr 15 09:09 file4

-rw-r--r--    1 0        0               0 Apr 15 09:09 file5

-rw-r--r--    1 0        0               0 Apr 15 09:09 file6

-rw-r--r--    1 0        0               0 Apr 15 09:09 file7

-rw-r--r--    1 0        0               0 Apr 15 09:09 file8

-rw-r--r--    1 0        0               0 Apr 15 09:09 file9

lftp 192.168.136.131:/test> put /etc/fstab   #上传文件

465 bytes transferred

lftp 192.168.136.131:/test> ls

drwx------    2 14       50              6 Apr 15 09:26 abc

-rw-r--r--    1 0        0               0 Apr 15 09:09 file1

-rw-r--r--    1 0        0               0 Apr 15 09:09 file10

-rw-r--r--    1 0        0               0 Apr 15 09:09 file2

-rw-r--r--    1 0        0               0 Apr 15 09:09 file3

-rw-r--r--    1 0        0               0 Apr 15 09:09 file4

-rw-r--r--    1 0        0               0 Apr 15 09:09 file5

-rw-r--r--    1 0        0               0 Apr 15 09:09 file6

-rw-r--r--    1 0        0               0 Apr 15 09:09 file7

-rw-r--r--    1 0        0               0 Apr 15 09:09 file8

-rw-r--r--    1 0        0               0 Apr 15 09:09 file9

-rw-------    1 14       50            465 Apr 15 09:27 fstab

lftp 192.168.136.131:/test>mput /tmp/file*    #批量上传文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

3) 本地用户访问ftp

创建本地用户

[root@localhost ~]# id lutixia

id: lutixia: no such user

[root@localhost ~]# useradd lutixia

[root@localhost ~]# id lutixia

uid=1001(lutixia) gid=1001(lutixia) groups=1001(lutixia)

[root@localhost ~]# cd /home/lutixia/

[root@localhost lutixia]# ll

total 0

[root@localhost lutixia]# echo "lutixia"|passwd --stdin lutixia

Changing password for user lutixia.

passwd: all authentication tokens updated successfully.

[root@localhost lutixia]#
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

修改配置文件，可以设置不让匿名用户登录，只能本地用户登录：

[root@node6 ftp]# vim /etc/vsftpd/vsftpd.conf

\# Example config file /etc/vsftpd/vsftpd.conf

\#

\# The default compiled in settings are fairly paranoid. This sample file

\# loosens things up a bit, to make the ftp daemon more usable.

\# Please see vsftpd.conf.5 for all compiled in defaults.

\#

\# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

\# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

\# capabilities.

\#

\# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=NO

\#

\# Uncomment this to allow local users to log in.

\# When SELinux is enforcing check for SE bool ftp_home_dir

local_enable=YES

\#

\# Uncomment this to enable any form of FTP write command.

write_enable=YES

\#

\# Default umask for local users is 077. You may wish to change this to 022,

\# if your users expect that (022 is used by most other ftpd's)

local_umask=022

\#

\# Uncomment this to allow the anonymous FTP user to upload files. This only

\# has an effect if the above global write enable is activated. Also, you will

\# obviously need to create a directory writable by the FTP user.

\# When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_ftpd_full_access

anon_upload_enable=YES

\#

\# Uncomment this if you want the anonymous FTP user to be able to create

\# new directories.

anon_mkdir_write_enable=YES

anon_other_write_enable=YES

\#

\# Activate directory messages - messages given to remote users when they

\# go into a certain directory.

dirmessage_enable=YES

\#

\# Activate logging of uploads/downloads.

xferlog_enable=YES

\#

\# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

\#

\# If you want, you can arrange for uploaded anonymous files to be owned by

\# a different user. Note! Using "root" for uploaded files is not

\# recommended!

\#chown_uploads=YES

\#chown_username=whoever

\#

\# You may override where the log file goes if you like. The default is shown

\# below.

\#xferlog_file=/var/log/xferlog

\#

\# If you want, you can have your log file in standard ftpd xferlog format.

\# Note that the default log file location is /var/log/xferlog in this case.

xferlog_std_format=YES

\#

\# You may change the default value for timing out an idle session.

\#idle_session_timeout=600

\#

\# You may change the default value for timing out a data connection.

\#data_connection_timeout=120

\#

\# It is recommended that you define on your system a unique user which the

\# ftp server can use as a totally isolated and unprivileged user.

\#nopriv_user=ftpsecure

\#

\# Enable this and the server will recognise asynchronous ABOR requests. Not

\# recommended for security (the code is non-trivial). Not enabling it,

\# however, may confuse older FTP clients.

\#async_abor_enable=YES

\#

\# By default the server will pretend to allow ASCII mode but in fact ignore

\# the request. Turn on the below options to have the server actually do ASCII

\# mangling on files when in ASCII mode. The vsftpd.conf(5) man page explains

\# the behaviour when these options are disabled.

\# Beware that on some FTP servers, ASCII support allows a denial of service

\# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

\# predicted this attack and has always been safe, reporting the size of the

\# raw file.

\# ASCII mangling is a horrible feature of the protocol.

\#ascii_upload_enable=YES

\#ascii_download_enable=YES

\#

\# You may fully customise the login banner string:

\#ftpd_banner=Welcome to blah FTP service.

\#

\# You may specify a file of disallowed anonymous e-mail addresses. Apparently

\# useful for combatting certain DoS attacks.

\#deny_email_enable=YES

\# (default follows)

\#banned_email_file=/etc/vsftpd/banned_emails

\#

\# You may specify an explicit list of local users to chroot() to their home

\# directory. If chroot_local_user is YES, then this list becomes a list of

\# users to NOT chroot().

\# (Warning! chroot'ing can be very dangerous. If using chroot, make sure that

\# the user does not have write access to the top level directory within the

\# chroot)

chroot_local_user=YES

chroot_list_enable=YES

allow_writeable_chroot=YES

\# (default follows)

chroot_list_file=/etc/vsftpd/chroot_list

\#

\# You may activate the "-R" option to the builtin ls. This is disabled by

\# default to avoid remote users being able to cause excessive I/O on large

\# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

\# the presence of the "-R" option, so there is a strong case for enabling it.

\#ls_recurse_enable=YES

\#

\# When "listen" directive is enabled, vsftpd runs in standalone mode and

\# listens on IPv4 sockets. This directive cannot be used in conjunction

\# with the listen_ipv6 directive.

listen=NO

\#

\# This directive enables listening on IPv6 sockets. By default, listening

\# on the IPv6 "any" address (::) will accept connections from both IPv6

\# and IPv4 clients. It is not necessary to listen on *both* IPv4 and IPv6

\# sockets. If you want that (perhaps because you want to listen on specific

\# addresses) then you must run two copies of vsftpd with two configuration

\# files.

\# Make sure, that one of the listen options is commented !!

listen_ipv6=YES

 

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

pasv_enable=YES

port_enable=NO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265

重启服务。然后再次访问：

[root@node6 ftp]# systemctl restart vsftpd      

[root@localhost ~]# lftp 192.168.136.131

lftp 192.168.136.131:~> ls

`ls' at 0 [Sending commands...] 
1
2
3
4
5
6
7

上面这个登录，表示匿名用户已经无法登录了。

[root@localhost ~]# lftp lutixia:lutixia@192.168.136.131

lftp lutixia@192.168.136.131:~> ls

lftp lutixia@192.168.136.131:/> lcd  

lcd ok, local cwd=/root

 
1
2
3
4
5
6
7
8
9

然后用本地用户登录，就ok了。