web123456

Linux transferring files using FTP service

catalogs

I. FTP Protocol

Introduction to the protocol

File transfer process

Second, the Linux system configuration FTP protocol to achieve file transfer

Example 1: Anonymous user

Example 2: Local user access

Expansion modifies the configuration:


One,FTP protocol

Introduction to the protocol

Like most Internet services, FTP is a c/s architecture. A user connects to a remote host on a remote computer through a client program that supports the FTP protocol.FTP serverProgram. The user issues commands to the server program through the client program, and the server program executes the commands issued by the user and returns the results of the execution to the client. For example, if the user issues a command asking the server to deliver a copy of a particular file to the user, the server responds to the command by delivering the specified file to the user's machine. The client program receives this file on behalf of the user and stores it in the user directory.

File transfer process

By default, FTP servers use TCP protocol ports 20 and 21 to communicate with clients.

  • Port 20 is used to establish a data connection and transfer file data.

  • Port 21 is used to establish a control connection and transmit FTP control commands.

Two modes of FTP file transfer

active mode

  • The client first establishes theTCPgrout

  • The client first sends an FTP control command to the server

  • The server actively sends data from port 20 to the client

imgcompiler

passive mode

  • The client first establishes theTCP connection

  • The client first sends an FTP control command to the server

  • The server waits for the client to open a port connection before transferring data to the client through the port

imgcompiler

Two,LinuxSystem configuration of FTP protocol for file transfer

Example 1: Anonymous user

1. First install the ftp software on your Linux system, find the configuration file and backup it.

  1. /install vsftpd
  2. [root@localhost ~]#yum install -y vsftpd
  3. // Backup configuration file
  4. [root@localhost ~]#cd /etc/vsftpd
  5. [root@localhost vsftpd]#ls
  6. ftpusers user_list vsftpd_conf_migrate.sh
  7. [root@localhost vsftpd]#cp

2. Modify the configuration file to enable anonymous users to access the ftp service (maximum privileges).

Interpretation of key modification fields

anonymous_enable=YES Enable anonymous user access (enabled by default)
write_enable=YES Open write access to the server (must be turned on if you want to upload, it's turned on by default)
anon_umansk=022 Setting the permission mask (backmask) for data uploaded by anonymous users
anon_upload_enable=YES Allow anonymous users to upload files (commented by default, needs to be uncommented)
anon_mkdir_write_enable=YES Allow anonymous users to create (upload) directories (commented by default, needs to be uncommented)
anon_other_write_enable=YES Allow deletion, renaming, overwriting, etc. (needs to be added)
  1. //Modify the configuration file, labeled here with line numbers to show only the key configured fields
  2. [root@localhost vsftpd]#vim /etc/vsftpd/
  3. 12 anonymous_enable=YES -- enable anonymous user access (enabled by default)
  4. 13 #
  5. 14 # Uncomment this to allow local users to log in.
  6. 15 # When SELinux is enforcing check for SE bool ftp_home_dir
  7. 16 local_enable=YES
  8. 17 #
  9. 18 # Uncomment this to enable any form of FTP write command.
  10. 19 write_enable=YES --Open the server's write permissions (must be enabled if you want to upload, enabled by default)
  11. 20 #
  12. 21 # Default umask for local users is 077. You may wish to change this to 022,
  13. 22 # if your users expect that (022 is used by most other ftpd's)
  14. 23 local_umask=022
  15. 24 anon_umask=022 --Sets the permission mask (backmask) for data uploaded by anonymous users.
  16. 25 #
  17. 26 # Uncomment this to allow the anonymous FTP user to upload files. This only
  18. 27 # has an effect if the above global write enable is activated. Also, you wil   l
  19. 28 # obviously need to create a directory writable by the FTP user.
  20. 29 # When SELinux is enforcing check for SE bool allow_ftpd_anon_write, allow_f   tpd_full_access
  21. 30 anon_upload_enable=YES --Allow anonymous users to upload files (commented by default, needs to be uncommented)
  22. 31 #
  23. 32 # Uncomment this if you want the anonymous FTP user to be able to create
  24. 33 # new directories.
  25. 34 anon_mkdir_write_enable=YES --Allow anonymous users to create (upload) directories (commented by default, need to uncomment)
  26. 35 anon_other_write_enable=YES --Delete, rename, overwrite, etc. allowed (needs to be added)

3. Give the anonymous user directory the highest privileges, turn off the firewall and selinux, turn on the service and test it.

The default directory for anonymous users to access the ftp server is /var/ftp, this directory comes with a pub directory that can be used for transferring files (you can also create your own), and you need to grant permissions in order to transfer files.

  1. [root@localhost vsftpd]#cd /var/ftp/
  2. [root@localhost ftp]#ls
  3. pub
  4. [root@localhost ftp]#chmod 777 pub
  5. [root@localhost ftp]#systemctl stop firewalld
  6. [root@localhost ftp]#setenforce 0
  7. [root@localhost ftp]#systemctl start vsftpd
  8. [root@localhost ftp]#ss -nltp |grep ftp
  9. LISTEN     0     32       [::]:21                   [::]:*                   users:(("vsftpd",pid=59399,fd=4))

4. In the ftp server and windows client test directory to create a new file for testing.

linux system ftp server: switch to pub directory, new ftptest file

[root@localhost ~]#cd /var/ftp/pub/ 
[root@localhost pub]#touch ftptest

windowsClient: create a new Test folder on the desktop, create a hello file

imgcompiler

5. Use the windows client to test access to the last configuration of the FTP server to complete the file transfer to each other.

imgcompiler

After typing get ftptest, the server-side ftptest is retrieved from the folder

imgcompiler

After typing put, the server gets the file

imgcompiler

Example 2: Local user access

Set local users to authenticate access to ftp and disable switching to directories other than ftp (the default root directory for client login is the local user's home directory)

1. Installation and other operations (same as example 1)

2. Modify the configuration file

Interpretation of key modification fields

local_enable=YES Enable local users (enabled by default)
anonymous_enable=NO Disable anonymous user access (modification required)
write_enable=YES Open write access to the server (must be turned on if you want to upload, it's turned on by default)
local_umask=077 Allows you to set only the host user (i.e., the local user accessing the ftp server) to have permissions (anti-masking) on the files being uploaded (needs to be modified)
chroot_local_user=YES Barring access to the user's host directory (for security, prohibits switching to other directories, needs to be added)
allow_writeable_chroot=YES Allow restricted user home directories to have write permissions (needs to be added)
  1. //Modify the configuration file, labeled here with line numbers to show only the key configured fields
  2. [root@localhost ~]#vim /etc/vsftpd/
  3. 12 anonymous_enable=NO --Disable anonymous user access
  4. 13 #
  5. 14 # Uncomment this to allow local users to log in.
  6. 15 # When SELinux is enforcing check for SE bool ftp_home_dir
  7. 16 local_enable=YES --enable local users
  8. 17 #
  9. 18 # Uncomment this to enable any form of FTP write command.
  10. 19 write_enable=YES --Open the server's write permissions (must be enabled if you want to upload, enabled by default)
  11. 20 chroot_local_user=YES --Barring access to the user's host directory (for security, prohibits switching to other directories, need to add)
  12. 21 allow_writeable_chroot=YES -- Allow restricted user home directories to have write permissions (needs to be added)
  13. 22 #
  14. 23 # Default umask for local users is 077. You may wish to change this to 022,
  15. 24 # if your users expect that (022 is used by most other ftpd's)
  16. 25 local_umask=077 -- allows you to set only the host user (i.e., the local user accessing the ftp server) to have permissions (backmask) on the files being uploaded (needs to be changed)

3. Restart the service to make the modified configuration take effect, and turn off the firewall and selinux (which was turned off in Example 1).

[root@localhost ~]#systemctl restart vsftpd

4. Create a new local user zhangsan and create a file in its home directory for testing client access through the local user.

  1. [root@localhost ~]#useradd zhangsan
  2. [root@localhost ~]#passwd zhangsan
  3. Change the password for user zhangsan.
  4. New password:
  5. Re-enter the new password:
  6. passwd: All authentication tokens have been successfully updated.
  7. [root@localhost ~]#cd /home/zhangsan
  8. [root@localhost zhangsan]#touch localtest
  9. [root@localhost zhangsan]#ls
  10. localtest

Client-side local user access for file transfer

imgcompiler

After typing get localtest, the localtest file in zhangsan's home directory is retrieved from the folder

imgcompiler

After typing put, the server gets the file in zhangsan's home directory.

imgcompiler

Expansion modifies the configuration:

Modify the default root directory for anonymous and local user logins anon_root=/var/... /... anon_root for anonymous users local_root=/var/... /... local_root for system users

Restricting ftp access to users using the user_list user list file vim /etc/vsftpd/user_list Add username (e.g. zhangsan)

userlist_enable=YES set blacklist, do not allow users in user_list user list file to access userlist_deny=NO set whitelist, only allow users in user_list user list file to access

(default YES, blacklisted, disabled)