部署ftp文件分享服務
*************部署ftp文件分享服務***************
00000000配置實驗環境0000000000
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /root/diskpass
[root@localhost ~]# chmod 600 /root/diskpass
[root@localhost ~]# ll /root
total 16
-rw-------. 1 root root 8619 5月 6 2014 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 4月 22 21:15 Desktop
-rw-------. 1 root root 9 4月 22 21:41 diskpass
drwxr-xr-x. 2 root root 6 4月 22 21:15 Documents
drwxr-xr-x. 2 root root 6 4月 22 21:15 Downloads
drwxr-xr-x. 2 root root 6 4月 22 21:15 Music
drwxr-xr-x. 2 root root 6 4月 22 21:15 Pictures
drwxr-xr-x. 2 root root 6 4月 22 21:15 Public
drwxr-xr-x. 2 root root 6 4月 22 21:15 Templates
drwxr-xr-x. 2 root root 6 4月 22 21:15 Videos
[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass
Enter any passphrase:
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# reboot
Connection to 172.25.254.140 closed by remote host.
Connection to 172.25.254.140 closed.
[root@localhost ~]# yum search ftp
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: ftp ===============================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
vsftpd.x86_64 : Very Secure Ftp Daemon
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install vsftpd.x86_64 ##安裝ftp服務
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl enable firewalld
[root@localhost ~]# firewall-cmd --list-all ##查看火牆狀態
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##永久地允許ftp服務訪問
success
[root@localhost ~]# firewall-cmd --reload ##重新加載火牆信息
success
[root@localhost ~]# systemctl start vsftpd
*************ftp服務調試******************
1111111匿名用戶可登陸111111111
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
anonymous_enable=NO ##不允許匿名用戶登陸
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp 172.25.254.140:~> ls
Interrupt ##登錄失敗
2222222本地用戶可登陸22222222
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
local_enable=NO ##不允許本地用戶登陸
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp 172.25.254.140:~> ls
Interrupt ##登錄失敗
333333本地用戶可寫入333333333
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
write_enable=NO ##不允許本地用戶寫入
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
[root@localhost ~]# touch /home/student/file ##
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp [email protected]:~> ls
-rw-r--r-- 1 0 0 0 Apr 23 02:38 file
lftp [email protected]:~> rm -r file
rm: Access failed: 550 Permission denied. (file) ##服務本身拒絕此操作
44444444上傳控制44444444
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
29 anon_upload_enable=YES ##用戶可以上傳(去掉註釋)
33 anon_mkdir_write_enable=YES ##用戶可創建目錄(去掉註釋)
34 anon_other_write_enable=YES ##用戶可刪除,重命名等(加上此條)
35 anon_world_readable_only=NO ##用戶不是隻讀權限【可下載】(加上此條)
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140
lftp 172.25.254.140:/> cd /pub
cd ok, cwd=/pub
lftp 172.25.254.140:/pub> mkdir test
mkdir ok, `test' created
lftp 172.25.254.140:/pub> ls
-rw------- 1 14 50 2367 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:11 test
lftp 172.25.254.140:/pub> get passwd
2367 bytes transferred
lftp 172.25.254.140:/pub> rm -r test
rm ok, `test' removed
55555555修改上傳文件權限55555555
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chown_uploads=YES ##允許修改上傳文件權限
chown_username=student ##設置上傳文件所有人爲student
chown_upload_mode=0644 ##設置上傳文件權限爲644
anon_umask=022
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
lftp 172.25.254.140:/pub> put /etc/group
993 bytes transferred
lftp 172.25.254.140:/pub> ls
-rw-r--r-- 1 1000 50 993 Apr 23 03:28 group ##student用戶uid爲1000
-rw------- 1 1000 50 2367 Apr 23 03:24 passwd
666666666上傳文件速率控制666666666
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
anon_max_rate=102400 ##設置上傳速率最大爲100M
[root@foundation40 ~]# dd if=/dev/zero of=/mnt/bigfile bs=1024 count=10000
10000+0 records in
10000+0 records out
10240000 bytes (10 MB) copied, 0.0135613 s, 755 MB/s ##真機裏截取大文件準備測試上傳速率
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
lftp 172.25.254.140:/pub> put /mnt/bigfile ##上傳大文件測試速率
777777限制本地用戶在自己家目錄中777777
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
——————————開啓黑名單————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##寫入用戶名不可切換到根目錄
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
——————————開啓白名單————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##寫入用戶名可切換到根目錄
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
88888888888限制本地用戶登錄888888888888
[root@localhost ~]# vim /etc/vsftpd/ftpusers ##永久黑名單,凡是被寫入的用戶,無論什麼情況下都不能登陸ftp
[root@localhost ~]# vim /etc/vsftpd/user_list ##臨時黑名單(有可能轉化成白名單)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
userlist_deny=no ##加上此句,將/etc/vsftpd/user_list轉化成白名單(當白名單與黑名單同時出現某用戶時,則永久黑名單生效)
00000000配置實驗環境0000000000
[root@localhost mnt]# vim /etc/crypttab
[root@localhost mnt]# vim /root/diskpass
[root@localhost ~]# chmod 600 /root/diskpass
[root@localhost ~]# ll /root
total 16
-rw-------. 1 root root 8619 5月 6 2014 anaconda-ks.cfg
drwxr-xr-x. 2 root root 6 4月 22 21:15 Desktop
-rw-------. 1 root root 9 4月 22 21:41 diskpass
drwxr-xr-x. 2 root root 6 4月 22 21:15 Documents
drwxr-xr-x. 2 root root 6 4月 22 21:15 Downloads
drwxr-xr-x. 2 root root 6 4月 22 21:15 Music
drwxr-xr-x. 2 root root 6 4月 22 21:15 Pictures
drwxr-xr-x. 2 root root 6 4月 22 21:15 Public
drwxr-xr-x. 2 root root 6 4月 22 21:15 Templates
drwxr-xr-x. 2 root root 6 4月 22 21:15 Videos
[root@localhost ~]# cryptsetup luksAddKey /dev/vdb1 /root/diskpass
Enter any passphrase:
[root@localhost ~]# vim /etc/fstab
[root@localhost ~]# reboot
Connection to 172.25.254.140 closed by remote host.
Connection to 172.25.254.140 closed.
[root@localhost ~]# yum search ftp
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
=============================== N/S matched: ftp ===============================
ftp.x86_64 : The standard UNIX FTP (File Transfer Protocol) client
tftp.x86_64 : The client for the Trivial File Transfer Protocol (TFTP)
tftp-server.x86_64 : The server for the Trivial File Transfer Protocol (TFTP)
vsftpd.x86_64 : Very Secure Ftp Daemon
curl.x86_64 : A utility for getting files from remote servers (FTP, HTTP, and
: others)
lftp.i686 : A sophisticated file transfer program
lftp.x86_64 : A sophisticated file transfer program
wget.x86_64 : A utility for retrieving files using the HTTP or FTP protocols
Name and summary matches only, use "search all" for everything.
[root@localhost ~]# yum install vsftpd.x86_64 ##安裝ftp服務
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl enable firewalld
[root@localhost ~]# firewall-cmd --list-all ##查看火牆狀態
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@localhost ~]# firewall-cmd --permanent --add-service=ftp ##永久地允許ftp服務訪問
success
[root@localhost ~]# firewall-cmd --reload ##重新加載火牆信息
success
[root@localhost ~]# systemctl start vsftpd
*************ftp服務調試******************
1111111匿名用戶可登陸111111111
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
anonymous_enable=NO ##不允許匿名用戶登陸
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp 172.25.254.140:~> ls
Interrupt ##登錄失敗
2222222本地用戶可登陸22222222
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
local_enable=NO ##不允許本地用戶登陸
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp 172.25.254.140:~> ls
Interrupt ##登錄失敗
333333本地用戶可寫入333333333
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf ##編輯配置文件
write_enable=NO ##不允許本地用戶寫入
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
[root@localhost ~]# touch /home/student/file ##
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140 ##用ftp登陸服務器(能顯示服務器內容纔算登陸成功)
lftp [email protected]:~> ls
-rw-r--r-- 1 0 0 0 Apr 23 02:38 file
lftp [email protected]:~> rm -r file
rm: Access failed: 550 Permission denied. (file) ##服務本身拒絕此操作
44444444上傳控制44444444
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
29 anon_upload_enable=YES ##用戶可以上傳(去掉註釋)
33 anon_mkdir_write_enable=YES ##用戶可創建目錄(去掉註釋)
34 anon_other_write_enable=YES ##用戶可刪除,重命名等(加上此條)
35 anon_world_readable_only=NO ##用戶不是隻讀權限【可下載】(加上此條)
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
[kiosk@foundation40 Desktop]$ lftp 172.25.254.140
lftp 172.25.254.140:/> cd /pub
cd ok, cwd=/pub
lftp 172.25.254.140:/pub> mkdir test
mkdir ok, `test' created
lftp 172.25.254.140:/pub> ls
-rw------- 1 14 50 2367 Apr 23 03:00 passwd
drwx------ 2 14 50 6 Apr 23 03:11 test
lftp 172.25.254.140:/pub> get passwd
2367 bytes transferred
lftp 172.25.254.140:/pub> rm -r test
rm ok, `test' removed
55555555修改上傳文件權限55555555
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chown_uploads=YES ##允許修改上傳文件權限
chown_username=student ##設置上傳文件所有人爲student
chown_upload_mode=0644 ##設置上傳文件權限爲644
anon_umask=022
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
lftp 172.25.254.140:/pub> put /etc/group
993 bytes transferred
lftp 172.25.254.140:/pub> ls
-rw-r--r-- 1 1000 50 993 Apr 23 03:28 group ##student用戶uid爲1000
-rw------- 1 1000 50 2367 Apr 23 03:24 passwd
666666666上傳文件速率控制666666666
****服務端******
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
anon_max_rate=102400 ##設置上傳速率最大爲100M
[root@foundation40 ~]# dd if=/dev/zero of=/mnt/bigfile bs=1024 count=10000
10000+0 records in
10000+0 records out
10240000 bytes (10 MB) copied, 0.0135613 s, 755 MB/s ##真機裏截取大文件準備測試上傳速率
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
****客戶端******
lftp 172.25.254.140:/pub> put /mnt/bigfile ##上傳大文件測試速率
777777限制本地用戶在自己家目錄中777777
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
[root@localhost ~]# chmod u-w /home/*
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
——————————開啓黑名單————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##寫入用戶名不可切換到根目錄
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
——————————開啓白名單————————————
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
[root@localhost ~]# vim /etc/vsftpd/chroot_list
##寫入用戶名可切換到根目錄
[root@localhost ~]# systemctl restart vsftpd.service ##重啓服務
88888888888限制本地用戶登錄888888888888
[root@localhost ~]# vim /etc/vsftpd/ftpusers ##永久黑名單,凡是被寫入的用戶,無論什麼情況下都不能登陸ftp
[root@localhost ~]# vim /etc/vsftpd/user_list ##臨時黑名單(有可能轉化成白名單)
[root@localhost ~]# vim /etc/vsftpd/vsftpd.conf
userlist_deny=no ##加上此句,將/etc/vsftpd/user_list轉化成白名單(當白名單與黑名單同時出現某用戶時,則永久黑名單生效)
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.