1.安裝ftp服務
1)配置selinux
[root@server ~]# ifconfig ##查看網絡配置
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.25.68.100 netmask 255.255.255.0 broadcast 172.25.254.255
inet6 fe80::5054:ff:fe00:160b prefixlen 64 scopeid 0x20<link>
ether 52:54:00:00:16:0b txqueuelen 1000 (Ethernet)
RX packets 166468 bytes 10465829 (9.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13483 bytes 1238653 (1.1 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@server ~]# vim /etc/sysconfig/selinux ##編輯配置文件
##編輯內容爲:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled ##把enforcing改爲disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@server ~]# getenforce ##查看配置狀況
Enforcing
[root@server ~]# reboot ##重啓
[root@server ~]# getenforce
Disabled
2)安裝ftp服務的客戶端lftp
[root@server yum.repos.d]# cp rhel_dvd.repo my_yum.repo
[root@server yum.repos.d]# vim my_yum.repo ##配置yum源
[root@server yum.repos.d]# yum repolist ##查看配置後獲取到的yum倉庫
Loaded plugins: langpacks
rhel_dvd | 4.1 kB 00:00
(1/2): rhel_dvd/group_gz | 134 kB 00:00
(2/2): rhel_dvd/primary_db | 3.4 MB 00:00
repo id repo name status
rhel_dvd Remote classroom copy of dvd 4,751
repolist: 4,751
[root@server yum.repos.d]# yum install lftp ##安裝lftp
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package lftp.x86_64 0:4.4.8-3.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
lftp x86_64 4.4.8-3.el7 rhel_dvd 749 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 749 k
Installed size: 2.4 M
Is this ok [y/d/N]: y
Downloading packages:
lftp-4.4.8-3.el7.x86_64.rpm | 749 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : lftp-4.4.8-3.el7.x86_64 1/1
Verifying : lftp-4.4.8-3.el7.x86_64 1/1
Installed:
lftp.x86_64 0:4.4.8-3.el7
Complete!
3)安裝ftp服務端vsftpd
[root@server yum.repos.d]# yum install vsftpd.x86_64 ##安裝ftp服務服務端vsftpd
Loaded plugins: langpacks
Resolving Dependencies
--> Running transaction check
---> Package vsftpd.x86_64 0:3.0.2-9.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
vsftpd x86_64 3.0.2-9.el7 rhel_dvd 166 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 166 k
Installed size: 343 k
Is this ok [y/d/N]: y
Downloading packages:
vsftpd-3.0.2-9.el7.x86_64.rpm | 166 kB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : vsftpd-3.0.2-9.el7.x86_64 1/1
Verifying : vsftpd-3.0.2-9.el7.x86_64 1/1
Installed:
vsftpd.x86_64 0:3.0.2-9.el7
Complete!
[root@server yum.repos.d]# systemctl start vsftpd ##開啓ftp服務(防火牆要關閉)
[root@server yum.repos.d]# systemctl status vsftpd
vsftpd.service - Vsftpd ftp daemon
Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; disabled)
Active: active (running) since Tue 2019-01-22 22:26:49 EST; 55s ago
Process: 3422 ExecStart=/usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf (code=exited, status=0/SUCCESS)
Main PID: 3423 (vsftpd)
CGroup: /system.slice/vsftpd.service
├─3423 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
├─3440 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
└─3442 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf
Jan 22 22:26:49 server.westos.com systemd[1]: Started Vsftpd ftp daemon.
4)在真機中測試ftp服務
[kiosk@foundation68 ~]$ rht-vmctl view server ##打開虛擬機圖形化界面
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub ##可以看到文件
lftp 172.25.68.100:/> exit
##在虛擬機的服務端文件夾中建立文件
[root@server var]# cd /var/ftp
[root@server ftp]# ls
pub
[root@server ftp]# mkdir qwert ##在/var/ftp中新建目錄
[root@server ftp]# ls
pub qwert
##再次測試:
[kiosk@foundation22 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxr-xr-x 2 0 0 6 Mar 07 2014 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert ##可以看到目錄可以被獲取到
lftp 172.25.68.100:/> exit
3.ftp服務管理
1)查看配置文件
[root@server ftp]# rpm -qc vsftpd
/etc/logrotate.d/vsftpd
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
2)打開配置文件,配置服務
[root@server ftp]# vim /etc/vsftpd/vsftpd.conf
[root@server ftp]# systemctl restart vsftpd.service
anonymous_enable=YES ##匿名用戶是否可以登陸
local_enable=YES ##本地用戶是否可以登陸
write_enable=YES ##ftp是否對登陸用戶可寫
4. ftp服務報錯解析
#報錯id #錯誤
500 #文件系統權限過大
530 #用戶認證失敗
550 #服務不允許做此功能
553 #本地文件系統權限過小
5.匿名用戶上傳
1)默認權限測試
##配置服務端文件:
[root@server ftp]# vim /etc/vsftpd/vsftpd.conf
19 write_enable=YES ##本地用戶可寫
29 anon_upload_enable=YES ##匿名用戶上傳
##服務端:
[root@server ftp]# systemctl restart vsftpd.service ##重啓服務
[root@server ftp]# chgrp ftp /var/ftp/pub/ ##更改ftp文件的用戶組
[root@server ftp]# chmod 775 /var/ftp/pub/ ##更改用戶組權限
[root@server ftp]# ls -dl /var/ftp/pub/
drwxrwxr-x 2 root ftp 19 Jan 23 00:42 /var/ftp/pub/
##客戶端測試:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
lftp 172.25.68.100:/pub> put /etc/passwd
2243 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> exit
2)收回權限測試
[root@server ftp]# chmod 755 /var/ftp/pub/ ##回收權限後測試
[root@server ftp]# ls -dl /var/ftp/pub/
drwxr-xr-x 2 root ftp 19 Jan 23 00:42 /var/ftp/pub/
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:/> cd pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> put /etc/group
put: Access failed: 553 Could not create file. (group) ##上傳失敗,553:本地文件權限過小
lftp 172.25.68.100:/pub> exit
6.匿名用戶家目錄的修改
[root@server ftp]# mkdir /ftp_westos
[root@server ftp]# cd /ftp_westos/
[root@server ftp_westos]# touch westosfile{1..3}
[root@server ftp_westos]# ls
westosfile1 westosfile2 westosfile3
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
15 anon_root=/ftp_westos ##匿名用戶家目錄修改
[root@server ftp_westos]# systemctl restart vsftpd.service
##客戶端:
##修改前:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 19 Jan 23 05:42 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/> exit
##修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> ls
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile1
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile2
-rw-r--r-- 1 0 0 0 Jan 23 06:15 westosfile3
lftp 172.25.68.100:/> exit
7.匿名用戶上傳文件默認權限修改
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
16 anon_umask=022
[root@server ftp_westos]# systemctl restart vsftpd.service
##客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> put /etc/group
959 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
lftp 172.25.68.100:/pub> exit
8.匿名用戶建立目錄
[root@server ftp_westos]# systemctl restart vsftpd.service
##寫入:
anon_mkdir_write_enable=YES
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
##客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> mkdir test1
mkdir: Access failed: 550 Permission denied. (test1)
lftp 172.25.68.100:/pub> exit
##修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> mkdir test2
mkdir ok, `test2' created
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> exit
9.匿名用戶下載
##匿名用戶下載
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
anon_world_readable_only=NO
[root@server ftp_westos]# systemctl restart vsftpd.service
##客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> get passwd
get: Access failed: 550 Failed to open file. (passwd)
lftp 172.25.68.100:/pub> exit
##修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> get passwd
2243 bytes transferred
lftp 172.25.68.100:/pub> exit
10.匿名用戶刪除
##匿名用戶刪除
[root@server ftp_westos]# vim /etc/vsftpd/vsftpd.conf
anon_other_write_enable=YES
[root@server ftp_westos]# systemctl restart vsftpd.service
##客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 05:42 passwd
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> rm group
rm: Access failed: 550 Permission denied. (group)
lftp 172.25.68.100:/pub> exit
##修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd /pub
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> rm passwd
rm ok, `passwd' removed
lftp 172.25.68.100:/pub> ls
-rw-r--r-- 1 14 50 959 Jan 23 06:20 group
drwx------ 2 14 50 6 Jan 23 06:28 test
drwx------ 2 14 50 6 Jan 23 06:33 test2
lftp 172.25.68.100:/pub> exit
11.匿名用戶使用的身份修改
[root@server pub]# id ftp
uid=14(ftp) gid=50(ftp) groups=50(ftp)
[root@server pub]# id westos
uid=1001(westos) gid=1001(westos) groups=1001(westos)
[root@server pub]# vim /etc/vsftpd/vsftpd.conf
23 chown_uploads=YES
24 chown_username=westos
[root@server pub]# systemctl restart vsftpd.service
##客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> ls
lftp 172.25.68.100:/pub> put /etc/passwd
2243 bytes transferred
lftp172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> exit
##修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> ls
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> put /etc/group
959 bytes transferred
lftp 172.25.68.100:/pub> ls
-rw------- 1 1001 50 959 Jan 23 07:19 group
-rw------- 1 14 50 2243 Jan 23 07:18 passwd
lftp 172.25.68.100:/pub> exit
12.最大上傳速率的設定
##設定最大上傳速率
[root@server pub]# vim /etc/vsftpd/vsftpd.conf
26 anon_max_rate=102400 ##設定爲100K
[root@server pub]# systemctl restart vsftpd.service
[kiosk@foundation68 ~]$ dd if=/dev/zero of=bigfile bs=1M count=500 ##建立一個500M的bigfile大文件
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 0.695862 s, 753 MB/s
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
lftp 172.25.68.100:/pub> put /home/kiosk/bigfile
524288000 bytes transferred in 7 seconds (70.24M/s) ##沒有限制70+M/S
lftp 172.25.68.100:/pub> exit
修改後:
[kiosk@foundation68 ~]$ dd if=/dev/zero of=bigfile1 bs=1M count=10
10+0 records in
10+0 records out
10485760 bytes (10 MB) copied, 0.00562437 s, 1.9 GB/s
[kiosk@foundation68 ~]$ lftp 172.25.68.100
lftp 172.25.68.100:~> cd pub/
cd ok, cwd=/pub
lftp 172.25.68.100:/pub> put /home/kiosk/bigfile1
10485760 bytes transferred in 102 seconds (100.0K/s) ##限制後100K/S
lftp 172.25.68.100:/pub> exit
13.最大連接數的設定
##最大連接數
[root@server pub]# systemctl restart vsftpd.service
max_clients=2
[root@server pub]# vim /etc/vsftpd/vsftpd.conf
客戶端:
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 1
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 2
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 3
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 4
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
修改後:
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 1
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 2
lftp 172.25.68.100:~> ls
drwxrwxr-x 2 0 50 60 Jan 23 07:28 pub
drwxr-xr-x 2 0 0 6 Jan 23 03:32 qwert
lftp 172.25.68.100:/>
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 3
lftp 172.25.68.100:~> ls
`ls' at 0 [Delaying before reconnect: 27]
[kiosk@foundation68 ~]$ lftp 172.25.68.100 ## 4
lftp 172.25.68.100:~> ls
`ls' at 0 [Delaying before reconnect: 29]
##可以看到在限定最大連接數前,4臺主機後可以正常連接
##在限制最大連接數爲2後,只有前兩臺用戶可以正常連接