In numerous network applications, FTP (File Transfer Porotocol has a very important status. A very important resource in the Internet is software resources. Most of the various software resources are placed in the FTP server. It can be said that FTP and Web services occupy more than 80% of the entire Internet application.
The FTP service can be divided into two categories according to the different service objects: one is the system FTP server, which only allows legitimate users on the system; the other is anonymous FTP server, Anonymous FTP Server, which can be logged in with anyone The FTP server gets the file.
First, select and install the FTP server software
If you choose "ftpd" when you install the Linux system, after you select the "ftpd", after installing the Linux system, it has been installed in the system in the system. We can use it to implement the function of the system FTP server. We only need to make some personalized settings based on our needs on this basis.
In the vast majority of Linux release, Washingtonunanceity FTP is WashingtonUniversity FTP, which is a well-known FTP server software, generally referred to as WU-FTP. It is powerful and can operate well in many UNIX operating systems, such as IBM AIX, FreeBSD, HP-UX, Nextstep, Dynix, Sunos, Solaris, etc. So the FTP server on the Internet, which uses more than half of it. WU-FTP has many powerful features that are very suitable for the management requirements of the FTP server with large throughput:
1) You can automatically perform automatic compression or decompression operations for files while downloading files;
2) You can do different access restrictions on machines on different networks;
3) You can record file upload and download time;
4) You can display information when transferring, so that users can make timely understand current transmission dynamics;
5) You can set the maximum number of connections, improve efficiency, effectively controlled the load.
Second, the composition of WU-FTP
After installing the Wu-ftp, you will see the following five executables in the / bin directory:
FTPD FTP server program
FTPSHUT is used to turn off the FTP server program
ftpcount shows current online number
FTPWHO View the connection between the FTP server
CKCONFIG Checks if the setting of the FTP server is correct
In addition to these executables, it also generates seven profiles in / etc and / var directory:
/ ETC / FTPUSERS
/ etc / ftpaccess
/VAR/Run/ftp.pids
/ etc / ftpconversions
/ var / log / xferlog
/ etc / ftpgroups
/ etc / ftphosts
After the WU-FTP is installed, a special user FTP will be established, and an FTPD directory is established in the / home directory. When the user is logged in anonymous, it will be automatically positioned in this directory. Several subdirectories are generally created in this directory.
/ home / ftpd / bin stores some executables for FTP users
/ HOME / FTPD / ETC stores configuration files for FTP users
/ home / ftpd / pub store information
/ home / ftpd / incoming space for loading information
Third, WU-FTP configuration
1. View, modify the /etc/inetd.conf file
The /etc/inetd.conf file is the Profile of the Linux system's super server inetd. It is responsible for listening to multiple TCP / IP ports. When it receives the request, a corresponding server is derived according to the configuration file. By using super servers, other services can be derived only when they need it, thereby greatly saving system resources. The WU-FTP is to listen to the request by using the ultra-presser server inetd. When the super server inetd receives the client's FTP request, open an FTP service process according to the configuration file. So if we want to use Wu-ftp, you must confirm that in the super server inetd configuration file inetd.conf has such a sentence: ftp stream tcp noait root / usr / sbin / tcpd wu.ftpd
To derive a WU-FTP FTP service process when the super server receives the FTP request. (Note: To confirm if there is such a line, you can use the file content lookup command to confirm:
CAT /ETC/INETD.CONF | GREP FTP
If not, use manual join or manually modified.
2. WU-ftpd command option
Wu-ftpd is the WU-FTP service process. It can be executed without parameters or with parameters. Let's take a brief introduction to the execution parameters of the WU-FTPD.
-d When the FTP server is wrong, the error is incorrect into the system's syslog;
-l The syslog of each FTP client is connected;
-t Set the FTP client connection to cut off the connection in a few minutes;
-a makes WU-FTP to use / etc / ftpAccess settings;
-A makes WU-FTP do not use / etc / ftpAccess settings;
-L Record the program executed after the FTP client is connected to the system's syslog;
-I to record the log record of the FTP client in the /usr/adm.xferlog file;
-o Record the log of the FTP client download file in the / usr / adm / xferlog file.
Through understanding of the above parameters, we recommend that the default configuration when installing the above system is changed to:
FTP Stream TCP NOWAIT ROOT / USR / SBIN / TCPD Wu.ftpd -a -i
3. Provide automatic compression and decompression
If you want the FTP server to automatically compress and decompress, you must copy some compressed, uncompressed command files such as TAR, Gzip, Gunzip, Compress, uncompress, and other command files to the / home / ftpd / bin directory.
4. About / ETC / FTPACCESS settings
This configuration file is the most important configuration file on the FTP server. It is directly related to whether your FTP server works normally, and there are many permissions. Here is a typical configuration example.
Loginfails 3
Class Local Real *
Class Remote Anonymous Guest *
Limit Remote 100 any /etc/ftpd/toomany.msg
Message /etc/ftpd/welcome.msg login
Compress Yes Local Remote
Tar Yes Local Remote
Private Yes
Passwd-check rfc822 warn
Log Commands Real
Log Transfer Anonymous Guest Inbound Outbound
Log Transfer Real Inbound
Shutdown /etc/ftpd/shut.msg
Delete no anonymous, guest
Overwrite no anonymous, guest
Rename no anonymous
Chmod no anonymous, guest
umask no anonymousupload / home / ftpd * no
Upload / home / ftpd / bin no
Upload / Home / FTPD / ETC NO
Upload / Home / FTPD / PUB YES REAL 0644 DIRS
Upload / home / ftpd / incoming Yes Real guest anonymous 0644 DIRS
Alias in / incoming
Email Guest@xxx.net
Email Guest@yyy.net
Deny * .com.tw /etc/ftpd/deny.msg
Let's explain in scrollete and give each set of settings so that you can touch the class bypass to make a reasonable setting according to the specific situation of your FTP server.
1. Format: Loginfails [number of times]
Function: Set the number of times the user is allowed when the user logs in to the FTP server.
Example: Loginfails 3: Cut the connection three times in the password input error.
2. Format: Class [Class Name] [Real / Guest / Anonymous] [IP Address]
Function: The function of this instruction sets the category of the user on the FTP server. The IP address of the client can be restricted, allowing a part of the IP address or all IP address access. And users on the FTP server can basically be divided into the following three categories:
REAL has a user who has a legal account in the FTP server;
Guest has a recorded anonymous user;
Anonymous permission is the lowest anonymous user
Example: Class Local Real *: Defines a class named Local that contains REAL users who log in anywhere (* represent all IP addresses).
Class Remote Anonymous Guest *: Defines a class called Remote, which contains an Anonymous user and guest users logged in anywhere.
3. Format: Limit [Category] [Number] [Time] [File Name]
Function: The function of this instruction is the specified number of people allowed to connect to the category specified within the specified time. When reaching the upper limit, the contents of the specified file are displayed.
Example: Limit Remote 100 Any /etc/ftpd/toomany.msg: When the Upon access user of the Remote class, the new connection will no longer be generated when the 101st customer is to connect, connect Will fail, and like the content of the user presentation file /etc/ftpd/toomany.msg.
4. Format: Message [file name] [instruction]
Function: When the user performs the specified instruction, the system displays the specified file content.
Example: Message /etc/ftpd/welcome.msg login: When the user performs the login command, the system will display the contents of the file /etc/ftpd/welcome.msg on the FTP server.
5. Format: compress [yes / no] [Category]
Function: Set which category user can use the Compress function.
Example: Compress Yes Local Remote: Allows LOCAL and REMOTE two categories of users to use Compresss.
6. Format: TAR [YES / NO] [Category]
Function: Set which category user can use the TAR (archive) function.
Example: TAR YES LOCAL Remote: Allows LOCAL and REMOTE two types of users to use TAR functions.
7. Format: private [yes / no]
Function: Set whether or not to support the group's use of files.
Example: Private YES: Supports a group of files to files.
8. Format: Passwd-Check [None / Trivial / RFC822] [Enforce / Warn]
Function: Set the password usage of anonymous user anonymous.
None means that no password verification, any password can be logged in;
Trival means that you can log in as long as the password is entered.
RFC822 indicates that the password must comply with the E-mail format specified in RFC822 to log in;
Enfore means that the input password does not meet the above specified formats is not allowed to log in;
WARN indicates that only warning information does not meet the regulations, and can still be logged in.
Example: Passwd-Check RFC822 WARN: I hope to get the specified E-mail as a password, but if not, login is also allowed.
9. Format: log command [Real / Guest / Anonymous]
Function: Set which users log in to the operation record in File / USR / ADM / XFerLog.
Example: Log Command REAL: After the REAL user is logged in, record his operation. Since other user privileges are low, the operation does not cause too much security hazard, so it is generally only necessary to write that the REAL user is operated.
10. Format: log transces [real / guest / anonymous] [inbound / outbound]
Function: Set which users' uploads (INBOUND) and download (Outbound) operations are logged.
Example: Log Transfer Anonymous Guest Inbound Outbound: For anonymous users to pay more attention to their file operations, no matter whether it is uploaded, downloads are recorded.
Log Transfer Real Inbound: Only his upload record is logged for legal users.
11. Format: shutdown [file name]
Function: The FTP server off time can be set in the file specified later, when the setting time is arriving, you cannot log in to the FTP server. If you want to recover, you can delete this file. This file must be generated by the instruction / bin / ftpshut.
Example: Shutdown /etc/ftpd/shut.msg
12. Format: Delete [Yes / no] [Real / Anonymous / Guest]
Function: Set whether to allow the specified user to delete the file using the delete command. It is allowed by default.
Example: Delete No Anonymous, Guest: In order to better manage the FTP server, in general, we do not allow an anonymous users to execute the delete command.
13. Format: Overwrite [YES / NO] [Real / Anonymous / Guest]
Function: Set whether to allow the specified user to overwrite the same name file. It is allowed by default.
Example: OverWrite No Anonymous, Guest: In order to better manage FTP servers, in general, we do not allow anonymous users to overwrite the same name file.
14. Format: Rename [YES / NO] [REAL / Anonymous / Guest] function: Set whether you allow the specified user to use the rename command to be renamed for files. It is allowed by default.
Example: Delete No Anonymous: In order to better manage the FTP server, in general, we do not allow anonymous users to perform the rename command to change the file name. The anonymous user with records is appropriately relaxed, allowing them to use the rename command.
15. Format: chmod [Yes / no] [Real / Anonymous / Guest]
Function: Set whether to allow the specified user to change file permissions using the chmod command. It is allowed by default.
Example: Delete No Anonymous, Guest: In order to better manage the FTP server, in general, we do not allow anonymous users to execute the chmod command to change file permissions.
16. Format: umask [yes / no] [real / anonymous / guest]
Function: Set whether the user is allowed to use the umask command. It is allowed by default.
Example: Delete no anonymous: To better manage the FTP server, in general, we do not allow anonymous users to execute umask commands.
17. Format: Upload [root directory] [Upload Directory] [YES / NO] [User] [Permissions] [DIRS / NODIRS]
Function: Set more detailed settings to the directory that can be uploaded.
Example: UPLOAD / HOME / FTPD * NO: Indicates that it is not allowed under subdirectory / home / ftpd;
UPLOAD / HOME / FTPD / BIN NO: Indicates that it is not allowed to be uploaded in subdirectory / home / ftpd / bin;
UPLOAD / HOME / FTPD / ETC NO: Indicates that it is not allowed under subdirectory / home / ftpd / etc;
UPLOAD / HOME / FTPD / PUB YES REAL 0644 DIRS: Allow legitimate users on the server to be uploaded to 0644 in subdirectory / home / ftpd / pub directory (also -rw-r - r -) file And in this directory, you can new subsidiaries.
UPLOAD / HOME / FTPD / INCOMING YES REAL GUEST Anonymous 0644 DIRS: Allows all users to upload permissions 0644, and can new subsidiaries in this directory.
18. Format: alias [directory alias] [directory name]
Function: Set an alias for the specified directory, you can use a shorter directory alias when switching the directory.
Example: Alias Inc: / incoming: Set an alias INC for the child directory incoming:.
19. Format: Email [Guest E-mail Address]
Function: As long as some e-mail addresses are set to this place, when these users log in to the FTP server, his identity will be Guest, general permissions is lower than REAL, which is higher than anonymous.
Example: email guest@xxx.net email guest@yyyy.net: Here is only an example, which can actually contain multiple E-Mail addresses that meet specifications.
20. Format: DENY [IP Address / Domain] [Description File]
Function: This setting can limit which IP address or domain user cannot log in to the FTP server. Example: Deny * .com.msg: Setting the domain name is the domain name ended with ".com.tw", it is forbidden to access it. The content of /etc/ftpd/deny.msg is displayed to the user.
5. Set / etc / ftpuser, prohibit certain users from logging in
Sometimes we need to ban some users from using FTP services. In fact, this setting is very simple, just write the user account to be prohibited into the file / etc / ftpuser. Due to the security considerations from the system, we generally do not want users to excessive permissions to enter the FTP server with the same user as the command name. So in the default configuration, the following users have been included in the Blacklist.
root
UUCP
news
bin
ADM
NoBody
LP
Sync
Shutdown
Halt
6. Set / etc / ftphosts, prohibit some logins from the specified machine If you need to reject login from some hosts, a method is to set the deny command in / etc / ftpaccess, another simple method is Write the IP address or domain name of the host you want to prohibit in / etc / ftphosts.
7. Effectiveness of the new configuration
To this end, we have been able to make the necessary modifications and adjustments to the FTP server configuration according to their needs. After letting us reconfigure, it must take effect. In general, the configuration of the / etc / ftpAccess is the next FTP service process after the settings. And others are restarted to the inetd process.
5.4 WU-FTP related to other orders
5.4.1 Connection statistics command ftpcount
We can use the ftpcount command very clearly to count the number of users currently connected to the FTP server, and listen to the upper limit. The command output is as follows:
Service Class Local 0 Users (20maximum)
Service Class Remote 5 Users (100maximum)
5.4.2 Online Users View Commands FTPWho
We can use the ftpwho command to clearly list the details of the currently connected users.
5.4.2 FTP Close File Generation Command FTPSHUT
We can use the ftpshut command to generate a shut. Shut.msg file set in / etc / ftpaccess for shutdown settings. The FTPSHUT command format is:
FTPSHUT <-L min> <-d min> Time
-L This parameter sets when it stops the user's connection when turning off the FTP server function;
-d This parameter is set to cut off user connection when turning off the FTP server function;
Time specifies the time to turn off the FTP server. For example, 6:20 is written as 0620;
