VSFTP server example tutorial

Today I made a simple ftp server for the company, and it was the first time I actually did the server. There may be a lot of shortcomings! I wrote down the process and shared it with everyone.嘿嘿

Now that the hardware is concerned, the machine is a normal PC, but the performance is better than the average machine. The reason is because the company is not large, and the number of users is not too large. Machine. The operating system
is windows-server2003, why use the server version? I think the security and stability of the server version is definitely better. Hey, after installing the system, I played all the security patches. Some friends who have some experience may know that computer
virus Trojans enter your pc, some It is through the p2p network, some are in the form of webmail, and some are using removable media, which can be executed without the user's knowledge or deception. In the server system, there is generally no p2p tool, and how to browse the webpage. And mail, mobile devices are not used much, which greatly breaks the propagation path of these pests. The only thing that can cause hidden dangers to the server is the terrible loophole. It takes advantage of the system's imperfections and easily takes down the server. Of course this It's not something that most people can do, so everyone has to put all the security patches. After installing the well-known software vmware on the windows2003 system, and then installing the linux system in vmware, the version I use is centos5.4, huh, this may be the legendary vm host! The hardware ends here, the following says On the network side.

The server must provide networking services. These considerations are indispensable. IP addresses, ports, domain names, intranets or extranets, as well as uplink and downlink speeds. I am here to talk about my network environment, I am in the internal network environment, ip is still dynamic, the server is still in the virtual machine, if you want to cross this heavy barrier, it is still not easy! The first problem to be solved is how to let others access your host through the domain name. There is no way because it is dynamic. It is impossible to directly bind the ip to the domain name. Is there no way? NO, fortunately there is a ddns, dynamic domain name resolution, this function is on the route, if you want to operate, you must also have routing control permissions, you will see a function called DDNS (I refer to home routing, non-professional equipment) In that case, everyone will apply for the domain name (free peanut shells can be searched on google), as well as your account password, so that every change in IP will not affect access to the host. Figure:

But this domain name may not be what you want at all. At this time, you can add a CNAME (alias record) to the regular domain name you purchased. Apply for this free domain name.

At this point you can see if you can access it.

ip and the domain name are almost the same, and finally the port, the port is the key to communication between the program and the program, it is equivalent to a door in real life, if ip is Street address, then the port is the door of the owner, there may be wc, bedroom, kitchen, respectively, for different programs, the data stream must find the corresponding program to deal with it, there is no way, because now the program is mostly based on C /S model (client and server). In this case, I now say that home users have multiple computers connected to the network. Most of the technologies used are NAT technology. NAT has two obvious advantages. One is to save ip, and one public IP can be connected to multiple computers. The host behind the NAT is protected. I don't understand how you can go to see the technical information about nat. The server provides external services, so it is necessary to open a dedicated port on the route to the server, because the default route does not allow access to the local port that is not recorded in the NAT table. Figure:

After routing, if you want to enter the virtual system, you can also do port mapping in the virtual machine, so the physical host finds that the target port is 21, The data will be introduced into the virtual machine system and handed over to the corresponding program for processing. This successfully achieved external communication. Of course, when you are doing it, you should also care about the routing firewall, the physical host firewall, and the firewall in the virtual system. There is an accident that will become a communication failure.

After successful communication, the following will start the process of setting up the vsftpd server.

The following specific requirements:

The company has a, b, c, d, e, f users, where a user not only has to have his own private directory, no one can access, And also have the right to access the user's directory and files b, c, d, e, f, etc., b users also have their own directory, but can be accessed by all users and read their files, c, d, e, f, They are separate, they all have their own directories, but except for a user and b users can access, other users have no right to access their views, but also access to the b user's files. If it is you, what do you do?

My implementation method is this:

1. Create a, b, c, d, e, f, user respectively, add a user to c respectively , d, e, f, user group, add b users to c, d, e, f, user group

2. Then create a directory for them respectively: a user: /file;b user /File/xxx;c,d,e,f are: /file/xxx/c; /file/xxx/d; /file/xxx/e; /file/xxx/f;

3 Set permissions: a User directory /file is: chown aa /file ;chmod 700 /file; only a can be accessed.

b User directory /file/xxx is: chown b.b /file/xxx ;chmod 777 /file/xxx, accessible to all users.

c,d,e,f are set to: chown ?.? /file/xxx/?; chmod 770 /file/xxx/? ;? respectively: c, d, e, f, 嘿嘿.

4 are arranged users a, b, c, d, e, f login user directory: a = /file, b, c, d, e, f = /file /xxx; this can be achieved c, d, e, f b a user may access the user files. .

5 Here is the vsftpd configuration file, we can look:

anonymous_enable = NOlocal_enable = YESdownload_enable = YESwrite_enable = YESlocal_umask = 022chroot_local_user = YESuser_config_dir = /etc /vsftpd /user_conf ##### ############### chroot_list_enable = YESuserlist_enable = YESuserlist_deny = NOuserlist_file = /etc /vsftpd /ftp_user_list #################### idle_session_timeout = 600data_connection_timeout = 120local_max_rate = 1000000 #################### listen = YESconnect_from_port_20 = YESlisten_port = 21max_clients = 100max_per_ip = 5pasv_max_port = 50000pasv_min_port = 30000pasv_min_port = YESport_enable = YES ##### ################## dirlist_enable = YESdirmessage_enable = YESmessage_file = .message ####################### xferlog_enable =YESxferlog_std_format=YESxferlog_file=/var/log/vsftpd.log############################################################################################################################ You have a good mood every day.tcp_wrappers=YESpam_service_name=vsftpd

I hope you feel any shortcomings, welcome to learn or exchange messages. .