In order to implement FTP server configuration in a Linux environment, most Linux distribution packages use Washington University FTP (Wu-Ftpd). This is an excellent server software because it has many powerful functions and large throughput. Volume, more than 60% of FTP servers on the Internet adopt it.
Install and run
Below we take RedHat Linux as an example.
1. Installation
According to different service objects, FTP services can be divided into two categories: one is the system FTP server, which only allows legal users on the system to use; the other is the anonymous FTP server, which allows anyone to log in to the FTP server, and the server Once connected, enter Anonymous in the login prompt to access the server. For these two services, you can install the RPM package of Wu-Ftpd through the first CD of RedHat. You only need to enter the system as Root and run the following command:
Rpm -ivh anonftp -xx-x.i386.rpm
Rpm-ivhwu-ftpd-xxx-x.i386.rpm
Where -xx-x and -xxx-x are version numbers.
2. Start
Like Apache, Wu-Ftpd can also be configured to start automatically: execute the Setup program that comes with RedHat, select Wu-Ftpd in the "System Service" option, and press the [OK] button to confirm and exit.
Automatic startup is convenient, but when we change the Wu-Ftpd configuration file, we need to start it manually:
Start: /usr/sbin/ftprestart
Close: /usr/sbin/ftpshut
FTP server configuration
In order to ensure the security of the FTP server, some important configuration files must be set up to better control user access rights. These configuration files are: /etc/ftpusers, /etc/ftpconversions, /etc/ftp-groups, /etc/ftpphosts, /etc/ftpaccess. Using these files, you can control very precisely who can connect to the server, at what time, and from where, and you can check and track the work they do after connecting.
/etc/ftpusers: Users contained in this folder cannot log in to the server through FTP. Sometimes user accounts that need to be banned are written into the file /etc/ftpuser, so that some users can be banned from using the FTP service.
/etc/ftpconversions: used to configure the compression/decompression program.
/etc/ftpgroups: Create a user group. Members of this group are predefined to access the FTP server.
/etc/ftpphosts: Used to prohibit or allow remote hosts to access specific accounts, for example:
allowczc 192.168.0.0/24
deny cdd 10.0.0.0/8
It means that the czc user is allowed to access from the network segment 192.168.0, and the cdd is denied access from the network segment 10.
/etc/ftpaccess: It is a very important configuration file used to control access permissions. Each line in the file defines an attribute and sets the value of the attribute. Here is a brief introduction to some of its common configurations:
1. Define user categories
Format: class [class name] [real/guest/anonymous][IP address]
Function: The function of this command sets the category of users on the FTP server. It can also restrict the client's IP address and allow specific or all IP addresses to access the FTP server.
2. Number of login retries
Enter: loginfails 10 in the command line, which indicates that the connection will be cut off if the login is not successful after 10 times.
3. Password check
Format: passwd-check 〈strictness〉 warn
It is a check on the password usage of anonymous users, where <strictness> is one of three possible strings: None, Trivial, RFC822. If None is selected, it means that no password check will be done; if Trivial is selected, it means that there are certain requirements for passwords, and it requires at least one @ symbol in the password; if RFC822 is selected, it means that the most strict requirement is an E-mail address. Must comply with RFC822 message header standard (eg: [email protected]).
For example: passwd-check rfc822 warn, indicating that the password requirements are very strict, and a warning message will appear when the password does not meet the requirements.
4. Limitation on the number of people who can log in
Format: limit [category] [number of people] [time] [file name]
Set the number of people in the specified category who can log in to FTP within the agreed time. For example: limit remote Any/etc/many.msg, indicating that the number of people logged in to the category Remote at any time should not exceed 20 people, otherwise the Many.msg warning message will be displayed.
Proper use of these configurations can effectively protect our servers.
verify
After installing and configuring the FTP server, you can verify it and access the FTP server using both graphical tools and the command line. The most commonly used command in Linux is FTP, which provides an uncomplicated FTP server interface. To connect to the FTP server, just enter: FTP Servername at the command prompt, replace Servername with the host name or the IP address of the FTP server you want to connect to, enter the username and password as prompted, and then use standard Linux to move up or down FTP Server directory structure. In addition, you can also use graphical FTP programs, including windowed gFTP, to access the FTP server with the help of a Web browser.
The above are the key points of FTP server configuration under Linux. I hope it will be helpful to you.
/etc/ftpusers: Users contained in this folder cannot log in to the server through FTP. Sometimes user accounts that need to be banned are written into the file /etc/ftpuser, so that some users can be banned from using the FTP service.
/etc/ftpconversions: used to configure the compression/decompression program.
/etc/ftpgroups: Create a user group. Members of this group are predefined to access the FTP server.
/etc/ftpphosts: Used to prohibit or allow remote hosts to access specific accounts, for example:
allowczc 192.168.0.0/24
deny cdd 10.0.0.0/8
It means that the czc user is allowed to access from the network segment 192.168.0, and the cdd is denied access from the network segment 10.
/etc/ftpaccess: It is a very important configuration file used to control access permissions. Each line in the file defines an attribute and sets the value of the attribute. Here is a brief introduction to some of its common configurations:
1. Define user categories
Format: class [class name] [real/guest/anonymous][IP address]
Function: The function of this command sets the category of users on the FTP server. It can also restrict the client's IP address and allow specific or all IP addresses to access the FTP server.
2. Number of login retries
Enter: loginfails 10 in the command line, which indicates that the connection will be cut off if the login is not successful after 10 times.
3. Password check
Format: passwd-check 〈strictness〉 warn
It is a check on the password usage of anonymous users, where <strictness> is one of three possible strings: None, Trivial, RFC822. If None is selected, it means that no password check will be done; if Trivial is selected, it means that there are certain requirements for passwords, and it requires at least one @ symbol in the password; if RFC822 is selected, it means that the most strict requirement is an E-mail address. Must comply with RFC822 message header standard (eg: [email protected]).