Build FTP service based on ECS
1. Resource Creation
-
Here you can directly use the free server provided by Alibaba Cloud, click [Free Activation]
-
You can see that it provides us with a username & password & IP address, then you only need to log in to the remote server
2. Connect to ECS server remotely
- Here I use Xshell software to connect (Xshell is still very convenient to use, you can download it yourself, or use other software to connect)
- After successful login as follows:
3. Install vsftpd
vsftpd (very secure FTP daemon): FTP server
- Anonymous access: Any user can access the built FTP service
- Local user mode: only supports added local users to access the built FTP service
-
Install command
yun install -y vsftpd
-y indicates that during the installation process, you are prompted to select all "yes"
- The installation is successful if the following is displayed
- The installation is successful if the following is displayed
-
Set FTP service to start automatically
- command:
systemctl enable vsftpd.service
- If the following is displayed, the setting is successful:
- command:
-
Start FTP service
- command:
systemctl start vsftpd.service
- Nothing is displayed is success
- command:
-
View the port monitored by the FTP service
- command:
netstat -antup | grep ftp
- As you can see, the FTP service has been started and the listening port number is 21
- command:
At this point, vsftpd has the anonymous access function enabled by default. You can log in to the FTP server without entering a user name and password, but there is no permission to modify or upload files.
4. Configure vsftpd
- Has been described above vsftpd service there
匿名用户模式
and本地用户模式
two access ways, let's take a look at the configuration of these two approaches
4.1 Anonymous user mode
-
Modify the configuration file
vsftpd.conf
-
command:
vim /etc/vsftpd/vsftpd.conf
Everyone should be familiar with vim, students who don’t know how to find a tutorial on the Internet to learn the basic operation
-
We first find
anon_upload_enable=YES
(anonymous upload permission) this line, proceed as i and edit, cancel their comments, and then press the ESC key to exit edit mode, enter:wq
to save and exit
-
-
Change the permissions of the /var/ftp/pub directory and add write permissions for FTP users
- command:
chmod o+w /var/ftp/pub/
- After running as follows
- command:
-
Restart FTP service
- command:
systemctl restrat vsftpd.service
- command:
-
After configuration, we visit it through the browser, open the browser, and enter the URL
ftp://<FTP服务器公网IP地址>:FTP端口
, for example, the address I visited isftp://139.196.209.227:21
. As you can see, we can access without entering a user name and password. The access results are as follows:
4.2 Local user mode
4.2.1 User & file directory creation
-
Create a Linux user for FTP service
- command:
adduser ftptest
- command:
-
Set a password for the user just created
-
command:
passwd ftptest
-
It is not displayed on the screen for security protection when entering the password
-
-
Create a file directory for FTP service
- command:
mkdir /var/ftp/test
- command:
-
Change the owner of the /var/ftp/test directory to ftptest [the user just created]
- command:
chown -R ftptest:ftptest /var/ftp/test
- command:
4.2.2 vsftpd.conf file configuration [active mode or passive mode]
Before configuring, learn about active mode and passive mode
- Active mode: The server’s data port 20 actively connects to the client’s data port [Beneficial to the management of the FTP server but not to the management of the client]
- Passive mode: The client actively connects to port 20 of the server [It is beneficial to the management of the FTP client but not to the management of the server]
4.2.2.1 Active mode
-
The command is as follows, just copy it and run it.
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf #禁止匿名登录FTP服务器 sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf #监听IPv4 sockets sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf #关闭监听IPv6 sockets sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf #全部用户被限制在主目录 sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf #启用例外用户名单 sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf #指定例外用户列表文件,列表中的用户不被锁定在主目录 echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf #设置本地用户登录后所在的目录
4.2.2.2 Passive Mode
-
The command is as follows
sed -i 's/anonymous_enable=YES/anonymous_enable=NO/' /etc/vsftpd/vsftpd.conf #禁止匿名登录FTP服务器 sed -i 's/listen=NO/listen=YES/' /etc/vsftpd/vsftpd.conf #监听IPv4 sockets sed -i 's/listen_ipv6=YES/#listen_ipv6=YES/' /etc/vsftpd/vsftpd.conf #关闭监听IPv6 sockets sed -i 's/#chroot_local_user=YES/chroot_local_user=YES/' /etc/vsftpd/vsftpd.conf #全部用户被限制在主目录 sed -i 's/#chroot_list_enable=YES/chroot_list_enable=YES/' /etc/vsftpd/vsftpd.conf #启用例外用户名单 sed -i 's/#chroot_list_file=/chroot_list_file=/' /etc/vsftpd/vsftpd.conf #指定例外用户列表文件,列表中的用户不被锁定在主目录 echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf echo "local_root=/var/ftp/test" >> /etc/vsftpd/vsftpd.conf #设置本地用户登录后所在的目录 echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf #开启被动模式 echo "pasv_address=<FTP服务器公网IP地址>" >> /etc/vsftpd/vsftpd.conf #本教程中为ECS服务器弹性IP echo "pasv_min_port=20" >> /etc/vsftpd/vsftpd.conf #设置被动模式下,建立数据传输可使用的端口范围的最小值 echo "pasv_max_port=21" >> /etc/vsftpd/vsftpd.conf #设置被动模式下,建立数据传输可使用的端口范围的最大值
4.2.3 List of exception users
- Create a chroot_list file in the /etc/vsftpd directory and write a list of exception users in the file
- command:
vim /etc/vsftpd/chroot_list
- Use vim command to edit
chroot_list
the file, add the user exception list. Users in this list will not be locked in the home directory and can access other directories.
- command:
Note: When there are no exception users, the chroot_list file must also be created, and the content can be empty.
- Finally restart the FTP service
- command:
systemctl restart vsftpd.service
- command:
4.2.4 Test
-
Similarly, we typed in the browser and
ftp://<FTP服务器公网IP地址>:FTP端口
the address I visited wasftp://139.196.209.227:21
. It can be seen in the case is set to a local user mode, we need to enter a user name and password before access, we enter the user just createdftptest
and set up their own password to access good
-
After the login is successful, the interface is as follows, at this time we can operate the FTP file with corresponding permissions