Linux Admin 简明教程

Linux Admin - Install Anonymous FTP

在深入了解在 CentOS 上安装 FTP 之前,我们需要了解有关其用法和安全性的少量信息。 FTP 是用于在计算机系统之间传输文件的高效且经过完善的协议。几十年来,FTP 一直在使用和完善。对于通过存在延迟的网络有效传输文件或者为了快速速度传输文件,FTP 是一个极佳的选择。比 SAMBA 或者 SMB 更是如此。

Before delving into installing FTP on CentOS, we need to learn a little about its use and security. FTP is a really efficient and well-refined protocol for transferring files between the computer systems. FTP has been used and refined for a few decades now. For transferring files efficiently over a network with latency or for sheer speed, FTP is a great choice. More so than either SAMBA or SMB.

但是,FTP 确实存在一些安全问题。实际上,存在一些严重的安全问题。FTP 使用非常弱的明文身份验证方法。出于此原因,经过身份验证的会话应该依赖于 sFTP 或 FTPS,其中 TLS 用于登录和传输会话的端到端加密。

However, FTP does possess some security issues. Actually, some serious security issues. FTP uses a really weak plain-text authentication method. It is for this reason authenticated sessions should rely on sFTP or FTPS, where TLS is used for end-to-end encryption of the login and transfer sessions.

即使有上述警告,纯老式 FTP 仍然可以在当今的商业环境中使用。主要用途是匿名 FTP 文件存储库。在这种情况下,无需进行身份验证即可下载或上传文件。匿名 FTP 使用的一些示例包括 -

With the above caveats, plain old FTP still has its use in the business environment today. The main use is, anonymous FTP file repositories. This is a situation where no authentication is warranted to download or upload files. Some examples of anonymous FTP use are −

  1. Large software companies still use anonymous ftp repositories allowing Internet users to download shareware and patches.

  2. Allowing internet users to upload and download public documents.

  3. Some applications will automatically send encrypted, archived logs for or configuration files to a repository via FTP.

因此,作为 CentOS 管理员,仍然具备安装和配置 FTP 的技能非常重要。

Hence, as a CentOS Administrator, being able to install and configure FTP is still a designed skill.

我们将使用一个名为 vsFTP 或非常安全的 FTP 守护程序的 FTP 守护程序。vsFTP 已在开发中使用了一段时间。它以安全、易于安装和配置以及可靠而著称。

We will be using an FTP daemon called vsFTP, or Very Secure FTP Daemon. vsFTP has been used in development for a while. It has a reputation for being secure, easy to install and configure, and is reliable.

Step 1 - 使用 YUM 软件包管理器安装 vsFTPd。

Step 1 − Install vsFTPd with the YUM Package Manager.

[root@centos]# yum -y install vsftpd.x86_64

Step 2 - 使用 systemctl 配置 vsFTP 以在启动时启动。

Step 2 − Configure vsFTP to Start on Boot with systemctl.

[root@centos]# systemctl start vsftpd
[root@centos]# systemctl enable vsftpd
Created symlink from /etc/systemd/system/multi-
user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.

Step 3 - 配置 FirewallD 以允许 FTP 控制和传输会话。

Step 3 − Configure FirewallD to allow FTP control and transfer sessions.

[root@centos]# firewall-cmd --add-service=ftp --permanent
success
[root@centos]#

确保我们的 FTP 守护程序正在运行。

Assure our FTP daemon is running.

[root@centos]# netstat -antup | grep vsftp
tcp6       0       0 :::21       :::*       LISTEN       13906/vsftpd
[root@centos]#

Step 4 - 为匿名访问配置 vsFTPD。

Step 4 − Configure vsFTPD For Anonymous Access.

Create a root FTP directory

[root@centos]# mkdir /ftp

Change owner and group of FTP root to ftp

[root@centos]# chown ftp:ftp /ftp
Set minimal permissions for FTP root:

[root@centos]# chmod -R 666 /ftp/

[root@centos]# ls -ld /ftp/
drw-rw-rw-. 2 ftp ftp 6 Feb 27 02:01 /ftp/

[root@centos]#

在这种情况下,我们向用户授予了对整个根 FTP 树的读/写访问权限。

In this case, we gave users read/write access to the entire root FTP tree.

Configure /etc/vsftpd/vsftpd.conf"

[root@centos]# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.

我们希望在 vsftp.conf 文件中更改以下指令。

We will want to change the following directives in the vsftp.conf file.

  1. Enable Anonymous uploading by uncommenting anon_mkdir_write_enable=YES

  2. chown uploaded files to owned by the system ftp user chown_uploads = YES chown_username = ftp

  3. Change system user used by vsftp to the ftp user: nopriv_user = ftp

  4. Set the custom banner for the user to read before signing in. ftpd_banner = Welcome to our Anonymous FTP Repo. All connections are monitored and logged.

  5. Let’s set IPv4 connections only − listen = YES listen_ipv6 = NO

现在,我们需要重新启动或 HUP vsftp 服务来应用更改。

Now, we need to restart or HUP the vsftp service to apply our changes.

[root@centos]# systemctl restart vsftpd

让我们连接到我们的 FTP 主机并确保我们的 FTP 守护进程正在响应。

Let’s connect to our FTP host and make sure our FTP daemon is responding.

[root@centos rdc]# ftp 10.0.4.34
Connected to localhost (10.0.4.34).
220 Welcome to our Anonymous FTP Repo. All connections are monitored and logged.
Name (localhost:root): anonymous
331 Please specify the password.
Password:
'230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>