Otu esi etinye, hazie na chekwaa sava FTP na CentOS 7 - [Ntuziaka zuru oke]
FTP (Protocol Transfer Protocol) bụ ngwa ọdịnala na nke a na-ejikarị eme ihe maka ịnyefe faịlụ n'etiti sava na ndị ahịa na netwọkụ, ọkachasị ebe ọ nweghị nyocha dị mkpa (na-enye ndị ọrụ amaghị aha ha jikọọ na sava). Anyị ga-aghọta na FTP enweghị nchekwa na ndabara, n'ihi na ọ na-ebufe nzere onye ọrụ na data na-enweghị ezoro ezo.
N'ime ntuziaka a, anyị ga-akọwa usoro iji wụnye, hazie na chekwaa ihe nkesa FTP (VSFTPD na-anọchi anya FTP Daemon dị oke nchebe) na nkesa CentOS/RHEL 7 na Fedora.
Rịba ama na iwu niile dị na ntuziaka a ga-agba ọsọ dị ka mgbọrọgwụ, ọ bụrụ na ị naghị arụ ọrụ nkesa na akaụntụ mgbọrọgwụ, jiri iwu sudo nweta ohere mgbọrọgwụ.
Nzọụkwụ 1: Ịwụnye FTP Server
1. Ịwụnye vsftpd nkesa na-aga n'ihu, dị nnọọ na-agba ọsọ na-esonụ iwu na ọnụ.
# yum install vsftpd
2. Mgbe echichi ahụ mechara, ọrụ ahụ ga-enwe nkwarụ na mbụ, yabụ anyị kwesịrị iji aka bido ya maka oge a ma mee ka ọ malite na-akpaghị aka site na buut usoro ọzọ:
# systemctl start vsftpd # systemctl enable vsftpd
3. Ọzọ, iji kwe ka ịnweta ọrụ FTP site na sistemụ mpụga, anyị ga-emeghe ọdụ ụgbọ mmiri 21, ebe FTP daemons na-ege ntị dị ka ndị a:
# firewall-cmd --zone=public --permanent --add-port=21/tcp # firewall-cmd --zone=public --permanent --add-service=ftp # firewall-cmd --reload
Nzọụkwụ 2: Ịhazi FTP Server
4. Ugbu a, anyị ga-agafe iji rụọ nhazi ole na ole ka ịtọlite ma chekwaa ihe nkesa FTP anyị, ka anyị malite site na ịme nkwado ndabere nke faịlụ nhazi mbụ /etc/vsftpd/vsftpd.conf:
# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig
Ọzọ, mepee faịlụ nhazi n'elu wee tọọ nhọrọ ndị a na ụkpụrụ ndị a kwekọrọ:
anonymous_enable=NO # disable anonymous login local_enable=YES # permit local logins write_enable=YES # enable FTP commands which change the filesystem local_umask=022 # value of umask for file creation for local users dirmessage_enable=YES # enable showing of messages when users first enter a new directory xferlog_enable=YES # a log file will be maintained detailing uploads and downloads connect_from_port_20=YES # use port 20 (ftp-data) on the server machine for PORT style connections xferlog_std_format=YES # keep standard log file format listen=NO # prevent vsftpd from running in standalone mode listen_ipv6=YES # vsftpd will listen on an IPv6 socket instead of an IPv4 one pam_service_name=vsftpd # name of the PAM service vsftpd will use userlist_enable=YES # enable vsftpd to load a list of usernames tcp_wrappers=YES # turn on tcp wrappers
5. Ugbu a hazie FTP ka ikwe/jụ ịnweta ndị ọrụ FTP dabere na faịlụ ndepụta onye ọrụ /etc/vsftpd.userlist.
Site na ndabara, ndị ọrụ depụtara na userlist_file=/etc/vsftpd.userlist anaghị anabata ohere nbanye na userlist_deny nhọrọ edobere eeE, ma ọ bụrụ userlist_enable=YES.
Otú ọ dị, userlist_deny=MỤGHỊ na-agbanwe ntọala ahụ, nke pụtara na ọ bụ naanị ndị ọrụ edepụtara n'ụzọ doro anya na userlist_file=/etc/vsftpd.userlist ka a ga-ahapụ ịbanye.
userlist_enable=YES # vsftpd will load a list of usernames, from the filename given by userlist_file userlist_file=/etc/vsftpd.userlist # stores usernames. userlist_deny=NO
Ọ bụghị ihe niile, mgbe ndị ọrụ na-abanye na sava FTP, a na-etinye ha n'ụlọ mkpọrọ chroot'ed, nke a bụ ndekọ ndekọ mgbọrọgwụ nke ga-arụ ọrụ dị ka ndekọ ụlọ ha maka naanị nnọkọ FTP.
Ọzọ, anyị ga-eleba anya n'ọnọdụ abụọ enwere ike ịme ka ndị ọrụ FTP chroot na akwụkwọ ndekọ ụlọ (mgbọrọgwụ mpaghara) maka ndị ọrụ FTP, dị ka akọwara n'okpuru.
6. Ugbu a tinye abụọ ndị a nhọrọ na-egbochi FTP ọrụ ha Home directories.
chroot_local_user=YES allow_writeable_chroot=YES
chroot_local_user=YES pụtara na a ga-edobe ndị ọrụ mpaghara n'ụlọ nga chroot, akwụkwọ ndekọ aha ụlọ ha mgbe nbanye na ndabara ntọala.
Ọzọkwa na ndabara, vsftpd anaghị ekwe ka akwụkwọ ndekọ ụlọ mkpọrọ chroot bụrụ nke a na-ede maka nchekwa, agbanyeghị, anyị nwere ike iji nhọrọ allow_writeable_chroot=YES kagbuo ntọala a.
Chekwaa faịlụ ma mechie ya.
Chekwaa sava FTP na SELinux
7. Ugbu a, ka anyị tọọ SELinux boolean n'okpuru iji kwe ka FTP gụọ faịlụ na ndekọ ụlọ onye ọrụ. Rịba ama na e mere nke a na mbụ site na iji iwu a:
# setsebool -P ftp_home_dir on
Agbanyeghị, ntuziaka ftp_home_dir agbanyụrụ site na ndabara dị ka akọwara na mkpesa ahụhụ a: https://bugzilla.redhat.com/show_bug.cgi?id=1097775.
Ugbu a, anyị ga-eji iwu semanage ịtọ iwu SELinux iji kwe ka FTP gụọ/dee ndekọ ụlọ onye ọrụ.
# semanage boolean -m ftpd_full_access --on
N'oge a, anyị ga-amalitegharị vsftpd iji mee mgbanwe niile anyị mere n'elu:
# systemctl restart vsftpd
Kwụpụ 4: Nnwale sava FTP
8. Ugbu a, anyị ga-anwale ihe nkesa FTP site na ịmepụta onye ọrụ FTP na iwu useradd.
# useradd -m -c “Ravi Saive, CEO” -s /bin/bash ravi # passwd ravi
Mgbe nke ahụ gasịrị, anyị ga-agbakwunye onye ọrụ ravi na faịlụ /etc/vsftpd.userlist site na iji iwu echo dị ka ndị a:
# echo "ravi" | tee -a /etc/vsftpd.userlist # cat /etc/vsftpd.userlist
9. Ugbu a ọ bụ oge iji nwalee ma ọ bụrụ na ntọala anyị n'elu na-arụ ọrụ nke ọma. Ka anyị bido site na ịnwale nbanye na-amaghị aha, anyị nwere ike ịhụ site na nseta ihuenyo dị n'okpuru na anabataghị nbanye na-amaghị aha:
# ftp 192.168.56.10 Connected to 192.168.56.10 (192.168.56.10). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : anonymous 530 Permission denied. Login failed. ftp>
10. Ka anyị nwalee ma ọ bụrụ na onye ọrụ edepụtaghị na faịlụ /etc/vsftpd.userlist ga-enye ikike ịbanye, nke na-abụghị ikpe dị ka ọ dị na nseta ihuenyo dị n'okpuru:
# ftp 192.168.56.10 Connected to 192.168.56.10 (192.168.56.10). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : aaronkilik 530 Permission denied. Login failed. ftp>
11. Ugbu a, mee nlele ikpeazụ ma ọ bụrụ na onye ọrụ depụtara na faịlụ /etc/vsftpd.userlist, etinyere ya na ndekọ ụlọ ya mgbe nbanye:
# ftp 192.168.56.10 Connected to 192.168.56.10 (192.168.56.10). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : ravi 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
Naanị mee nhọrọ a ma ọ bụrụ na ị maara nke ọma ihe ị na-eme. Ọ dị mkpa ịmara na ihe nchekwa ndị a abụghị vsftpd kpọmkwem, ha na-emetụta daemons FTP niile nke na-enye itinye ndị ọrụ mpaghara na jails chroot.
Ya mere, anyị ga-eleba anya n'ụzọ dị nchebe karị isi ịtọ ndekọ ndekọ mgbọrọgwụ mpaghara dị iche na-abụghị nke a na-edeghị ede na ngalaba na-esote.
Kwụpụ 5: Hazie akwụkwọ ndekọ aha ụlọ onye ọrụ FTP dị iche iche
12. Mepee faịlụ nhazi vsftpd ọzọ wee malite site na ịza ajụjụ nhọrọ enweghị nchebe n'okpuru:
#allow_writeable_chroot=YES
Mepụta akwụkwọ ndekọ mgbọrọgwụ ọzọ maka onye ọrụ (ravi, nke gị nwere ike dị iche) wee wepụ ikike idere ndị ọrụ niile na ndekọ a:
# mkdir /home/ravi/ftp # chown nobody:nobody /home/ravi/ftp # chmod a-w /home/ravi/ftp
13. Ọzọ, mepụta ndekọ n'okpuru mgbọrọgwụ mpaghara ebe onye ọrụ ga-echekwa faịlụ ya:
# mkdir /home/ravi/ftp/files # chown ravi:ravi /home/ravi/ftp/files # chmod 0700 /home/ravi/ftp/files/
Tinye/gbanwee nhọrọ ndị a na faịlụ nhazi vsftpd na ụkpụrụ ndị a:
user_sub_token=$USER # inserts the username in the local root directory local_root=/home/$USER/ftp # defines any users local root directory
Chekwaa faịlụ ma mechie ya. Ọzọkwa, ka anyị malitegharịa ọrụ na ntọala ọhụrụ:
# systemctl restart vsftpd
14. Ugbu a, na-eme ikpeazụ ule ọzọ na-ahụ na ọrụ mpaghara mgbọrọgwụ ndekọ bụ FTP ndekọ anyị kere n'ụlọ ya ndekọ.
# ftp 192.168.56.10 Connected to 192.168.56.10 (192.168.56.10). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : ravi 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
Ọ bụ ya! N'edemede a, anyị kọwara otu esi etinye, hazie yana chekwaa sava FTP na CentOS 7, jiri ngalaba nkọwa dị n'okpuru degara anyị akwụkwọ gbasara ntuziaka a/kesaa ozi ọ bụla bara uru gbasara isiokwu a.
N'isiokwu na-esonụ, anyị ga-egosikwa gị otu esi echekwa ihe nkesa FTP site na iji njikọ SSL/TLS na CentOS 7, ruo mgbe ahụ, nọrọ na TecMint.