Vous êtes sur la page 1sur 26

vsFTP in Linux

Introduction to FTP
The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the Internet. Regular FTP

The VSFTP allows Linux users to copy files to and from their home directories with an FTP client. Anonymous FTP a username of anonymous and your email address for the password. Once logged in to a FTP server, you automatically have access to only the default anonymous FTP directory

Anonymous FTP

Start VSFTP
Use the chkconfig command to configure VSFTP to start at boot:

chkconfig vsftpd on

Use service vsftpd to start,stop, and restart VSFTP after booting:


service vsftpd start service vsftpd stop service vsftpd restart

Configuration file: /etc/vsftpd/vsftpd.conf

Anonymous FTP settings


Before going to change vsftpd.conf, remember to make a backup:

cp vsftpd.conf vsftpd.conf.bak Allow Anonymous Allow Anonymous upload Allow Anonymous upload to create directory

anonymous_enable=YES

anon_upload_enable=YES

anon_mkdir_write_enable=YES

Anonymous FTP settings (2)


no_anon_password=YES

Do not ask password for anonymous login

anon_max_rate=30000

Limit the transfer rate of anonymous, e.g. 30000 = 30k byte per second
Directory for anonymous is /var/ftp

anon_root=/data/directory

Local users settings


local_enable=YES

Allow Linux users to use VSFTPD

chroot_list_enable=YES

VSFTPD will use a file to limit some users to change their home directories after login

chroot_list_file=/etc/vsftpd/chroot_list
A text file which contain a list of Linux usernames. These users will limit to their home directories

Local users settings (2)


userlist_deny=YES

VSFTPD will use a file to reject some users.

userlist_file=/etc/vsftpd/user_list

A text file which contain a list of Linux usernames which DO NOT allow to use VSFTP.
Limit the transfer rate of local user, e.g. 30000 = 30k byte per second

local_max_rate=30000

Other Settings
max_clients=10

Limiting the maximum number of client connections

max_per_ip=1

Limiting the number of connections by same IP address


Disconnect the idle connection after 600 seconds. Record all the file transfer records. Filename and directory of log file.

idle_session_timeout=600

xferlog_enable=YES

xferlog_file=/var/log/vsftpd.log

Limit the access on hosts


FTP server usually can use tcp_wrappers to allow or deny a hosts access. Add this statement to vsftpd.conf:

tcp_wrappers = yes

vsftpd : 192.168.1.0/24 192.168.0.2 vsftpd : .vtc.edu.hk alan.ict.edu.hk

Under /etc, create a new file hosts.deny:

If you want to allow a specific host, create a hosts.allow with same format.

Samba Windows File Server in Linux

Introduction of Samba
Samba is a server that allows your Linux to share files with Windows. Samba can make your Linux into a Windows Primary Domain Controller (PDC) or a server for a Windows Workgroup. Samba can make users to access their Linux home directory with Windows.

Start Samba
Use the chkconfig command to configure Samba to start at boot:

chkconfig smb on

Use service smb to start,stop, and restart Samba after booting:


service smb start service smb stop service smb restart

Configuration file: /etc/samba/smb.conf

Swat tools to configure Samba


Before going to change smb.conf, remember to make a backup:

cp smb.conf smb.conf.bak

Swat, Samba's web based configuration tool enables you configure your smb.conf file without you needing to remember all the formatting. Configuration file of swat: /etc/xinetd.d/swat

Configure Swat
To limit the use of swat, add only_from service swat statement to swat configuration file. {
port socket_type protocol wait user server log_on_failure disable only_from } = 901 = stream = tcp = no = root = /usr/sbin/swat += USERID = no = localhost 192.168.1.3

In above case, only allow localhost and PC

[global] section
workgroup = tyict

The name of the Windows domain we'll create.

server string = Linux Samba Server

Server Description (show on browser)


Computer Name show on network browser

netbios name = mySamba1

[global] section (2)


client code page = 950

Important! View Chinese filename in Windows. Log filename and location. File size of log file, 500 = 500Kb

log file = /var/log/samba/log.%m

max log size = 500

[global] section (3)


security = user

User level security (request username and password), strongly recommended. Protect your password Filename and location of password file

encrypt passwords = yes

smb passwd file = /etc/samba/smbpasswd

[homes] section
read only = No

Allows the samba user to also write to their Samba Linux directory.

browseable = No

Doesn't allow others to browse the contents of the directory


Makes new files created by the user to have 744" permissions. You want to change this to "0700" so that only the login user has access to files. Makes new sub-directories created by the user to have "775" permissions. You want to change this to "0700" so that only the login user has access to directories.

create mode = 0744

directory mode = 0755

[MyShare] section
You can create a new section to share a folder in Linux. [MyShare] Sample configuration: path = /share/pub
read only = public = writable = create mode directory mode no yes yes = 0664 = 0775

public = yes

Samba Users
A Linux user cannot directly use Sambas share folders. We need to convert a Linux user to a Samba user:

smbpasswd -a linuxuser Disable a user

smbpasswd -d username

smbpasswd -e username

Enable a disabled user


Delete a user

smbpasswd -x username

We cannot add a NON LINUX USER!

IIS Internet Information Service in WindowsXP Professional

http, ftp services in WindowsXP


IIS is an additional functions of Windows XP Professional. You cannot find this service in Windows XP Home. This service allow only ten connections. For enterprise purpose, you should use IIS of Windows 2003 Server.

http service
Open the Start Menu and go to Programs > Administrative Tools > Internet Services Manager. Once the IIS page opens, find the name of the computer and click the plus (+) sign next to it. This will display the FTP, HTTP, and SMTP Virtual Server icons. Click on the Default Web Site icon to

http service (2)


Right-click the Default Web Site icon and choose Properties. From this page, the user can configure all the properties and control what will be displayed on the HTTP site. You will find that the default home page is default.htm and the folder contain wwwroot is C:\inetpub.

Summary/ Conclusion
Detailed Summary or Conclusion about Data Communication

AIM&IT

Question & Answers


Question & Answer for the session

AIM&IT