Joke Collection Website - Mood Talk - Linux: Why can't anonymous users log on to the FTP server (built by vsftpd) and lose things?

Linux: Why can't anonymous users log on to the FTP server (built by vsftpd) and lose things?

Directory permissions have been changed to 7.

Anonymous opening in vsftpd service program is the most insecure authentication method. Anyone can log on to the FTP server host without password verification. This mode is generally only used to save unimportant public files, especially in the production environment. It is also strongly recommended to use the firewall management tools learned in chapter 8 of linux (such as Tcp_wrappers service program) to set the allowed host access range of vsftpd service program to the enterprise intranet.

By default, the vsftpd service program turns on anonymous access mode. What needs to be done is to further allow anonymous users the right to upload and download files and the right to create, delete and rename files. These permissions are very dangerous for anonymous users. We only practice the configuration ability of vsftpd service program in Linux system, and it is not recommended to use it in production environment. Permission parameters and introduction of anonymous users;

Parametric action

Anonymous_enable=YES Allow anonymous access mode.

Anon_umask=022 umask value of files uploaded by anonymous users.

Anon_upload_enable=YES Allow anonymous users to upload files.

Anon_mkdir_write_enable=YES Allow anonymous users to create directories.

Anon_other_write_enable=YES allows anonymous users to modify directory names or delete directories.

[root @ Linux ~]# vim Linux probe/com/chapter- 1 1/html # 1 12 1/etc/vsftpd/vsftpd . conf

Anonymous _ Enabled = Yes

anon_umask=022

Anonymous upload enabled = Yes

Anon _ mkdir _ write _ enable = Yes.

Anon _ other _ write _ enable = Yes.

Local _ enable = Yes

Write _ enable = Yes

local_umask=022

Dirmessage _ enable = Yes

Xferlog _ enable = Yes

Connect _ from _ port _ 20 = Yes.

Xferlog _ std _ format = Yes

Listen = no

Listen _ ipv6 = Yes

pam_service_name=vsftpd

User List _ Enabled = Yes

Tcp _ wrappers = Yes

After confirming that the parameters are filled in correctly, save and exit the main configuration file of the vsftpd service program. You also need to restart the vsftpd service program to make the new configuration service parameters take effect. Remember to add the configured service program to the startup item in the production environment or the certification examination of RHCSA, RHCE and RHCA to ensure that the ftp file transfer service can still be provided to users normally after the next server restart:

[root@linux ~]# systemctl restarts vsftpd.

[root @ Linux ~] # systemctlenable vsftpd so that you can connect to a remote ftp server with FTP command on the client. The anonymous open mode account of FTP service is anonymous and the password is empty.

Clear the iptables firewall policy and add the permission to allow anonymous users to create directories and write files in the main configuration file of the vsftpd service program.