Yadda ake Shigar da Sanya FTP Server a Ubuntu
FTP (Protocol Canja wurin Fayil) tsohuwar ƙa'idar hanyar sadarwa ce wacce aka fi amfani da ita don loda/ zazzage fayiloli tsakanin kwamfutoci biyu akan hanyar sadarwa. Koyaya, FTP ta asali ba ta da tsaro, saboda tana watsa bayanai tare da bayanan mai amfani (sunan mai amfani da kalmar sirri) ba tare da ɓoyewa ba.
Gargaɗi: Idan kuna shirin amfani da FTP, la'akari da daidaita haɗin FTP tare da SSL/TLS (zai rufe a labarin na gaba). In ba haka ba, yana da kyau koyaushe amfani da amintaccen FTP kamar SFTP.
A cikin wannan koyawa, za mu nuna yadda ake girka, daidaitawa da amintar uwar garken FTP (VSFTPD a cikakke \Very Secure FTP Daemon) a cikin Ubuntu don samun tsaro mai ƙarfi daga raunin FTP.
Mataki 1: Shigar da VsFTP Server a cikin Ubuntu
1. Da farko, muna buƙatar sabunta jerin tushen fakitin tsarin sannan mu shigar da kunshin binary VSFTPD kamar haka:
$ sudo apt-get update $ sudo apt-get install vsftpd
2. Da zarar an gama shigarwa, za a kashe sabis ɗin da farko, sabili da haka, muna buƙatar fara shi da hannu don ɗan lokaci kuma mu ba shi damar farawa ta atomatik daga boot ɗin tsarin na gaba:
------------- On SystemD ------------- # systemctl start vsftpd # systemctl enable vsftpd ------------- On SysVInit ------------- # service vsftpd start # chkconfig --level 35 vsftpd on
3. Bayan haka, idan kuna kunna wuta ta UFW (ba a kunna ta ta tsohuwa ba) akan uwar garken, dole ne ku buɗe tashar jiragen ruwa 21 da 20 inda masu damfara na FTP suke sauraro, don ba da damar shiga ayyukan FTP daga na'urori masu nisa, sannan ku ƙara. sabbin dokokin Firewall kamar haka:
$ sudo ufw allow 20/tcp $ sudo ufw allow 21/tcp $ sudo ufw status
Mataki na 2: Ƙirƙiri da Tabbatar da Sabar VsFTP a cikin Ubuntu
4. Yanzu bari mu yi wasu gyare-gyare don saitawa da amintaccen uwar garken FTP ɗin mu, da farko za mu ƙirƙiri madadin ainihin fayil ɗin daidaitawa /etc/vsftpd/vsftpd.conf kamar haka:
$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig
Na gaba, bari mu buɗe fayil ɗin daidaitawar vsftpd.
$ sudo vi /etc/vsftpd.conf OR $ sudo nano /etc/vsftpd.conf
Ƙara/gyara waɗannan zaɓuɓɓuka masu zuwa tare da waɗannan dabi'u:
anonymous_enable=NO # disable anonymous login local_enable=YES # permit local logins write_enable=YES # enable FTP commands which change the filesystem local_umask=022 # value of umask for file creation for local users dirmessage_enable=YES # enable showing of messages when users first enter a new directory xferlog_enable=YES # a log file will be maintained detailing uploads and downloads connect_from_port_20=YES # use port 20 (ftp-data) on the server machine for PORT style connections xferlog_std_format=YES # keep standard log file format listen=NO # prevent vsftpd from running in standalone mode listen_ipv6=YES # vsftpd will listen on an IPv6 socket instead of an IPv4 one pam_service_name=vsftpd # name of the PAM service vsftpd will use userlist_enable=YES # enable vsftpd to load a list of usernames tcp_wrappers=YES # turn on tcp wrappers
5. Yanzu, saita VSFTPD don ba da izini/hana damar FTP ga masu amfani dangane da fayil ɗin lissafin mai amfani /etc/vsftpd.userlist.
Lura cewa ta tsohuwa, masu amfani da aka jera a cikin userlist_file=/etc/vsftpd.userlist an hana su shiga tare da zaɓin userlist_deny=YES idan userlist_enable=YES.
Amma, zaɓin userlist_deny=NO yana karkatar da ma'anar saitin tsoho, don haka kawai masu amfani waɗanda aka jera sunansu a sarari a userlist_file=/etc/vsftpd.userlist za a ba su damar shiga sabar FTP.
userlist_enable=YES # vsftpd will load a list of usernames, from the filename given by userlist_file userlist_file=/etc/vsftpd.userlist # stores usernames. userlist_deny=NO
Muhimmi: Lokacin da masu amfani suka shiga uwar garken FTP, ana sanya su a cikin gidan yari, wannan shine tushen tushen gida wanda zai zama jagorar gidansu don zaman FTP kawai.
Na gaba, za mu kalli yanayi biyu mai yuwuwa na yadda ake saita kundin tsarin gidan yari (gidan gida), kamar yadda aka bayyana a ƙasa.
6. A wannan gaba, bari mu ƙara/gyara/rashin amsa waɗannan zaɓuɓɓukan biyu masu zuwa don taƙaita masu amfani da FTP zuwa kundin adireshi na Gida.
chroot_local_user=YES allow_writeable_chroot=YES
Zaɓin chroot_local_user=YES yana nufin za a sanya masu amfani da gida a cikin gidan yarin chroot, tsarin gidansu ta tsohuwa bayan shiga.
Kuma dole ne mu fahimci cewa VSFTPD baya ba da izinin rubutaccen littafin gidan yarin chroot, ta tsohuwa saboda dalilan tsaro, duk da haka, zamu iya amfani da zaɓi allow_writeable_chroot=YES don musaki wannan saitin.
Ajiye fayil ɗin kuma rufe shi. Sannan dole ne mu sake kunna ayyukan VSFTPD don canje-canjen da ke sama don yin tasiri:
------------- On SystemD ------------- # systemctl restart vsftpd ------------- On SysVInit ------------- # service vsftpd restart
Mataki 3: Gwajin VsFTP Server a Ubuntu
7. Yanzu za mu gwada uwar garken FTP ta hanyar ƙirƙirar mai amfani da FTP tare da umarnin useradd kamar haka:
$ sudo useradd -m -c "Aaron Kili, Contributor" -s /bin/bash aaronkilik $ sudo passwd aaronkilik
Sannan, dole ne mu lissafa aronkilik mai amfani a sarari a cikin fayil /etc/vsftpd.userlist tare da umarnin echo da umarnin tee kamar ƙasa:
$ echo "aaronkilik" | sudo tee -a /etc/vsftpd.userlist $ cat /etc/vsftpd.userlist
8. Yanzu lokaci ya yi da za a gwada saitunan mu na sama suna aiki kamar yadda ake bukata. Za mu fara da gwada shigar da ba a san su ba; za mu iya gani a fili daga fitarwar da ke ƙasa cewa ba a ba da izinin shiga cikin sabar FTP ba:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.102:aaronkilik) : anonymous 530 Permission denied. Login failed. ftp> bye 221 Goodbye.
9. Na gaba, bari mu gwada idan mai amfani da ba a jera shi a cikin fayil ɗin /etc/vsftpd.userlist za a ba shi izinin shiga, wanda ba gaskiya ba ne daga fitowar da ke biyowa:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:root) : user1 530 Permission denied. Login failed. ftp> bye 221 Goodbye.
10. Yanzu za mu gudanar da gwaji na ƙarshe don sanin ko mai amfani da aka jera a cikin fayil /etc/vsftpd.userlist, an sanya shi a cikin directory na gida bayan shiga. Kuma wannan gaskiya ne daga fitar da ke ƙasa:
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.102:aaronkilik) : aaronkilik 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
Gargaɗi: Saitin zaɓi allow_writeable_chroot=YES na iya zama haɗari sosai, yana da yuwuwar tasirin tsaro, musamman idan masu amfani suna da izinin lodawa, ko fiye da haka, damar harsashi. Yi amfani da shi kawai idan kun san ainihin abin da kuke yi.
Ya kamata mu lura cewa waɗannan abubuwan tsaro ba su keɓance ga VSFTPD ba, kuma suna iya shafar duk sauran daemons na FTP waɗanda ke ba da damar sanya masu amfani da gida a cikin gidan yarin chroot.
Saboda wannan dalili, a cikin sashin da ke ƙasa, za mu yi bayanin hanyar da ta fi dacewa ta saita wani babban littafin tushen tushen gida na daban wanda ba a rubuta shi ba ga mai amfani.
Mataki na 4: Sanya kundayen adireshi na gida na FTP a cikin Ubuntu
11. Yanzu, buɗe fayil ɗin sanyi na VSFTPD sau ɗaya kuma.
$ sudo vi /etc/vsftpd.conf OR $ sudo nano /etc/vsftpd.conf
sannan kayi sharhin zaɓi mara tsaro ta amfani da harafin # kamar yadda aka nuna a ƙasa:
#allow_writeable_chroot=YES
Na gaba, ƙirƙiri madadin adireshin tushen gida don mai amfani (aaronkilik, naku maiyuwa ba iri ɗaya bane) kuma saita izinin da ake buƙata ta hanyar kashe izinin rubutawa ga duk sauran masu amfani zuwa wannan jagorar:
$ sudo mkdir /home/aaronkilik/ftp $ sudo chown nobody:nogroup /home/aaronkilik/ftp $ sudo chmod a-w /home/aaronkilik/ftp
12. Sannan, ƙirƙirar kundin adireshi a ƙarƙashin tushen gida tare da izini masu dacewa inda mai amfani zai adana fayilolinsa:
$ sudo mkdir /home/aaronkilik/ftp/files $ sudo chown -R aaronkilk:aaronkilik /home/aaronkilik/ftp/files $ sudo chmod -R 0770 /home/aaronkilik/ftp/files/
Bayan haka, ƙara/gyara zaɓuɓɓukan da ke ƙasa a cikin fayil ɗin daidaitawa na VSFTPD tare da ƙimar su daidai:
user_sub_token=$USER # inserts the username in the local root directory local_root=/home/$USER/ftp # defines any users local root directory
Ajiye fayil ɗin kuma rufe shi. Kuma zata sake farawa ayyukan VSFTPD tare da saitunan kwanan nan:
------------- On SystemD ------------- # systemctl restart vsftpd ------------- On SysVInit ------------- # service vsftpd restart
13. Yanzu, bari mu yi a karshe rajistan shiga da kuma tabbatar da cewa mai amfani ta gida tushen directory ne FTP directory da muka halitta a cikin Home directory.
# ftp 192.168.56.102 Connected to 192.168.56.102 (192.168.56.102). 220 Welcome to TecMint.com FTP service. Name (192.168.56.10:aaronkilik) : aaronkilik 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls
Shi ke nan! Ka tuna don raba ra'ayinka game da wannan jagorar ta hanyar sharhin da ke ƙasa ko yuwuwar samar mana da kowane muhimmin bayani game da batun.
A ƙarshe amma ba ƙarami ba, kar a rasa labarinmu na gaba, inda za mu bayyana yadda ake amintar uwar garken FTP ta amfani da haɗin SSL/TLS a cikin Ubuntu 16.04/16.10, har sai lokacin, koyaushe ku kasance tare da TecMint.