FTP server deployment and maintenance of the basic skills of network administrators. Even so, deployment, but I finished every FTP server for enterprise applications, will inevitably bear fruit. Because different enterprises have different requirements, they will raise the demand for various forms. The authors address each time a user needs, will inevitably have a sense of accomplishment. This text is not long ago I had just built into an FTP server. But this case a little bit special, because the FTP server uses the operating system is Linux. This sentiment even more numerous.
Experience a: user assigned group
FTP servers are often used to place the number of working papers. This FTP server, network administrator at the time of deployment, we must pay attention to the management of their rights. In other words, in order to be able to download the user only has the right to view their working paper; only to the specified directory upload files and more. The number of enterprise employees. If each employee separately to set permissions, then the two work great. To do this in the FTP server management, and preferably also with the same operating system user to set permissions for group as a unit, and then added to the group users automatically inherit the permissions related. The case, if the 10 users of their rights like, then I just need for them to establish a group, then a permission settings of this group can be. Therefore, to manage users by groups, you can simplify the workload, and achieve unified management needs.
The author uses a vsftpd server. After installation is complete, the server has been good for the network administrator set up three groups. In general, as long as the user rights management is not particularly stringent, then only can use this default group. Even if the enterprise rights management more demanding users, it also can draw on these group permissions set, as the template, make the appropriate adjustments can be used. In the vsftpd server, the default group were real group, guest groups and anonymous group. One real group of these three groups in the highest group permissions. In this group of users can not only access account your home directory, but also access to other user's directory. If now a user amy. As long as the FTP server, create this account, the operating system will automatically / home directory for the user to build a home directory, that is, / home / amy. When the user login with this account, the server will be the user's directory as their home directory. But the user still can access other directories that you can switch to other home directory. Second guest group permissions are not small. The group with the operating system in the guest account is different than its authority over the account and more. If some cases, network administrators may require some users can only access your home directory, but not be able to access someone else's directory. Indeed, this is the most basic FTP server access control rules. To achieve this control, then the user only needs to be added to the guest group can be. Because by default, this group of users can only access your home directory, but can not access files outside the home directory. The third group is the anonymous group, or anonymous group. By default, the minimum permissions for the group. Its only in the limited directory download files, but can not upload files to FTP server. However, under normal circumstances, for security reasons, are banned in this group. When the user account that is not the time, not from the FTP server to download any files.
Experience 2: The application settings for a specific group
FTP server in the deployment process, I found that sometimes FTP server may not be users, system administrators may need to use the FTP server. Such as database administrators need to use FTP server for remote backup. The database administrator first perform a local backup of the database. And then the backup is successful, then the backup file using FTP protocol sent to the remote server. Of course, these operations are done through a script file, combined with the operating system task scheduling capabilities to achieve.
Well, this FTP server for network administrators to deploy what inspired him? I received this demand, the first reaction is to want to set up an independent group. Mainly because these backup files are often the essence of a particular application. If users will steal these backup files, and then restored to their database, then all of the information enterprise, including customers, pricing information and so on are leaked. In addition, these backup files are also in the future to restore the application server fails, the final data protection. If the backup files have been vandalized, and Zeyi backup files after hard use to the greatest degree of recovery data. To this end the author to understand the needs of this business, after, it was decided to set up an independent group of these users. These users usually used as the main backup file instead of doing what he used. To this end I set this group to only allow access to your home directory, but not be able to access other directories (see guest group setting). Is there anything good? If enterprises now have a database server, mail server, OA servers and so on, are achieved through a remote FTP server backup. Then I can set the three users belong to the group. The three accounts were then used to back up local files to FTP server uploads, in order to achieve off-site backup. Since each of these three users can only access their own directory, this is equivalent to each other are independent. Any other account will not be able to see an account to upload files, nor can the other user's home directory to upload files. This gives them a relatively independent work environment, can reduce the interference of their off-site backup.
To this end, I believe that not only group to manage the FTP server under the user's permission, and sometimes also need to use FTP server, to set up an independent group. If the script may be using FTP protocol, this time an independent group set up for them, to prevent other common user groups for their interference, it is necessary.
Experience 3: The user settings for different disk quota
FTP server deployment time, also need to address a problem that each user can be up to the FTP server, upload the file number of capacities. Typically, I recommend to give the user to set a maximum space limit. As a FTP server to use more than one user. If every user can unlimited upload files to FTP server, but not cleared in time, this FTP server hard disk space station will soon be filled. So, FTP server for the average user, its just a file transfer station, not the files to the backup server. Therefore, the need to user needs, to set maximum volume limit.
In the vsftpd server, you can set the level for the user to set the maximum capacity limit. If you can set up a group for each department, and then specify the group of users can use up space. The case, added to the group of users will automatically be the size. To space restrictions, the time will force users to clean up the contents of FTP server. Some do not have the file you want to clean out timely, which not only saves space, but also out of security considerations. Alternatively, you can set the maximum available for the sector of space. Each department shall set up a group, then set the maximum space limit to the group. Then added to the group of users to share this piece of space (not evenly distributed, but shared). This gives department heads more flexibility, which can manage the space according to needs.
Experiences 4: Limit some accounts to use FTP server
In fact, for most network administrators, to the administrator or an FTP server, not a small scholarship. If in some cases, the need to restrict the account to use special FTP servers. Because they jeopardize the security of FTP server. Such as the Linux operating system deployed in the FTP server, you need to restrict the root account using the FTP server. Because the root account with the operating system of its highest administrative privileges. If you allow the user access to FTP server, then the consequence is that this account will not be group permission restrictions. That is, even if the root account assigned to the guest group, this account can still access files outside the home directory. So would undermine the existing security system. To do this, regardless of which operating system to deploy in the FTP server, network administrators need to understand the operating system account users have similar privileges. If so, you need to prohibit their access to FTP servers.
Visible, FTP server, although relatively simple to deploy, develop and it has been more mature. However, the needs of business users is changing. This network administrators need to be and should be changed promptly adjust FTP deployment strategy to meet the needs of users.