zoukankan      html  css  js  c++  java

  • 安装配置一个proftpd的实例

    安装配置一个proftpd的实例
    http://www.chinaunix.net

    目的:

    安装配置一个proftpd,达到以下要求
    1  不允许匿名访问。
    2  开放一个帐号,只有在upload目录有上传权限,可以续传,不能改名和删除。

    操作:
    0  切换到root帐户
    [code:1:de92f96787]   su root //输入root的密码。
    [/code:1:de92f96787]
    1  下载proftpd
    地址:    www.proftpd.org。这里我们下载了1.2.9版本
    [code:1:de92f96787]    wget     ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.9.tar.gz
    [/code:1:de92f96787]
    2  安装proftpd
    切换到下载目录,假设为/tmp/proftpd,然后
    [code:1:de92f96787]    tar zxvf proftpd-1.2.9.tar.gz //解压
        cd proftpd-1.2.9
        ./configure --prefix=/var/proftpd --sysconfdir=/etc  //设置安装目录/var/proftpd,配置文件目录/etc
        make
        make install
    [/code:1:de92f96787]
    3  新建ftp专用帐号
    就是上面目的中提到的那个专用帐号,这里以skate/skate(u/p)为例。
    [code:1:de92f96787]    groupadd skate
        useradd  skate -g skate -d /var/ftp  -s /sbin/nologin //设置/var/ftp目录为ftp的目录
        passwd skate //设置skate用户的密码
       mkdir /var/ftp/upload
        chown skate.skate /var/ftp/upload  //设置upload目录skate用户可写
    [/code:1:de92f96787]
    4  设置proftpd
    proftpd的配置文件就一个,就是/etc/proftpd.conf
    [code:1:de92f96787]    vi /etc/proftpd.conf //打开proftpd.conf
    [/code:1:de92f96787]
    [code:1:de92f96787]
    ####具体配置如下######
    ServerName                      "Test ftp server..."
    ServerType                      standalone
    DefaultServer                   on
    #端口
    Port                            21
    Umask                           022
    #最大线程数
    MaxInstances                    30
    User                            skate
    Group                           skate

    #DNS反查
    UseReverseDNS off
    IdentLookups off
    #最大尝试连接次数
    MaxLoginAttempts 3
    #每用户线程
    MaxClientsPerHost 2
    #最大用户数
    MaxClients 20

    DirFakeUser On skate
    DirFakeGroup On skate
    DeferWelcome On
    #日志文件位置
    SystemLog /var/log/proftpd.log
    ServerIdent off

    #限制skate组的skate用户登录时不能切换到其他目录(只能呆在他的home目录)
    DefaultRoot ~ skate,skate

    #设置只允许192.168.0的用户登录
    #<limit LOGIN>
    #Order allow,deny
    #Allow from 192.168.0.
    #Deny from all
    #</limit>

    #设置只允许skate用户登录,否则系统用户也可以登录ftp
    #<limit LOGIN>
    #Order allow,deny
    #DenyUser !skate
    #</limit>


    #开起全盘的写权限
    <Directory />
      AllowOverwrite                on
      AllowStoreRestart             on
    #允许FXP
    #  AllowForeignAddress             on
    <Limit All>
    AllowAll
    </Limit>
    </Directory>

    #设置skate用户在upload的限制
    #DELE删除权限
    #RNFR RNTO重命名权限
    #RMD XRMD移动目录权限
    <Directory /var/ftp/upload>
    <Limit DELE RNFR RNTO RMD XRMD >
     DenyUser skate
    </Limit>
    </Directory>
    #####结束######
    [/code:1:de92f96787]

    编辑完以后按Esc,然后输入:x保存。

    5  启动服务
    编辑一个启动脚本(这个是从网上copy的,不是我写的,感谢那个写这个脚本的人,很好用,thx)
    [code:1:de92f96787]    vi /etc/rc.d/init.d/proftpd[/code:1:de92f96787]
    [code:1:de92f96787]
    #####脚本内容开始########
    #!/bin/sh
    #
    # Startup script for ProFTPD
    #
    # chkconfig: 345 85 15
    # description: ProFTPD is an enhanced FTP server with \
    #              a focus toward simplicity, security, and ease of configuration. \
    #              It features a very Apache-like configuration syntax, \
    #              and a highly customizable server infrastructure, \
    #              including support for multiple 'virtual' FTP servers, \
    #              anonymous FTP, and permission-based directory visibility.
    # processname: proftpd
    # config: /etc/proftpd.conf
    #
    # By: Osman Elliyasa <    osman@Cable.EU.org>
    # $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $

    # Source function library.
    . /etc/rc.d/init.d/functions

    if [ -f /etc/sysconfig/proftpd ]; then
          . /etc/sysconfig/proftpd
    fi

    #下面这行设置环境变量,注意设置好你的proftpd的安装目录
    PATH="$PATH:/usr/local/sbin:/var/proftpd/bin:/var/proftpd/sbin"

    # See how we were called.
    case "$1" in
            start)
                    echo -n "Starting proftpd: "
                    daemon proftpd $OPTIONS
                    echo
                    touch /var/lock/subsys/proftpd
                    ;;
            stop)
                    echo -n "Shutting down proftpd: "
                    killproc proftpd
                    echo
                    rm -f /var/lock/subsys/proftpd
                    ;;
            status)
                    status proftpd
                    ;;
            restart)
                    $0 stop
                    $0 start
                    ;;
            reread)
                    echo -n "Re-reading proftpd config: "
                    killproc proftpd -HUP
                    echo
                    ;;
            suspend)
                    hash ftpshut >/dev/null 2>&1
                    if [ $? = 0 ]; then
                            if [ $# -gt 1 ]; then
                                    shift
                                    echo -n "Suspending with '$*' "
                                    ftpshut $*
                            else
                                    echo -n "Suspending NOW "
                                    ftpshut now "Maintanance in progress"
                            fi
                    else
                            echo -n "No way to suspend "
                    fi
                    echo
                    ;;
            resume)
                    if [ -f /etc/shutmsg ]; then
                            echo -n "Allowing sessions again "
                            rm -f /etc/shutmsg
                    else
                            echo -n "Was not suspended "
                    fi
                    echo
                    ;;
            *)
                    echo -n "Usage: $0 {start|stop|restart|status|reread|resume"
                    hash ftpshut
                    if [ $? = 1 ]; then
                            echo '}'
                    else
                            echo '|suspend}'
                            echo 'suspend accepts additional arguments which are passed to ftpshut(8)'
                    fi
                    exit 1
    esac

    if [ $# -gt 1 ]; then
            shift
            $0 $*
    fi

    exit 0
    #######脚本结束#########
    [/code:1:de92f96787]
    按Esc,输入:x保存。

    然后添加到系统服务并启动
    [code:1:de92f96787]
        chkconfig --add profptd
        service proftpd start[/code:1:de92f96787]
    以后可以用service proftpd restart来重起proftpd。

    6  一点体会
    看proftpd的文档翻译过的一句话:Finally, a special command is allowed which can be used to control login access: LOGIN Connection or login to 

    the server. Applying a <Limit> to this pseudo-command can be used to allow or deny initial connection or login to the context. It has no 

    effect, and is ignored, when used in a context other than server config, <VirtualHost> or <Anonymous> (i.e. using it in a <Directory> context 

    is meaningless). 

    翻译下:最后,有一个用来限制登陆的特殊命令,就是LOGIN。在<limit>中用这个,可以禁止或者允许连接进来。但是,如果不在Server config,<VirtualHost> 

    或者<Anonymous>中使用的话,他将失去效用,或者说被忽略掉(比如在<Directory>中使用就是无效的)。

    proftpd感觉还是比vsftp功能配置上好用一点,主要掌握好<limit>段基本上应用来说就没有问题了。
    proftpd文档地址    http://www.proftpd.org/docs/。[/code]
     
     
  • 相关阅读:
    python-pyStrich条形码模块
    js原型及原型链解析
    解决Genymotion下载device时较慢的问题
    nodejs实现OAuth2.0授权服务
    Swagger文档添加file上传参数写法
    TypeScript学习笔记之类
    TypeScript学习笔记之接口类型
    win64环境下使用curl命令
    TypeScript学习笔记之基础类型
    WebRTC介绍及简单应用
  • 原文地址:https://www.cnblogs.com/swordzj/p/2034836.html
Copyright © 2011-2022 走看看