ubuntu服务器安装proftpd ftp服务器步骤
ubuntu服务器安装proftpd ftp服务器步骤
发布时间:2016-12-27 来源:查字典编辑
摘要:一、安装sudoapt-getinstallproftpd安装过程中会让选择运行模式:Standalone和Inetd,前者是单一服务器模式...

一、安装

sudo apt-get install proftpd

安装过程中会让选择运行模式:Standalone和Inetd,前者是单一服务器模式,后者是超级服务器模式,

我选的Standalone。

二、配置

sudo vim /etc/shells

加入如下代码

/bin/false

新建用户ftpuser1和用户组ftp并设置密码,此用户不需要有效的shell(更安全),所以选择/bin/false

给fptuser1

sudo groupadd ftp

sudo useradd ftpuser1 -p pass -g ftp -d /home/ftp -s /bin/false

在/home/ftp目录下新建upload和download目录并修改权限

cd /home/ftp

sudo mkdir download

sudo mkdir upload

cd /home

sudo chmod 755 ftp

cd /home/ftp

sudo chmod 755 download

sudo chmod 777 upload

三、修改proftpd核心配置文件proftpd.conf

sudo vim /etc/proftpd/proftpd.conf

#

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.

# To really apply changes reload proftpd after modifications.

#

# Includes DSO modules

Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.

UseIPv6 off # 我们不需要IPv6,所以off

ServerName "xiaoyigeng's FTP Server" # 修改服务器名

ServerType standalone # 服务器运行模式,这里填standalone,也可以选

inetd

DeferWelcome on # 用户登陆时是否显示欢迎信息

MultilineRFC2228 on

DefaultServer on

ShowSymlinks on

TimeoutNoTransfer 600

TimeoutStalled 600 # 可以降到100

TimeoutIdle 1200 # 发呆超时

DisplayLogin welcome.msg # 如果上边DeferWelcom设置成on,则显示

welcome.msg中的内容

DisplayFirstChdir .message # 更改目录时显示的内容

ListOptions "-l"

DenyFilter *.*/

# Use this to jail all users in their homes

DefaultRoot /home/ftp # ftp用户被限制在这个目录中

# Users require a valid shell listed in /etc/shells to login.

# Use this directive to release that constrain.

# RequireValidShell off # 匿名用户要选on

# Port 21 is the standard FTP port.

Port 21 # 服务运行的端口

# In some cases you have to specify passive ports range to by-pass

# firewall limitations. Ephemeral ports can be used for that, but

# feel free to use a more narrow range.

# PassivePorts 49152 65534 # PASV模式下用到的端口

# If your host was NATted, this option is useful in order to

# allow passive tranfers to work. You have to use your public

# address and opening the passive ports used on your firewall as well.

# MasqueradeAddress 1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 30

# Set the user and group that the server normally runs at.

User nobody # 服务器运行在nobody用户下

Group nobody # 服务器运行在nobody组下

# Umask 022 is a good standard umask to prevent new files and dirs

# (second parm) from being group and world writable.

Umask 022 022 # 默认新建文件的权限

# Normally, we want files to be overwriteable.

AllowOverwrite on # 文件可以被覆盖

# Uncomment this if you are using NIS or LDAP to retrieve passwords:

# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!

# Uncomment this if you like to see progress and transfer rate with ftpwho

# in downloads. That is not needed for uploads rates.

#

# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.

# Both modules are loaded in default configuration, so you have to specify the backend

# or comment out the unused module in /etc/proftpd/modules.conf.

# Use 'mysql' or 'postgres' as possible values.

#

#<IfModule mod_sql.c>

# SQLBackend mysql

#</IfModule>

TransferLog /var/log/proftpd/xferlog # 传送文件日志

SystemLog /var/log/proftpd/proftpd.log # 系统运行日志

<IfModule mod_tls.c>

TLSEngine off

</IfModule>

<IfModule mod_quota.c>

QuotaEngine on

</IfModule>

<IfModule mod_ratio.c>

Ratios on

</IfModule></p> <p># Delay engine reduces impact of the so-called Timing Attack described in

# <a href="http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02">http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02</a>

# It is on by default.

<IfModule mod_delay.c>

DelayEngine on

</IfModule>

<IfModule mod_ctrls.c>

ControlsEngine on

ControlsMaxClients 2

ControlsLog /var/log/proftpd/controls.log

ControlsInterval 5

ControlsSocket /var/run/proftpd/proftpd.sock

</IfModule>

<IfModule mod_ctrls_admin.c>

AdminControlsEngine on

</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>

# User ftp

# Group nogroup

# # We want clients to be able to login with "anonymous" as well as "ftp"

# UserAlias anonymous ftp

# # Cosmetic changes, all files belongs to ftp user

# DirFakeUser on ftp

# DirFakeGroup on ftp

#

# RequireValidShell off

#

# # Limit the maximum number of anonymous logins

# MaxClients 10

#

# # We want 'welcome.msg' displayed at login, and '.message' displayed

# # in each newly chdired directory.

# DisplayLogin welcome.msg

# DisplayFirstChdir .message

#

# # Limit WRITE everywhere in the anonymous chroot

# <Directory *>

# <Limit WRITE>

# DenyAll

# </Limit>

# </Directory>

#

# # Uncomment this if you're brave.

# # <Directory incoming>

# # # Umask 022 is a good standard umask to prevent new files and dirs

# # # (second parm) from being group and world writable.

# # Umask 022 022

# # <Limit READ WRITE>

# # DenyAll

# # </Limit>

# # <Limit STOR>

# # AllowAll

# # </Limit>

# # </Directory>

#

# </Anonymous>

# Valid Logins # 以下部分为设置用户权限部分

<Limit LOGIN>

AllowUser ftpuser1

DenyAll

</Limit>

<Directory /home/ftp>

Umask 022 022

AllowOverwrite off

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

<Directory /home/ftp/download/>

Umask 022 022

AllowOverwrite off

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

<Directory /home/ftp/upload/>

Umask 022 022

AllowOverwrite on

<Limit READ RMD DELE>

DenyAll

</Limit>

<Limit STOR CWD MKD>

AllowAll

</Limit>

</Directory>

四、启动、停止、重启服务器

sudo /etc/init.d/proftpd start

sudo /etc/init.d/proftpd stop

sudo /etc/init.d/proftpd restart

五、维护

可以到/var/log/proftpd目录查看日志

查看ftp服务器负载命令 ftptop

查看什么认登陆服务器 ftpwho

PS:proftpd中Limit的使用介绍

我们用到的比较多的可能是Limit的使用,Limit大致有以下动作,基本能覆盖全部的权限了。

CMD:Change Working Directory 改变目录

MKD:MaKe Directory 建立目录的权限

RNFR: ReName FRom 更改目录名的权限

DELE:DELEte 删除文件的权限

RMD:ReMove Directory 删除目录的权限

RETR:RETRieve 从服务端下载到客户端的权限

STOR:STORe 从客户端上传到服务端的权限

READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等

WRITE:写文件或者目录的权限,包括MKD和RMD

DIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的

ALL:所有权限

LOGIN:是否允许登陆的权限

针对上面这个Limit所应用的对象,又包括以下范围

AllowUser 针对某个用户允许的Limit

DenyUser 针对某个用户禁止的Limit

AllowGroup 针对某个用户组允许的Limit

DenyGroup 针对某个用户组禁止的Limit

AllowAll 针对所有用户组允许的Limit

DenyAll 针对所有用户禁止的Limit

关于限制速率的参数为:

TransferRate STOR|RETR 速度(Kbytes/s) user 使用者

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新Ubuntu/Debian学习
热门Ubuntu/Debian学习
操作系统子分类