分类: LINUX
2005-11-24 10:43:32
- Bug 2181 - The prior fix for Bug#2181, handling of the PORT command when the
--enable-ipv6 configure option is used, was not quite correct. A problem
still existed when an IPv4 client used the PORT command when talking to
an IPv4-only vhost (as opposed to an IPv4 and IPv6 vhost). Now PORT is
properly handled in all cases.
- Bug 2204 - On systems that use the gethostbyname2() function, IPv4 clients
were not being properly resolved to their DNS names.
- Bug 2242 - proftpd reread included additional config as user nobody instead
of root. The bug was caused by configuration directive handlers
(specifically, SyslogFacility and SystemLog) that would incorrectly change
the process privileges; depending on the order of configuration in
proftpd.conf, some Included files might not be parseable due to permissions
problems.
- Bug 2197 - The RPM .spec has been updated for easy RPM builds from CVS
snapshots.
- Check for excessive length of symlink directory listing entries (submitted
by Michael Hendrickx
- Two memory leaks, seen mostly during recursive directory listings, have
been fixed.
II.Installation
download proftpd-1.2.9.tar.gz from proftp web site!
# ls //看看案板上的东东的样子吧
proftpd-1.2.9.tar.gz
# gunzip * //解压缩
# ls
proftpd-1.2.9.tar
# tar xvf * //解TAR压缩
x proftpd-1.2.9, 0 bytes, 0 tape blocks
x proftpd-1.2.9/contrib, 0 bytes, 0 tape blocks
x proftpd-1.2.9/contrib/dist, 0 bytes, 0 tape blocks
x proftpd-1.2.9/contrib/dist/rpm, 0 bytes, 0 tape blocks
x proftpd-1.2.9/contrib/dist/rpm/ftp.pamd, 633 bytes, 2 tape blocks
x proftpd-1.2.9/contrib/dist/rpm/proftpd.init.d, 1941 bytes, 4 tape blocks
x proftpd-1.2.9/contrib/dist/rpm/proftpd.logrotate, 147 bytes, 1 tape blocks
x proftpd-1.2.9/contrib/dist/rpm/xinetd, 252 bytes, 1 tape blocks
x proftpd-1.2.9/contrib/INSTALL.mod_wrap, 1060 bytes, 3 tape blocks
x proftpd-1.2.9/contrib/README, 766 bytes, 2 tape blocks
x proftpd-1.2.9/contrib/README.mod_wrap, 8802 bytes, 18 tape blocks
x proftpd-1.2.9/contrib/README.ratio, 5331 bytes, 11 tape blocks
x proftpd-1.2.9/contrib/UPGRADE.mod_sql, 2358 bytes, 5 tape blocks
x proftpd-1.2.9/contrib/ftpasswd, 25731 bytes, 51 tape blocks
x proftpd-1.2.9/contrib/ftpasswd.html, 13929 bytes, 28 tape blocks
x proftpd-1.2.9/contrib/mod_ifsession.c, 16145 bytes, 32 tape blocks
x proftpd-1.2.9/contrib/mod_ifsession.html, 9001 bytes, 18 tape blocks
x proftpd-1.2.9/contrib/mod_ldap.c, 60852 bytes, 119 tape blocks
x proftpd-1.2.9/contrib/mod_radius.c, 83524 bytes, 164 tape blocks
x proftpd-1.2.9/contrib/mod_radius.html, 11958 bytes, 24 tape blocks
x proftpd-1.2.9/contrib/mod_ratio.c, 22426 bytes, 44 tape blocks
x proftpd-1.2.9/contrib/mod_readme.c, 5018 bytes, 10 tape blocks
x proftpd-1.2.9/contrib/mod_rewrite.c, 63067 bytes, 124 tape blocks
x proftpd-1.2.9/contrib/mod_rewrite.html, 22951 bytes, 45 tape blocks
x proftpd-1.2.9/contrib/mod_sql.c, 116835 bytes, 229 tape blocks
x proftpd-1.2.9/contrib/mod_sql.h, 3089 bytes, 7 tape blocks
x proftpd-1.2.9/contrib/mod_sql_mysql.c, 43271 bytes, 85 tape blocks
x proftpd-1.2.9/contrib/mod_sql_postgres.c, 37637 bytes, 74 tape blocks
x proftpd-1.2.9/contrib/mod_tls.c, 92795 bytes, 182 tape blocks
x proftpd-1.2.9/contrib/mod_tls.html, 38017 bytes, 75 tape blocks
x proftpd-1.2.9/contrib/mod_wrap.c, 28867 bytes, 57 tape blocks
x proftpd-1.2.9/contrib/mod_wrap.html, 10981 bytes, 22 tape blocks
x proftpd-1.2.9/contrib/xferstats.holger-preiss, 12051 bytes, 24 tape blocks
x proftpd-1.2.9/contrib/README.mod_sql symbolic link to ../README.mod_sql
x proftpd-1.2.9/proftpd.spec, 10049 bytes, 20 tape blocks
x proftpd-1.2.9/COPYING, 18016 bytes, 36 tape blocks
x proftpd-1.2.9/CREDITS, 2200 bytes, 5 tape blocks
x proftpd-1.2.9/ChangeLog, 276962 bytes, 541 tape blocks
x proftpd-1.2.9/INSTALL, 25484 bytes, 50 tape blocks
x proftpd-1.2.9/Make.rules.in, 2380 bytes, 5 tape blocks
x proftpd-1.2.9/Makefile.in, 4877 bytes, 10 tape blocks
x proftpd-1.2.9/NEWS, 60673 bytes, 119 tape blocks
x proftpd-1.2.9/README, 4289 bytes, 9 tape blocks
x proftpd-1.2.9/README.AIX, 5444 bytes, 11 tape blocks
x proftpd-1.2.9/README.FreeBSD, 1093 bytes, 3 tape blocks
x proftpd-1.2.9/README.IPv6, 2839 bytes, 6 tape blocks
x proftpd-1.2.9/README.LDAP, 3806 bytes, 8 tape blocks
x proftpd-1.2.9/README.PAM, 5230 bytes, 11 tape blocks
x proftpd-1.2.9/README.Solaris2.5x, 1697 bytes, 4 tape blocks
x proftpd-1.2.9/README.Unixware, 1524 bytes, 3 tape blocks
x proftpd-1.2.9/README.capabilities, 2261 bytes, 5 tape blocks
x proftpd-1.2.9/README.cygwin, 3879 bytes, 8 tape blocks
x proftpd-1.2.9/README.mod_sql, 46908 bytes, 92 tape blocks
x proftpd-1.2.9/README.modules, 3777 bytes, 8 tape blocks
x proftpd-1.2.9/README.ports, 3262 bytes, 7 tape blocks
x proftpd-1.2.9/acconfig.h, 3009 bytes, 6 tape blocks
x proftpd-1.2.9/aclocal.m4, 4022 bytes, 8 tape blocks
x proftpd-1.2.9/config.guess, 40938 bytes, 80 tape blocks
x proftpd-1.2.9/config.h.in, 17168 bytes, 34 tape blocks
x proftpd-1.2.9/config.sub, 29806 bytes, 59 tape blocks
x proftpd-1.2.9/configure, 502523 bytes, 982 tape blocks
x proftpd-1.2.9/configure.in, 39150 bytes, 77 tape blocks
x proftpd-1.2.9/install-sh, 5585 bytes, 11 tape blocks
x proftpd-1.2.9/stamp-h.in, 0 bytes, 0 tape blocks
x proftpd-1.2.9/doc, 0 bytes, 0 tape blocks
x proftpd-1.2.9/doc/rfc, 0 bytes, 0 tape blocks
x proftpd-1.2.9/doc/rfc/draft-bonachea-sftp-00.txt, 11067 bytes, 22 tape blocks
x proftpd-1.2.9/doc/rfc/draft-ietf-ftpext-mlst-15.txt, 136004 bytes, 266 tape blocks
x proftpd-1.2.9/doc/rfc/draft-ietf-ftpext-sec-consider-02.txt, 17207 bytes, 34 tape blocks
x proftpd-1.2.9/doc/rfc/draft-murray-auth-ftp-ssl-10.txt, 49569 bytes, 97 tape blocks
x proftpd-1.2.9/doc/rfc/rfc0959.txt, 147316 bytes, 288 tape blocks
x proftpd-1.2.9/doc/rfc/rfc2228.txt, 58729 bytes, 115 tape blocks
x proftpd-1.2.9/doc/rfc/rfc2389.txt, 17166 bytes, 34 tape blocks
x proftpd-1.2.9/doc/rfc/rfc2428.txt, 16024 bytes, 32 tape blocks
x proftpd-1.2.9/doc/Configuration.html, 475986 bytes, 930 tape blocks
x proftpd-1.2.9/doc/Configuration.sgml, 675 bytes, 2 tape blocks
x proftpd-1.2.9/doc/GetConf, 618 bytes, 2 tape blocks
x proftpd-1.2.9/doc/faq.html, 95460 bytes, 187 tape blocks
x proftpd-1.2.9/doc/license.txt, 1205 bytes, 3 tape blocks
x proftpd-1.2.9/doc/mod_sample.c, 10877 bytes, 22 tape blocks
x proftpd-1.2.9/include, 0 bytes, 0 tape blocks
x proftpd-1.2.9/include/bindings.h, 7457 bytes, 15 tape blocks
x proftpd-1.2.9/include/conf.h, 8676 bytes, 17 tape blocks
x proftpd-1.2.9/include/data.h, 2026 bytes, 4 tape blocks
x proftpd-1.2.9/include/default_paths.h, 3012 bytes, 6 tape blocks
x proftpd-1.2.9/include/dirtree.h, 9543 bytes, 19 tape blocks
x proftpd-1.2.9/include/feat.h, 1333 bytes, 3 tape blocks
x proftpd-1.2.9/include/fsio.h, 9557 bytes, 19 tape blocks
x proftpd-1.2.9/include/ftp.h, 8730 bytes, 18 tape blocks
x proftpd-1.2.9/include/glibc-glob.h, 7174 bytes, 15 tape blocks
x proftpd-1.2.9/include/ident.h, 1400 bytes, 3 tape blocks
x proftpd-1.2.9/include/inet.h, 9225 bytes, 19 tape blocks
x proftpd-1.2.9/include/libsupp.h, 3429 bytes, 7 tape blocks
x proftpd-1.2.9/include/log.h, 3163 bytes, 7 tape blocks
x proftpd-1.2.9/include/mkhome.h, 1308 bytes, 3 tape blocks
x proftpd-1.2.9/include/modules.h, 8073 bytes, 16 tape blocks
x proftpd-1.2.9/include/netaddr.h, 6904 bytes, 14 tape blocks
x proftpd-1.2.9/include/netio.h, 7252 bytes, 15 tape blocks
x proftpd-1.2.9/include/options.h, 6055 bytes, 12 tape blocks
x proftpd-1.2.9/include/pool.h, 3778 bytes, 8 tape blocks
x proftpd-1.2.9/include/pr-syslog.h, 3440 bytes, 7 tape blocks
x proftpd-1.2.9/include/privs.h, 10664 bytes, 21 tape blocks
x proftpd-1.2.9/include/proftpd.h, 8338 bytes, 17 tape blocks
x proftpd-1.2.9/include/regexp.h, 1403 bytes, 3 tape blocks
x proftpd-1.2.9/include/response.h, 3033 bytes, 6 tape blocks
x proftpd-1.2.9/include/scoreboard.h, 3753 bytes, 8 tape blocks
x proftpd-1.2.9/include/sets.h, 2196 bytes, 5 tape blocks
x proftpd-1.2.9/include/support.h, 3042 bytes, 6 tape blocks
x proftpd-1.2.9/include/timers.h, 1875 bytes, 4 tape blocks
x proftpd-1.2.9/include/version.h, 321 bytes, 1 tape blocks
x proftpd-1.2.9/lib, 0 bytes, 0 tape blocks
x proftpd-1.2.9/lib/libcap, 0 bytes, 0 tape blocks
x proftpd-1.2.9/lib/libcap/include, 0 bytes, 0 tape blocks
x proftpd-1.2.9/lib/libcap/include/sys, 0 bytes, 0 tape blocks
x proftpd-1.2.9/lib/libcap/include/sys/capability.h, 2711 bytes, 6 tape blocks
x proftpd-1.2.9/lib/libcap/Makefile, 1859 bytes, 4 tape blocks
x proftpd-1.2.9/lib/libcap/_makenames.c, 2314 bytes, 5 tape blocks
x proftpd-1.2.9/lib/libcap/cap_alloc.c, 3231 bytes, 7 tape blocks
x proftpd-1.2.9/lib/libcap/cap_extint.c, 3795 bytes, 8 tape blocks
x proftpd-1.2.9/lib/libcap/cap_file.c, 2827 bytes, 6 tape blocks
x proftpd-1.2.9/lib/libcap/cap_flag.c, 2930 bytes, 6 tape blocks
x proftpd-1.2.9/lib/libcap/cap_proc.c, 2688 bytes, 6 tape blocks
x proftpd-1.2.9/lib/libcap/cap_sys.c, 1090 bytes, 3 tape blocks
x proftpd-1.2.9/lib/libcap/cap_text.c, 8127 bytes, 16 tape blocks
x proftpd-1.2.9/lib/libcap/libcap.h, 4138 bytes, 9 tape blocks
x proftpd-1.2.9/lib/Makefile.in, 2044 bytes, 4 tape blocks
x proftpd-1.2.9/lib/getopt.c, 30212 bytes, 60 tape blocks
x proftpd-1.2.9/lib/getopt.h, 5893 bytes, 12 tape blocks
x proftpd-1.2.9/lib/getopt1.c, 4550 bytes, 9 tape blocks
x proftpd-1.2.9/lib/glibc-gai_strerror.c, 3675 bytes, 8 tape blocks
x proftpd-1.2.9/lib/glibc-glob.c, 38730 bytes, 76 tape blocks
x proftpd-1.2.9/lib/glibc-hstrerror.c, 3139 bytes, 7 tape blocks
x proftpd-1.2.9/lib/glibc-mkstemp.c, 3163 bytes, 7 tape blocks
x proftpd-1.2.9/lib/pr-syslog.c, 6602 bytes, 13 tape blocks
x proftpd-1.2.9/lib/pr_fnmatch.c, 11332 bytes, 23 tape blocks
x proftpd-1.2.9/lib/pr_fnmatch_loop.c, 24129 bytes, 48 tape blocks
x proftpd-1.2.9/lib/pwgrent.c, 5100 bytes, 10 tape blocks
x proftpd-1.2.9/lib/sstrncpy.c, 1579 bytes, 4 tape blocks
x proftpd-1.2.9/lib/strsep.c, 1667 bytes, 4 tape blocks
x proftpd-1.2.9/lib/vsnprintf.c, 9796 bytes, 20 tape blocks
x proftpd-1.2.9/lib/Makefile.bak, 1876 bytes, 4 tape blocks
x proftpd-1.2.9/lib/Makefile.in.bak, 1798 bytes, 4 tape blocks
x proftpd-1.2.9/modules, 0 bytes, 0 tape blocks
x proftpd-1.2.9/modules/Makefile.in, 8014 bytes, 16 tape blocks
x proftpd-1.2.9/modules/glue.sh, 462 bytes, 1 tape blocks
x proftpd-1.2.9/modules/mod_auth.c, 79033 bytes, 155 tape blocks
x proftpd-1.2.9/modules/mod_auth_file.c, 32888 bytes, 65 tape blocks
x proftpd-1.2.9/modules/mod_auth_pam.c, 13162 bytes, 26 tape blocks
x proftpd-1.2.9/modules/mod_auth_unix.c, 22771 bytes, 45 tape blocks
x proftpd-1.2.9/modules/mod_cap.c, 10121 bytes, 20 tape blocks
x proftpd-1.2.9/modules/mod_core.c, 134497 bytes, 263 tape blocks
x proftpd-1.2.9/modules/mod_log.c, 29716 bytes, 59 tape blocks
x proftpd-1.2.9/modules/mod_ls.c, 53894 bytes, 106 tape blocks
x proftpd-1.2.9/modules/mod_site.c, 13076 bytes, 26 tape blocks
x proftpd-1.2.9/modules/mod_xfer.c, 67232 bytes, 132 tape blocks
x proftpd-1.2.9/modules/module_glue.c.tmpl, 130 bytes, 1 tape blocks
x proftpd-1.2.9/modules/Makefile.bak, 5734 bytes, 12 tape blocks
x proftpd-1.2.9/modules/Makefile.in.bak, 5776 bytes, 12 tape blocks
x proftpd-1.2.9/sample-configurations, 0 bytes, 0 tape blocks
x proftpd-1.2.9/sample-configurations/PFTEST.conf.in, 1027 bytes, 3 tape blocks
x proftpd-1.2.9/sample-configurations/PFTEST.group, 15 bytes, 1 tape blocks
x proftpd-1.2.9/sample-configurations/PFTEST.install, 1647 bytes, 4 tape blocks
x proftpd-1.2.9/sample-configurations/PFTEST.passwd, 61 bytes, 1 tape blocks
x proftpd-1.2.9/sample-configurations/PFTEST.shadow, 34 bytes, 1 tape blocks
x proftpd-1.2.9/sample-configurations/anonymous.conf, 3409 bytes, 7 tape blocks
x proftpd-1.2.9/sample-configurations/basic.conf, 1817 bytes, 4 tape blocks
x proftpd-1.2.9/sample-configurations/complex-virtual.conf, 11067 bytes, 22 tape blocks
x proftpd-1.2.9/sample-configurations/mod_sql.conf, 8332 bytes, 17 tape blocks
x proftpd-1.2.9/sample-configurations/virtual.conf, 2477 bytes, 5 tape blocks
x proftpd-1.2.9/src, 0 bytes, 0 tape blocks
x proftpd-1.2.9/src/Makefile.in, 14721 bytes, 29 tape blocks
x proftpd-1.2.9/src/auth.c, 13354 bytes, 27 tape blocks
x proftpd-1.2.9/src/bindings.c, 27456 bytes, 54 tape blocks
x proftpd-1.2.9/src/data.c, 29647 bytes, 58 tape blocks
x proftpd-1.2.9/src/dirtree.c, 86136 bytes, 169 tape blocks
x proftpd-1.2.9/src/feat.c, 2185 bytes, 5 tape blocks
x proftpd-1.2.9/src/fsio.c, 67771 bytes, 133 tape blocks
x proftpd-1.2.9/src/ident.c, 5934 bytes, 12 tape blocks
x proftpd-1.2.9/src/inet.c, 36167 bytes, 71 tape blocks
x proftpd-1.2.9/src/log.c, 17563 bytes, 35 tape blocks
x proftpd-1.2.9/src/main.c, 75151 bytes, 147 tape blocks
x proftpd-1.2.9/src/mkhome.c, 8895 bytes, 18 tape blocks
x proftpd-1.2.9/src/modules.c, 17449 bytes, 35 tape blocks
x proftpd-1.2.9/src/netaddr.c, 19856 bytes, 39 tape blocks
x proftpd-1.2.9/src/netio.c, 22811 bytes, 45 tape blocks
x proftpd-1.2.9/src/pool.c, 18038 bytes, 36 tape blocks
x proftpd-1.2.9/src/proftpd.8.in, 3480 bytes, 7 tape blocks
x proftpd-1.2.9/src/regexp.c, 3667 bytes, 8 tape blocks
x proftpd-1.2.9/src/response.c, 6819 bytes, 14 tape blocks
x proftpd-1.2.9/src/scoreboard.c, 16284 bytes, 32 tape blocks
x proftpd-1.2.9/src/sets.c, 8891 bytes, 18 tape blocks
x proftpd-1.2.9/src/support.c, 19970 bytes, 40 tape blocks
x proftpd-1.2.9/src/timers.c, 9696 bytes, 19 tape blocks
x proftpd-1.2.9/src/xferlog.5.in, 3082 bytes, 7 tape blocks
x proftpd-1.2.9/src/proftpd.8, 3451 bytes, 7 tape blocks
x proftpd-1.2.9/src/xferlog.5, 3082 bytes, 7 tape blocks
x proftpd-1.2.9/src/Makefile.bak, 11270 bytes, 23 tape blocks
x proftpd-1.2.9/src/Makefile.in.bak, 11312 bytes, 23 tape blocks
x proftpd-1.2.9/utils, 0 bytes, 0 tape blocks
x proftpd-1.2.9/utils/Makefile.in, 2329 bytes, 5 tape blocks
x proftpd-1.2.9/utils/ftpcount.1.in, 1694 bytes, 4 tape blocks
x proftpd-1.2.9/utils/ftpcount.c, 7869 bytes, 16 tape blocks
x proftpd-1.2.9/utils/ftpshut.8.in, 3304 bytes, 7 tape blocks
x proftpd-1.2.9/utils/ftpshut.c, 4826 bytes, 10 tape blocks
x proftpd-1.2.9/utils/ftptop.1.in, 2023 bytes, 4 tape blocks
x proftpd-1.2.9/utils/ftptop.c, 15709 bytes, 31 tape blocks
x proftpd-1.2.9/utils/ftpwho.1.in, 2126 bytes, 5 tape blocks
x proftpd-1.2.9/utils/ftpwho.c, 14736 bytes, 29 tape blocks
x proftpd-1.2.9/utils/misc.c, 1960 bytes, 4 tape blocks
x proftpd-1.2.9/utils/scoreboard.c, 6018 bytes, 12 tape blocks
x proftpd-1.2.9/utils/utils.h, 4047 bytes, 8 tape blocks
x proftpd-1.2.9/utils/ftpcount.1, 1687 bytes, 4 tape blocks
x proftpd-1.2.9/utils/ftpshut.8, 3304 bytes, 7 tape blocks
x proftpd-1.2.9/utils/ftptop.1, 2016 bytes, 4 tape blocks
x proftpd-1.2.9/utils/ftpwho.1, 2119 bytes, 5 tape blocks
x proftpd-1.2.9/utils/Makefile.bak, 2220 bytes, 5 tape blocks
x proftpd-1.2.9/utils/Makefile.in.bak, 2262 bytes, 5 tape blocks
# ls
proftpd-1.2.9 proftpd-1.2.9.tar
#
#
# cd *
# ls
COPYING README.Solaris2.5x configure.in
CREDITS README.Unixware contrib
ChangeLog README.capabilities doc
INSTALL README.cygwin include
Make.rules.in README.mod_sql install-sh
Makefile.in README.modules lib
NEWS README.ports modules
README acconfig.h proftpd.spec
README.AIX aclocal.m4 sample-configurations
README.FreeBSD config.guess src
README.IPv6 config.h.in stamp-h.in
README.LDAP config.sub utils
README.PAM configure
# ./configure --prefix=/usr/local/proftp //这个时候你需要GCC的支持,如果没有GCC肯定编译不了的啊/usr/local/proftp是你指定的以后INSTALL的目录
# make
# make install //进行安装
III.Sample-Configurations
# pwd
/usr/local/proftp/etc //配置文件的目录
Default configuretion is basic conf.( basic.conf、mod_sql.conf、anonymous.conf、complex-virtual.conf、virtual.conf in proftpd-1.2.9/sample-configurations //文件配置是有个模板的,默认的是basic conf,你可以从你的proftpd-1.2.9/sample-configurations 目录里找到其他的配置文件,根据你的需要。
#
# more
#more proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "C.Arthur FTP Server" //你配置的服务器名字哦
ServerType standalone //standalone还是inetd方式
DefaultServer on
# Port 21 is the standard FTP port.
Port 21 //可以根据你的需要修改
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022 //权限的设置
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30 //最大连接数
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~ //限制用户FTP的目录
# Normally, we want files to be overwriteable. //限制对目录的权限
AllowOverwrite on
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot //限制写的权限可以针对IP地址的限制
DenyAll
#
IIII.Start
# /usr/local/sbin/proftpd start //正常启动方式,也可以使用debug方式诊断
#
# ps -e | grep proftpd
458 ? 0:00 proftpd
# groupadd ftp
# useradd -u 1111 -g ftp -d /export/home/arthur -c "ftpuser" -m -s /bin/sh arthur
6 blocks
# passwd arthur
New password:
Re-enter new password:
passwd (SYSTEM): passwd successfully changed for arthur
On windown clinet run ftp 192.168.0.10
Connected to 192.168.0.10.
220 ProFTPD 1.2.9 Server (C.Arthur Ftp Server) [u10]
Name (192.168.0.10:root):
IIII.FAQ
1. ProFTPD doesn't seem to work.
Starting ProFTPD in standalone mode it doesn't show in "ps" It could be many things, possibly something like not running
ProFTPD as root (it needs to be run as root initially, but will switch to a non-privileged user). Regardless, ProFTPD logs
all errors via the standard syslog mechanism. You need to check your system logs in order to determine what the problem is.
It doesn't work!
There are many times when there's a completely random problem which appears to be insoluble. The best place to ask for help
is definately the mailing list (proftpd-l) but it's not productive to ask for help without giving enough information for
intelligent debugging.
Have you?
Checked your logs
Tried the server in debug mode
Read the FAQ?
Checked the mailing list archive?
Are you running the latest version?
When posting try giving enough information, this might include but not be limited to.
OS and server version (proftpd -vv)
List of included modules (proftpd -l)
Appropriate log extracts
Output fom debug mode
Configration fragment
2. "inet_create_connection() failed: Operation not permitted".
You aren't starting ProFTPD as root, or you have inetd configured to run ProFTPD as a user other than root. The ProFTPD
daemon must be started as root in order to bind to tcp ports lower than 1024, or to open your shadow password file when
authenticating users. The daemon switches uid/gids to the user and group specified by the User/Group directives during normal
operation, so a "ps" will show it running as the user you specified.
3. Unable to bind to port/Address already in use
0.0.0.0 is INADDR_ANY, which means to bind to any interface. The "address in use" will normally mean that something has
already bound to that address.
Under linux it is possible to run:
fuser -n tcp 21
to get the PID of the process currently bound to port ProFTPD is configured to run as.
The most common cause is that ProFTPD is configured standalone and inetd is still configured for port 21. Comment out the
line starting "ftp" in /etc/inetd.conf and restart (killall -HUP inetd or something similar should do the trick) and try
again.
4. "(Login failed): Invalid shell"
The user attempting to login has been given a shell that is not listed in the system's /etc/shells file. By default, proftpd
will require that users logging in have valid shells. Use the RequireValidShell directive to turn off this requirement:
RequireValidShell off
5. "Fatal: Socket operation on non-socket"
You have ProFTPD configured to run in inetd mode rather than standalone. In this mode, ProFTPD expects that it will be run
from the inetd super-server, which implies that stdin/stdout will be sockets instead of terminals. As a result, socket
operations will fail and the above error will be printed. If you wish to run ProFTPD from the shell, in standalone mode,
you'll need to modify your proftpd.conf configuration file and add or edit the ServerType directive to read:
ServerType standalone
6. "Fatal: unable to determine IP address of "hostname:
The hosting machine has a poorly configured hostname setup to the point where the resolver library cannot determine the IP
from the name. Solutions include, fixing the DNS for the domain, fixing the hostname, fixing the /etc/hosts file. Which one
works for you will largely depend on your OS and exactly what is wrong.
7. I'm having problems with FTP clients behind firewalls
The FTP Specification defines that two sockets should be used for all communications. The first runs over port 21 and is the
control channel over which all commands and response codes are sent. Whenever data is required to be transfered, for example
for a file download, a directory listing etc etc. A second channel is created on demand, this socket can take one of two
forms.
non-Passive
The server end of the data socket uses port 20. This is nice and easy to work into a firewall configuration.
Passive
The port at either end is dynamically allocated. This is virtually impossible to cater for in a firewall configuration given
that the port mapping will be different for every data connection.
The solution is to force the users to configure their clients to use the non-passive mode (ie port 20)
8. Can I run more that one VirtualHost on a single IP?
No, or at least not in the HTTP/1.1 manner of virtual hosting. This is an inbuilt limitation of the current FTP RFC., unlike
the HTTP/1.1 spec there is no mechanism comparable to the "Host: foo.bar.com" HTTP header for specifying which host the
connection is for. Therefore the only method for determining which VirtualHost the connection is destined for is by the
destination IP.
The one exception to this is if you host multiple servers on the same IP but using different ports, however this requires
that the connecting client uses a non-standard port and therefore is probably not a good solution for mass hosting.
Is there anything in the pipeline to fix this?
There is a draft standard
and improves on the FTP specification including support for a HOST command. However given that the IP crunch is coming from
websites and not virtual ftp servers this is unlikely to be pushed through any time soon.
9. How do I run ProFTPD from inetd?
Find the line in /etc/inetd.conf that looks something like this:
ftp stream tcp nowait root in.ftpd in.ftpd
Replace it with:
ftp stream tcp nowait root in.proftpd in.proftpd
Then, find your inetd process in the process listing and send it the SIGHUP signal so that it will rehash and reconfigure
itself. You may also need to add in.ProFTPD to hosts.allow on your system.
10. Can I use tcp-wrappers with ProFTPD?
Yup. Although ProFTPD has built-in IP access control (see the Deny and Allow directives), many admins choose to consolidate
IP access control in one place via in.tcpd. Just configure ProFTPD to run from inetd as any other tcp-wrapper wrapped daemon
and add the appropriate lines to hosts.allow/deny files.
If running ProFTPD in standalone mode, mod_wrap can be used to direct the server to use the normal hosts.allow/deny files.
11. Can I run an FTP server on a non-standard port?
Yes. Use a
inside the
FTP server on port 2001, you would:
...
Port 2001
...
12. Can control upload/download ratios?
Yes the mod_ratio module provides for doing just this.
The ratio directives take four numbers: file ratio, initial file credit, byte ratio, and initial byte credit. Setting either
ratio to 0 disables that check.
The directives are HostRatio (matches FQDN, wildcards allowed), AnonRatio (matches password entered at login), UserRatio
(accepts "*" for "any user"), and GroupRatio.
Ratios on # enable module
UserRatio ftp 0 0 0 0
HostRatio master.debian.org 0 0 0 0 # leech access (default)
GroupRatio proftpd 100 10 5 100000 # 100:1 files, 10 file cred 5:1 bytes, 100k byte cred
AnonRatio
UserRatio * 5 5 5 50000 # special default case
This example is for someone who (1) has downloaded 1 file of 82k, (2) has uploaded nothing, (3) has a ratio of 5:1 files and
5:1 bytes, (4) has 4 files and 17k credit remaining, and (5) is now changing directory to /art/nudes/young/carla. The initial
credit, not shown, was 5 files and 100k (UserRatio * 5 5 5 100000).
Version 2.0 and above of this module integrate with mod_sql.
Limitations of mod_ratio
It appears that the ratio limits in mod_ratio are only maintained on a per session basis and there is no ongoing tracking of
usage.
13. Slow logins
This is probably caused by a firewall or DNS timeout. By default ProFTPD will try to do both DNS and ident lookups against
the incoming connection. If these are blocked or excessively delayed a slower than normal login will result. To turn off DNS
and ident use:
UseReverseDNS off
IdentLookups off
IdentLookups and tcpwrappers ***
14. Lots of "FTP session closed" messages
Oct 7 12:30:48 salvage2 proftpd[8874]: FTP session closed. Oct 7 12:30:48 salvage2 proftpd[8874]: FTP session closed. Oct 7
12:30:48 salvage2 proftpd[8874]: FTP session closed. Oct 7 12:30:48 salvage2 proftpd[8874]: FTP session closed.
The above log extract is likely to be caused by a local monitoring system or a particularly aggressive DoS attack. Most
service monitoring systems try opening the ftp port on the target server to detect whether it is active and running. Most of
the time these tests are followed by an immediate "QUIT" or disconnection.
TCPdump/TCPshow on the server in question should show which machine on your network is is generating these connections.
15. How do I see who is connected?
The ftpwho command lists the state of each ftp connection to the server and what it's current activity is. However this does
not detail the connection information on a virtual by virtual basis.
16. Can I force ProFTPD to listen on only one IP?
Sort, of it's not quite as clean as the socket binding under Apache but the principle works something like this.
Standalone mode
To listen on the primary IP of a host use the SocketBindTight directive
To listen on a interfaces which are not the primary host interface use the SocketBindTight directive, place your server
configuration in a
inside the VirtualHost block.
inetd
There are two approaches possible, the first is to use the patch from Daniel Roesen
mailing list archives).
The second method is to run ProFTPD from xinetd (), a more advanced replacement of inetd. An entry
for this in xinetd.conf would be something like this:
service ftp
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/proftpd
log_on_success += DURATION USERID
log_on_failure += USERID
nice = 10
#bind = [IP to bind to]
}
17. "FTP server shut down ... please try again later."
Check for /etc/shutmsg and delete it.
18. How do I shutdown the server without killing proftpd?
ftpshut, allows the server to disallow connections with a message without actually taking down the service. The shutdown can
be scheduled for a point in the future or right now, existing connections can be allowed to finish, or be terminated now. Re
-enabling is done by removing the /etc/shutmsg file.
19. Is is possible to shutdown a single VirtualHost?
No, the shutmsg file works at a daemon level not at a virtual host level.
20. Error 421
This appears to be a general catch all error code meaning "something nasty has gone wrong".
Connection has timed out
The DefaultRoot specified doesn't exist
The parent server has been killed
Check /etc/services
Wrong permissions on the DefaultRoot
You get the idea...
21. proftpd doesn't show in the processlist
Two possible reasons, first that it's simply not running, try proftpd -n -d2 to run in debug mode and see what happens. The
other is that it's running from inetd and there are no active sessions at the moment.
22. How do I restart/reload the server?
This depends on the mode you're running the server in.
inetd
Unless you're making a configuration change to inetd itself nothing needs doing. The server reloads the configuration
everytime a new connection is made.
Standalone
Either stop and start the server completely (a little aggressive for most admins tastes) or send a SIGHUP to the master
daemon process.
23. 503 No PORT command issued
A bug was introduced in 1.2.0rc2 which prevented the PORT command working properly and therefore breaking the data socket
under certain conditions. The bug was documented as bug 240 and has been fixed in CVS. A rc3 release is due before the end of
Jan 2001.
24. Fatal: unable to determine IP address of
Proftpd was unable to work out what IP is associated with the hostname in the VirtualHost block. Normally caused by a problem
with the DNS resolution of the host, check the resolv.conf file and that your chosen nameservers are functional.
25. 451 append/restart not permitted, try again
AllowStoreRestart is disabled by default because it will allow any writable file to be corrupted by a malicious user. It is
recommended that this option is only used with authenticated users and then only in certain directories.
26. 501 REST not compatible with server configuration
As mentioned in the description of the HiddenStor configuration directive, use of that directive is incompatible with the FTP
command REST. Either disable use of REST with the AllowRetrieveRestart and AllowStoreRestart directives, or do not use
HiddenStor.
27. The time being displayed is wrong
The default behaviour for ProFTPD is to display all times relative to GMT. To use local time set "TimesGMT off" in the server
section of the config. There is a known issue with Redhat 7, with regard to time handling.
28. Authentication is taking too long
Make sure that ReverseDNS is disabled, turn off ident lookups. Additionally check the size of your /etc/passwd (or shadow)
file, if it is large then the only solution may be to move to another authentication scheme.
29. Corrupted files
There appear to be some problems with both the use of sendfile() in ProFTPD and with the implementation within certain
operating systems.
30. Can I upgrade ProFTPD without terminating the current sessions?
Short answer, no. Longer answer is no, but you can minimise the effects. The cleanest approach on servers which have
significant amounts of traffic appears to be to use ftpshut to block new connections and terminate existing ones after a pre
-determined time period and then to upgrade and restart. This approach limits the number of downloads which are terminated
part way through.
31. No such group "nogroup"
The default ProFTPD configuration file uses the user "nouser" and the group "nogroup", some systems / distributions do not
have the group "nogroup" defined. The solution is to either add the group "nogroup" to /etc/groups or to change the "nogroup"
entry in the proftpd.conf to a group which does exist.
32. Why do I see "unable to set groups: Invalid argument"?
The setting of the group privileges for a process uses the setgroups(2) system call. This call will fail with the above error
message for one of two reasons: there is a negative GID value for one of the groups, or the maximum number of groups for a
single user has been exceeded.
Ideally, all IDs, both UID and GID, will be positive. Unfortunately, it is common on many systems to use -1 or -2, especially
for such users as 'nobody', or group 'nogroup'. Use of these values uses C's treatment of data types to make the actual
numeric value very high; some functions, like setgroups(), do not like this, though. In general, always use positive ID
numbers.
The other limitation is the number of supplemental groups for a user (eg non-primary groups, the ones configured in
/etc/group). The maximum number of supplemental groups to which a user may belong is defined by the operating system constant
NGROUPS_MAX. On some operating systems, such as Solaris, this limitation may be tunable.
Some other applications may not encounter this error if they use the initgroups(3) function, which reads the /etc/group file
for a user's supplemental group memberships, and sets those groups. This function, however, silently ignores any supplemental
groups for user greater than NGROUPS_MAX, unlike setgroups(2), which complains.
If this is the cause of your error message, any solution will most likely involve reducing the number of groups your users
are members of, or tuning the NGROUPS_MAX value, if your operating system allows it.
33. Why do I see error messages like these when I logout?
PAM(exit): Permission denied
open_module: stat(/usr/lib/security/pam_unix.so.1) failed: No such file or directory
load_modules: can not open module /usr/lib/security/pam_unix.so.1
PAM(exit): Dlopen failure.
These messages appear when the DefaultRoot configuration directive is in effect. This directive causes a user to be confined
using the chroot(2) system call. This call, however, affects other system utilities, such as PAM. In this case, PAM's
configuration is causing the PAM library to attempt to open PAM modules using a path that is no longer valid, thus the
errors. This happens on logout because the chroot has already happened by that point; on login, the PAM modules are
successfully found and loaded before the chroot, so no errors. These are merely cosmetic reporting errors, and do not really
affect the functionality or security of the server.