分类:
2008-10-17 13:38:45
主要由以下几步:
1、先查看是否安装了proftpd
#rpm qa | grep proftpd
2、设定配置文件/etc/proftpd.conf
分别针对主机、实体用户、匿名用户和虚拟主机等进行不同的设定
3、启动proftpd
#service proftpd start
也可通过xinetd来启动,具体方法见鸟哥私房菜
4、客户端登陆ftp服务器
#ftp 服务器IP地址
举例:
搭建FTP服务器。根为/var/ftp,内有download和upload两个目录。不允许显示服务器
的信息,在欢迎信息里要说明目前的时间、登陆用户、硬盘的剩余容量、目前所在的目录、
服务器允许多少人同时在线和目前在线人数的信息。该服务器只可以匿名用户和upload
用户访问。
允许匿名用户登陆下载,最大下载速度500KB/S,最多线程为2个,服务器最多提供50个
PID,最多允许25个用户同时在线。
匿名用户登陆自动在download这个目录内,不允许跳出。在download目录内只能下载
和显示文件目录列表,其它所有功能都不存在。
允许upload用户上传数据,最大上传速度为200KB/S。用户登陆后直接被限制在upload
这个目录内,上传后文件权限为400。该用户可以查看自己上传的内容,但不可以删除。
1)先进入到/var/ftp目录,创建download和upload目录,并设置好归属和权限。
#mkdir download
#mkdir upload
#chown -R ftp.ftp download
#chown -R upload.upload upload
#chmod 700 download
#chmod 700 upload
2)创建upload用户,并设置好密码
#useradd upload
#passwd upload
3)根据要求编辑好配置文件,内容如下:
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.5 2003/03/13 18:00:04 dude Exp $
ServerName "ProFTPD server"
ServerIdent off "FTP Server ready."
ServerAdmin root@localhost
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome on
# Use this to excude users from the chroot
#DefaultRoot ~ !adm
# Use pam to authenticate by default
AuthPAMAuthoritative on
# Do not perform ident nor DNS lookups (hangs when the port is
#filtered)
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Default to show dot files in directory listings
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 50
MaxClientsPerHost 2 "Sorry!"
MaxClients 25
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
# Normally, we want users to do a few things.
AllowOverwrite yes
DenyAll
AllowAll
TransferRate STOR 200 user upload
DefaultRoot /var/ftp/upload upload
DenyUser !upload
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
User ftp
Group ftp
# A basic anonymous configuration, with an upload directory.
User ftp
Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as
#"ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
DefaultChdir /download
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
AllowAll
TransferRate RETR 500 user ftp
DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
DenyAll
Umask 377
AllowOverwrite no
AllowUser upload
AllowAll
#
# # Don't write anonymous accesses to the system wtmp file (good
#idea!)
WtmpLog off
#
# # Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
4)编辑用户登入欢迎文件welcome.msg,保存在/var/ftp/下,内容如下:
*** Welcome to this anonymous ftp server! ***
# You are user %N out of a maximum of %M authorized anonymous logins.
The current time here is %T;
Login User is %U;
The HDD free is %F;
The current Directory is %C;
Server maxinum is %M;
Maxclient num is %N.
5)启动proftpd
#service prpftpd restart
6)测试
附:
一、/etc/proftpd.conf配置文件详解
# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.5 2003/03/13 18:00:04 dude Exp $
#服务器的名称
ServerName "ProFTPD server"
#缺省情况下,连接以后客户端看到的信息
ServerIdent off "FTP Server ready."
#服务器管理者
ServerAdmin root@localhost
#服务器的启动类型,standalone代表单独启动;inetd代表由inetd和xinetd启动,
建议由xinetd启动,较安全。
ServerType standalone
#ServerType inetd
#设置服务器的运行状态,缺省情况下,服务器是可用的(on)
DefaultServer on
#用户登陆以后的欢迎信息
AccessGrantMsg "User %u logged in."
#用户连接时显示的文件内容
#DisplayConnect /etc/ftpissue
#用户登陆后显示的文件内容
#DisplayLogin /etc/ftpmotd
#用户退出后显示的文件内容
#DisplayGoAway /etc/ftpgoaway
DeferWelcome on
#用户登陆时不显示ftp服务器版本信息,以增强安全性(on为显示信息)
ServerIdent off
# Use this to excude users from the chroot
#限制用户登陆以后所映射的根目录只能是自己的家目录(管理员除外)
#DefaultRoot ~ !adm
# Use pam to authenticate by default
AuthPAMAuthoritative on
# Do not perform ident nor DNS lookups (hangs when the port is
filtered)
#不尝试对客户端的IP地址进行反向解析
IdentLookups off
UseReverseDNS off
# Port 21 is the standard FTP port.
#指定FTP的侦听端口,一般使用21端口
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
#设定建立目录和文件的权限为755,"777-022"得来。022与Linux系统的默认值一致。
Umask 022
# Default to show dot files in directory listings
#使客户端能查看隐含文件
ListOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#不允许ROOT登入,默认OFF
#RootLogin off
#指定需要输入口令
#LoginPasswordPrompt on
#指定可以尝试3次密码
#MaxLoginAttempts 3
#指定每个IP地址可以建立的连接数,none为不进行限制
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP
# Allow to resume not only the downloads but the uploads too
#指定下载时允许断点续传
AllowRetrieveRestart on
#指定上传时允许断点续传
AllowStoreRestart on
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
#指定 FTP server 的最大连接数。
MaxInstances 50
#指定每个IP地址最多建立2个连接
MaxClientsPerHost 2 "Sorry!"
#最多25个人同时在线
MaxClients 25
#预设的服务启动者,后面接的是使用者和群主
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# This is where we want to put the pid file
ScoreboardFile /var/run/proftpd.score
#以下为全局设定
# Normally, we want users to do a few things.
AllowOverwrite yes
DenyAll
AllowAll
#指定上传速度为200K/S
TransferRate STOR 200 user upload
#限制不能出upload目录
DefaultRoot /var/ftp/upload upload
#指定非upload用户拒绝登入
DenyUser !upload
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
#定义虚拟主机
User ftp
Group ftp
#以下为使用ftp用户匿名访问设定
# A basic anonymous configuration, with an upload directory.
#指定匿名访问的目录为~,即/var/ftp#指定下载速度500K/S
#指定用户和群主均为ftp
User ftp
Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as
"ftp"
#指定用户别名
# UserAlias anonymous ftp
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
DefaultChdir /download
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
#允许所有用户登陆
AllowAll
TransferRate RETR 500 user ftp
#指定上传速度200K/S
TransferRate STOR 200 user upload
#设定用户登入后显示的信息(为根目录下的welcome.msg文件里的内容)
DisplayLogin /welcome.msg
#指定第一次切换目录时显示的信息,为当前目录下的.message文件里的内容
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
#拒绝所有用户变换目录
DenyAll
#upload目录及子目录下权限的设定
#设定上传文件的权限为400,即777-377得来。
Umask 377
#设定是否允许覆盖,这里为不允许覆盖
# AllowOverwrite no
#设定只upload用户可读
DenyUser !upload
#允许所有用户上传
AllowAll
# # Don't write anonymous accesses to the system wtmp file (good
idea!)
WtmpLog off
#
# # Logging for the anonymous transfers
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#以上为匿名用户设定
反正,只要是没有被包含在内的设定参数,都是属于主机与实际存在用户
(Real User)的设定值,而与匿名者有关的设定则是在与 内的设定值!此外,我们还可以透过
这个设定参数来设定哪些动作是否可做喔!至于在这个档案内,只要该行是以 #
开头,表示该行是『批注』而已的啦!好了,那么 Limit 有哪些动作呢?!基本上有
底下这些
CWD:Change Working Directory 改变目录
MKD:MaKe Directory 建立目录的权限
RNFR: ReName FRom 更改目录名的权限
DELE:DELEte 删除文件的权限
RMD:ReMove Directory 删除目录的权限
RETR:RETRieve 从服务端下载到客户端的权限
STOR:STORe 从客户端上传到服务端的权限
READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等
#WRITE:写文件或者目录的权限,包括MKD和RMD
DIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的
ALL:所有权限
LOGIN:是否允许登陆的权限
通过Limit对指定目录进行比较详尽的权限管理,Limit的权限控制比较完整,
通过不同的组合基本上可以做到各种复杂的权限控制。
注:在测试是否可以下载时,不能用长度为0的空文件去测试,要用一个有内容的文件
(文件大小不能为0k)。
针对上面这个Limit所应用的对象,又包括以下范围:
AllowUser 针对某个用户允许的Limit
DenyUser 针对某个用户禁止的Limit
AllowGroup 针对某个用户组允许的Limit
DenyGroup 针对某个用户组禁止的Limit
AllowAll 针对所有用户组允许的Limit
DenyAll 针对所有用户禁止的Limit
proftpd.conf 也支持变量,变量的内容如下:
%T 目前的时间
%F 所在硬盘剩下的容量
%C 目前所在的目录
%R Client 端的主机名称
%L Server 端的主机名称
%U 使用者帐户名称
%M 最大允许连接人数
%N 目前的服务器连接人数
%E FTP服务器管理员的 email
%i 本次上传的文件数量
%o 本次下载的文件数量
%t 本次上传+下载的文件数量
知道这些参数,我们可以写出一个友好的欢迎语文件,例如:
欢迎您%U, 这是T-force的测试FTP服务器;
目前时间是:%T;
本服务器最多允许%M个用户连接数;
目前服务器上已有%N个用户连接数;
目前你所在的目录是%C;
目录所在的硬盘还剩下%F字节。
二、ftp常用内部命令及其他技巧
1)登入ftp服务器后,出现提示符:ftp> ,键入"help",可列出所有内部命令,这时若
要执行系统的命令,可在前面加入“!”,后面紧跟系统的命令,例如:
ftp>!ls 可列出执行ftp命令之前当前目录里的内容
ftp>!pwd 可列出执行ftp命令之前当前目录的路径
ftp内部命令主要有:
mput 上传(支持通配符) put (不支持通配符)
mget 下载(支持通配符) gett (不支持通配符)
bye 退出
by 退出
quit 退出
2)其他技巧
#ftpcount 查看有几个连接服务器
#ftpwho
#ftptop
#ftpshut now 立即停止服务
#ftpshut 1620 16:20分强行中止
#ftpshut +60 一个小时后强行停止
#ftpshut -l 20 -d 30 +60 后面还可以带信息
表示20分钟以后不允许连接,30分钟后强行中止连接,60分钟后停止服务
用ftpshut停止的服务,若要恢复服务,只能将/etc/shutmsg文件删掉,执行下面的命令
#rm -rf /etc/shutmsg
