一、安装
复制代码 代码如下:sudo apt-get install proftpd安装过程中会让选择运行模式:Standalone和Inetd,前者是单一服务器模式,后者是超级服务器模式,我选的Standalone。
二、配置
复制代码 代码如下:sudo vim /etc/shells加入如下代码
复制代码 代码如下:/bin/false新建用户ftpuser1和用户组ftp并设置密码,此用户不需要有效的shell(更安全),所以选择/bin/false给fptuser1
复制代码 代码如下:sudo groupadd ftpsudo useradd ftpuser1 -p pass -g ftp -d /home/ftp -s /bin/false在/home/ftp目录下新建upload和download目录并修改权限
复制代码 代码如下:cd /home/ftpsudo mkdir downloadsudo mkdir uploadcd /homesudo chmod 755 ftpcd /home/ftpsudo chmod 755 downloadsudo chmod 777 upload三、修改proftpd核心配置文件proftpd.conf
复制代码 代码如下:sudo vim /etc/proftpd/proftpd.conf## /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.# To really apply changes reload proftpd after modifications.## Includes DSO modulesInclude /etc/proftpd/modules.conf# Set off to disable IPv6 support which is annoying on IPv4 only boxes.UseIPv6 off # 我们不需要IPv6,所以offServerName "xiaoyigeng's FTP Server" # 修改服务器名ServerType standalone # 服务器运行模式,这里填standalone,也可以选inetdDeferWelcome on # 用户登陆时是否显示欢迎信息MultilineRFC2228 onDefaultServer onShowSymlinks onTimeoutNoTransfer 600TimeoutStalled 600 # 可以降到100TimeoutIdle 1200 # 发呆超时DiSPLayLogin welcome.msg # 如果上边DeferWelcom设置成on,则显示welcome.msg中的内容DisplayFirstChdir .message # 更改目录时显示的内容ListOptions "-l"DenyFilter \*.*/# Use this to jail all users in Their homesDefaultRoot /home/ftp # ftp用户被限制在这个目录中# Users require a valid shell listed in /etc/shells to login.# Use this directive to release that constrain.# RequireValidShell off # 匿名用户要选on# Port 21 is the standard FTP port.Port 21 # 服务运行的端口# In some cases you have to specify passive ports range to by-pass# firewall limitations. Ephemeral ports can be used for that, but# feel free to use a more narrow range.# PassivePorts 49152 65534 # PASV模式下用到的端口# If your host was NATted, this option is useful in order to# allow passive tranfers to work. You have to use your public# ADDRess and opening the passive ports used on your firewall as well.# MasqueradeAddress 1.2.3.4# To prevent DoS attacks, set the maximum number of child processes# to 30. If you need to allow more than 30 concurrent connections# at once, simply increase this value. Note that this ONLY works# in standalone mode, in inetd mode you should use an inetd server# that allows you to limit maximum number of processes per service# (such as xinetd)MaxInstances 30# Set the user and group that the server normally runs at.User nobody # 服务器运行在nobody用户下Group nobody # 服务器运行在nobody组下# Umask 022 is a good standard umask to prevent new files and dirs# (second parm) from being group and world writable.Umask 022 022 # 默认新建文件的权限# Normally, we want files to be overwriteable.AllowOverwrite on # 文件可以被覆盖# Uncomment this if you are using nis or LDAP to retrieve passwords:# PersistentPasswd off# Be warned: use of this directive impacts CPU average load!# Uncomment this if you like to see progress and transfer rate with ftpwho# in downloads. That is not needed for uploads rates.## UseSendFile off# Choose a SQL backend among MySQL or PostgreSQL.# Both modules are loaded in default configuration, so you have to specify the backend# or comment out the unused module in /etc/proftpd/modules.conf.# Use 'mysql' or 'postgres' as possible values.### Delay engine reduces impact of the so-called Timing Attack described in# It is on by default.
四、启动、停止、重启服务器
复制代码
代码如下:sudo /etc/init.d/proftpd startsudo /etc/init.d/proftpd stopsudo /etc/init.d/proftpd restart
五、维护
可以到/var/log/proftpd目录查看日志
查看ftp服务器负载命令 ftptop查看什么认登陆服务器 ftpwho
PS:proftpd中Limit的使用介绍
我们用到的比较多的可能是Limit的使用,Limit大致有以下动作,基本能覆盖全部的权限了。
CMD:Change Working Directory 改变目录MKD:MaKe Directory 建立目录的权限RNFR: ReName FRom 更改目录名的权限DELE:DELEte 删除文件的权限RMD:ReMove Directory 删除目录的权限RETR:RETRieve 从服务端下载到客户端的权限STOR:STORe 从客户端上传到服务端的权限READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等WRITE:写文件或者目录的权限,包括MKD和RMDDIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的ALL:所有权限LOGIN:是否允许登陆的权限针对上面这个Limit所应用的对象,又包括以下范围AllowUser 针对某个用户允许的LimitDenyUser 针对某个用户禁止的LimitAllowGroup 针对某个用户组允许的LimitDenyGroup 针对某个用户组禁止的LimitAllowAll 针对所有用户组允许的LimitDenyAll 针对所有用户禁止的Limit
关于限制速率的参数为:TransferRate STOR|RETR 速度(Kbytes/s) user 使用者
发表评论