proFTPD.1.3.1服务器建立心得
首先我先show我的配置文件:
1 # This is a basic ProFTPD configuration file (rename it to
2 # 'proftpd.conf' for actual use.
It establishes a single server
3 # and a single anonymous login.
It assumes that you have a user/group
4 # "nobody" and "ftp" for normal operation and anon.
5
6 ServerName
"Welcome to Carelife FTP Server"
7 ServerType
standalone
8 DefaultServer
on
9 AllowRetrieveRestart
on
10 AllowStoreRestart
on
11
12 # Port 21 is the standard FTP port.
13 Port
21
14
15 ServerLog /var/log/ftplogin.log
16 ExtendedLog /var/log/ftpaction.log read,write,mkd,rmd
17
18
19 # uMASK 022 is a good standard umask to prevent new dirs and files
20 # from being group and world writable.
21 Umask
022
22
23 # To prevent DoS attacks, set the maximum number of child processes
24 # to 30.
If you need to allow more than 30 concurrent connections
25 # at once, simply increase this value.
Note that this ONLY works
26 # in standalone mode, in inetd mode you should use an inetd server
27 # that allows you to limit maximum number of processes per service
28 # (such as xinetd).
29 MaxInstances
10
30
31 # Set the user and group under which the server will run.
32 User
ftp
33 Group
ftp
34
35 # To cause every FTP user to be "jailed" (chrooted) into their home
36 # directory, uncomment this line.
37 #DefaultRoot ~
38
39 # Normally, we want files to be overwriteable.
40 AllowOverwrite
on
41
42 # Bar use of SITE CHMOD by default
43 <Limit SITE_CHMOD>
44
DenyALL
45 </Limit>
46 <VirtualHost 192.168.0.244>
47 ServerName
"Carelife Wan-FTP Server"
48 Port
2121
49 RequireValidShell
off
50 DefaultRoot
/home/smb-server
51 MaxClients
10
52 MaxLoginAttempts
5
53 MasqueradeAddress
61.186.246.201
54 PassivePorts
65530 65531
55
<Limit WRITE>
56
DenyAll
57
</Limit>
58
<Limit RMD>
59
DenyAll
62
DenyAll
63
</Limit>
64
<Limit RNFR>
65
DenyAll
66
</Limit>
67 </VirtualHost>
68
69
70
71
72 <Limit LOGIN>
73
Allow from All
74 </Limit>
75 #
MasqueradeAddress 61.186.246.201
76 #
PassivePorts 60000 65534
77 # A basic anonymous configuration, no upload directories.
If you do not
78 # want anonymous users, simply delete this entire <Anonymous> section.
79
80 <Anonymous ~ftp>
81
User
ftp
82
Group
ftp
83
85
UserAlias
anonymous ftp
86
87
# Limit the maximum number of anonymous logins
88
MaxClients
30
89
90
# We want 'welcome.msg' displayed at login, and '.message' displayed
91
# in each newly chdired directory.
92
DisplayLogin
welcome.msg
93
DisplayChdir
.message
94
95
# Limit WRITE everywhere in the anonymous chroot
96
<Limit WRITE>
97
DenyAll
98
</Limit>
99
<Directory file-upload>
100
<Limit WRITE>
101
AllowAll
102
</Limit>
103
<Limit RMD>
104
DenyAll
105
</Limit>
106
<Limit READ>
107
DenyAll
108
</Limit>
109
<Limit DELE>
110
DenyAll
111
</Limit>
112
<Limit RNFR>
113
DenyAll
114
</Limit>
115
</Directory>
116
<Directory etc>
117
<Limit All>
118
DenyAll
119
</Limit>
120
</Directory>
121 </Anonymous>
我所建立FTP所具有的功能:
1、内网访问FTP,可以匿名访问进入/var/ftp目录,其中有一个用于文件上传的目录file-upload此文件夹只能上传,不能删除更名下载等操作;可以用普通用户进行内网FTP登录,登录成功后到自己的主目录。
2、外网访问FTP,不可以匿名访问,普通用户可以通过正确的用户名和密码进入FTP,通过外网进入FTP的目录设置成专用目录,此目录只能浏览及下载。
然后我再说说再建立FTP时遇到的问题:
1、我的安装方式为源码安装。安装时加了 安装目录及日志文件目录的参数,另外我还添加了两个日志文件,分别记录登录日志及对FTP的操作日志文件,见15-16行。
2、设置默认的FTP目录:/var/ftp的属性为755
3、安装好后,对/etc/proftpd.conf作简单的配置,启动安装目录下面sbin/profptd,启动FTP服务,用于内网访问已经成功,然后后面慢慢的把权限设置了一下,就完善了。
4、我在路由器上映射了21端口到外网,然后用外网进行ftp访问,发现不能登录,解决办法,添加虚拟服务器46-67行。
我是新手,不足之处望大家指正
|
