配置文件在etc/proftpd.conf,配置文件說明如下:
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
分別表示:服務器名稱,服務類型和默認服務狀態!
後面的服務端口啊什麼的我就省去不說了,說最關鍵的權限控制部分。
# Set the user and group under which the
server will run.
User nobody
Group nogroup
注意看上面:以什麼用戶和什麼組來運行服務。
更改爲你現有的組和用戶,這裏爲了管理上的方便和安全性上考慮,建議新建一個ftp組和ftp用戶。
# To cause every FTP user to be "jailed" (chrooted) into their
home
# directory, uncomment this line.
#DefaultRoot ~
是否允許用戶進入用戶的主目錄,注意:可是適用/home替代
# Normally, we want files to be overwriteable.
AllowOverwrite on
是否具有重寫的權利
# A basic anonymous configuration, no upload
directories. If you do not
# want anonymous users, simply delete this entire
<Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with
"anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous
logins
MaxClients 10
# We want 'welcome.msg' displayed at login,
and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous
chroot
<Limit
WRITE>
DenyAll
</Limit>
</Anonymous>
這部分是匿名用戶的定義其實也很簡單。
------------------------------------------------
啓動不了,出現如下錯誤的解決方法
[root@new-host sbin]#
./proftpd
- IPv4
getaddrinfo 'new-host' error: Name or service not
known
- warning:
unable to determine IP address of 'new-host'
- error: no
valid servers configured
- Fatal: error
processing configuration file
'/usr/local/proftpd/etc/proftpd.conf'
原因是無法綁定Ip地址。
在配置文件中增加下面這句:
DefaultAddress 192.168.8.105
再重啓服務就可以了!
對出現的530
Login incorrect錯誤,查看日誌發現Invalid shell錯誤
在配置中添加
RequireValidShell off
"Fatal: Socket operation on non-socket"
這通常意味着在 proftpd.conf 配置文件中 ServerType 指令被配置成 inetd
(超級服務器)方式而不是 standalone(獨立服務器) 方式來運行。
PROFTPD服務器相關命令
1、ftpshut:關閉FTP服務,並在/etc下生成文件shutmsg。要重新開放FTP服務,把/etc/shutmsg刪除。
2、ftpcout:FTP服務器在線人數信息顯示。
3、ftpwho:FTP服務器在線人員名單。
幾個文件的功能及路徑
/usr/local/sbin/proftpd 執行程序
/usr/local/etc/proftpd.conf 設置文件
/usr/local/var/proftpd.pid proftpd做爲一個服務的ID號
設定proftpd.conf文件,起動服務
cd /etc/rc.d/rc3.d
ln -s /usr/local/sbin/proftpd S99proftpd
或者
修改/etc/rc.d/rc.local
加上下面這句
/usr/local/sbin/proftpd start
proftpd 怎麼查看在線連接的ip
登陸服務器
輸入 ftpwho
或ftptop
ftptop可以顯示在線人的ip 速度等
//////////////////////////////////////////////////////
ProFTPD configuration
先建立ftp和media用戶,用戶組爲nogroup,不允許登錄系統
useradd media -d/home/media -gnogroup
增加權限
chown -R media /hoem/media
要使ftp用戶登錄要修改/etc/ftpuser文件註釋掉ftp
內網架設FTP服務器的方法:
1. 在proftpd.conf中利用MasqueradeAddress命令將網關的IP地址或域名指定給FTP服務器,例如
MasqueradeAddress
myftpserver.vicp.net ?????
或MasqueradeAddress
12.34.56.78 ?????經使用只能連接不能下載
然後通過PassivePorts命令來限制被動方式下監聽的端口的範圍,例如
PassivePorts 60000 65534
2.
在網關的端口映射上將第一步中指定的端口範圍(例中爲60000-65534)以及FTP端口21映射到FTP服務器的內網地址上。
getaddrinfo 'test' error: Name or service not
known
- warning: unable to determine IP address of 'test'
- error: no valid servers configured
- Fatal: error processing configuration file
'/etc/proftpd.conf'
解決:產生該問題是由於hosts文件裏機器名未增加別名引起的。
#vi /etc/host
proftpd登陸速度慢的問題的解決
proftpd.conf中增加兩行設置:
UseReverseDNS off
IdentLookups off
# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous
login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.
ServerName "ProFTPD
Default Installation"
ServerType standalone
#ServerType inetd
DefaultServer on
UseReverseDNS off
IdentLookups off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and
files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child
processes
# to 30. If you need to
allow more than 30 concurrent connections
# at once, simply increase this
value. Note that this
ONLY works
# in standalone mode, in inetd mode you should use an inetd
server
# that allows you to limit maximum number of processes per
service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User ftp
# nobody
Group nogroup
# nogroup
# This next option is required for NIS or NIS+ to work
properly:
#PersistentPasswd off
SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog
DefaultAddress 192.168.1.254
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
<Anonymous ~media>
RequireValidShell off
User media
Group nogroup
MaxClients 50
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Directory /*>
<Limit
All>
AllowAll
</Limit>
</Directory>
</Anonymous>
# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
RequireValidShell off
User ftp
Group nogroup
# We want clients to be
able to login with "anonymous" as well as "ftp"
#
UserAlias anonymous
ftp
# Limit the maximum
number of anonymous logins
MaxClients 50
# We want 'welcome.msg'
displayed at login, and '.message' displayed
# in each newly chdired
directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# An upload directory
that allows storing files but not retrieving
# or creating
directories.
<Directory
/*>
<Limit
READ>
AllowAll
</Limit>
# Limit WRITE everywhere
in the anonymous chroot
<Limit
WRITE>
AllowAll
</Limit>
<Limit
STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>