• 企业400电话
  • 微网小程序
  • AI电话机器人
  • 电商代运营
  • 全 部 栏 目

    企业400电话 网络优化推广 AI电话机器人 呼叫中心 网站建设 商标✡知产 微网小程序 电商运营 彩铃•短信 增值拓展业务
    ubuntu服务器安装proftpd ftp服务器步骤

    一、安装


    复制代码
    代码如下:

    sudo apt-get install proftpd

    安装过程中会让选择运行模式:Standalone和Inetd,前者是单一服务器模式,后者是超级服务器模式,
    我选的Standalone。

    二、配置


    复制代码
    代码如下:

    sudo vim /etc/shells

    加入如下代码

    复制代码
    代码如下:

    /bin/false

    新建用户ftpuser1和用户组ftp并设置密码,此用户不需要有效的shell(更安全),所以选择/bin/false
    给fptuser1

    复制代码
    代码如下:

    sudo groupadd ftp
    sudo useradd ftpuser1 -p pass -g ftp -d /home/ftp -s /bin/false

    在/home/ftp目录下新建upload和download目录并修改权限

    复制代码
    代码如下:

    cd /home/ftp
    sudo mkdir download
    sudo mkdir upload
    cd /home
    sudo chmod 755 ftp
    cd /home/ftp
    sudo chmod 755 download
    sudo chmod 777 upload

    三、修改proftpd核心配置文件proftpd.conf


    复制代码
    代码如下:

    sudo vim /etc/proftpd/proftpd.conf
    #
    # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
    # To really apply changes reload proftpd after modifications.
    #
    # Includes DSO modules
    Include /etc/proftpd/modules.conf
    # Set off to disable IPv6 support which is annoying on IPv4 only boxes.
    UseIPv6 off # 我们不需要IPv6,所以off
    ServerName "xiaoyigeng's FTP Server" # 修改服务器名
    ServerType standalone # 服务器运行模式,这里填standalone,也可以选
    inetd
    DeferWelcome on # 用户登陆时是否显示欢迎信息
    MultilineRFC2228 on
    DefaultServer on
    ShowSymlinks on
    TimeoutNoTransfer 600
    TimeoutStalled 600 # 可以降到100
    TimeoutIdle 1200 # 发呆超时
    DisplayLogin welcome.msg # 如果上边DeferWelcom设置成on,则显示
    welcome.msg中的内容
    DisplayFirstChdir .message # 更改目录时显示的内容
    ListOptions "-l"
    DenyFilter \*.*/
    # Use this to jail all users in their homes
    DefaultRoot /home/ftp # ftp用户被限制在这个目录中
    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell off # 匿名用户要选on
    # Port 21 is the standard FTP port.
    Port 21 # 服务运行的端口
    # In some cases you have to specify passive ports range to by-pass
    # firewall limitations. Ephemeral ports can be used for that, but
    # feel free to use a more narrow range.
    # PassivePorts 49152 65534 # PASV模式下用到的端口
    # If your host was NATted, this option is useful in order to
    # allow passive tranfers to work. You have to use your public
    # address and opening the passive ports used on your firewall as well.
    # MasqueradeAddress 1.2.3.4
    # To prevent DoS attacks, set the maximum number of child processes
    # to 30. If you need to allow more than 30 concurrent connections
    # at once, simply increase this value. Note that this ONLY works
    # in standalone mode, in inetd mode you should use an inetd server
    # that allows you to limit maximum number of processes per service
    # (such as xinetd)
    MaxInstances 30
    # Set the user and group that the server normally runs at.
    User nobody # 服务器运行在nobody用户下
    Group nobody # 服务器运行在nobody组下
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask 022 022 # 默认新建文件的权限
    # Normally, we want files to be overwriteable.
    AllowOverwrite on # 文件可以被覆盖
    # Uncomment this if you are using NIS or LDAP to retrieve passwords:
    # PersistentPasswd off
    # Be warned: use of this directive impacts CPU average load!
    # Uncomment this if you like to see progress and transfer rate with ftpwho
    # in downloads. That is not needed for uploads rates.
    #
    # UseSendFile off
    # Choose a SQL backend among MySQL or PostgreSQL.
    # Both modules are loaded in default configuration, so you have to specify the backend
    # or comment out the unused module in /etc/proftpd/modules.conf.
    # Use 'mysql' or 'postgres' as possible values.
    #
    #IfModule mod_sql.c>
    # SQLBackend mysql
    #/IfModule>
    TransferLog /var/log/proftpd/xferlog # 传送文件日志
    SystemLog /var/log/proftpd/proftpd.log # 系统运行日志
    IfModule mod_tls.c>
    TLSEngine off
    /IfModule>
    IfModule mod_quota.c>
    QuotaEngine on
    /IfModule>
    IfModule mod_ratio.c>
    Ratios on
    /IfModule>/p> p># Delay engine reduces impact of the so-called Timing Attack described in
    # a href="http://security.lss.hr/index.php?page=detailsID=LSS-2004-10-02">http://security.lss.hr/index.php?page=detailsID=LSS-2004-10-02/a>
    # It is on by default.
    IfModule mod_delay.c>
    DelayEngine on
    /IfModule>
    IfModule mod_ctrls.c>
    ControlsEngine on
    ControlsMaxClients 2
    ControlsLog /var/log/proftpd/controls.log
    ControlsInterval 5
    ControlsSocket /var/run/proftpd/proftpd.sock
    /IfModule>
    IfModule mod_ctrls_admin.c>
    AdminControlsEngine on
    /IfModule>
    # A basic anonymous configuration, no upload directories.
    # Anonymous ~ftp>
    # User ftp
    # Group nogroup
    # # We want clients to be able to login with "anonymous" as well as "ftp"
    # UserAlias anonymous ftp
    # # Cosmetic changes, all files belongs to ftp user
    # DirFakeUser on ftp
    # DirFakeGroup on ftp
    #
    # RequireValidShell off
    #
    # # Limit the maximum number of anonymous logins
    # MaxClients 10
    #
    # # We want 'welcome.msg' displayed at login, and '.message' displayed
    # # in each newly chdired directory.
    # DisplayLogin welcome.msg
    # DisplayFirstChdir .message
    #
    # # Limit WRITE everywhere in the anonymous chroot
    # Directory *>
    # Limit WRITE>
    # DenyAll
    # /Limit>
    # /Directory>
    #
    # # Uncomment this if you're brave.
    # # Directory incoming>
    # # # Umask 022 is a good standard umask to prevent new files and dirs
    # # # (second parm) from being group and world writable.
    # # Umask 022 022
    # # Limit READ WRITE>
    # # DenyAll
    # # /Limit>
    # # Limit STOR>
    # # AllowAll
    # # /Limit>
    # # /Directory>
    #
    # /Anonymous>
    # Valid Logins # 以下部分为设置用户权限部分
    Limit LOGIN>
    AllowUser ftpuser1
    DenyAll
    /Limit>
    Directory /home/ftp>
    Umask 022 022
    AllowOverwrite off
    Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
    DenyAll
    /Limit>
    /Directory>
    Directory /home/ftp/download/>
    Umask 022 022
    AllowOverwrite off
    Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
    DenyAll
    /Limit>
    /Directory>
    Directory /home/ftp/upload/>
    Umask 022 022
    AllowOverwrite on
    Limit READ RMD DELE>
    DenyAll
    /Limit>
    Limit STOR CWD MKD>
    AllowAll
    /Limit>
    /Directory>

    四、启动、停止、重启服务器


    复制代码
    代码如下:

    sudo /etc/init.d/proftpd start
    sudo /etc/init.d/proftpd stop
    sudo /etc/init.d/proftpd restart

    五、维护

    可以到/var/log/proftpd目录查看日志

    查看ftp服务器负载命令 ftptop
    查看什么认登陆服务器 ftpwho

    PS:proftpd中Limit的使用介绍

    我们用到的比较多的可能是Limit的使用,Limit大致有以下动作,基本能覆盖全部的权限了。

    CMD:Change Working Directory 改变目录
    MKD:MaKe Directory 建立目录的权限
    RNFR: ReName FRom 更改目录名的权限
    DELE:DELEte 删除文件的权限
    RMD:ReMove Directory 删除目录的权限
    RETR:RETRieve 从服务端下载到客户端的权限
    STOR:STORe 从客户端上传到服务端的权限
    READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等
    WRITE:写文件或者目录的权限,包括MKD和RMD
    DIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的
    ALL:所有权限
    LOGIN:是否允许登陆的权限
    针对上面这个Limit所应用的对象,又包括以下范围
    AllowUser 针对某个用户允许的Limit
    DenyUser 针对某个用户禁止的Limit
    AllowGroup 针对某个用户组允许的Limit
    DenyGroup 针对某个用户组禁止的Limit
    AllowAll 针对所有用户组允许的Limit
    DenyAll 针对所有用户禁止的Limit

    关于限制速率的参数为:
    TransferRate STOR|RETR 速度(Kbytes/s) user 使用者

    上一篇:ubuntu12.10安装配置freeradius步骤
    下一篇:ubuntu系统上svn服务器搭建步骤分享
  • 相关文章
  • 

    © 2016-2020 巨人网络通讯 版权所有

    《增值电信业务经营许可证》 苏ICP备15040257号-8

    ubuntu服务器安装proftpd ftp服务器步骤 ubuntu,服务器,安装,proftpd,