以前使用vsftpd+mysql来做ftp。但vsftpd的配置比较弱,对虚拟用户的权限控制,只能通过系统对目录的权限控制来进行。所以现在打算使用proftpd来配置虚拟用户。
这几天参考了n多的教程。但大部分是基于redhat的,基于debian的配置很少很少。只能是一边研究一边写了。
1、安装
在debian下,安装proftpd非常简单,使用
apt-get install proftpd
但需要注意的是,使用命令
apt-cache search proftpd*
会有如下的结果
proftpd-doc – Versatile, virtual-hosting FTP daemon (Documentation)
proftpd-ldap – Versatile, virtual-hosting FTP daemon (with LDAP support)
proftpd-mysql – Versatile, virtual-hosting FTP daemon (with SQL support)
proftpd-pgsql – Versatile, virtual-hosting FTP daemon (with SQL support)
说明debian下面的proftpd根据所支持的模块,deb包的名称也不一样。如安装mysql支持,直接安装proftpd-mysql。这点和redhat不同,不需要在安装过程中安装各种模块了
对于我,因为需要配置的是支持虚拟用户的proftpd,所以安装
apt-get install proftpd-mysql
这样proftpd就安装了。配置文件为/etc/proftpd.conf
所有的配置都要在这里面写。
下面是默认安装后的配置文件,不需要多解释了,很容易理解。类似apache的配置方法
#
# /etc/proftpd.conf — This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#ServerName "Debian"
ServerType standalone
DeferWelcome offMultilineRFC2228 on
DefaultServer on
ShowSymlinks onTimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"DenyFilter *.*/# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off# Uncomment this if you would use TLS module:
#TLSEngine on# Uncomment this if you would use quota module:
#Quotas on# Uncomment this if you would use ratio module:
#Ratios on# Port 21 is the standard FTP port.
Port 21# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30# Set the user and group that the server normally runs at.
User nobody
Group nogroup# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off# A basic anonymous configuration, no upload directories.# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want ‘welcome.msg’ displayed at login, and ‘.message’ displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you’re brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>
把原始的配置文件修改一下,然后进行我们自己的配置就可以了:0
proftpd在默认情况下不记录日志,这样就对于我们配置服务器不利,因为不能方便的知道错误信息。所以在最上面添加下面2行
SyslogLevel emerg
SystemLog /ftp/log/proftpd.log #这里是自己的服务器日志路径,修改成自己的:)
从上到下,修改
ServerName "Meteor’s Ftp"
ServerAdmin [email protected]MaxInstances 30 #这是最大连接数,如果机器够好,不妨修改的大点
下面的这个无需修改
User nobody
Group nogroup
User 和Group 指定proftpd 进程启动时的有效用户ID,处于安全考虑默认的身份是nobody,有一点要指出的是,一般Red Linux 9.0 中默认是没有nogroup 这个组的,把Group指定为nobody 即可。
Umask 022 022
#无需修改
DefaultRoot ~
限定用户只能在自己的目录中,肯定要写的了吧
AllowRetrieveRestart on
AllowStoreRestart on
#这2句是使proftpd支持断点续传
ServerIdent off
#安全起见,关闭服务器信息的显示。这里关闭掉之后,默认看不到welcome信息。但可以在下面的对用户的设置中进行指定欢迎信息。
下面就是对用户的配置了。对于proftpd,似乎不能直接指定主目录,必须通过对用户的单独配置来进行。这个的配置,一会详细写了:)