Linux VPS users generally through the SFTP/SCP protocol to connect OPENSSH server for file transfer, but sometimes, you want some users can only upload files to the site directory, and not be able to log on to the system to execute commands and access to other directories, then use FTP Server can be implemented well. Linux on the Common FTP server has VSFTPD and PROFTPD, which proftpd simple and easy to use, the function is also good, here to proftpd as an example to build an FTP server. Of course, FTP can also be used as a means of file sharing within a LAN, such as when your roommate uses Windows to upload a movie to your Ubuntu proftpd pc so you don't have to copy it with a USB drive, and other roommates can download the video from your proftpd. PROFTPD configuration is similar to Apache, more easily than VSFTPD, XAMPP integrated proftpd.
The code is as follows:
sudo apt-get install Proftpd-basic
When installed by default as a standalone server running PROFTPD, if the number of FTP requests per day is small, can be installed as a inetd service, save server resources.
Here I use the default value and install as standalone server.
The code is as follows:
sudo netstat-antp|grep proftpd
View 21 ports for PROFTPD listening
Create a new virtual user test and set a password with the ftpasswd provided by PROFTPD:
The code is as follows:
sudo mkdir-p/png/proftpd
The code is as follows:
sudo ftpasswd \
--PASSWD \
--FILE=/PNG/PROFTPD/PASSWD \
--name=test \
--uid=122 \
--gid=65534 \
--HOME=/SRV/FTP \
--shell=/bin/false
Where UID and GID I am using the UID and GID of the system user Ftp:nogroup automatically created when PROFTPD is installed, perform cat/etc/passwd|grep ftp visible.
/srv/ftp is a directory that is automatically created when PROFTPD is installed, with the owner of Ftp:nogroup, with permission of 755.
This allows the virtual user test to read and write to the directory/srv/ftp the system user Ftp:nogroup log on.
The read and Write permissions for FTP server on Linux are mapped to the system Ugo (User Group Other).
When a virtual user is created, read and write control is achieved by setting the system user UID and GID, and by reasonably configuring the/SRV/FTP directory and its file permissions.
Once you create a new user, you can perform the above command again, changing some parameters as needed.
For example, I created a system user with Uid:gid 1000:1000 running, the login directory is/png/www/example.com virtual user eechen:
The code is as follows:
sudo ftpasswd \
--PASSWD \
--FILE=/PNG/PROFTPD/PASSWD \
--name=eechen \
--uid=1000 \
--gid=1000 \
--home=/png/www/example.com \
--shell=/bin/false
The user does not need to overload the PROFTPD because PROFTPD will read the authentication file each time it is authenticated.
The code is as follows:
sudo chown proftpd:nogroup/png/proftpd/passwd set passwd file read and write permissions to ensure that PROFTPD can read the file.
The code is as follows:
sudo nano/etc/proftpd/proftpd.conf
At the end add:
The code is as follows:
Defaultroot ~ #将用户限定在自己的目录中, the above test user corresponds to/srv/ftp
Requirevalidshell off #禁用Shell请求认证
Authorder mod_auth_file.c #认证方式顺序, file authentication is used here
AUTHUSERFILE/PNG/PROFTPD/PASSWD #存放用户名和密码的文件
The code is as follows:
sudo service proftpd Reload
Overload causes the configuration to take effect.
Change the default port for PROFTPD
Found in file/etc/proftpd.conf:
The code is as follows:
Port 21
Change to:
The code is as follows:
Port 2121
If Iptables,iptables restricts all outbound ports and loads the module ip_conntrack_ftp, the proxy port will need to be changed to 2121 when loading the IP_CONNTRACK_FTP module.
Open/etc/sysconfig/iptables-config to ensure that this file definition loads ip_conntrack_ftp, such as:
The code is as follows:
Iptables_modules= "Ip_conntrack_ftp"
Then add the parameters of this module to the file/etc/modprobe.conf:
The code is as follows:
Options Ip_conntrack_ftp ports=2121
If you need to load manually, you can execute the following command:
The code is as follows:
/sbin/modprobe ip_conntrack_ftp ports=2121