A few details about the Ubuntu utility series

Objective

In the Linux system, the FTP server software has many, has already matured, like VSFTPD, Wu-ftp, pure-ftpd and so on. However, these software installation configuration is more troublesome, to build a personal FTP server, or PROFTPD is relatively simple.

Directory

1. PROFTPD Introduction
2. PROFTPD Installation
3. PROFTPD configuration file
4. PROFTPD Usage Scenarios
5. Client Access

1. PROFTPD Introduction

PROFTPD is an open source FTP server software, it is the world's most widely used wu-ftpd of the improved version, it fixes many shortcomings of wu-ftpd, in many ways, a major improvement, one of the important changes is that it learned how to configure Apache, Make PROFTPD configuration and management easier and easier to understand.

There are two ways to run a standalone server with a sub-server of a super server. It's a great choice for both security and stability, and for configuration.

Official website:http://www.proftpd.org/

2. PROFTPD Installation

System environment

• Linux Ubuntu 12.04.2 LTS 64bit Server

Installing PROFTPD

~ sudo apt-get install proftpd

Select "Standalone"

View PROFTPD Status

~ sudo /etc/init.d/proftpd statusProFTPD is started in standalone mode, currently running.~ ps -aux|grep ftpproftpd   6674  0.0  0.1  94648  2092 ?        Ss   16:05   0:00 proftpd: (accepting connections)#启动端口21~ netstat -nltp|grep 21tcp6       0      0 :::21                   :::*                    LISTEN      -

3. PROFTPD configuration file

Configuration file:/etc/proftpd/proftpd.conf

#配置服务器名ServerName""blog.fens.me FTP Server" #设置服务器运行模式，独立服务，或者被监管ServerTypestandalone #设置为默认服务器DefaultServeron #设置服务器进程运行使用的用户Userproftpd#设置服务器进程运行使用的组Group        nogroup#设置关闭IPv6支持UseIPv6        off#设置服务器接受请求的端口Port21 #设置被动模式使用的端口范围PassivePorts 60000 65535#设置用户上传文件的权限掩码Umask022#设置用户被chroot锁定到的各自的Home目录DefaultRoot/ftp#关闭欢迎信息显示DeferWelcomeoff #如果显示欢迎信息，则指定显示的文件DisplayLoginwelcome.msg #指定切换文件夹时，显示的欢迎信息DisplayChdir.message #设置日志SystemLog                       /var/log/proftp.logTransferLog                     /var/log/proftp-transfer.log

#限定操作

<Limit SITE_CHMOD>DenyAll</Limit>

#设置匿名用户资源

<Anonymous "/ftp/c">...</Anonymous>

#配置存储目录权限

<Directory "/ftp/a/" ><Limit ALL>AllowUser xAllowUser a1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory>

Limit Permission Description:

• Cwd:change working directory into the directory
• Mkd:make Directory Creation
• Rnfr:rename from renaming
• Dele:delete Deleting files
• Rmd:remove Directory Delete Directories
• READ: Readable
• Write: Writable
• STOR: Can be uploaded
• RETR: Available for download
• DIRS: Allow directory to be listed
• Login: Allow Login
• All: All

4. PROFTPD Usage Scenarios

Scene Description: A company to establish a unified FTP server (/FTP), the company has a department (/FTP/A), b two Departments (/ftp/b), has a separate storage space.

A1 for a department manager has rights to (/FTP/A) operations, A2 for a department employee can only read files.

B1 for the B Department manager has the right to (/ftp/b) operation Rights, B2 for the B Department employees can only read files.

X is the general manager of the company and has rights to (/FTP) operations.

Operation Permissions:

/ftp    -- x所有操作/ftp/a  -- a1所有操作, a2只读/ftp/b  -- b1所有操作, b2只读

Command operation:

# 创建FTP目录sudo mkdir /ftpsudo mkdir /ftp/asudo mkdir /ftp/b# 创建用户组sudo groupadd asudo groupadd b

Ubuntu System configuration Nologin, slightly different from other Linux

~  sudo vi /etc/shells# /etc/shells: valid login shells/bin/sh/bin/dash/bin/bash/bin/rbash/usr/bin/tmux/usr/bin/screen/usr/sbin/nologin

Last line adds/usr/sbin/nologin

Create user and set Nologin, disable FTP account login

sudo useradd a1 -g a -s /usr/sbin/nologinsudo useradd a2 -g a -s /usr/sbin/nologinsudo useradd b1 -g b -s /usr/sbin/nologinsudo useradd b2 -g b -s /usr/sbin/nologinsudo useradd x -G a,b -s /usr/sbin/nologin#设置账户密码echo -e "a1:123" | sudo chpasswdecho -e "a2:123" | sudo chpasswdecho -e "b1:123" | sudo chpasswdecho -e "b1:123" | sudo chpasswdecho -e "x:123" | sudo chpasswd#设置目录权限sudo chown x /ftpsudo chown a1:a /ftp/asudo chmod 770 /ftp/asudo chmod g+s /ftp/asudo chown b1:b /ftp/bsudo chmod 770 /ftp/bsudo chmod g+s /ftp/b

Modify configuration file:/etc/proftpd/proftpd.conf

~ sudo vi /etc/proftpd/proftpd.confServerName "blog.fens.me FTP Server"ServerType standaloneDefaultServer onPort 21Umask 022MaxInstances 30User proftpdGroup nogroupDefaultRoot /ftpAllowOverwrite onSystemLog /var/log/proftp.logTransferLog /var/log/proftp-transfer.log<Directory "/ftp/*"><Limit CWD READ>AllowAll</Limit></Directory><Directory "/ftp/a/" ><Limit ALL>AllowUser xAllowUser a1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory><Directory "/ftp/b/" ><Limit ALL>AllowUser xAllowUser b1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory><Limit SITE_CHMOD>DenyAll</Limit>

Re-server

~ sudo /etc/init.d/proftpd restart * Stopping ftp server proftpd        

5. Client Access

Client command line: Win7 64bit command

Impersonate A1 User login:

~ ftp# Establish connection ftp> open 192.168.1.201 connected to 192.168.1.201. ProFTPD 1.3.4a Server (blog.fens.me FTP server) [:: ffff:192.168.1.201] User (192.168.1.201: (None)): a1331 Password Required for A1 password: User A1 logged in# view directory ftp> dir200 PORT command successful150 Opening ASCII mode data connection For file Listdrwxrws---2 A1 a 4096 3 12:59 ADRWXRWS---2 b1 b 4096 Nov 3 12:2 5 b226 Transfer completeftp: Received 116 bytes, spents 0.00 seconds 58.00 kilobytes per second. ftp> cd a250 CWD command successfulftp> pwd257 "/A" is the current directoryftp> dir200 PORT command successful15 0 Opening ASCII Mode data connection for file list-rw-r--r--1 A2 a 55723 Nov 3 12:56 36kryunjiasu.docx -rw-r--r--1 A1 a 4 Nov 3 12:24 test.txt226 Transfer completeftp: 139 Bytes Received, spents 0.00 seconds 69.50 Kilobytes per second. #上传文件ftp > put c:\22.log200 PORT command successful150 Opening ASCII mode data connection for 22.log226 Transfer complet Eftp: Send 120 bytes, spents 0.06 seconds 2.18 kilobytes per second. #下载文件ftp> Get test.txt200 PORT command successful150 Opening ASCII mode data connection for Test.txt (4 bytes) 226 Transfer Comp Leteftp: Received 5 bytes, spents 0.00 seconds 5000.00 kilobytes per second. #尝试访问B目录, error ftp> CD. /b550. /b:no such file or directory# exits ftp> bye221 Goodbye.

Analog A2 User login:

~ ftp#建立连接ftp> open 192.168.1.201连接到 192.168.1.201。220 ProFTPD 1.3.4a Server (blog.fens.me FTP Server) [::ffff:192.168.1.201]用户(192.168.1.201:(none)): a2331 Password required for a2密码:230 User a2 logged in#查看目录 ftp> dir200 PORT command successful150 Opening ASCII mode data connection for file listdrwxrws---   2 a1       a            4096 Nov  3 13:09 adrwxrws---   2 b1       b            4096 Nov  3 12:25 b226 Transfer completeftp: 收到 116 字节，用时 0.00秒 116.00千字节/秒。#上传文件，出错ftp> put c:\11.log200 PORT command successful550 11.log: Operation not permitted#下载文件ftp> get 22.log200 PORT command successful150 Opening ASCII mode data connection for 22.log (114 bytes)226 Transfer completeftp: 收到 120 字节，用时 0.00秒 120000.00千字节/秒。

With PROFTPD we quickly set up a company's internal FTP server, more convenient than WU-FTPD.

A few details about the Ubuntu utility series