Analysis of the use of IIS FTP and serv-u _ftp server

Administration of IIS FTP server

Although the installation of IIS is simple, but the management function is not strong, only simple account management, directory permissions settings, message settings, connection user management.

1. Account Management

Unlike Serv-u, IIS manages accounts in accordance with the Windows user account. If you want to add a user name and password to the FTP server that are DYS, you must first add the account to Windows.

1 in Administrative Tools, open Computer Management, locate users under Local Users and groups, right-click, and select New user.
2 Enter the username and password in the new user window that pops up, and then Windows creates the user.
3 in Administrative Tools, open Internet Information Services, go to the Properties Settings window of the default FTP site, and locate the FTP site operator on the Security Accounts tab. As you can see here, the system has the default "Administrators" group all members as authorized accounts. If you are using the Windows 2000 Server version, you can click the "Add" button next to add the Dys account, if not, then the "Add" and "delete" button is gray, not optional. Can you add the Dys account? Of course.
4 go back to "Computer Management" and right-click the username you just created. Open the Properties setting, remove the default Users group in the Member On tab, click Add, and then select "Advanced → find Now" in the pop-up Select Group window, in the search results. Administrators "group, and then make sure it's OK.
5 to delete an account, directly in the "Computer Management" can be deleted.
Tip: The disadvantage of doing this is that if you are not a Windows 2000 Server Edition, you will automatically have all the permissions of the administrator "admin" for each additional account you add. It can be imagined that once the account password is stolen, it will bring a great security risk.

2. Directory Management

1) Set up the virtual directory

Many times, upload a lot of files, set up the original server home directory is often not enough, how to do? This requires setting up the virtual directory. A virtual directory is the way in which other directories are mapped to the home directory of the FTP server, so that the home directory of an FTP server can essentially include many different disk characters and directories of different paths without being limited by the disk space. When a user logs on to the home directory, it can also be manipulated according to the permissions of the account, just like a subdirectory under the home directory. If users are locked in the home directory, this feature will allow them to access directories other than the home directory.

Here we assume that you want to set the D\MTV directory to the virtual directory music in the G\ftp directory. In Internet Information Services, right-click Default FTP site, and select new → virtual directory to set up. Fill in "Music" in "virtual directory alias", select "D\MTV" in "FTP Site Content directory", and click "read" and "write" in "access rights", and exit after completion. To Dys account login to FTP look, is not more than a "Music" directory? You can then upload or download files to the directory.

2) Read and Write permission settings

IIS has a simpler set of permissions, providing only three permissions for each directory: Read (allow downloads), write (allow uploads), and record access (logging user access to this directory). The home directory can be set in the properties of the default FTP site, and the virtual directory can be set in the properties of the virtual directory.
Tip: The permissions set by the home directory are subject to the primary directory permissions if they conflict with the permissions of the virtual directory. For example, the permissions set by the home directory are read and write, and the music permissions are set to read only, the music permission will be overwritten by the primary directory permissions and automatically have write permission.

3. Message settings

Go to the Messages tab in the default FTP Site property to set up a message to display in the status window of the FTP client software when a user logs on and exits the server. where "title" and "Welcome" will appear when the user logs on, "Exit" is the farewell message displayed when the user exits the server.

4. Connect User Management

You can easily manage connected users on the FTP Site tab. Limit to to set the maximum number of connections that the server allows to connect at the same time, if not the Windows 2000 Server Edition, not only the unrestricted option is not available, and the maximum number of connections cannot exceed 10. "Connection Timeout" can be set when the connection user idle number of seconds will be automatically kicked out by the server, J-8?8 pieces G2 _c This can effectively prevent users to waste the maximum number of server connections. The current session in the lower-right corner of the point can see the account and current status of the online connection user and select one of the users to click "Disconnect" to kick the user out of the server.

Second, the SERV-U server management

Serv-u's management is much more powerful than IIS, and it's easy to set up. The special note is that every time you make any settings or changes, you have to click on the upper left corner of the toolbar "save" button to be effective.

1. Account Management

Serv-u account management is very convenient, not only can the single account management, but also have the same permissions of multiple accounts set up into a group, unified management.

1 Add/Remove individual accounts

Find "User" in the left window, Aa? TBI Network CR,

Right-click, select New User, and then set the user name, password, home directory (the directory where the account is logged in), and "Lock the user to the home directory" to complete the creation of a new account. Sometimes we want to build a group of accounts with the same home directory, such as A1, A2, A3 ... If you go to create a new, it is more trouble, at this time you can use the "Copy user" function. First create A1 user, then right click on the account "A1", select "Copy User", according to this, and then the copy of the account name changed to A2, A3, etc. The account created in this way is the same as the other settings, including passwords, except for different names.

2) Add/Remove Group
If there are a group of accounts, such as A1, A2, A3, with the same access to the home directory and IP access rules, you can set these accounts into a single, unified management, any of the settings for the group will also be in force for all account members of the group. Right-click Groups, select New Group, and enter the name of the group to create a new group. The new group does not own any account members, and you need to add these member account one by one to the group. Select the account you want to add and select the group you want to join in the group in the right window, except for the anonymous account, where you can join one or more groups at the same time. To remove this account from this group, leave it blank. To delete a group, right-click on the group name, and then click Delete Group. Similarly, a group can be copied as a single account by selecting the right key after a group and then clicking Copy Group.

3 Set the validity of the account
If some accounts violate your rules, you can prohibit the account for a period of time, during which any user will be denied access to the server with this account. You just select the account, on the right "account" tab will be "Disabled account" selected, JFL (E mention PC Hk_ soft 3 2Ca to lift the ban, will "√" removed. For some temporary accounts, if you wait until the expiration of one after another to delete, your memory is obviously a big test. Serv-u provides a solution that can automatically delete the account at expiration. Select "Automatically delete account on date" and set the expiration date in the Drop-down box below, and the system will automatically delete the account on the specified day.
2. Setting up a virtual directory
Like IIS, Serv-u also provides the virtual directory Settings feature. Suppose we want to map the "g\ movie \dvd Movie" Directory to the "DVD" directory under the FTP home directory. Click "Settings", under the General tab, there is a "virtual path mapping", click "Add", enter "g\ movie \dvd movie" in "Physical Path", "enter" in "Map Physical path". %home% "or the absolute path of the FTP home directory, the mapped path name is filled with DVD. Finally, go to the user's Directory Access tab and add the g\ movie \dvd movie catalog. Log on to the FTP account and you can see a DVD directory.

3. Set directory Permissions

Unlike IIS, Serv-u sets different access directories based on accounts. Each account at the time of creation to choose the location of the directory after the login, different accounts can be different. Each directory has the following permissions to set:

1) file operation
READ: Allows users to download files from the server;
Write: Allows the user to upload files to the server, but does not allow modification, deletion and renaming;
Append: Allows to append content to existing files or to be resumed, only if this is selected, the directory is allowed to continue;
Delete: Allows users to modify files, rename and delete;
Execute: Execute commands through FTP, this permission should be used carefully, otherwise it may cause security problems.

2) directory operation
List: Allows the user to obtain a list of files in the directory, the user does not see anything;
Create: Allow users to create a new subdirectory in the directory, many upload users upload files are often the entire directory upload, if this item is not selected, users can upload files, but not by directory to upload;
Delete: Allows users to delete directories.

3) Child directory operation
Inheritance: The access rules for parent directories are automatically applied to subdirectories.
As a webmaster, not only to understand these permissions, but also to learn to rationally set the permissions of different users of each directory. Generally speaking, for ordinary or anonymous users, it is best to give read and directory list permissions only to facilitate the administration and improve the security of the FTP server. For uploading users, you should open a special account and give read, write, append, directory list and create permissions, for special users, as little as possible to give more permissions, especially the "execute" permission. To set permissions, go to the Directory Access tab for each user or group, and set it yourself according to your needs.

4. Message settings

When you log on to an FTP using CuteFTP Pro, you sometimes see information such as "Welcome to this site" in the status window, which is the message. Many FTP webmaster do not pay attention to login/exit/change Directory message settings, in fact, if set properly, not only to facilitate users, especially the upload user access, but also to make your FTP look more personalized and professional.

Select settings and locate the Messages tab in the right window. "Server response information" is default by the system and is generally not subject to modification. Notice that the four options below are what we need to set:

Start tag information: Specifies the file location that contains the welcome information that appears when a user logs on successfully;
Turn off tag information: Specifies the location of the file that contains the information to display when the user disconnects;
"Change the home directory of a message file": Specifies the location of the file where the information is displayed when the user changes the directory;
"Change the secondary directory of message files": Specifies the location of the file where the user displays information when they change the directory and the file does not find the primary file.

Take an example of the welcome information that is displayed when you make a successful login. First build a text file called logon, open, and enter the following information:
Welcome to XXX's personal FTP server

Your IP address is:%IP
The time the server is currently located is%time
There have been%u24h users who have accessed this ftp in the last 24 hours
This FTP server has been running for%serverdays days%serverhours hours.
Server operation:
Number of logged-in users:%logged inall Total
Number of users currently logged in:%unow
User already used space quota:%quotsed KB
Remaining free space quota:%quotalet KB
User's current remaining space:%dfree KB
Maximum free disk space:%quotamax KB

Among them, the beginning of the% are some variables (more variables please query serv-u help file), XXX can be changed to your name, you can add some of your favorite text, but each line with no more than 70 English characters is advisable. In the start tag information, enter logon. TXT file address, after saving with CuteFTP login. In this way, for the users to upload files, the server also left how much space to upload on the clear at a glance.

Tip: For each account you can also set the message that appears when the user logs on with this account. Locate the login message file in the General tab of this account, and select the good message file directory. The advantage of this is that we can set up a dedicated account to upload, and then only the relevant details of the upload to set up a message file for the user to upload account reference.

5. Settings for upload/download rate

There is a "upload/download rate" tab in each user's setup options. The so-called "upload/download rate" is actually a credit mechanism for uploading and downloading files to users. As a webmaster, all hope that users can upload some valuable things for everyone to share, and not just use the resources provided by FTP. By setting the "Upload and download ratio", the webmaster can limit the number of files that users can download after each upload of a file using FTP. With the upload/download ratio enabled, Serv-u provides four counts:
"Count each task file": Calculates the uploaded/downloaded file for each individual FTP task under this ratio;
"Count bytes per task": Calculates the byte of the upload/download file for each individual FTP task under this ratio;
Count all Task files: calculates uploaded/downloaded files for all FTP tasks under this ratio;
Count bytes for All tasks: Calculates the bytes of uploaded/downloaded files for all FTP tasks under this ratio.

Take "Count each task file" as an example, if in the "ratio" option, "upload" set to 1, "download" set to 4, then the account each upload 1 files, you can download 4 files from FTP.

But "upload/download Rate" There is a problem: if there is a directory or file in FTP does not need to be included in the upload/download rate, how to do? We can set it in the upload/download rate tab in Settings. Click "Add" to enter a directory or file that does not need to be counted, OK. If you have more than one directory or file, repeat this action.

6. User Quota management

The use of "upload/download rate" can effectively motivate users to obtain download rights and actively upload, but the new problem follows: As users upload more files, the hard disk space will soon be occupied by these files, if a user uploads a lot of files, in the same hard disk space, It will also affect other users of the size of the upload space to dominate. At this point, you need to manage the user quota.

As with the upload/download rate, Serv-u can assign a disk quota to each user. Select the user you want to set up, and select Enable disk quotas in quota. Click the "Calculate Current" button below, "current" will show the user account currently available hard disk space, in the "maximum" to fill in the user account can be allocated to the maximum size of the hard disk space. Note that the units here are KB.

7. Manage Active Users

The forest is big, and any bird has it. Not every user who logs on to the FTP server is in line with the rules, which requires the webmaster to manage the online users connected to the server. Click Activities under fields on the left side of the main interface and manage them in the Users tab on the right window. Select one of the users, the right button, will be in the pop-up menu to show the action can be done.
Overload information: Used to reload the user information, equivalent to refreshing.
Send message: Sends a text message to the currently selected user, and the message appears in the status window in the user's FTP client software.
Broadcast: Sends a text message to all currently active users.
"Stop Routing": If the user is currently uploading or downloading files, I net C teaches W Country R Special] You can abort this upload or download operation, but do not kick the user out of the server.
"Kick the user": Kick the user out of the server, regardless of whether the user is uploading or downloading the file.
"Monitoring users": real-time monitoring of all operations of the user,

i:1w x NET in,

But do not perform any other administrative commands on the user. When selected, an extra tab, named after the Domain Log tab, is displayed, displaying all of the user's operational information in real time. To turn off monitoring, right-click the tab and select Close watch.
The Domain Log tab is used to record the account name, logon time, IP address, and exit time of each user who logs on to the server in real time, making it easy for the webmaster to understand the basic situation of the user who is logged on to the server. By default, the log is updated in real time, but if the next freeze is selected, it stops the update.
Tip: Monitoring a user will occupy the larger server resources, if the number of active users is more, please use this feature carefully.

8. Edit IP access rules

For some users who disturb the order of the server but do not easily delete their accounts, you can use edit IP access rules to allow or block specific IP access. Serv-u User IP access rules are very flexible settings, not only can be set to allow access to the server's user IP, you can also set the user IP access denied, not only can each account for individual editing, but also for the entire server all accounts for unified editing, but also support the "" and "? "Wildcard character.

1) Access Denied
For rogue users, if it is not convenient to delete their accounts, you can find the IP from the domain log that the user is connected to. In the Rules text box, click Add, and serv-u will add this rule to the IP Access rules list box below. This is quite effective for users who have fixed IP. However, if the user is a dial-up Internet user and dials after the disconnection, a new IP will be obtained, and obviously this IP access rule is invalid for the user. To work around this problem, you'll need to use wildcards and the "-" symbol. Let's say the user IP we want to block is 192. 168. x.x, you can enter 192.168 in "rules". , or you can enter 192. 168. ﹖． ?-192.168.???. ??? or 192.168.0.0-192.168.255.255, the effect is the same. Reasonable use of these symbols can also effectively prevent hacker attacks.

2) Allow access
If you want to use your FTP site for only a few specific users,

CEG.] MQ feed [2 ZB]

You can select Allow access, enter a specific user's IP in rules, and then click Add. Similarly, if the IP of a particular user is a dynamic IP, you can set it by using the wildcard character and the "-" symbol.
In fact, as a webmaster, more times need to mix the two rules flexibly, such as from the access denied IP to set an IP to allow access, or vice versa. Need to be reminded: For some LAN users, such as Internet cafes, if their IP set to deny access, the entire LAN will be blocked by the server.

9. Resource management such as server bandwidth

For the server, the most important thing is how to ensure that the server bandwidth and other system resources and performance is not wasted. To do this, you also need to make some settings to go to the local server → settings → general tab.

Maximum speed: the maximum bandwidth that can be used (kb/seconds), and fill in the appropriate values based on the server's total bandwidth resources. If you do not fill in the value, Serv-u will use all available bandwidth, which can cause other network applications on the server to be unavailable when the number of connected users reaches a certain amount. For example, 512Kbps ADSL is best set to 50kb/seconds or below.

Maximum users: Sets the maximum number of users allowed to connect to this server at the same time. Because each user connected to the server consumes a certain amount of bandwidth even if they do not upload or download any files, the system will not control the number of logged-in users until all resources are exhausted.

"Delete partially uploaded files": Delete incomplete upload files. If you select this option, files that are not fully uploaded are automatically deleted to save the server hard disk space to the maximum possible. Whether or not to choose, depending on the server user normally uploaded file size decision.

"Disable the go-ahead when scheduling": Many FTP servers to prevent users for a long time does not operate but occupy bandwidth and the number of connections to do a time-out setting, when the user connected more than a certain time but did not do any action, will be automatically kicked out of the server. For this, some FTP client programs automatically send some commands to the server to ensure that they are not kicked out. If this option is selected, the server will use a unique timing method to prevent the FTP client program from being set up when these are surpassed. Recommended selection.

"Intercept connection more than x seconds x minutes": Used to set if a user in X seconds to continue to connect x times, then shielding his IP address x minutes, can effectively prevent users to use such as network ants, such as high-speed multi-threaded download software to connect to the server.
The above settings are valid for all servers under domain. But these settings are too superficial for a specific FTP server or an account,

D2*s\+jc*]^9i*q

Not conducive to meticulous management. But it doesn't matter, serv-u for each account under each server provides a detailed set of features. General tab to enter this account:

"Allow only x from the same IP login": Many users download two or more than two files, in order to save download wait time, often open more than two FTP client software login. For a server, each logon process is actually a user, which takes up not only the system bandwidth but also the other user's logon rights. This requires that you select this option to prevent this. When selected, the server allows only one IP at a time with up to X connections.
"Maximum upload speed and maximum download speed (kb/seconds)": Used to set the maximum upload/download speed of the account user. For a particular account, it can be set higher than the general account to reflect the privileges.
Idle timeout and Task timeout (sec): Idle timeout is used to set the server to automatically kick out of resources when the user is idle for more than a certain amount of time, and the task timeout setting is automatically kicked out by the system when the user and server perform each task.
Maximum users: Sets the maximum number of users to log on to the server with this account at the same time.
After you have completed these settings, you already have a quasi professional FTP server in a quasi professional management level. The reason is only the level of professional management, because you have not yet achieved the most fashionable and the most dazzling remote management functions.

10. Implementing Remote FTP Server Management

Have you ever thought about setting up an FTP server in your home and doing all kinds of setup and management of the server in your office like sitting at home? SERV-U provides this remote management capability. For the convenience of illustration, let us first assume that we use serv-u to set up a FTP server called "Myftp" at home, the address is ftp//218.1.1.1, the port is 21, and now the user name and password in the Office for the DYS account for remote management.

1 first create an account with remote admin privileges
Create a new user with username and password set to Dys. Once created, enter the Account tab of the Dys account and locate the Permissions Drop-down list box. Here, in addition to the normal user's "No permissions", there are four remote permissions to choose from:
Group administrator: can be managed remotely, but only for this group of users and not for the server.
Domain Admins: You can administer remotely, but you can only manage this domain and you cannot add new domains.
System administrator: can be managed remotely and has full permissions.
Read-only administrator: primarily for remote diagnostics, you can see all the server settings but not be able to modify them.
Here, we select "System Administrator" and then save.

2 Install and set up serv-u on the office machine.
Once installed, the Set Up Server Wizard can fill in. Select the Serv-u server in the left window, right-click, and select New server. In the wizard window that pops up, "IP address" fills in the server IP to be managed, where 218.1.1.1 is filled in, and the port number is populated with the ports of the managed server, where 21 is filled. "FTP server name" is free, enter "remote Administration myftp", "User name" and "password" Enter the account name and password that has been set up on the managed server with remote administrative privileges.

3 Connection and management with the remote FTP server
Double-click Remote Administration MYFTP to establish a connection with the server in your home. After the connection, at this time you can like at home to the server for a variety of settings and management, is not very convenient.