Commands and configurations of Proftpd learning notes

 

Figure-ProFTPD

Last time we talked about the basic installation of proftp. Since we have settings for mysql and quota later, we compiled the corresponding modules during compilation, if you do not need the mysql and disk quota functions, you do not need to compile them.

Here is a very practical example.Proftpd commandAndProftpd Configuration,

/Usr/local/proftpd/sbin/ftpshut

This command is more practical, because you may need to constantly adjust your server, and this command is very flexible. You can regularly stop the ftp connection without stopping the proftpd process, here we will detail how it is used.

Ftpshut [-l min] [-d min] time [warning-message...]

-L min: attempts to create a new ftp connection will not be accepted within a few minutes before the ftp service is disabled.

-D min: The established ftp connection will be suspended within a few minutes before the ftp service is disabled.

Time: the time at which the server will shut down the ftp service. There are two formats:

+ Number is disabled after several minutes

The MMHH server will be disabled at MM: HH today

Note: here we use this command to stop the ftp service, but the actual proftpd process has not stopped, so this command is generally used for debugging ftp.

Example:

After 30 minutes, the FTP service will be closed. During the previous 20 minutes, no new ftp connections will be accepted. The established force Disconnection will be performed 10 minutes before the service is closed, "FTP Server Will shutdown at time" is displayed on the client"

Ftpshut-l 20-d 10 + 30 "FTP Server Will shutdown at time"

In fact, ftpshut is to generate/etc/shutmsg. You only need to delete the file ftp and can re-serve it, or directly

Ftpshut-R

Well, let's start with some basic proftpd configurations. If you are familiar with apache configurations, you will find that the proftpd settings are basically similar and the basic configuration format is

# Global settings

Set Project 1 parameter 1

Set Project 2 parameter 2

# Setting a directory

# Anonymous user settings

Most of the operations we use may be the use of Limit. Limit has the following actions and covers all permissions. You can use Limit flexibly.

CMD: Change Working Directory Change Directory

MKD: MaKe Directory permission for creating Directories

RNFR: ReName FRom change directory name permission

DELE: DELEte permission for deleting objects

RMD: ReMove Directory permission to delete Directory

RETR: RETRieve permission for downloading data from the server to the client

STOR: The permission for STORe to upload data from the client to the server.

READ: READ Permission, excluding the column directory permission, equivalent to RETR, STAT, etc.

WRITE: permission to WRITE files or directories, including MKD and RMD.

DIRS: whether to allow column directories, which is equivalent to LIST, NLST, and other permissions. It is more practical.

ALL: ALL Permissions

LOGIN: permitted to log on

Objects applied to the above Limit include the following

The Limit allowed by AllowUser for a user

DenyUser's Limit for a user

The Limit allowed by AllowGroup for a user group

DenyGroup's Limit for a user group

AllowAll Limit allowed for all user groups

DenyAll indicates the Limit forbidden by all users.

The maximum speed is:

TransferRate STOR | RETR speed (Kbytes/s) for the user

The following is an example of proftp configuration, which may be easier to understand.

1. The ftp server supports resumable data transfer. A maximum of 10 concurrent online users are supported. Only one connection is allowed for each ip address;

2. The ftpusers user group is allowed to access only their own directories, but not the upper-level or other directories;

3. When a user logs on to the server, the ftp server version information is not displayed to increase security;

4. Create a kaoyan ftp account that belongs to the ftpusers group. The kaoyan user can only download the account and has no write permission. The download speed is limited to 50 Kbytes/s.

5. Creating an upload user also belongs to the ftpusers group. Like the kaoyan user's home directory, upload users are allowed to upload files and create directories, but cannot download files, directory and file deletion permissions are not allowed. The upload speed is controlled at 100 Kbytes/s.

First, the user and group add and directory permission settings in the Early Stage

Group add ftpusers

Useradd-d/home/kaoyan-g ftpusers-s/bin/fales kaoyan

Useradd-d/home/kaoyan-g ftpusers-s/bin/fales upload

Chown-R kaoyan: upload/home/kaoyan

Chmod-R 775/home/kaoyan

If you only want access from users in the ftpusers group, you can set the access to 770.

Set/usr/local/proftpd/etc/proftpd. conf

Note # It indicates the annotation. It does not affect the setting and can be left empty.

ServerName "Frank's FTP Server"

ServerType standalone

DefaultServer on

Port 21

Umask 022

MaxInstances 30 # Up to 30 proftpd PIDs

User nobody

Group nobody

TimeoutStalled 10

MaxClients 10 # A maximum of 10 online users are allowed

MaxClientsPerHost 1 "sorry, one IP address only allows one connection"

AllowStoreRestart on

# Resumable upload is supported by default. resumable upload is not required.

DisplayLogin welcome. msg # welcome Word file

ServerIdent off # Shield server version information

DefaultRoot ~ Ftpusers # Set the ftpusers group to only access its own directory

AllowOverwrite on

# Write not allowed

DenyUser kaoyan

# Cannot be deleted, renamed, or downloaded

DenyUser upload

TransferRate RETR 50 user kaoyan

TransferRate STOR 100 user upload

The implementation method can also be implemented through

And it is more flexible. In that way, I just want to open a door for you.

Okay. Let's talk about this today. We will continue to talk about other proftp configurations tomorrow.

Through the introduction of the article, we can clearly understand