How to configure wuftp Server

Article Title: Teach you how to configure the wuftp server. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

1. Install and start wu-ftpd by using the port provided by freebsd. In/stand/sysinstall, select packages in configure. after installation, all the installation files of wuftpd are installed in/usr/local.

To start wu-ftpd, you must modify the inetd. conf file and add the following content: ftp stream tcp nowait root/usr/local/libexec/ftpd? L

After joining the account, use the root identity # killall? HUP inetd

Test the server # ftp 127.0.0.1. If you see the following content, it indicates that you have successfully established the server, but this server is incomplete because it is not available yet.

Chu888.hope.com.cn FTP server (Version wu-2.6.1 (1) Wed Jan 23 06:24:19 GMT 2002) ready. USER anonymous 331 Guest login OK, send your complete e-mail address as password. PASS (hidden)

530 Login incorrect.

# Adduser? When a new user is added to silent, you will find that you have successfully logged on again, but this server is very insecure. Why, this user can reverse without limit.

2. Restrict the root directory of a user ()

# Cd/usr/local/etc/# ee ftpaccess add restricted-uid * # killall? HUP inetd # ftp 127.0.0.1 you can try again. Here, there is a key problem, that is, the write is useless. Why is that? It is because we have to modify a selection item, that is/etc/inetd. in the conf file.

Change to the following content: ftp stream tcp nowait root/usr/local/libexec/ftpd? L-a is used to forcibly read the content of the ftpaccess file. The following is the content of all parameters-?? Wu-ftpd? What is ftpaccess? -?? Wu-ftpd? What is ftpaccess? -D? Wu-ftpd? Embroidery e ??? In syslog, that is,/var/log/messages-I? Why ?? N case ???? In xferlog-l? What about B? ???? In syslog, that is, under/var/log/messages-o ?? N case ???? In xferlog-t seconds? ? Yes ???? Stop ?? MG Tuo? ?,?? Is the value 15 points? (900 seconds)

-L handle ?? ? Yi machinery is in the suburbs of o? In syslog

3. For disk welcome information, first modify the message option of the/usr/local/etc/ftpaccess file and change it to the following content: message/etc/welcome. msg login then you can create a file welcome Under the etc directory. msg.

% T local time (starting from Thu Nov 15 17:12:42 1990)

% F the remaining space of the file system in the directory (kbyte, not all Systems Support)

% C Current Directory % E maintainer mailbox defined in ftpaccess % R remote machine name % L Local Machine name % u username % M used for login Based on the username % U obtained by rfc931 maximum number of connections of such users % N current number of such users % B disk block quota hard limit % B disk block quota soft limit % Q current disk block % I inode hard limit available (+ 1)

% I available inode Soft Upper Limit % q used inode % H disk space excess time limit % h file excess time limit % xu upload byte % xd download byte % xR upload/ download speed (1: n)

% Xc Credit bytes (storage bytes ?)

% XT time limit (minutes)

% XE Logon Time (minutes)

% XL remaining time % xU upload speed limit % xD download speed limit

4. To support the disk quota, you must compile the kernel on freebsd, the following is the compilation procedure # cd/usr/src/sys/i386/conf # cp GENERIC CHU888 edit CHU888. This file contains options QUOTA # config CHU888 # cd/usr/src/ sys/compile/CHU888 # make depend # make install in/etc/rc. add enable_quotas = "YES" check_quotas = "YES" to conf and add/dev/da1s2g/home ufs rw, userquota, groupquota 1 2 restart # quotacheck-av # repquota-a # edquota-u user1 # edquota-p user1 user2 user3 // copy quota. user1 to user2 user3 # quota-v user1

5 wuftpd main program introduction ftpd Master Program (/usr/libexec)

Ftpshut ?? FTP Server tool (/usr/local/bin)

This program is mainly used? When a generates shutmsg (the location is in ftpaccess? Set), ftpshut <-l points?> <-D points?> ?? C? R? <75 ?? Character ?? C? Ming> If the command? Ftpshut-l10-d5 1130? T/etc/shutmag? Hot ?? 998 09 01 11 30 0010 0005 (1998 09 01? P? C? Days)

System shutdown at % S? Ming :?? The first 10 points in C? Stop ???? Why? P? Top 5 points in C ?? Comment B? User? ?,?? C? R ?? Am Note: If/etc/shutmag is set up? Why? Tiens ?? FTP Server? Felt noisy? What can I do if I can use the humag ftpcount function ?? Currently? Persons? ?? Tradey (/usr/local/bin)

Ftpwho can view the current ?? Case (/usr/local/bin)

What is ftpaccess wu-ftpd most important? OK? N, Major? Set the FTP Server? Working Mode ?? Reset (/usr/local/etc)

Ftpconversions? After the n case is down, what do you want? Row? Young (/usr/local/etc)

Ftphosts? OK? After reading Cheng Yu, he will return to the "ne" mystery. Why? Log on to the FTP Server (/usr/local/etc)

What is the black name of FTP Server login prohibited by ftpusers? (/Usr/local/etc)

6 ftpaccess example ftpaccess -- FTP? OK? N

Class all real, guest, anonymous * limit all 10 Any/etc/msgs/msg. dead readme README * login readme * cwd = * message/welcome. msg login message. message cwd = * compress yes all tar yes all log commands real log transfers anonymous, real inbound, outbound shutdown/etc/shutmsg email user @ hostname

#========= Ftpaccess? Set wu-ftpd? Work mode ========================================== #? Method: logibfails ??? Description: Yun? Password ?? In ?? Times ??? Method: class group? Name? User name? Yes? Difficult to log on to (IP/DNS)

#? Ming :? Are you sure you can use the FTP Server group? ? T, yes? How hard is e login #? Example: class mmm real, guest. anonymous * mmm ??? Group? ? T real, guest, and anonymous? Wei Na has been downgrading an overseas Chinese ?? Method: limit group? Name? Same? R login person? ? Adequacy ?? Limit? R? ? Outbound? Information? N #? Note: Limit the same? R ?? Rao? Hey? ? ? Why does les hold the FTP Server? Good server? Palm burning | #? For example, limit all 10 Any/etc/msgs/msg. dead in Any? R? Only 10 Custom Users can have all ??? Group? Cheng? T Identity login, if it is too large? 10 people, right? Show/etc/msgs/msg. dead? N case? Hot ?? Method: reeadme? N commands #? Ming :? Do users need to use a specific command? R, right? Show a certain? N case? Hot ?? For example: readme README * login, if the user logs on to a specific destination ?, ? Why? Object? To README? Acer spine? N case? Hot failover? Why? /P>

#? Method: message? N commands #? Ming :? Do users need to use a specific command? R, right? Show a certain? N case? Hot ?? Example: message/welcome. msg login? User Login FTP Server? R ,?? FTP root? (Usually in/usr/ftp) What is the output of welcome. msg? ㄐ _?)

#? Method: compress yes/no group? Name? Group 1? Name? 2 ......

#? Ming :? Which groups are determined? Support/does not support compress functions #? Example: compress yes all? Revoke all ??? Group? ? T, all support the compress function #? Method: tar yes/no group? Name? Group 1? Name? 2 ......

#? Ming :? Which groups are determined? Support/does not support the tar function #? Method: private yes/no #? Clear: Do you agree to the group? Use your? N case #? Method: passwd-check none/trivial/rfc822 enforce/warm #? Ming :? Anonymous login? R, password ?? Inbound method # none? All accept # trivial as long? Input password? Accept @ characters in it # rfc822 password? Be sure to comply with RFC822? The specified email format # enforce password ?? Incoming ??, Stop logging on # warm password ?? Incoming ??, ? ??? But still? Yun? Login #? Method: log commands group? Name? #? Ming :? Set the system ????? Which groups? Cheng? T operation ?? #? Example: log commands real ?? Real grouping? User operations ??, All ?? In xfrelog #? Method: log transfers group? Name? Inbound/outbound #? Ming :? Set the system ????? Which groups? Cheng? T on? Too many? Too many then too o? (?? In xfrelog)

#? Method: command yes/no group? Name? #? Ming :? Are you sure you want to support the function of a command? Which of the following commands are restricted by limit O? # delete overwrite readme chmod umask #? Example: delete no guest, anonymous # Restrict guest, anonymous ??? Group? ? T prohibit the use of the delete command #? Method: Root of upload FTP? Upper? Ilikau? Yes/no username groupname? Nodirs/dirs #? Ming :? Which one ?? Object? Yes ?? N case # yes? Upper? Ilikau? Yun? Upper ?? N case # no? Upper? Ilikau? Not allowed? Upper ?? N case # Where can dirs be located? Upper? Ilikau? To mkdir? Why? # Nodirs are not allowed in? Upper? Ilikau? To mkdir? Why? #? Example: upload/home/ftp/upload yes root daemon 600 nodirs #? Set/home/ftp ?? TP root object ?, /Upload? Why? Which boast? (? FTP root? Count)

# No ?? Why? #? Method: alias? E name? Name? #? Ming :? ⑤ ^ ?? ?? Set one ????? Wei? E name #? Example: alias up/upload #? Method: cdpath? #? Ming :? Like the PATH in DOS? Yes, but only? Cd ??? The command is valid. Yes? F: How to enable cd cutting? Q to # positive?? #? For example, cdpath/# cdpath/pub # cdpath/incoming # cdpath/upload # If you run the command cd antivirus ,#? T1. system ??? Persons? Shell? Yes? O name? Antivirus category? #2 .? Why? O name? Antivirus? E name #3. Root ?? What is the decision of the bully? Sequential search?? #? Method: path-filter group? Name? Object? Name?? Restricted mode #? Ming :? Why? Why? N case name?? Limit, avoid? What characters does n have? #? Example: path-filter anonymous/etc/pathmsg ^ [-A-Za-z0-9 _ \.] * $ ^ \. ^ -#? Method: shutdown? N #? Ming :? What is the FTP Server? R ????? C ,? K and ??? Show? Information? N cases? By ftpshut #? Why? Ⅲ ?? Why ?? FTP Server is required ?? H divided by what ftpshut creates? N case #? Example: shutdown/etc/shutmsg #??? Shutmsg can use ftpshut? Why? III ??? N included? What? R shutdown #? If you want to stop shutdown ?? B, is it required? Cut/etc/shutmsg #? Method: guestgroup function #? Ming: Specify the guestgroup function #? Example: guestgroup ftponly #? Method: email-specific email address #? Ming :? Those people? Why? Login guest, that is? Why does it mean real and anonymous? #? Example: email aaa@bbb.ccc.ddd # As long as someone logs in with anonymous, and it? Input password ?? Aaa@bbb.ccc.ddd ?? Which? Too many tasks? Guest #? Method: deny IP/DNS? N #? Ming :? Those IP addresses or DNS users cannot log on to FTP ,? K and show off? Notification #? For example, deny * .com.tw 168. 192. */etc/deny. msg # deny! Nameserverd/etc/deny. msg =>? Is it not allowed to have FQDN? C. login 7 ftpaccess example loginfails 2 # Only two wrong passwords can be entered

# Hey you! Yeah, you with the editor. # change the following line, or delete it, OK?

# Define two classes. One class is the local class. The other class is the remote class. The local class can only be logged in from the local class. The remote class can be logged in from any # To the class local real, guest, anonymous *. domain 0.0.0.0 class remote real, guest, anonymous *

# Up to 20 local instances can be created at any time.

# For remote users, there may be 100 people on Saturday and Sunday, and 100 people from to at other times. # If these users are exceeded, display/etc/msgs/msg. toomany this information # other time remote classes can only have 60 people.

Limit local 20 Any/etc/msgs/msg. toow.limit remote 100 SaSu | Any1800-0600/etc/msgs/msg. too=limit remote 60 Any/etc/msgs/msg. too=

Readme README * login readme README * cwd = *

Message/welcome. msg login message. message cwd = *

Compress yes local remote tar yes local remote

# Allow use of private file for site group and site gpass?

Private yes

# Passwd-check [] passwd-check rfc822 warn

Log commands real log transfers anonymous, real inbound, outbound shutdown/etc/shutmsg

# All the following default to "yes" for everybody delete no guest, anonymous # delete permission?

Overwrite no guest, anonymous # overwrite permission?

Rename no guest, anonymous # rename permission?

Chmod no anonymous # chmod permission?

Umask no anonymous # umask permission?

# Specify the upload directory information upload/var/ftp * no nobody nogroup 0000 nodirs upload/var/ftp/bin no upload/var/ftp/etc no upload/var/ftp/incoming yes root daemon 0600 dirs

# Directory aliases ...... [Note, the ":" is not required] alias inc:/incoming

# Cdpath/incoming cdpath/pub cdpath/

# Path-filter ......

Path-filter anonymous/etc/pathmsg ^ [-A-Za-z0-9 _ \.] * $ ^ \. ^-path-filter guest/etc/pathmsg ^ [-A-Za-z0-9 _ \.] * $ ^ \. ^-

# Specify which group of users will be treated as "guests". guestgroup ftponly

Email user @ hostname

Loginfails 3 class local real * class remote anonymous guest * limit remote 100 Any/etc/ftpd/toostrap. msg message/etc/ftpd/welcome. msg login compress yes local remote tar yes local remote private yes passwd-check rfc822 warn log commands real log transfer anonymous guest inbound outbound log transfer real inbound shutdown/etc/ftpd/shut. msg delete no anonymous, guest overwrite no anonymous, guest rename no anonymous chmod no anonymous, guest umask no anonymous upload/home/ftpd * no upload/home/ftpd/bin no upload/home/ftpd/etc no upload/home/ftpd/pub yes real 0644 dirs upload/ home/ftpd/incoming yes real guest anonymous 0644 dirs alias in/incoming email guest@xxx.net email guest@yyy.net deny * .com.tw/etc/ftpd/deny. msg

Next, we will explain each setting one by one and give the meaning of each setting so that you can bypass the settings and make reasonable settings based on the specific circumstances of your FTP server.

1. Format: loginfails [times] function: sets the number of times a user can enter the wrong password when logging on to the FTP server.

Instance: loginfails 3: If the password is entered incorrectly three times, the connection is disconnected.

2. Format: class [class name] [real/guest/anonymous] [IP address] function: the function of this command sets the user category on the FTP server. You can also restrict the IP addresses of the client to allow access from some or all IP addresses. Users on the FTP server can basically be divided into the following three types: real users with valid accounts on the FTP server, anonymous users with records in guest, and anonymous user instances with the lowest anonymous permissions: class local real *: defines a class named local, which contains real users logging on anywhere (* representing all IP addresses.

Class remote anonymous guest *: defines a class named remote, which contains anonymous users and guest users logging on anywhere.

3. Format: limit [category] [number of people] [time] [file name] function: This command is used to set the maximum number of people allowed to connect to a specified category within the specified time. When the maximum number of users is reached, the content of the specified file is displayed.

Instance: limit remote 100 Any/etc/ftpd/toostrap. msg: at any time, when the number of remote users reaches 100, no new connections are allowed. When the number of 101st users wants to connect, the connection will fail, the user can present the file/etc/ftpd/too.pdf. msg content.

4. Format: message [file name] [command] function: when a user executes the specified command, the system displays the specified file content.

Instance: message/etc/ftpd/welcome. msg login: When you execute the login command, that is, when you log on to the FTP server, the system displays the file/etc/ftpd/welcome. msg content.

5. Format: compress [yes/no] [category] function: sets which category users can use the compress function.

Instance: compress yes local remote: allows both local and remote users to use the compress function.

6. Format: tar [yes/no] [category] function: sets which category users can use the tar (archive) function.

Instance: tar yes local remote: allows both local and remote users to use the tar function.

7. Format: private [yes/no] function: sets whether a group can be used to access files.

Instance: private yes: supports group access to files.

8. Format: passwd-check [none/trivial/rfc822] [enforce/warn] function: sets the password usage method for anonymous user anonymous.

None indicates that password verification is not performed, and any password can be logged on; trival indicates that you can log on as long as the entered password contains the character; rfc822 indicates that the password must comply with the E-Mail format specified in RFC822 to log on. enfore indicates that the entered password does not conform to the preceding format and will not allow logon; warn indicates that only warning information is displayed when the password does not comply with the regulations, and you can still log on.

Instance: passwd-check rfc822 warn: You want to obtain a qualified email as the password, but if not, you can also log on.

9. Format: log command [real/guest/anonymous] function: sets which users log on to the file/usr/adm/xferlog.

Instance: log command real: when a real user logs on, his operations are recorded. Because the permissions of other users are low, operations do not cause too many security risks. Therefore, you only need to write down the operations of real users.

10. Format: log transfers [real/guest/anonymous] [inbound/outbound] function: sets which users upload (inbound) and download (outbound) operations to log.

Instance: log transfer anonymous guest inbound outbound: anonymous Users must pay more attention to their file operations, so they must record all upload and download operations.

Log transfer real inbound: only its upload records are recorded for valid users.

11. format: shutdown [file name] function: You can set the time when the FTP server is shut down in the specified file. Once the set time is reached, you cannot log on to the FTP server, to restore the file, delete it. This file must be generated by the command/bin/ftpshut.

Instance: shutdown/etc/ftpd/shut. msg 12. format: delete [yes/no] [real/anonymous/guest] function: sets whether to allow specified users to delete files using the delete command. The default value is allow.

Example: delete no anonymous, guest: to better manage the FTP server, anonymous users are generally not allowed to execute the delete command.

13. Format: overwrite [yes/no] [real/anonymous/guest] function: sets whether to allow specified users to overwrite files of the same name. The default value is allow.

Instance: overwrite no anonymous, guest: to better manage the FTP server, we generally do not allow anonymous users to overwrite files of the same name.

14. Format: rename [yes/no] [real/anonymous/guest] function: sets whether to allow the specified user to rename the file using the rename Command. The default value is allow.

Instance: delete no anonymous: to better manage the FTP server, anonymous users are not allowed to execute the rename command to change the file name. However, anonymous users with records should be appropriately relaxed to allow them to use the renamed command.

15. Format: chmod [yes/no] [real/anonymous/guest] function: sets whether to allow specified users to use the chmod command to change file permissions. The default value is allow.

Instance: delete no anonymous, guest: to better manage the FTP server, anonymous users are generally not allowed to execute the chmod command to change the file permissions.

16. Format: umask [yes/no] [real/anonymous/guest] function: sets whether to allow the specified user to use the umask command. The default value is allow.

Instance: delete no anonymous: to better manage the FTP server, anonymous users are generally not allowed to execute the umask command.

17. format: upload [root directory] [upload Directory] [yes/no] [user] [permission] [dirs/nodirs] function: More detailed settings of directories that can be uploaded.

Instance: upload/home/ftpd * no: indicates that uploading is not allowed in sub-directories/home/ftpd; upload/home/ftpd/bin no: uploading is not allowed under/home/ftpd/bin; upload/home/ftpd/etc no: Indicates uploading is not allowed under/home/ftpd/etc; upload/home/ftpd/pub yes real 0644 dirs: allow Valid users on the server to upload files with a permission of 0644 (that is,-rw-r --) in the/home/ftpd/pub directory, in addition, you can create a subdirectory in this directory.

Upload/home/ftpd/incoming yes real guest anonymous 0644 dirs: allows all users to upload files with 0644 permissions under/home/ftpd/incoming, in addition, you can create a subdirectory in this directory.

18. Format: alias [directory alias] [directory name] function: sets an alias for a specified directory. You can use a shorter directory alias when switching a directory.

Instance: alias inc:/incoming: sets an alias for the subdirectory incoming. inc :.

19. format: email [guest's email address] function: as long as some e-mail addresses are set in this place, when these users log on to the FTP server, his identity will be guest, which generally has lower permissions than real and higher than anonymous.

Instance: email guest@xxx.net email guest@yyy.net: Here is only one example, which can actually contain multiple compliant e-mail addresses.

20. Format: deny [IP Address/domain name] [description file] function: This setting can limit which IP address or domain name users cannot log on to the FTP server.

Instance: deny * .com.tw/etc/ftpd/deny. msg: Set the domain name to ". Access to all ending domain names of com.tw is prohibited. The/etc/ftpd/deny. msg content is displayed to the user.