Linux off-shelf Ftp_unix Linux

Source: Internet
Author: User
Tags class definition ftp ftp connection local time rfc822 syslog file permissions

WU-FTPD is easy to install, and most versions of Linux contain wu-ftpd RPM packages, which you can specify when installing Linux. If you want to compile your own source code, you can also download the latest version of the source package to ftp://ftp.wu-ftpd.org.
Once installed, you can use the Ckconfig command to check if the installation is correct. You can specify the login directory for the FTP user in/etc/passwd.
WU-FTPD mainly has the following 6 profiles:
Ftpaccess (main configuration file, Control access rights)
Ftpconvertions (configuration file compression/Decompression conversion)
Ftpgroups (set FTP-defined group)
Ftphosts (Set individual user rights)
Ftpservers (set different ip/domain name to correspond to different virtual hosts)
Ftpusers (set which account can not use FTP connection)
Let's take a brief description of the following.
⒈/etc/ftpaccess (main profile of WU-FTPD)
class--defines the group as follows:
class< type >< user address >[< user address ...]
Group users defined by class can be wired in and can use multi-tier classes to regulate which groups of users can come from. Here are three important categories, real, anonymous guest. Real if not listed in the definition, then any of the actual users of this machine can not use their own account to connect. If the anonymous is not defined, it means that people who don't have an account are connected. If there is a definition of guest, then the guest group can come up. In addition < user address > refers to the FTP users will use the IP address, you can set up. Here are some examples:
Class All Real,guest,anonymous *
Defines a class named all, consisting of three types of people, all connected users of IP (that is, everyone included)
Class local real localhost loopback
The local class says that only real users can be connected from a native machine
Class Remote Guest,anonymous *
Remote This class contains guest and anonymous users from anywhere, but real users don't count
Class Rmtuser Real!*.example.com
Rmtuser This class contains the real user from the outside (except example.com)
autogroup--automatically corresponds to the group, using the following:
Autogroup[...]
When you define a group of users who belong to a class, once connected, they are mapped to a corresponding group, so that you can limit the permissions of UNIX files to a certain bunch of people.
deny--rejects certain address lines as follows:
deny< refused to connect to the address >< information file >
Prohibit certain machines from connecting and display < information file >. For example:
Deny 210.62.146.*:255.255.255.254/etc/reject.msg
guestgroup--Set Visitor Group
guestuser--set up a visitor account
realgroup--Set the real group
realuser--Set the real account
nice--sets the number of priority for certain classes, using the following:
Nice
In Linux, nice values are-20 (top) to 19 (final), where you can specify a negative value to increase the order of the class.
defumask--set the umask of a class to use as follows:
Defumask[]
Umask is the permission mask for the file when the file is created
tcpwindow--set the size of the Tcpwindow
keepalive--set whether to use TCP so_keepalive to control disconnection situation
timeout--Set the connection timeout, as follows:
Timeout accept< sec >
Accept connection Timeout, preset 120 seconds
Timeout connect< sec >
Connection setup timeout, preset 120 seconds
Timeout data< sec >
Data transfer timeout, preset 1200 seconds
Timeout idle< sec >
User Daze timeout, preset 900 seconds
file-limit--restricts a class to only a few files, as follows:
File-limit[][]
The number of restricted access files for a class, including in (uploaded), out (download), total raw represents the result of the entire transmission, not just data files. For example:
File-limit out Lvfour
Limit the number of users who lvfour this class can download up to 20 files
byte-limit--limit a class can only pass a few bytes, the use of similar to File-limit
limit-time--limits how long a connection can last, as follows:
limit-time{*|anonymous|guest}< minutes >
In order to avoid someone hanging on the stand, you can use this method to limit the user's online time, such as:
Limit-time Guest 5
Allow the Guest account user only 5 minutes
limit--limit A class can be several people online, using the following:
limit< Connection number >< time sector >< full information file >
Set a class to be up to several people at the same time in a section, followed by the information to be displayed when the number of lines is exceeded. For example:
Limit all any/home/ftp/etc/toomanyuser.msg
Limit all lines to only 32 users at any one time, over then reject the connection and display the information
Limit Levellone 5 any2300-0600/home/ftp/etc/toomanyuser.msg
Limit Levellone This class of users can only have 5 people in the period from 23:00 to 6:00
noretrieve--set which files are not downloadable
Noretrieve[absolute/relative][class=] ... [-] [< filename ...]
Absolute or relative refers to whether the file is an absolute or relative path
allow=retrieve--set which files can be downloaded
Allow[absolute/relative][class=] ... [-] [< filename ...]
loginfails--Set Login error number of attempts
When the user is connected to the wrong ID or password, this setting allows him to hit the wrong number of times after the disconnection, to avoid the use of exhaustive method to guess the password.
private--whether the SITE Group/site Gpass can be performed on the set line
When you open site group and site Gpass directives, you can switch to the/etc/ftpgroup group with these two instructions. In general, we do not use this feature to avoid security vulnerabilities.
greeting--Displays the version information for the server as follows:
Greeting
When the user is logged into the screen to display the server information, full is a preset, contains the version number and Hostname,brief only hostname, and terse only "FTP server Ready" information.
barnner--sets the information that the user sees before entering the login screen, using the following:
banner< file path >
This describes the information that will appear when the user is logged in before the Id/password is hit. The file path refers to the path relative to the real, rather than to the FTP root directory.
host--Set FTP host name
email--Specify an email address for the FTP administrator
The message--information file is set up in the following directions:
message< file >{< when >{...}
The path to the file here is relative to the FTP root directory, "when" refers to the response after you have done something, there are several options:
Login (Login)
cwd=< directory > (when entering a directory)
Class names are previously defined, allowing your information to be sent only to whom.
The contents of the information file, in addition to the text, can also use some of the following predefined code:
%T (local time)
%F (space remaining in the current partition)
%c (current directory)
%E (e-mail for managers)
%R (client host name)
%l (native host name)
%u (user name)
%m (How many people are allowed to connect with my class user)
%N (How many people are currently connected with my class user)
%B (absolute disk limit size, current partition (unit blocks))
%B (Preferred disk limit size, current partition (unit blocks))
%q (currently used blocks)
%I (Maximum available inodes (+1))
%i (preferred inodes limit)
%q (currently in use indoes)
%H (time limit for excessive use of disk space)
%h (time limit for excessive use of files)
readme--notify users which Readme files have been updated
Log commands--records the commands used by the user, as follows:
Log commands< User type >
Log transfers--records the files transmitted by the user as follows:
Log transfers< user type >< transmission direction >
Set what types of user transfer files need to be recorded, including inbound (user uploads) and outbound (user downloads), for example:
Log Transfers Anonymous,guest Inbound,outbound
Log security--record security, using the following:
Log security< User type >
Specifically used to record certain types of users about security related to Noretrive, Notar, etc.
Log syslog--log to the system's Syslog file
alias--set the directory alias, using the following:
alias< alias string >< directory >
cdpath--set CD Replacement directory search order
compress,tar--set whether automatic compression, the use is as follows:
Compress[...]
Tar[...]
Define which people can perform compression and tar
shutdown--inform the user to close the station
shutdown< Information File >
If the information file exists, when the file specified a certain time, it will reject the connection and cut off the existing lines, and so on when the time to shut down. The format of this information file is as follows:
< year >< month >< day >< time >< >< reject Countdown >< Disconnect countdown >< text >
Daemon address--Specifies that only one IP address is to be monitored, as follows:
Daemon Address

When you have a lot of IP, using this option will cancel any other virtual FTP host settings. If not set, listen for all IP.
virtual--Set Virtual FTP platform
WU-FTPD provides the function of the virtual host, that is, the same machine provides a different FTP platform, to host the name or IP to distinguish; Of course, you need to use the name, but also with DNS. Virtual has a number of settings:
Virtual
< path >

Can be a host name or IP address
Root refers to the FTP root directory, banner is welcome information, logfile refers to this virtual platform log file
Here are some examples:
Virtual VIRTUAL.COM.BJ ROOT/HOME/FTP2
Virtual VIRTUAL.COM.BJ Banner/etc/vftpbanner.2
Virtual VIRTUAL.COM.BJ logfile/etc/viftplog.2
Virtual
< letters >
Users can find hostname and managers email, here are some examples:
Virtual 210.62.146.50 hostname VIRTUAL.SITE.COM.BJ
Virtual VRITUAL.SITE.COM.BJ Email FTPOWN@VIRTUAL.SITE.COM.BJ
Virtual
allow< users >[< users ...]
Virtual
deny< users >[< users ...]
Obviously, the above two options are set to allow wiring, and here are some examples:
Virtual VIRTUAL.SITE.COM.BJ Allow *
Virtual VIRTUAL.SITE.COM.BJ deny Badman
Virtual
Private
This virtual platform rejects anonymous users
Defaultserver Deny < user >[< user ...]
Defaultserver Allow < user >[< user ...]
When we use the virtual host, the original Deny,allow settings do not know which server to set, so it will be invalid, with Defaultserver on behalf of the original host
Defaultserver Private
Main platform rejects anonymous user
Passive address--Convert IP values
Passive address< external IP&GT;/CIDR
Ports range of passive ports--passive
Passive ports
pasv-allow--allows the use of PASV
pasv-allow[< Address ...]
port-allow--allows port to be used
port-allow[< Address ...]
mailserver--a mail server that specifies upload notifications
incmail--Specify the email notification address of anonymous upload
Virtual incmail--Specifies the email notification address of the anonymous upload
Defaultserver incmail--Specifies the email notification address of the preset host anonymous upload
mailfrom--Notice of the sender upload
Virtual mailfrom--The sender of a upload notification
Defaultserver mailfrom--default host upload notification sender
chmod--Whether you can change file permissions
delete--whether the file can be deleted
overwrite--Overwrite File
rename--Renaming files
umask--allows setting umask
passwd-check--set the degree of password checking for anonymous FTP, using the following:
Passwd-check ()
Set the password for the anonymous FTP user is checked, none means no check, trivial for any password containing @, rfc822 means the password to follow the RFC822 format, enforce indicates that the password check is not allowed to enter, Warn indicates a password check but only a warning message appears.
deny=email--rejects specific emails as passwords.
path-filer--which file names are not available
path-filer< error message file >< allow characters >< not allowed characters >
upload--Set upload Permissions
Upload[absloute/relative][class=] ... [-]< set directory > >[dirs/nodirs][d_mode]
Used to set permissions for the directory we want to set:
Absoulte/relative use absolute or relative paths
class= specifies a class
Root-dir refers to which root-dir people, that is, chroot after the login directory, apply this rule
The set directory refers to the directory we want to restrict.
Yes/no refers to the ability to open a new file in this directory
Owner,group points out the owners and groups of the files that are open
Mode refers to file permissions
Dirs/nodirs refers to the ability to open a new catalogue.
D_mode set the permissions of the directory when creating a new directory, if not set according to mode
thoughput--Control Download speed
thoughput< subdirectory list >< file >< remote address list >
For the remote address, control the speed at which he catches certain files under a subdirectory, for example:
THOUGHPUT/E/FTP * OO-*
thoughput/e/ftp/sw* * 1024 0.5 *
Thoughput/e/ftp sw* Readme OO-*
Thoughput/e/ftp sw* * oo-*.foo.com
Are you able to see the above settings? "oo" means no limit to bytes/sec, "-" or "1.0" are represented one times. The first line means that the file below the/e/ftp does not limit download speed; the second line says that any file under/sw* is limited to 1024bytes/sec*
0.5=512bytes/sec The third line also cancels the speed limit of the readme file; the last line opens full speed to the *.foo.com.
anonymous-root--an anonymous user's root directory for a class
Anonymous-root[]
guest-root--preset a Guest user root directory
Guest-root[]
The range in which to specify the UID
deny-uid,deny-gid--denies a segment UID (GID) range
allow-uid,allow-gid--allows a section of UID (GID) range
restricted-uid,restricted-gid--restrict users from leaving his login directory
unrestricted-uid,unrestricted-gid--user can leave his login directory
DNS refuse_mismatch--set DNS to find the name and user settings do not match the action
DNS refuse_mismatch< information file >[override]
When the user uses the unregistered IP, rejects his line, override is to ignore the mistake to let him connect, the information file is we want to give the user to see.
DNS refuse_no_reverse--set no back check record reject connection
DNS refuse_no_reverse< information file >[override]
When the user's IP is not logged, reject his connection
DNS resolveoptions--set DNS resolution options
DNS Resolveoptions[options]
You can set DNS resolution options here
⒉/etc/ftphosts
The ftphosts file is actually similar to the Access,deny in Ftpaccess, which is specifically used to set certain ID lines, it has no class definition, so it must be a real user.
allow|deny< User >< address >[< address ...]
Here are some examples:
Allow Rose 140.0.0/8
Deny Jack 140.123.0.0:255.255.0.0
Allow rose to come in from 140.*.*.* and refuse Jack to come up from 140.123.*.*.
⒊/etc/ftpservers
This file controls which configuration file comes in when you have different ip/hostname. For example:
10.196.145.10/etc/ftpd/ftpaccess.somedomain/
10.196.145.200/etc/ftpd/ftpaccess.someotherdomain/
Some.domain Internal
10.196.145.20/etc/ftpd/config/faqs.org/
ftp.some.domain/etc/ftpd/config/faqs.org/
⒋/etc/ftpusers
Users logged in this file are prohibited from using FTP
⒌/etc/ftpgroups
Use the site Group directive to switch group on the line. SITE exec is easy to create security vulnerabilities, generally we are not open.
⒍/etc/ftpconversions
Used to do the tar, compress, gzip, and other action instructions configuration file, as long as the preset can be, if you do not open real-time compression package, you can also remove the content.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.