Article Title: Quick Guide to ProFtpd. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
ProFTPD is an FTP server program on Unix or Unix-like platforms (such as Linux and FreeBSD). It is a copyright statement (GPL) issued by the Free Software Foundation) free software developed and released under, that is to say, anyone who complies with the GPL copyright statement can modify the source start code at will.
ProFTPD is designed to implement a secure and easy-to-set FTP Server. At present, FTP servers on Unix or Unix-like platforms are very limited. The most commonly used FTP Server is wu-ftpd. Although wu-ftpd has excellent performance and is also a set of good software, it lacks some characteristics of FTP Server on many Win32 platforms, at the same time, wu-ftpd also found many security vulnerabilities in the past. ProFTPD creators have spent a lot of time looking for wu-ftpd vulnerabilities to improve and add many features. However, unfortunately, he quickly discovered that wu-ftpd needs to be completely rewritten to supplement the lack of setup capabilities and some of the functions. ProFTPD is not generated by modifying the original code of other FTP servers. On the contrary, it is a completely independent and complete FTP Server that is rewritten.
ProFTPD has the following features:
* A single master setting file contains many commands and groups it controls ,? Jain? Intrinsic intrusion, wannacache, H, Huan? Pache Web Serve is easy to set.
* A ". ftpaccess" setting file can be defined for each directory, just like the Apache ". htaccess" file.
* Multiple virtual FTP servers can be configured, and the anonymous FTP service is very easy.
* You can choose to operate separately (stand-alone) or start it by inetd based on the system load.
* The root directory of anonymous FTP does not need a specific directory structure, system binary execution file, or other system files.
* ProFTPD does not execute any external programs to avoid security vulnerabilities.
* It has the permission to hide directories or hidden files, which are derived from file permissions in Unix format or user/group type.
* It can be executed in stand-alone mode by general users to reduce the possibility of obtaining root privileges through attacks. Note: This function is related to the Unix operating system.
* Supports system records and utmp/wtmp.
The record method is fully compatible with the wu-ftpd standard and supports the extended format of the record content.
* Supports Shadow &! Nbsp; password, including the account life setting function.
Compile and install
Proftpd provides multiple installation formats, including source code, RPM, And deb (debian software package. This article mainly discusses the installation of source code.
Download the latest proftpd-1.2.0rc3 from ftp.proftpd.net to a Linux server. Perform the following steps:
Note: If you run the./cofigure command, use the -- prefix option to specify to install proftpd in the/usr/sbin directory! You do not need to modify the fuctions file.
Then, after the next system is started, proftpd will automatically start.
Finally, make sure that no ftp server is running in the system:
[Root @ ftpd/] # netstat-ln
If the output does not contain
Tcp 0 0 0.0.0.0: 21 0.0.0.0: * LISTEN
In this way, you can directly start proftpd. Otherwise, you need to disable the previous ftpd server. For the default Linux installation, You need to disable the ftp server in the following ways: edit/etc/inetd. conf file, in the ftp stream tcp nowait root/usr/sbin/tcpd in. before a line of ftpd-l-a, add #:
# Ftp stream tcp nowait root/usr/sbin/tcpd in. ftpd-l-a and then:
[Root @ ftpd! /] # Ps ax | grep inetd
350? S inetd get the inetd process number and restart the inetd process:
[Root @ ftpd/] # kill-HUP 350
Run the following command to start proftpd:
[Root @ ftpd/] #/etc/rc. d/init. d/proftpd start
In this case, run the following command to test whether proftpd runs properly:
C: WINDOWS> ftp 192.168.2.33
Connected to 192.168.2.33.
220 ProFTPD 1.2.0rc3 Server (ProFTPD Default Installation) [ftpd.test.com.cn]
User (192.168.2.33 :( none): ideal
Password:
230 User ideal logged in.
Ftp>
Now you have a secure and reliable ftp server.
FAQ
1. After I installed proftpd, I encountered a problem. How can I debug it?
Run the command! /Usr/local/sbin/proftpd-d9-n start proftpd for debugging, then proftp d will print the debugging information to consystemic for debugging.
2. Why can't anonymous users log on after my proftpf is started?
View the proftp configuration file/usr/local/etc/proftpd. conf, change to (here/home/ftp can be the current root directory after anonymous users log on, but make sure that the directory is accessible to ftp users ), if some User commands specify the ftp User, add the following command instructions in the configuration file:
RequireValidShell off
3. How can I limit the access of a normal user to a directory after logon?
You can use the DefaultRoot command. For example, if you want to restrict the ftpusers group users to your home directory, you must first create the group:
/Usr/sbin/groupadd ftpusers
Then add the user ideal to the group:
Usrmod-G ftpusers ideal
Add the following content to the proftpd. conf file:
DefaultRoot ~ Ftpusers
You can also restrict users to access only one sub-directory in their home directory after Logon:
Default! Root ~ /Anoftp ftpusers
Of course, you can also restrict users to other directories, rather than your home directory:
DefaultRoot/tmp ftpusers
You can also limit the number of users in a user group:
DefaultRoot ~ Ftpusers ,! Empolyee
This directive only limits users in the ftpusers group that are not in the empolyee group.
4. How can I prevent users from displaying the ftp server version information during login to enhance security?
Add the following content to proftpd. conf:
ServerIdent off
When you log on again, the following content is displayed:
C: WINDOWS> ftp 192.168.2.33
Connected to 192.168.2.33.
220 ftpd.test.com.cn FTP server ready.
User (192.168.2.33 :( none )):
5. How do I set up a virtual host in the proftpd environment?
It can be implemented through the command: VirtualHost. The simplest example is as follows:
ServerName "virtual FTP server"
If you only want to access a VM anonymously, use the following! Command:
Serv erName "virtual FTP server"
DenyAll
User private
Group private
AllowAll
In this way, the host of 192.168.2.35 only allows anonymous logon.
The content of my proftpd. conf configuration file is:
# This is a basic ProFTPD configuration file (rename it
# 'Proftpd. conf' for actual use. It establishes a single server
# And a single anonymous login. It assumes that you have a user/group
# "Nobody" and "ftp" for normal operation and anon.
ServerName &! Quot; test.com.cn FTP Server"
ServerType sta
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
