ProFTPD simple and practical Configuration Management Method

ProFTPDIt is the most popular FTP server software After Wu-FTP. ProFTPD has a configuration management method. Let me share it with you!

The combination of proftpd and mysql can complete a relatively large and complete permission control, but it also increases the complexity of management and maintenance. Here I will introduce a simple configuration method, applicable to applications with less than 100 users. The core of this method is the clever use of setting gid bits. It is best for readers to find information about the relevant knowledge. The Configuration Management of this method is quite small and simple, and a clear permission system structure can be maintained.

1. Ideas

First, we need to clarify the relationship between proftpd users and linux users: users in linux are proftpd users. The permission control of proftpd is based on the permission control of the Linux system. That is, you must first have the permission of the Linux system for a file or directory. On this basis, proftpd can set its unique permissions. In fact, Linux's own permission system is a relatively complete permission system. We can only use this permission system to meet our requirements.

We set an ftp administrator ftpadmin to belong to the ftpadmin group. the ftp root directory/ftp is the personal root directory of ftpadmin, so that ftpadmin can complete routine management. By setting the/ftp gid, you can ensure that the newly uploaded file belongs to the ftpadmin user, and set the umask value 002 to ensure the read and write permissions of the uploaded file group, in this way, the administrator can manage the files under the management, while ensuring that the owner of the file is not changed.

For ftp users, we only need to create a new Linux user, and define the user directory under/ftp. The operation is simple.

2. Create an ftp administrator: ftpadmin

[Root @ localhost root] groupadd ftpadmin # ftpadmin is the name of the newly added group

[Root @ localhost root] useradd-d

/Ftp-g ftpadmin-s/sbin/nologin admin

[Root @ localhost root] chmod 2775/ftp

At the same time, ensure that ftpadmin is the owner of/ftp, and ftpadmin is the group owner of/ftp. This ensures that ftpadmin has all permissions on the/ftp directory to be managed.

-S/sbin/nologin indicates that the user cannot log on from the shell. That is to say, the user can only log on through ftp. This is out of security considerations.

Modify/usr/local/etc/proftpd. conf

Nobody ftpadmin

Nogroup ftpadmin

Umask 002

# Allow the owner and group users to manage ftp.

Change the mask Umask to 002. Both the group members and owner can add, delete, and modify folders. Other users can read and execute, but cannot write. In this way, the ftpadmin user can read and write all files through the same group of identities without changing the original permissions of the content. That is to say, the owner identity of the files in this folder is not changed, but these files can be managed at the same time.

Chmod 2775/ftp, by setting the gid of the folder, all the files written in this folder, no matter who the owner is, the file group must be ftpadmin (because the/ftp group belongs to ftpadmin), which is reasonably managed by ftpadmin.

3. Add User: user1

Useradd-d/ftp/user1-g ftpadmin-s

/Sbin/nologin user1

In this way, user1 has full permissions on the/ftp/user1 directory. as an administrator, you can also manage directories through group permissions.

Whenever users need to be added, simply add a Linux User.

4. Corresponding configuration file: Important entries in proftpd. conf

Umask 002

DefaultRoot

Umask 002 ensures that the newly created file has the Group read and write permissions.

DefaultRoot ~ Make sure that each user is locked in his/her own directory after logging on, and the directories of other users are invisible.

Reading the complete article, do you think this is a good way to manage ProFTPD configurations? I hope you will like it!