ProFTPD Study Notes (2)

Last time we talked about the basic installation of ProFTP. Since we have settings for MySQL and quota later, we compiled the corresponding modules during compilation, if you do not need the MySQL and disk quota functions, you do not need to compile them.

Here is a very practical command,

/Usr/local/ProFTPD/sbin/ftpshut

This command is more practical, because you may need to constantly adjust your server, and this command is very flexible. You can regularly stop the FTP connection without stopping the ProFTPd process, here we will detail how it is used.

Ftpshut [-L min] [-D min] time [WARNING-message...]

-L min: attempts to create a new FTP connection will not be accepted within a few minutes before the FTP service is disabled.
-D min: The established FTP connection will be suspended within a few minutes before the FTP service is disabled.
Time: the time at which the server will shut down the FTP service. There are two formats:
+ Number is disabled after several minutes
The Mmhh server will be disabled at mm: hh today

Note: here we use this command to stop the FTP service, but the actual ProFTPD process has not stopped, so this command is generally used for debugging FTP.

Example:
After 30 minutes, the FTP service will be closed. During the previous 20 minutes, no new FTP connections will be accepted. The established force Disconnection will be performed 10 minutes before the service is closed, "FTP server will shutdown at time" is displayed on the client"

Ftpshut-l 20-D 10 + 30 "FTP server will shutdown at time"

In fact, ftpshut generates/etc/shutmsg. You only need to delete this file and FTP can be re-served, or
Direct

Ftpshut-R

Well, let's start with some basic ProFTPD configurations. If you are familiar with Apache configurations, you will find that the ProFTPd settings are basically similar and the basic configuration format is

# Global settings
Set Project 1 parameter 1
Set Project 2 parameter 2

# Setting a directory
<Directory "pathname">
...
...
</Directory>

# Anonymous user settings
<Anonymous "Anonymous login directory">
...
...
<Limit restriction action>
...
...
</Limit>
</Anonymous>

Most of the operations we use may be the use of limit. limit has the following actions and covers all permissions. You can use limit flexibly.

CMD: change working directory change Directory
MKD: Make directory permission for creating Directories
RNFR: Rename from change directory name permission
Dele: delete permission for deleting objects
RMD: Remove directory permission to delete directory
RETR: retrieve permission for downloading data from the server to the client
Stor: The permission for store to upload data from the client to the server.
Read: Read Permission, excluding the column directory permission, equivalent to RETR, stat, etc.
Write: permission to write files or directories, including MKD and rmd.
Dirs: whether to allow column directories, which is equivalent to list, NLST, and other permissions. It is more practical.
ALL: All Permissions
Login: permitted to log on

Objects applied to the above limit include the following

The limit allowed by allowuser for a user
Denyuser's limit for a user
The limit allowed by allowgroup for a user group
Denygroup's limit for a user group
Allowall limit allowed for all user groups
Denyall indicates the limit forbidden by all users.

The maximum speed is:

Transferrate stor | RETR speed (Kbytes/s) for the user

The following is an example of ProFTP configuration, which may be easier to understand.

1. The FTP server supports resumable data transfer. A maximum of 10 concurrent online users are supported. Only one connection is allowed for each IP address;
2. The ftpusers user group is allowed to access only their own directories, but not the upper-level or other directories;
3. When a user logs on to the server, the FTP server version information is not displayed to increase security;
4. Create a kaoyan FTP account that belongs to the ftpusers group. The kaoyan user can only download the account and has no write permission. The download speed is limited to 50 Kbytes/s.
5. Creating an upload user also belongs to the ftpusers group. Like the kaoyan user's home directory, upload users are allowed to upload files and create directories, but cannot download files, directory and file deletion permissions are not allowed. The upload speed is controlled at 100 Kbytes/s.

First, the user and group add and directory permission settings in the Early Stage

Group Add ftpusers
Useradd-D/home/kaoyan-G ftpusers-S/bin/Fales kaoyan
Useradd-D/home/kaoyan-G ftpusers-S/bin/Fales upload
Chown-r kaoyan: Upload/home/kaoyan
Chmod-r 775/home/kaoyan

If you only want access from users in the ftpusers group, you can set the access to 770.
Set/usr/local/ProFTPD/etc/ProFTPd. conf

Note # It indicates the annotation. It does not affect the setting and can be left empty.

Servername "Frank's FTP server"
Servertype Standalone
Defaultserver on
Port 21
Umask 022
Maxinstances 30 # Up to 30 ProFTPD PIDs
User nobody
Group nobody
Timeoutstalled 10
Maxclients 10 # A maximum of 10 online users are allowed
Maxclientsperhost 1 "sorry, one IP address only allows one connection"
Allowstorerestart on
# Resumable upload is supported by default. resumable upload is not required.
Displaylogin welcome. MSG # Welcome Word file
Serverident off # Shield server version information
Defaultroot ~ Ftpusers # Set the ftpusers group to only access its own directory

<Directory/>
Allowoverwrite on
</Directory>
<Directory/home/kaoyan>
<Limit write> # Write not allowed
Denyuser kaoyan
</Limit>
<Limit rmd rnfr dele retr> # Delete, rename, and download are not allowed.
Denyuser upload
</Limit>
Transferrate RETR 50 user kaoyan
Transferrate stor 100 user upload
</Directory>

The implementation method can also be implemented through

<Anonymous ~ Kaoyan>

...

...

</Anonymous>

<> <Anonymous ~ Upload>

...

...

</Anonymous>

And it is more flexible. In that way, I just want to open a door for you.

Okay. Let's talk about this today. We will continue to talk about other ProFTP configurations tomorrow.