PURE-FTPD installation configuration notes in Linux

Download:

Download the latest stable version from the official website http://www.pureftpd.org/its latest version is 1.0.29, download address
As: http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.29.tar.bz2.

System environment

CentOS 5.5
PUREFTPD 1.0.29

Compiling the installation

The code is as follows	Copy Code
# TAR-XVJF PURE-FTPD-1.0.29.TAR.BZ2 # CD Pure-ftpd-1.0.29 #./configure--help # View compilation options

PUREFTPD has a number of compilation configuration options, here are some of the major configurations

--prefix=prefix


--with-sysquotas using System disk quotas (not virtual)


--with-altlog Support Select Log format (similar to Apache)


--with-puredb support for virtual users (FTP login user rather than system user)


--with-extauth supports extended validation modules


--with-pam Enable PAM authentication Support (default = disabled)


--with-cookie Enable cookie support (-f option)


--with-throttling Support for bandwidth control (default = disabled)


--with-ratios support upload/download speed control


--with-quotas supports. ftpquota files (Specify disk quota usage)


--with-ftpwho Support pure-ftpwho (view online user's program)


--with-largefile support for files larger than 2G


--WITH-WELCOMEMSG Support welcome.msg backward compatibility (obsolete)


--with-uploadscript upload allows external scripts to be executed (test phase)


--with-virtualhosts provides virtual server functionality at different IP addresses


--with-virtualchroot allows you to jump to an external through a conforming connection in a chroot environment


--with-diraliases Enable directory aliases


--with-nonroot Normal mode, or restricted mode. If you do not have root permissions on this server


That only enables this item


--with-peruserlimits supports concurrency restrictions for each user


--with-language= language Support < 中文版 | Traditional-chinese | Simplified-chinese>


--WITH-LDAP provides user databases in the LDAP directory


--with-mysql Store user data in MySQL database


--with-pgsql Store user data in the PostgreSQL database


--WITH-PRIVSEP Enable permission separation


--WITH-TLS Enable SSL/TLS support (testing phase, need to install OpenSSL)


--with-certfile= certificate file (default directory:/ETC/SSL/PRIVATE/PURE-FTPD.PEM)


--WITH-RFC2640 Enable compliant RFC 2640 support (UTF-8 encoded file name, test phase, need to install iconv)


--with-everything enables most options to compile the server side of the feature version.


For convenience, I've used several basic compilation commands here to configure a fully functional version of the program

The code is as follows	Copy Code
#./configure--prefix=/usr/local/pure-ftpd/--with-language=simplified-chinese--with-everything

Note: If you want to specify an installation path, the path is best/usr/local/pure-ftpd or/usr/local/pureftpd/or simply unspecified. If you do not specify a directory, the default is to install the program's files under the appropriate directory under/usr/local. I specify the directory here for ease of administration. As for why the installation directory also has such exquisite, in the following to explain.

The code is as follows

Copy Code

# Make && make check && make install # MKDIR/USR/LOCAL/PURE-FTPD/ETC # cp configuration-file/pure-ftpd.conf/usr/local/pure-ftpd/etc/# Config file copy to/etc directory # CP configuration-file/pure-config.pl/usr/local/pure-ftpd/sbin/ It seems that make install forgot to copy the file to the appropriate directory, and we have to do it manually. # chmod 755/usr/local/pure-ftpd/sbin/pure-config.pl # Set the appropriate permissions

System integration

The system integration described here is to develop system variables, so that the system can find the program we just installed, the simplest way is to have some executable program, man file in the system designated path to establish symbolic links on it. Of course, we can also modify the system variables, such as the path variable, the man page configuration file, and so on. But I'm still used to establishing a matching connection in the corresponding directory.

The code is as follows	Copy Code
# cd/usr/local/bin/ # ln-s/usr/local/pure-ftpd/bin/*. # ln-s/usr/local/pure-ftpd/sbin/*/usr/local/sbin/ # ln-s/usr/local/pure-ftpd/man/man8/*/usr/local/share/man/man8/

PUREFTPD Configuration

A major feature of the PUREFTPD program is that it is officially recommended to start the service in the form of command-line arguments, rather than the form of a command that we often use. However, PUREFTPD also supports reading configuration files. Just use a script written in Python to convert the values in the configuration file to command-line arguments!

(1) Create an anonymous access FTP server

Anonymous user access to the FTP server better configuration, only need to do with the anonymous user-related configuration. If you only open an FTP server that is anonymous, its FTP directory is the home directory of the FTP users in the system. You can use the finger command to view:

The code is as follows	Copy Code
# Finger FTP Login:ftp name:ftp User Directory:/var/ftp Shell:/sbin/nologin Never logged in. No Mail. No plan.

Of course, this directory can also be modified by modifying the/etc/passwd file. But remember, this directory is for anonymous users only.

Modify anonymous user upload/download directory, and related permissions

The code is as follows	Copy Code
# usermod-d/home/ftp # Mkdir/home/ftp;chown Ftp.ftp/home/ftp

Modify related Configuration
# vi/etc/pure-ftpd.conf

Chrooteveryone Yes # enable Chroot


Brokenclientscompatibility Yes # compatible with different clients


Daemonize Yes # background run


Maxclientsperip 20 # Maximum number of connections per IP


Verboselog Yes # record log


Displaydotfiles No # show hidden files


AnonymousOnly Yes # only anonymous users are allowed to access


Noanonymous No # Running an anonymous user connection


Syslogfacility None # do not display logs in the Syslog log


Dontresolve Yes # do not perform client DNS resolution


MaxIdleTime 15 # Maximum idle time


Limitrecursion 2000 8 # Browsing restrictions, File 2000, directory 8 layers


Anonymouscancreatedirs Yes # Anonymous users can create directories


Maxload 4 # No download after load exceeded


PassivePortRange 45000 50000 # Passive mode port range


Anonymousratio 1 10 # Anonymous user upload/download rate


Antiwarez Yes # prohibit downloading anonymous user uploaded but unauthenticated files


Anonymousbandwidth 200 # Anonymous user bandwidth limit (KB)


Umask 133:022 # Create a file/directory default mask


Minuid 100 # Maximum UID limit


ALLOWUSERFXP No # Only run user for FXP transmission


ALLOWANONYMOUSFXP No # Allow anonymous FXP transmission for anonymous and non-anonymous users


Prohibitdotfileswrite No # Cannot delete/write hidden files


Prohibitdotfilesread No # Disable reading of hidden files


Autorename Yes # automatically renames files with the same name


Anonymouscantupload No # does not allow anonymous users to upload files


Altlog clf:/var/log/pureftpd.log # CLF format log file location


Maxdiskusage 99 # Prohibit uploading when disk usage hits 99%


Customerproof Yes # Prevent command errors from operating


Configure an anonymous access server, the above parameters are sufficient. Can be based on their own requirements to do a number of targeted


's settings. Detailed parameter description see appendix

Start the PUREFTPD service

The code is as follows	Copy Code
# pure-config.pl/usr/local/pure-ftpd/etc/pure-ftpd.conf

The following information is displayed on the screen
Running:/usr/local/pure-ftpd/sbin/pure-ftpd-a-b-b-c20-d-e-fnone-h-i15-l2000:8-m-m4-p45000:50000-q1:10-s- T200-u133:022-u100-r-oclf:/var/log/pureftpd.log-k99-z

(2) Create a virtual user authenticated FTP server

Configure FTP login account
pure-ftp defaults to the Linux root user. Virtual users are better able to control access rights. A virtual user is a separate account system associated with a user of a Linux system. So it's a good idea to create a system account and group before creating a virtual user.
Create a ftpgroup group and ftpuser user

The code is as follows	Copy Code
# Groupadd Ftpgroup # useradd-g ftpgroup-d/dev/null-s/etc ftpuser

All subsequent operations related to the virtual user can be done using the ' PURE-PW ' command. Of course, you can also manually edit the corresponding file.

The following is a detailed format for storing files for a virtual user, one line for a user

The code is as follows	Copy Code
<account>:<password>:<uid>:<gid>:<gecos>:: <download bandwidth>:<upload ratio>:<download Ratio>:<max numberof connections> : <files quota>:<size quota>:<authorized local ips>:<refusedlocal IPs> : <authorized Client ips>:<refused Client ips>:<timerestrictions>

The password field is an encrypted password that is encrypted in the same way as the system's user password, and the user can perform the Setup command configuration.
Except account, password, uid, GID, home directory fields, other fields can be empty

Use the command to add a virtual user
PURE-PW command format

The code is as follows	Copy Code
PURE-PW Useradd <login> [f <passwd file>]-u <uid> [g <gid>] -d/-d [-T <download Bandwidth>] [-T <upload Bandwidth>] [-N <max number of files>] [-N <max Mbytes>] [Q <upload Ratio>] [Q <download Ratio>] [-R <allow client host>[/<mask>][,...] [-R <deny client host>[/<mask>][,...] [-I <allow local host>[/<mask>][,...] [-I <deny local host>[/<mask>][,...] [y <max number of concurrent sessions>] [Z

For example:

code is as follows	copy code
PURE-PW Useradd joe-u ftpuser-d/home/ftpusers/joe

Prompt for two password after carriage return
When you specify a user's home directory using the-d parameter, the user is pinned to the directory and cannot switch to the parent directory. Use the-d parameter to specify the hone directory if you want users to have access to a different directory. The/home/ftpusers/joe directory is not necessary to manually create a
If Createhomedir Yes is specified in the PUREFTPD configuration file. When the user first logs on, the program automatically creates the appropriate directory if the directory does not exist. The
Use the-z parameter to specify that a user can log on to the FTP server only for a period of one day. For example, Z 0900-1800 then Joe can only log in at 9 and 6 o'clock in the afternoon in the morning. Note: If the user set the login time has been authenticated to the FTP server, then the landing time limit can only be used in his next login to verify the time to take effect. The
-R and-R parameters constrain the user from which IP landing. You can use the form of ip/mask, such as-R 192.168.1.0/24 multiple segments separated by commas, such as-R 192.168.1.0/24,10.1.0.0/16,127.0.0.1/32. Separate ip:-r 192.168.1.4,10.1.1.5 host name:-R bla.bla.net,yopcitron.com. and some compatible formats. The
-y parameter is limited to how many sessions (sessions) a user can initiate at the same time. "or 0 represents unrestricted. This option can reduce system load. Effect with Maxclientsperip
OK in the configuration file, now user "Joe" has been created successfully the default virtual user list file is stored in the/etc/directory of the installation directory and you can specify the file's storage path using the-f parameter
to view the contents of the file

The code is as follows	Copy Code
# CAT/USR/LOCAL/PURE-FTPD/ETC/PUREFTPD.PASSWD Joe:$1$ocfl1xw0$r0jaeh3cjgfbygbdn7qny/:501:501::/home/ftpusers/joe/./::::::

The password field is encrypted.

change user Information
After the virtual user is created, you can also modify its related information through the PURE-PW command, such as restricting the download
Bandwidth, disk quotas, user name, download upload rate, etc.
For example: I want to modify the user Joe's maximum file size of 1000, 10MB, the command is as follows:
# PURE-PW Usermod joe-n 1000-n 10
View the virtual user list file
# CAT/USR/LOCAL/PURE-FTPD/ETC/PUREFTPD.PASSWD
joe:$1$ocfl1xw0$r0jaeh3cjgfbygbdn7qny/:501:501::/home/ftpusers/joe/./::::::1000:10485760::::

Resetting user Properties
To disable the number of file quotas, perform PURE-PW usermod-n '
To disable file size quotas, perform PURE-PW usermod-n '
To disable the upload/download rate, perform PURE-PW usermod-q '-Q '
To disable download bandwidth throttling, perform PURE-PW usermod-t '
To prohibit uploading of bandwidth limits, perform PURE-PW usermod-t '
To prohibit IP address filtering, use PURE-PW usermod <-i,-i,-r or-r> '
To prohibit landing time restrictions, perform PURE-PW usermod-z '
To prevent maximum concurrency control, perform PURE-PW usermod-y '

Delete User
Use the PURE-PW userdel command to delete a user who already exists
PURE-PW Userdel <login> [f <passwd file>] [m]
such as: PURE-PW Userdel Joe
Files in the user's home directory are not deleted and need to be deleted manually

Change Password
command to change user password
# PURE-PW passwd <login> [f <passwd file>] [m]

Use the PURE-PW command to view user information
# PURE-PW Show Joe

Login:joe


Password: $1$ocfl1xw0$r0jaeh3cjgfbygbdn7qny/


uid:501 (Ftpuser)


gid:501 (Ftpgroup)


Directory:/home/ftpusers/joe/./


Full Name:


Download bandwidth:0 Kb (unlimited)


Upload bandwidth:0 Kb (unlimited)


Max files:0 (enabled)


Max size:10 Mb (enabled)


ratio:0:0 (unlimited:unlimited)


Allowed local IPs:


Denied Local IPs:


Allowed client IPs:


Denied Client IPs:


Time restrictions:0000-0000 (unlimited)


Max Sim sessions:0 (unlimited)


★ Apply Changes


Important:


You can add/remove users by using the commands mentioned above or manually, modify user-related restriction properties, and so on, but these changes are for the virtual user list file (pureftpd.passwd). PUREFTPD Server program is not aware of this file. In order for FTP server to recognize the changes we made, we had to generate puredb files through the PURE-PW mkdb command, in fact puredb data files were converted from PUREFTPD.PASSWD files, for FTP The server can retrieve the specified user more quickly.


For example:


# PURE-PW MKDB-&gt; When you use PURE-PW to build a virtual user, be sure to use the PURE-PW mkdb command to generate the database file, or you cannot authenticate the virtual user after the pure-ftp is started


pureftpd.pdb files are generated by default in the Software installation directory/etc directory.


such as:/usr/local/pure-ftpd/etc/pureftpd.pdb

Or directly specify the generated PDB file and the referenced virtual user list file
such as: PURE-PW mkdb/etc/accounts/myaccounts.pdb-f/etc/accounts/myaccounts.txt

The PDB database file is regenerated after the virtual user list file has been changed. However, it is not necessary to restart the PUREFTPD service. You can use the-m parameter to immediately apply changes to the PDB database file, such as:
# PURE-PW passwd joe-m
After you have entered the new password two times, the password changes are applied to both the list file and the PDB database file. is not very convenient!

☆ Enable Virtual user authentication Login
1, compile the FTP server side must be added to the--with-puredb option, or simply--with-everything
2, the configuration file to add puredb/etc/pureftpd.pdb or start the server program when adding parameters
-L PUREDB/USR/LOCAL/PURE-FTPD/ETC/PUREFTPD.PDB
3. Be sure to pay attention to the location of your PDB files

0 configuration file vi/usr/local/pure-ftpd/etc/pure-ftpd.conf

Chrooteveryone Yes # enable Chroot


Brokenclientscompatibility Yes # compatible with different clients


Daemonize Yes # background run


Maxclientsperip 20 # Maximum number of connections per IP


Verboselog Yes # record log


Displaydotfiles No # show hidden files


AnonymousOnly No # Only allow anonymous users to access


noanonymous Yes # do not allow anonymous users to connect


Syslogfacility None # do not display logs in the Syslog log


Dontresolve Yes # do not perform client DNS resolution


MaxIdleTime 15 # Maximum idle time


Limitrecursion 2000 8 # Browsing restrictions, File 2000, directory 8 layers


Anonymouscancreatedirs No # Anonymous users can create directories


Maxload 4 # No download after load exceeded


PassivePortRange 45000 50000 # Passive mode port range


#AnonymousRatio 1 10 # Anonymous user upload/download rate


Userratio 1 10 # All users upload/download ratio


Antiwarez Yes # prohibit downloading anonymous user uploaded but unauthenticated files


#AnonymousBandwidth 200 # Anonymous user bandwidth limit (KB)


Userbandwidth 8 # Maximum bandwidth for all users (KB)


Umask 133:022 # Create a file/directory default mask


Minuid 100 # Maximum UID limit


ALLOWUSERFXP No # Only run user for FXP transmission


ALLOWANONYMOUSFXP No # Allow anonymous FXP transmission for anonymous and non-anonymous users


Prohibitdotfileswrite No # Cannot delete/write hidden files


Prohibitdotfilesread No # Disable reading of hidden files


Autorename Yes # automatically renames files with the same name


Anonymouscantupload Yes # do not allow anonymous users to upload files


Altlog clf:/var/log/pureftpd.log # CLF format log file location


PUREDB/USR/LOCAL/PURE-FTPD/ETC/PUREFTPD.PDB # User database files


Maxdiskusage 99 # Prohibit uploading when disk usage hits 99%


Createhomedir Yes # automatically created if the virtual user's directory does not exist


Customerproof Yes # Prevent command errors from operating


Start the PUREFTPD service


# pure-config.pl/usr/local/pure-ftpd/etc/pure-ftpd.conf


To pureftpd with the system, add the command to the/etc/rc.local file as follows


# echo "pure-config.pl/usr/local/pure-ftpd/etc/pure-ftpd.conf" &gt;&gt;/etc/rc.local

Appendix 1:pure-config.pl Documents

The code is as follows

Copy Code

#! /usr/bin/perl # (C) 2001-2006 Aristotle Pagaltzis # derived from code (C) 2001-2002 Frank Denis and Matthias Andree Use strict; My ($conffile, @flg) = @ARGV; My $PUREFTPD; -X && ($PUREFTPD =$_, last) for QW ( ${exec_prefix}/sbin/pure-ftpd /usr/local/pure-ftpd/sbin/pure-ftpd /usr/local/pureftpd/sbin/pure-ftpd /usr/local/sbin/pure-ftpd /usr/sbin/pure-ftpd ); My%simple_switch_for = ( Ipv4only =&gt; "-4", Ipv6only =&gt; "-6", Chrooteveryone =&gt; "-A", Brokenclientscompatibility =&gt; "-B", Daemonize =&gt; "-B", Verboselog =&gt; "-D", Displaydotfiles =&gt; "-D", AnonymousOnly =&gt; "-E", Noanonymous =&gt; "-E", Dontresolve =&gt; "-H", Anonymouscancreatedirs =&gt; "-M", Natmode =&gt; "-N", Calluploadscript =&gt; "-O", Antiwarez =&gt; "-S", ALLOWUSERFXP =&gt; "-W", ALLOWANONYMOUSFXP =&gt; "-W", Prohibitdotfileswrite =&gt; "-X", Prohibitdotfilesread =&gt; "-X", Allowdotfiles =&gt; "-Z", Autorename =&gt; "-R", Anonymouscantupload =&gt; "-i", Logpid =&gt; "-1", Nochmod =&gt; "-R", Keepallfiles =&gt; "K", Createhomedir =&gt; "-j", Norename =&gt; "-G", Customerproof =&gt; "-Z", Notruncate =&gt; "-0", ); My%string_switch_for = ( filesystemcharset       => "-8", ClientCharset& nbsp;      => "-9", syslogfacility      => "-F", fortunesfile        => "-F", forcepassiveip       => "-P", bind                 => "-S", anonymousbandwidth  => "-T", userbandwidth       = > "-T", trustedip           => "-V", altlog           => "-o", pidfile          => "-G", ); My%numeric_switch_for = ( MaxIdleTime => "-i", Maxdiskusage => "K", Trustedgid => "-a", Maxclientsnumber => "-C", Maxclientsperip => "-C", Maxload => "-M", Minuid => "-U", TLS => "-y", ); My%numpairb_switch_for = ( Limitrecursion => "-L", PassivePortRange => "-P", Anonymousratio => "-Q", Userratio => "-Q", ); My%numpairc_switch_for = ( Umask => "-U", Quota => "-N", Peruserlimits => "-y", ); My%auth_method_for = ( Ldapconfigfile => "LDAP", Mysqlconfigfile => "MySQL", Pgsqlconfigfile => "Pgsql", Puredb => "Puredb", Extauth => "Extauth", ); My $simple _switch = qr/(@{[join "|", Keys%simple_switch_for]}) s+yes/i; My $string _switch = qr/(@{[join "|", Keys%string_switch_for]}) s+ (s+)/I; My $numeric _switch = qr/(@{[join "|", Keys%numeric_switch_for]}) s+ (d+)/I; My $NUMPAIRB _switch = qr/(@{[join "|", Keys%numpairb_switch_for]}) s+ (d+) s+ (d+)/I; My $numpairc _switch = qr/(@{[join "|", Keys%numpairc_switch_for]}) s+ (d+):(d+)/I; My $auth _method = qr/(@{[join "|", Keys%auth_method_for]}) s+ (s+)/I; Die "usage:pure-config.pl [Extra Options]n" unless defined $conffile; Open CONF, "< $conffile" or die "Can ' t open $conffile: $!n"; !/^s* (?: $|#)/and (Chomp, push @flg, /$simple _switch/i? ($simple _switch_for{$1}): /$string _switch/i? ($string _switch_for{$1}. $): /$numeric _switch/i? ($numeric _switch_for{$1}. $): /$NUMPAIRB _switch/i? ($numpairb _switch_for{$1}. "$2:$3"): /$numpairc _switch/i? ($numpairc _switch_for{$1}. "$2:$3"): /$auth _method/i? ("-L". "$auth _method_for{$1}:$2"): /unixauthentications+yes/i? ("-L". "Unix"): /pamauthentications+yes/i? ("-L". "Pam"): () ) while; Close CONF; Print "Running: $PUREFTPD", Join ("", @flg), "n"; exec {$PUREFTPD} ($PUREFTPD, @flg) or die "cannot exec $PUREFTPD: $!";

Appendix 2:PURE-FTPD.CONF Documents

The code is as follows

Copy Code

# VI Sample pure-ftpd.conf # limit each user to their own home directory Chrooteveryone Yes # Compatible with IE and other non-normalized FTP clients. Default: No Brokenclientscompatibility Yes # Maximum number of user connections. Default: 50 Maxclientsnumber 2000 # background mode (daemon mode) Daemonize Yes # The same IP allow the number of connections (can prevent thunder, express and other programs crazy thread). Default: 8 Maxclientsperip 20 # If you want to log all client commands, set to ' yes ' this option to synchronize the log to the log server. Default: No Verboselog Yes # Show hidden files. Default: Yes Displaydotfiles Yes # The user is not allowed to authenticate. As an anonymous FTP server only. Default: No AnonymousOnly No # Anonymous user connections are not allowed. Only authenticated user connections are allowed. Default: No Noanonymous No # This option is to say what type of log synchronization is written to the syslog. # types include (auth, authpriv, daemon, FTP, security, user, local*) # The default is "FTP" If you do not want to display the FTP log in/var/log/message. Then disable: "None" Syslogfacility None # Show Cookies # Fortunesfile/usr/share/fortune/zippy # The host name is not resolved in the log file. The more verbose the log, the greater the bandwidth required. If the server's # DNS resolution is problematic or the server is overloaded, it is recommended that the option be configured yes. The default is: Yes Dontresolve Yes # Maximum idle time. Units: minutes (default = 15 minutes) MaxIdleTime 15 # LDAP configuration file # ldapconfigfile/etc/pureftpd-ldap.conf # MySQL configuration file (see README for details). MySQL) # mysqlconfigfile/etc/pureftpd-mysql.conf # Postgres configuration file (see README for details). Pgsql) # pgsqlconfigfile/etc/pureftpd-pgsql.conf # Puredb User Database (see README for details). Virtual-users) # puredb/etc/pureftpd.pdb # PURE-AUTHD Socket Path (see README for details). Authentication-modules) # Extauth/var/run/ftpd.sock # If you want to use Pam validation, uncomment the line below # pamauthentication Yes # If you want to use/etc/passwd file validation. Uncomment the following line # unixauthentication Yes # Note: ldapconfigfile, Mysqlconfigfile, Pamauthentication and Unixauthentication # Only one is enabled, but they can be used jointly. For example, you enabled the Mysqlconfigfile and then enabled the # unixauthentication so at the same time only SQL Server is available. If the SQL authentication fails, # For example, the user did not find, then the system will retry the other way to verify, this time it will find/etc/passwd and #/etc/shadow file. If the result of the SQL validation is a bad password, then the following # verified. As a result, the validation method can write multiple, but at the same time only one work, and when the verification is not found # The next authentication method is not performed until the information is made. However, validation is terminated when validation errors are made. # ' ls ' recursive limit. The first parameter is the maximum number of files that can be displayed. The second parameter is the subfolder depth Limitrecursion 2000 8 # Whether anonymous users can create new folders Anonymouscancreatedirs No # If the system load exceeds the number given below, anonymous users will not be able to download Maxload 4 # The range of ports assigned to it in passive connection mode. Facilitates the development of firewall configurations. PassivePortRange 45000 50000 # force an IP address to work in PASV/EPSV/SPSV mode. -For NAT. # FORCEPASSIVEIP 192.168.0.1 # Anonymous user upload/download rate # anonymousratio 1 10 # Upload/download rate for all users. This option can replace the above option # userratio 1 10 # prohibit downloading of files with owner ' FTP '. For example, files that were not authenticated by the local administrator after the anonymous user was uploaded. Antiwarez Yes # The IP address and port used for listening (default = All IP and port 21). # Bind 127.0.0.1,21 # Anonymous user maximum bandwidth limit, Unit kb/s Anonymousbandwidth 200 # Maximum bandwidth limit for all users (including anonymous) units KB/S # There's no need to open anonymousbandwidth and userbandwidth at the same time # Userbandwidth 8 # New File default mask. < file mask >:< directory mask > # can be set to 177:077 for security purposes Umask 133:022 # Verify minimum uid for logged-in user Minuid 100 # Allow authenticated users only for FXP transmissions ALLOWUSERFXP No # Allow anonymous FXP transmissions for anonymous and non-anonymous users ALLOWANONYMOUSFXP No # users cannot delete/write hidden files, even if they are not allowed by the owner of the file. # If the Trustedgid option is a member of the group that owns the enabled file, the hidden file can be accessed Prohibitdotfileswrite No # Prohibit reading of hidden files (such as. History,. SSH ...) Prohibitdotfilesread No # never overwrite files. If the uploaded file already exists, the system will automatically name it file.1, file.2, file.3, ... Autorename Yes # do not allow anonymous users to upload files (no = Allow upload) Anonymouscantupload No # only non-anonymous user connections from the following IP addresses are allowed. You can use this command to open a few public # network IP to provide anonymous FTP, while retaining a private firewall protected IP for remote management. You # You can also allow only one intranet address to authenticate, while providing a purely anonymous FTP service on another IP. #TrustedIP 10.1.1.1 # If you want to add a PID tag to each line in the log, remove the comments from the downlink #LogPID Yes # Create an additional log file with an Apache-like format, such as: # Fw.c9x.org-jedi [13/dec/1975:19:36:39] "get/ftp/linux.tar.bz2" 200 21809338 # This log file can be processed by WWW Traffic analysis tool Altlog Clf:/var/log/pureftpd.log # Create an extra log file for the statistic report using the optimized format # Altlog Stats:/var/log/pureftpd.log # Create an extra log file using the standard format of the PDF. (Compatible with most commercial log analyzer) # Altlog W3c:/var/log/pureftpd.log # The chmod command is not allowed. Users cannot modify the properties of their uploaded files #NoChmod Yes # Allow users to recover and upload files, but not be able to remove them #KeepAllFiles Yes # Automatically create a directory if the user's home directory does not exist #CreateHomeDir Yes # Enable virtual disk quotas. The first parameter is the maximum number of files, the second parameter is a total size, in megabytes # such as: 1000:10 limit each user maximum file 1000 and not more than 10MB #Quota 1000:10 # If you add the ' standalone ' option when compiling pure-ftpd, you can change the PID file location # default Directory/var/run/pure-ftpd.pid #PIDFile/var/run/pure-ftpd.pid # If you add the Pure-uploadscript option when compiling pure-ftpd, this instruction will make # pure-ftpd send information about new uploads to/var/run/pure-ftpd.upload.pipe, # so pure-uploadscript can read and call a script to handle the new uploads. #CallUploadScript Yes # This option is useful for anonymously uploaded servers. /var/ftp in/var, you need to keep a certain # disk space to protect log files. When the disk partition is in use more than X, the new upload is not accepted. Maxdiskusage 99 # If you don't want the user to rename the file, set it to Yes #NoRename Yes # ' Customer proof ': option to prevent error commands that ordinary users perform by mistake # such as: ' chmod 0 public_html ', this is a valid command, but after the execution of the command, the user # to lock their own files, then your trouble comes, you need to give users to solve this # Some stupid problems caused by the user. If you're sure that your users have some UNIX basics # knowledge, then this option is not necessary to set up, or it is recommended to enable it. Customerproof Yes # All users are doing the same limit. Only the--with-peruserlimits option is added at compile time # before it can be enabled. The format is: < maximum licensed process >:< anonymous user Max process for each user > # For example: 3:20 the same authenticated user can have a maximum of 3 simultaneous processes. And at the same time most # there can be only 20 anonymous user processes # peruserlimits 3:20 # When a file is uploaded, the old file will not be moved until a file with the same name is already on the server # will not be deleted. The uploaded part will be temporarily placed in a temporary file before the new file is uploaded. # in, when the upload is completed will automatically switch to the new uploaded files. For example: When there is a PHP on the server # The script is executing, but I'm uploading a new PHP script now, so when I'm finished uploading # old file switch to new file. Instead of putting old files in the beginning of the upload, as some programs do # covered, so the goal is to minimize the program errors that are running. This option # cannot be used at the same time as virtual quotas. # notruncate Yes # This option can accept 3 optional values: # 0: Disable SSL/TLS encryption Layer (default). # 1: Accept traditional and encrypted connections at the same time # 2: Deny connections without SSL/TLS security authentication, including anonymous connections # do not blindly uncomment without identifying the following three questions: # 1 whether SSL/TLS support (--WITH-TLS) is enabled when compiling pureftpd, # 2 Whether a valid certificate is included in the system # 3 after opening, only compatible clients can log on # TLS 1 # in standalone mode only listens for IPV4 address (same as disabled IPv6) # default is IPV4 and IPV6 simultaneously monitor # ipv4only Yes # in standalone mode only listens for IPV6 address (same as disabled IPv4) # ipv6only Yes # UTF-8 support for file name # Filesystemcharset Big5 # Clientcharset Big5