Objective
In Linux, Ftpserver has a lot of software, we have matured, like vsftpd, Wu-ftp, pure-ftpd and so on. However, the installation of the software all, the configuration is more troublesome, the establishment of personal ftpserver, is still proftpd relatively simple.
Folder
- PROFTPD Introduction
- PROFTPD Installation
- PROFTPD configuration file
- PROFTPD Usage Scenarios
- Client Interview
1. PROFTPD Introduction
PROFTPD is an open source Ftpserver software, it is the original world-wide use of the wu-ftpd of the improved version, it fixes many defects of wu-ftpd, in many ways, a major improvement, one of the important changes is that it learned how Apache configuration , making PROFTPD configuration and management easier to understand.
There are two ways to do this, stand-alone server and the child server of the super server.
This is a good choice for both security and stability, and for configuration.
Official site:http://www.proftpd.org/
2. PROFTPD Installation
System environment
- Linux Ubuntu 12.04.2 LTS 64bit Server
Installing PROFTPD
~ sudo apt-get install proftpd
Select "Standalone"
View PROFTPD Status
~ sudo /etc/init.d/proftpd statusProFTPD is started in standalone mode, currently running.~ ps -aux|grep ftpproftpd 6674 0.0 0.1 94648 2092 ? Ss 16:05 0:00 proftpd: (accepting connections)#启动port21~ netstat -nltp|grep 21tcp6 0 0 :::21 :::* LISTEN -
3. PROFTPD configuration file
Configuration file:/etc/proftpd/proftpd.conf
#配置server名ServerName""blog.fens.me FTP Server" #设置server执行模式,独立服务,或者被监管ServerTypestandalone #设置为默认serverDefaultServeron #设置server进程执行使用的用户Userproftpd#设置server进程执行使用的组Group nogroup#设置关闭IPv6支持UseIPv6 off#设置server接受请求的portPort21 #设置被动模式使用的port范围PassivePorts 60000 65535#设置用户上传文件的权限掩码Umask022#设置用户被chroot锁定到的各自的Home文件夹DefaultRoot/ftp#关闭欢迎信息显示DeferWelcomeoff #假设显示欢迎信息,则指定显示的文件DisplayLoginwelcome.msg #指定切换文件夹时,显示的欢迎信息DisplayChdir.message #设置日志SystemLog /var/log/proftp.logTransferLog /var/log/proftp-transfer.log
#限定操作
<Limit SITE_CHMOD>DenyAll</Limit>
#设置匿名用户资源
<Anonymous "/ftp/c">...</Anonymous>
#配置存储文件夹权限
<Directory "/ftp/a/" ><Limit ALL>AllowUser xAllowUser a1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory>
Limit Permission Description:
- Cwd:change working Directory into the folder
- Mkd:make Directory Creation folder
- Rnfr:rename from renaming
- Dele:delete Deleting files
- Rmd:remove Directory Delete Folder
- READ: Readable
- Write: Writable
- STOR: Can be uploaded
- RETR: Available for download
- DIRS: Agree to list folders
- Login: Consent to Login
- All: All
4. PROFTPD Usage Scenarios
Description of the scene: a company to establish a unified ftpserver (/FTP). The company has a department (/FTP/A), b two Departments (/ftp/b). There is a separate storage space.
A1 for a department manager has the right to (/FTP/A) operational rights, A2 for a department staff can only read documents.
B1 for the B Department manager has the right (/ftp/b) operation permission, B2 for the B Department staff only can read the document.
X is the general manager of the company and has rights to (/FTP) operations.
Operation Permissions:
/ftp -- x全部操作/ftp/a -- a1全部操作, a2仅仅读/ftp/b -- b1全部操作, b2仅仅读
Command operation:
# 创建FTP文件夹sudo mkdir /ftpsudo mkdir /ftp/asudo mkdir /ftp/b# 创建用户组sudo groupadd asudo groupadd b
Ubuntu System configuration Nologin, slightly different from other Linux
~ sudo vi /etc/shells# /etc/shells: valid login shells/bin/sh/bin/dash/bin/bash/bin/rbash/usr/bin/tmux/usr/bin/screen/usr/sbin/nologin
Last line Add/usr/sbin/nologin
Create user and set Nologin, disable FTP account login
sudo useradd a1 -g a -s /usr/sbin/nologinsudo useradd a2 -g a -s /usr/sbin/nologinsudo useradd b1 -g b -s /usr/sbin/nologinsudo useradd b2 -g b -s /usr/sbin/nologinsudo useradd x -G a,b -s /usr/sbin/nologin#设置账户passwordecho -e "a1:123" | sudo chpasswdecho -e "a2:123" | sudo chpasswdecho -e "b1:123" | sudo chpasswdecho -e "b1:123" | sudo chpasswdecho -e "x:123" | sudo chpasswd#设置文件夹权限sudo chown x /ftpsudo chown a1:a /ftp/asudo chmod 770 /ftp/asudo chmod g+s /ftp/asudo chown b1:b /ftp/bsudo chmod 770 /ftp/bsudo chmod g+s /ftp/b
Change config file:/etc/proftpd/proftpd.conf
~ sudo vi /etc/proftpd/proftpd.confServerName "blog.fens.me FTP Server"ServerType standaloneDefaultServer onPort 21Umask 022MaxInstances 30User proftpdGroup nogroupDefaultRoot /ftpAllowOverwrite onSystemLog /var/log/proftp.logTransferLog /var/log/proftp-transfer.log<Directory "/ftp/*"><Limit CWD READ>AllowAll</Limit></Directory><Directory "/ftp/a/" ><Limit ALL>AllowUser xAllowUser a1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory><Directory "/ftp/b/" ><Limit ALL>AllowUser xAllowUser b1DenyAll</Limit><Limit CWD READ RETR DIRS>AllowAll</Limit></Directory><Limit SITE_CHMOD>DenyAll</Limit>
Once again server
~ sudo /etc/init.d/proftpd restart * Stopping ftp server proftpd
5. Client Interview
Client command line: Win7 64bit command
Analog A1 User login:
~ ftp#建立连接ftp> open 192.168.1.201连接到 192.168.1.201。
ProFTPD 1.3.4a Server (blog.fens.me FTP server) [:: ffff:192.168.1.201] User (192.168.1.201: (None)): a1331 Password Required for a1password:230 User A1 logged in# view folder ftp> dir200 PORT command successful150 Opening ASCII mode Data conn ection for File Listdrwxrws---2 A1 a 4096 Nov 3 12:59 ADRWXRWS---2 b1 b 4096 Nov 3 12:25 b226 Transfer completeftp: Received 116 bytes, spents 0.00 seconds 58.00 kilobytes per second. ftp> cd a250 CWD command successfulftp> pwd257 "/A" is the current directoryftp> dir200 PORT command successful15 0 Opening ASCII Mode data connection for file list-rw-r--r--1 A2 a 55723 Nov 3 12:56 36kryunjiasu.docx -rw-r--r--1 A1 a 4 Nov 3 12:24 test.txt226 Transfer completeftp: 139 Bytes Received, spents 0.00 seconds 69.50 Kilobytes per second. #上传文件ftp > put c:\22.log200 PORT command successful150 Opening ASCII mode data connection for 22.log226 Transfer complet Eftp: Send 120 bytes, spents 0.06 seconds 2.18 kilobytes per second. #下载文件ftp > Get test.txt200 PORT command successful150 Opening ASCII mode data connection for Test.txt (4 bytes) 226 Transfer completeftp: Received 5 bytes, spents 0.00 seconds 5000.00 kilobytes per second. #尝试訪问B文件夹, error ftp> CD. /b550. /b:no such file or directory# exits ftp> bye221 Goodbye.
Analog A2 User login:
~ ftp#建立连接ftp> open 192.168.1.201连接到 192.168.1.201。
220 ProFTPD 1.3.4a Server (blog.fens.me FTP Server) [::ffff:192.168.1.201]用户(192.168.1.201:(none)): a2331 Password required for a2password:230 User a2 logged in#查看文件夹 ftp> dir200 PORT command successful150 Opening ASCII mode data connection for file listdrwxrws--- 2 a1 a 4096 Nov 3 13:09 adrwxrws--- 2 b1 b 4096 Nov 3 12:25 b226 Transfer completeftp: 收到 116 字节,用时 0.00秒 116.00千字节/秒。#上传文件,出错ftp> put c:\11.log200 PORT command successful550 11.log: Operation not permitted#下载文件ftp> get 22.log200 PORT command successful150 Opening ASCII mode data connection for 22.log (114 bytes)226 Transfer completeftp: 收到 120 字节,用时 0.00秒 120000.00千字节/秒。
With PROFTPD we build ftpserver in a high-speed interior. than WU-FTPD for convenience.
Copyright notice: This article Bo Master original articles, blogs, without consent may not be reproduced.
Related Ubuntu has several useful tool series for details