Figure-ProFTPD
ProftpdBy default, users can log on to the system using non-root users, all of which are in their/home directory after logon.
Anonymous Users cannot log on. To further set permissions, You need to customize them in proftpd. conf.
In the default conf file, the following example is provided:
- # User ftp
-
- # Group nogroup
-
- # # We want clients to be able to login with "anonymous" as well as "ftp"
-
- # UserAlias anonymous ftp
-
- # # Cosmetic changes, all files belongs to ftp user
-
- # DirFakeUser on ftp
-
- # DirFakeGroup on ftp
-
- # RequireValidShell off
-
- # # Limit the maximum number of anonymous logins
-
- # MaxClients 10
-
- # # We want 'welcome.msg' displayed at login, and '.message' displayed
-
- # # in each newly chdired directory.
-
- # DisplayLogin welcome.msg
-
- # DisplayFirstChdir .message
-
- # # Limit WRITE everywhere in the anonymous chroot
-
- # DenyAll
-
- # # Uncomment this if you're brave.
-
- # # # Umask 022 is a good standard umask to prevent new files and dirs
-
- # # # (second parm) from being group and world writable.
-
- # # Umask 022 022
-
- # # DenyAll
-
- # # AllowAll
-
The format of the proftpd configuration file is similar to that of apache:
# Global settings
Set Project 1 parameter 1
Set Project 2 parameter 2
# Setting a directory
# Anonymous user settings
The most important part is the limit, which involves specific permission control.
CMD: Change Working Directory Change Directory
MKD: MaKe Directory permission for creating Directories
RNFR: ReName FRom change directory name permission
DELE: DELEte permission for deleting objects
RMD: ReMove Directory permission to delete Directory
RETR: RETRieve permission for downloading data from the server to the client
STOR: The permission for STORe to upload data from the client to the server.
READ: READ Permission, excluding the column directory permission, equivalent to RETR, STAT, etc.
WRITE: permission to WRITE files or directories, including MKD and RMD.
DIRS: whether to allow column directories, which is equivalent to LIST, NLST, and other permissions. It is more practical.
ALL: ALL Permissions
LOGIN: permitted to log on
The following specific configurations are available for these settings:
The Limit allowed by AllowUser for a user
DenyUser's Limit for a user
The Limit allowed by AllowGroup for a user group
DenyGroup's Limit for a user group
AllowAll Limit allowed for all user groups
DenyAll indicates the Limit forbidden by all users.
In addition, the speed can be limited for individual users.
TransferRate STOR | RETR speed (Kbytes/s) for the user
Virtual users cannot log on. Therefore, it must be modified
Below is my configuration
User ftp # specify the User group and name
Group nogroup
UserAlias anonymous ftp # enables both ftp and anonymous users to log on
DirFakeUser on ftp
DirFakeGroup on ftp
RequireValidShell off
MaxClients 50 maximum number of connections of the user
DisplayLogin welcome. msg # display the welcome information. Note that the msg file is placed in the main directory after login.
DisplayFirstChdir. message
MaxClientsPerHost 3 # maximum number of connections per host
# Set the directory, that is, writing is not allowed.
DenyAll
# For the upload directory settings, we have an incoming folder that must be uploaded by others.
Umask 022 022
# Download prohibited
DenyAll
# Allow uploading and creating Directories
AllowAll
At the same time, we also need to manage ftp. Therefore, a user named ftpadmin is created in the system and belongs to the nogroup group. login is not allowed. At the same time, it is granted all ftp Permissions
User ftpadmin
Group nogroup
AllowAll
At the same time, it should be noted that after restrictions are imposed on proftpd, ftp permissions are also restricted by the host file system permissions.
Therefore, assign the nogroup Group read and write permissions to the ftp directory.
Through the above descriptions and examples, we can clearly understand that proftpd is easy to set permissions, and hope to be useful to you!