Home > Developer > Linux

Set permissions in proftpd

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

 

Figure-ProFTPD

ProftpdBy default, users can log on to the system using non-root users, all of which are in their/home directory after logon.

Anonymous Users cannot log on. To further set permissions, You need to customize them in proftpd. conf.

In the default conf file, the following example is provided:

 
 
    
  
  
  1. # User ftp  
    2. 
  
  
  2.  
    3. 
  
  
  3. # Group nogroup  
    4. 
  
  
  4.  
    5. 
  
  
  5. # # We want clients to be able to login with "anonymous" as well as "ftp" 
    6. 
  
  
  6.  
    7. 
  
  
  7. # UserAlias anonymous ftp  
    8. 
  
  
  8.  
    9. 
  
  
  9. # # Cosmetic changes, all files belongs to ftp user  
    10. 
  
  
  10.  
    11. 
  
  
  11. # DirFakeUser on ftp  
    12. 
  
  
  12.  
    13. 
  
  
  13. # DirFakeGroup on ftp  
    14. 
  
  
  14.  
    15. 
  
  
  15. # RequireValidShell off  
    16. 
  
  
  16.  
    17. 
  
  
  17. # # Limit the maximum number of anonymous logins  
    18. 
  
  
  18.  
    19. 
  
  
  19. # MaxClients 10  
    20. 
  
  
  20.  
    21. 
  
  
  21. # # We want 'welcome.msg' displayed at login, and '.message' displayed  
    22. 
  
  
  22.  
    23. 
  
  
  23. # # in each newly chdired directory.  
    24. 
  
  
  24.  
    25. 
  
  
  25. # DisplayLogin welcome.msg  
    26. 
  
  
  26.  
    27. 
  
  
  27. # DisplayFirstChdir .message  
    28. 
  
  
  28.  
    29. 
  
  
  29. # # Limit WRITE everywhere in the anonymous chroot  
    30. 
  
  
  30.  
    31. 
  
  
  31. # DenyAll  
    32. 
  
  
  32.  
    33. 
  
  
  33. # # Uncomment this if you're brave.  
    34. 
  
  
  34.  
    35. 
  
  
  35. # # # Umask 022 is a good standard umask to prevent new files and dirs  
    36. 
  
  
  36.  
    37. 
  
  
  37. # # # (second parm) from being group and world writable.  
    38. 
  
  
  38.  
    39. 
  
  
  39. # # Umask 022 022  
    40. 
  
  
  40.  
    41. 
  
  
  41. # # DenyAll  
    42. 
  
  
  42.  
    43. 
  
  
  43. # # AllowAll  
    44. 
  
  
  44.  
    45.

The format of the proftpd configuration file is similar to that of apache:

# Global settings

Set Project 1 parameter 1

Set Project 2 parameter 2

# Setting a directory

# Anonymous user settings

The most important part is the limit, which involves specific permission control.

CMD: Change Working Directory Change Directory

MKD: MaKe Directory permission for creating Directories

RNFR: ReName FRom change directory name permission

DELE: DELEte permission for deleting objects

RMD: ReMove Directory permission to delete Directory

RETR: RETRieve permission for downloading data from the server to the client

STOR: The permission for STORe to upload data from the client to the server.

READ: READ Permission, excluding the column directory permission, equivalent to RETR, STAT, etc.

WRITE: permission to WRITE files or directories, including MKD and RMD.

DIRS: whether to allow column directories, which is equivalent to LIST, NLST, and other permissions. It is more practical.

ALL: ALL Permissions

LOGIN: permitted to log on

The following specific configurations are available for these settings:

The Limit allowed by AllowUser for a user

DenyUser's Limit for a user

The Limit allowed by AllowGroup for a user group

DenyGroup's Limit for a user group

AllowAll Limit allowed for all user groups

DenyAll indicates the Limit forbidden by all users.

In addition, the speed can be limited for individual users.

TransferRate STOR | RETR speed (Kbytes/s) for the user

Virtual users cannot log on. Therefore, it must be modified

Below is my configuration

User ftp # specify the User group and name

Group nogroup

UserAlias anonymous ftp # enables both ftp and anonymous users to log on

DirFakeUser on ftp

DirFakeGroup on ftp

RequireValidShell off

MaxClients 50 maximum number of connections of the user

DisplayLogin welcome. msg # display the welcome information. Note that the msg file is placed in the main directory after login.

DisplayFirstChdir. message

MaxClientsPerHost 3 # maximum number of connections per host

# Set the directory, that is, writing is not allowed.

DenyAll

# For the upload directory settings, we have an incoming folder that must be uploaded by others.

Umask 022 022

# Download prohibited

DenyAll

# Allow uploading and creating Directories

AllowAll

At the same time, we also need to manage ftp. Therefore, a user named ftpadmin is created in the system and belongs to the nogroup group. login is not allowed. At the same time, it is granted all ftp Permissions

User ftpadmin

Group nogroup

AllowAll

At the same time, it should be noted that after restrictions are imposed on proftpd, ftp permissions are also restricted by the host file system permissions.

Therefore, assign the nogroup Group read and write permissions to the ftp directory.

Through the above descriptions and examples, we can clearly understand that proftpd is easy to set permissions, and hope to be useful to you!

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
how to set default permissions in linux linux set folder permissions set permissions 777 set file permissions set permissions recursively set permissions command line set permissions linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More