Study Notes for LINUX-based proftp (2)

Source: Internet
Author: User
Tags ftp connection
Article title: LINUX-based proftp learning notes (2 ). Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Here is a very practical command.
  
/Usr/local/proftpd/sbin/ftpshut
This command is more practical, because you may need to constantly adjust your server, and this command is very flexible. you can regularly stop the ftp connection without stopping the proftpd process, here we will detail how it is used.
  
Ftpshut [-l min] [-d min] time [warning-message...]
  
-L min: attempts to create a new ftp connection will not be accepted within a few minutes before the ftp service is disabled.
-D min: The established ftp connection will be suspended within a few minutes before the ftp service is disabled.
Time: The time at which the server will shut down the ftp service. There are two formats:
+ Number is disabled after several minutes
The MMHH server will be disabled at MM: HH today
  
Note: Here we use this command to stop the ftp service, but the actual proftpd process has not stopped, so this command is generally used for debugging ftp.
  
Example:
After 30 minutes, the FTP service will be closed. during the previous 20 minutes, no new ftp connections will be accepted. the established force disconnection will be performed 10 minutes before the service is closed, "FTP Server Will shutdown at time" is displayed on the client"
  
Ftpshut-l 20-d 10 + 30 "FTP Server Will shutdown at time"
  
In fact, ftpshut generates/etc/shutmsg. you only need to delete this file and ftp can be re-served, or
Direct
  
Ftpshut-R
  
Well, let's start with some basic proftpd configurations. if you are familiar with apache configurations, you will find that the proftpd settings are basically similar and the basic configuration format is
  
# Global settings
Set Project 1 parameter 1
Set Project 2 parameter 2
  
# Setting a directory
  
...
...
  
  
# Anonymous user settings
  
...
...
  
...
...
  
  
  
Most of the operations we use may be the use of Limit. Limit has the following actions and covers all permissions. you can use Limit flexibly.
  
CMD: Change Working Directory Change Directory
MKD: MaKe Directory permission for creating directories
RNFR: ReName FRom change directory name permission
DELE: DELEte permission for deleting objects
RMD: ReMove Directory permission to delete Directory
RETR: RETRieve permission for downloading data from the server to the client
STOR: the permission for STORe to upload data from the client to the server.
READ: READ permission, excluding the column directory permission, equivalent to RETR, STAT, etc.
WRITE: permission to WRITE files or directories, including MKD and RMD.
DIRS: whether to allow column directories, which is equivalent to LIST, NLST, and other permissions. it is more practical.
ALL: ALL permissions
LOGIN: Permitted to log on
Objects applied to the above Limit include the following
The Limit allowed by AllowUser for a user
DenyUser's Limit for a user
The Limit allowed by AllowGroup for a user group
DenyGroup's Limit for a user group
AllowAll Limit allowed for all user groups
DenyAll indicates the Limit forbidden by all users.
The maximum speed is:
TransferRate STOR | RETR speed (Kbytes/s) for the user
  
The following is an example of proftp configuration, which may be easier to understand.
  
1. The ftp server supports resumable data transfer. a maximum of 10 concurrent online users are supported. only one connection is allowed for each ip address;
2. The ftpusers user group is allowed to access only their own directories, but not the upper-level or other directories;
3. When a user logs on to the server, the ftp server version information is not displayed to increase security;
4. Create a kaoyan ftp account that belongs to the ftpusers group. The kaoyan user can only download the account and has no write permission. The download speed is limited to 50 Kbytes/s.
5. Creating an upload user also belongs to the ftpusers group. like the kaoyan user's home directory, upload users are allowed to upload files and create directories, but cannot download files, directory and file deletion permissions are not allowed. the upload speed is controlled at 100 Kbytes/s.
  
First, the user and group add and directory permission settings in the early stage
  
Group add ftpusers
Useradd-d/home/kaoyan-g ftpusers-s/bin/fales kaoyan
Useradd-d/home/kaoyan-g ftpusers-s/bin/fales upload
Chown-R kaoyan: upload/home/kaoyan
Chmod-R 775/home/kaoyan
If you only want access from users in the ftpusers group, you can set the access to 770.
Set/usr/local/proftpd/etc/proftpd. conf
  
Note # it indicates the annotation. it does not affect the setting and can be left empty.
  
ServerName "Frank's FTP Server"
ServerType standalone
DefaultServer on
Port 21
Umask 022
MaxInstances 30 # up to 30 proftpd PIDs
User nobody
Group nobody
TimeoutStalled 10
MaxClients 10 # a maximum of 10 online users are allowed
MaxClientsPerHost 1 "Sorry, one IP address only allows one connection"
AllowStoreRestart on
# Resumable upload is supported by default. resumable upload is not required.
DisplayLogin welcome. msg # welcome word file
ServerIdent off # shield server version information
DefaultRoot ~ Ftpusers # set the ftpusers group to only access its own directory
  
  
AllowOverwrite on
  
  
   # Write not allowed
DenyUser kaoyan
  
   # Cannot be deleted, renamed, or downloaded
DenyUser upload
  
TransferRate RETR 50 user kaoyan
TransferRate STOR 100 user upload
  
  
The implementation method can also be implemented through
  
  
  
...
  
...
  
  
  
<>
  
...
  
...
  
  
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.