Use wu-ftpd to set up an FTP server

Article Title: Use wu-ftpd to set up an FTP server. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
I. Preface
　　
When the website we set up needs to provide the download function, in addition to using the http connection, you can also provide the ftp service for users to directly download connections. In fact, ftp is a long-standing service designed to transmit data between two computers to avoid too many remote executions. If the file to be transferred is large, it will take up some website resources (such as the number of people that can be connected) if it is connected over http. ftp is required. Ftp is an application based on TCP/IP. Therefore, common ftp service programs are embedded in the inetd execution method.
Ftp is divided into two parts: a server-side program and a client-side program. There are many ftp service programs on Unix, And the built-in versions of different operating systems are also different. The common ones include wu-ftpd, proftpd, Troll ftpd, ncftpd, and Bero ftpd. Among them, the most commonly used and most popular is wu-ftpd, which was originally developed by wuarchive.wustl.edu of the University of Washington. It is a program that considers efficiency and stability, it provides the original code and free use by open academic institutions.
　　
Ii. Installation and Setup
　　
Wu-ftpd is easy to install. In most versions of Linux, the rpm package of wu-ftpd is included. You can specify the mount when installing Linux. If you want to compile the source code on your own, you can also go to the ftp://ftp.wu-ftpd.org to download the latest version of the source code package.
After installation, run the ckconfig command to check whether the installation is correct. You can specify the ftp user logon directory in/etc/passwd.
Wu-ftpd has the following six configuration files:
Ftpaccess (main configuration file to control access permissions)
Ftpconvertions (Configuration File compression/Decompression conversion)
Ftpgroups (set a group defined by ftp)
Ftphosts (set individual user permissions)
Ftpservers (set different IP addresses/Domain names to correspond to different virtual hosts)
Ftpusers (set which accounts cannot be connected using ftp)
Next we will introduce them one by one.
Login/etc/ftpaccess (main configuration file of wu-ftpd)
Class -- defines a group. Its usage is as follows:
Class <种类> <用户地址> [ <用户地址> ……]
Only group users defined by the class can be connected. You can use a multi-layer class to regulate where the group users can come from. There are three important types: real and anonymous guest. If real is not listed in the definition, no real general users on this machine can connect to the machine using their own accounts. If anonymous is not defined, it means that no one without an account will be connected. If you have a defined guest, the people in the guest group can come up. In addition <用户地址> The IP address used by ftp users. Here are some examples:
Class all real, guest, anonymous *
Defines a class named all, which contains three types of connected users of all IP addresses (that is, all users are included)
Class local real localhost loopback
The local class says that only real users can connect to the local machine.
Class remote guest, anonymous *
The remote class contains the guest and anonymous users from anywhere, but real users do not count
Class rmtuser real! * .Example.com
Rmtuser this class contains real users from outside (except example.com)
Autogroup -- automatically corresponds to a group. Its usage is as follows:
Autogroup […]
When you define users of the same class, Once connected, they will be mapped to a corresponding group, in this way, you can use Unix File permissions to restrict a group of people.
Deny: rejects connections from some addresses. The usage is as follows:
Deny <拒绝连线的地址> <信息文件>
Disable some machines from connecting and display <信息文件> . For example:
Deny 210.62.146. *: commandid 254/etc/reject. msg
Guestgroup -- set a visitor Group
Guestuser -- set the Guest account
Realgroup -- set a real group
Realuser -- set the real account
Nice -- set the priority for some classes. The usage is as follows:
Nice
In Linux, nice values are-20 (top priority) to 19 (last Processing). Here you can specify negative values to improve the priority of a class.
Defumask -- set the umask of a class. The usage is as follows:
Defumask []
Umask is the permission mask of the file when the file is created.
Tcpwindow -- set the tcpwindow size
Keepalive -- set whether to use TCP SO_KEEPALIVE to control disconnection
Timeout -- sets the connection timeout. The usage is as follows:
Timeout accept <秒>
Accept connection timeout. The default value is 120 seconds.
Timeout connect <秒>
Connection establishment timeout. The default value is 120 seconds.
Timeout data <秒>
Data transmission time-out, default 1200 seconds
Timeout idle <秒>
User daze timeout, default 900 seconds
File-limit -- restrict a class to only a few files. The usage is as follows:
File-limit [] []
Restrict the number of access files to a class, including in (upload) and out (download). total raw indicates the entire transfer result, not just data files. For example:
File-limit out 20 lvfour
Users of lvfour class can only download up to 20 files.
Byte-limit -- restrict a class to only a few bytes. Its usage is similar to that of file-limit.
Limit-time -- limits how long a connection can last. The usage is as follows:
Limit-time {* | anonymous | guest} <分钟>
To prevent the user from being unable to log on to the website, you can use this method to limit the user's online time. For example:
Limit-time guest 5
It takes only 5 minutes for the user of the guest account
Limit -- limits the number of people allowed to launch a class at the same time. The usage is as follows:
Limit <连线数目> <时间区段> <额满信息文件>
Set the maximum number of concurrent users of a class in a certain time segment, followed by the information to be displayed when the number of connections exceeds. For example:
Limit all 32 Any/home/ftp/etc/toomanyuser. msg
Only 32 Users can be bound to all connections at any time. If the connection limit is exceeded, the connection is denied and information is displayed.
Limit levellone 5 Any2300-0600/home/ftp/etc/toomanyuser. msg
Limit that levellone class users can only have five connections between and.
Noretrieve -- set which files cannot be downloaded
Noretrieve [absolute/relative] [class =]… [-] [ <文件名> …]
Absolute or relative indicates whether the file uses an absolute or relative path.
Allow = retrieve -- set which files can be downloaded
Allow [absolute/relative] [class =]… [-] [ <文件名> …]
Loginfails -- set the number of failed login attempts
When a user is connected, the ID or password may be wrong. This setting can cause the user to be disconnected after a few attempts, so that no one can guess the password using the brute force method.
Private -- set whether site group/site gpass can be executed online
When the site group and site gpass commands are enabled, you can use these two commands to switch to the/etc/ftpgroup GROUP. Generally, this function is not used to avoid security vulnerabilities.
Greeting -- display the version information of the Server. The usage is as follows:
Greeting
When the server information displayed on the user login screen is full, it is the default value, including the version number and hostname. brief only has hostname, while terse only has "FTP server ready" information.
Barnner -- set the information that the user sees before entering the Login screen. The usage is as follows:
Banner <文件路径>
This section describes the information that appears before the ID/Password is entered during user login. The file path is relative to the actual path, rather than the ftp root directory.
Host -- set the ftp host Name
Email -- specifies the ftp administrator's email address
Message -- Information File Settings, usage:
Message <文件> { <何时> {......}}
The file path here is relative to the ftp root directory. "When" refers to the response after you perform any action. There are several options:
Login (login time)
Cwd = <目录> (When entering a directory)
The class name is defined previously. You can send your information to only the persons you want.
In addition to text, the content of the information file can also use the following predefined codes:
% T (local time)
% F (the space remaining in the current partition)
% C (current directory)
% E (administrator's email)
% R (client host name)
% L (local host name)
% U (user name)
% M (how many people are allowed to connect to my same class user)
% N (how many people are connected to my same class user currently)
% B (absolute disk size, current partition (unit: blocks ))
% B (preferred disk size, current partition (unit: blocks ))
% Q (currently used blocks)
% I (maximum available inodes (+ 1 ))
% I (Preferred inodes restrictions)
% Q (currently used indoes)
% H (Time Limit for excessive disk space usage)
% H (Time Limit for Excessive File Usage)
Readme -- notifies users of README files that have been updated
Log commands -- Record the commands used by the user. The usage is as follows:
Log commands <用户种类>
Log transfers -- records the files transmitted by the user. The usage is as follows:
Log transfers <用户种类> <传输方向>
Set the types of user files to be recorded, including inbound (User upload) and outbound (user download), for example:
Log transfers anonymous, guest inbound, outbound
Log security -- Record security, which is used as follows:
Log security <用户种类>
It is especially used to record security records of certain users, such as noretrive and notar.
Log syslog-record the syslog file to the System
Alias -- sets the directory alias. Its usage is as follows:
Alias <别名字符串> <目录>
Cdpath -- set the sequence of searching for cd replace Directories
Compress, tar -- set whether to automatically compress. Usage:
Compress […]
Tar […]
Define who can perform compression and tar
Shutdown -- notifies the user that the site is shutting down
Shutdown <信息文件>
If the information file exists, the connection will be rejected and the existing connection will be cut off after the specified time. The format of this information file is as follows:
　　 <年> <月> <日> <时> <分> <拒绝倒数> <断线倒数> <文字>
Daemon address -- specifies to listen to only one IP address. The usage is as follows:
Daemon address
　　
When you have many IP addresses, using this option will cancel any other virtual FTP host settings. If not set, listen