配置檔案在etc/proftpd.conf,配置檔案說明如下:
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
分别表示:伺服器名稱,服務類型和預設服務狀态!
後面的服務端口啊什麼的我就省去不說了,說最關鍵的權限控制部分。
# Set the user and group under which the server will run.
User nobody
Group nogroup
注意看上面:以什麼使用者和什麼組來運作服務。
更改為你現有的組和使用者,這裡為了管理上的友善和安全性上考慮,建議建立一個ftp組和ftp使用者。
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
是否允許使用者進入使用者的主目錄,注意:可是适用/home替代
# Normally, we want files to be overwriteable.
AllowOverwrite on
是否具有重寫的權利
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
這部分是匿名使用者的定義其實也很簡單。
------------------------------------------------
啟動不了,出現如下錯誤的解決方法
[root@new-host sbin]# ./proftpd
- IPv4 getaddrinfo 'new-host' error: Name or service not known
- warning: unable to determine IP address of 'new-host'
- error: no valid servers configured
- Fatal: error processing configuration file '/usr/local/proftpd/etc/proftpd.conf'
原因是無法綁定Ip位址。
在配置檔案中增加下面這句:
DefaultAddress 192.168.8.105
再重新開機服務就可以了!
對出現的530 Login incorrect錯誤,檢視日志發現Invalid shell錯誤
在配置中添加
"Fatal: Socket operation on non-socket"
這通常意味着在 proftpd.conf 配置檔案中 ServerType 指令被配置成 inetd
(超級伺服器)方式而不是 standalone(獨立伺服器) 方式來運作。
PROFTPD伺服器相關指令
1、ftpshut:關閉FTP服務,并在/etc下生成檔案shutmsg。要重新開放FTP服務,把/etc/shutmsg删除。
2、ftpcout:FTP伺服器線上人數資訊顯示。
3、ftpwho:FTP伺服器線上人員名單。
幾個檔案的功能及路徑
/usr/local/sbin/proftpd 執行程式
/usr/local/etc/proftpd.conf 設定檔案
/usr/local/var/proftpd.pid proftpd做為一個服務的ID号
設定proftpd.conf檔案,起動服務
cd /etc/rc.d/rc3.d
ln -s /usr/local/sbin/proftpd S99proftpd
或者
修改/etc/rc.d/rc.local
加上下面這句
/usr/local/sbin/proftpd start
proftpd 怎麼檢視線上連接配接的ip
登陸伺服器
輸入 ftpwho
或ftptop
ftptop可以顯示線上人的ip 速度等
//////////////////////////////////////////////////////
先建立ftp和media使用者,使用者組為nogroup,不允許登入系統
useradd media -d/home/media -gnogroup
增權重限
chown -R media /hoem/media
要使ftp使用者登入要修改/etc/ftpuser檔案注釋掉ftp
内網架設FTP伺服器的方法:
1. 在proftpd.conf中利用MasqueradeAddress指令将網關的IP位址或域名指定給FTP伺服器,例如
MasqueradeAddress myftpserver.vicp.net ?????
或MasqueradeAddress 12.34.56.78 ?????經使用隻能連接配接不能下載下傳
然後通過PassivePorts指令來限制被動方式下監聽的端口的範圍,例如
PassivePorts 60000 65534
2. 在網關的端口映射上将第一步中指定的端口範圍(例中為60000-65534)以及FTP端口21映射到FTP伺服器的内網位址上。
getaddrinfo 'test' error: Name or service not known
- warning: unable to determine IP address of 'test'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd.conf'
解決:産生該問題是由于hosts檔案裡機器名未增加别名引起的。
#vi /etc/host
proftpd登陸速度慢的問題的解決
proftpd.conf中增加兩行設定:
UseReverseDNS off
IdentLookups off
# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.
ServerName "ProFTPD Default Installation"
ServerType standalone
#ServerType inetd
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User ftp
# nobody
Group nogroup
# nogroup
# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off
SystemLog /var/log/proftpd.log
TransferLog /var/log/xferlog
DefaultAddress 192.168.1.254
<Directory /*>
AllowOverwrite on
</Directory>
<Anonymous ~media>
RequireValidShell off
User media
Group nogroup
MaxClients 50
DisplayLogin welcome.msg
DisplayFirstChdir .message
<Limit All>
AllowAll
</Limit>
# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
User ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory /*>
<Limit READ>
AllowAll
</Limit>
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
AllowAll
<Limit STOR>
</Directory>
本文轉自yuangang_love 51CTO部落格,原文連結:http://blog.51cto.com/linux008/1554634,如需轉載請自行聯系原作者
![1、Linux 指令行使用技巧[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)