Ubuntu上用proftpd构建FTP服务器（Ubuntu12.10适用）

走近Ubuntu 之十二 用proftpd构建FTP服务器

                                      

FTP是网络常用服务之一，比较好的服务器软件有vsftp、proftpd、pureftpd等，我断章取义了，pro，显

得专业一些，正所谓不求最好，只求最专业嘛...哈哈....

一、安装

sudo apt-get install proftpd

安装过程中会让选择运行模式：Standalone和Inetd，前者是单一服务器模式，后者是超级服务器模式，

我选的Standalone。

二、配置

sudo vim /etc/shells

加入如下代码

/bin/false

新建用户ftpuser1和用户组ftp并设置密码，此用户不需要有效的shell(更安全)，所以选择/bin/false

给fptuser1

sudo groupadd ftp

sudo useradd ftpuser1 -p pass -g ftp -d /home/ftp -s /bin/false

在/home/ftp目录下新建upload和download目录并修改权限

cd /home/ftp
sudo mkdir download
sudo mkdir upload
cd /home
sudo chmod 755 ftp
cd /home/ftp
sudo chmod 755 download
sudo chmod 777 upload

三、修改proftpd核心配置文件proftpd.conf

sudo vim /etc/proftpd/proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6    off    # 我们不需要IPv6，所以off

ServerName   "xiaoyigeng's FTP Server"    # 修改服务器名
ServerType   standalone    # 服务器运行模式，这里填standalone，也可以选

inetd
DeferWelcome   on    # 用户登陆时是否显示欢迎信息

MultilineRFC2228  on
DefaultServer   on
ShowSymlinks   on

TimeoutNoTransfer  600
TimeoutStalled   600    # 可以降到100
TimeoutIdle   1200    # 发呆超时

DisplayLogin                    welcome.msg    # 如果上边DeferWelcom设置成on，则显示

welcome.msg中的内容
DisplayFirstChdir               .message    # 更改目录时显示的内容
ListOptions                 "-l"

DenyFilter   \*.*/

# Use this to jail all users in their homes 
DefaultRoot /home/ftp    # ftp用户被限制在这个目录中

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell  off    # 匿名用户要选on

# Port 21 is the standard FTP port.
Port    21    # 服务运行的端口

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534    # PASV模式下用到的端口

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress  1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances   30

# Set the user and group that the server normally runs at.
User    nobody    # 服务器运行在nobody用户下
Group    nobody    # 服务器运行在nobody组下

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask    022  022    # 默认新建文件的权限
# Normally, we want files to be overwriteable.
AllowOverwrite   on    # 文件可以被覆盖

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd  off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile   off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend 
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend   mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog    # 传送文件日志
SystemLog   /var/log/proftpd/proftpd.log    # 系统运行日志

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User    ftp
#   Group    nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
# 
#   RequireValidShell  off
# 
#   # Limit the maximum number of anonymous logins
#   MaxClients   10
# 
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin   welcome.msg
#   DisplayFirstChdir  .message
# 
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask    022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# 
# </Anonymous>

# Valid Logins    # 以下部分为设置用户权限部分
<Limit LOGIN>
  AllowUser ftpuser1
  DenyAll
</Limit>

<Directory /home/ftp>
  Umask 022 022
  AllowOverwrite off
  <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
    DenyAll
  </Limit>
</Directory>

<Directory /home/ftp/download/>
  Umask 022 022
  AllowOverwrite off
  <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
    DenyAll
  </Limit>
</Directory>

<Directory /home/ftp/upload/>
  Umask 022 022
  AllowOverwrite on
  <Limit READ RMD DELE>
    DenyAll
  </Limit>
  <Limit STOR CWD MKD>
    AllowAll
  </Limit>
</Directory>

四、启动、停止、重启服务器

sudo /etc/init.d/proftpd start
sudo /etc/init.d/proftpd stop
sudo /etc/init.d/proftpd restart

五、维护

可以到/var/log/proftpd目录查看日志

查看ftp服务器负载命令 ftptop

查看什么认登陆服务器 ftpwho

PS:proftpd中Limit的使用介绍

我们用到的比较多的可能是Limit的使用，Limit大致有以下动作，基本能覆盖全部的权限了。

　　CMD：Change Working Directory 改变目录

　　MKD：MaKe Directory 建立目录的权限

　　RNFR： ReName FRom 更改目录名的权限

　　DELE：DELEte 删除文件的权限

　　RMD：ReMove Directory 删除目录的权限

　　RETR：RETRieve 从服务端下载到客户端的权限

　　STOR：STORe 从客户端上传到服务端的权限

　　READ：可读的权限，不包括列目录的权限，相当于RETR，STAT等

　　WRITE：写文件或者目录的权限，包括MKD和RMD

　　DIRS：是否允许列目录，相当于LIST，NLST等权限，还是比较实用的

　　ALL：所有权限

　　LOGIN：是否允许登陆的权限

针对上面这个Limit所应用的对象，又包括以下范围

　　AllowUser 针对某个用户允许的Limit

　　DenyUser 针对某个用户禁止的Limit

　　AllowGroup 针对某个用户组允许的Limit

　　DenyGroup 针对某个用户组禁止的Limit

　　AllowAll 针对所有用户组允许的Limit

　　DenyAll 针对所有用户禁止的Limit

关于限制速率的参数为：

　　TransferRate STOR|RETR 速度（Kbytes/s） user 使用者

原文地址：http://lgystudio.bokee.com/6515197.html