ubuntu服务器安装proftpd ftp服务器步骤

李和博 發表於 2024-1-13 00:00:00

ubuntu服务器安装proftpd ftp服务器步骤

一、安装


<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode25" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
sudo apt-get install proftpd
</div>



安装过程中会让选择运行模式：Standalone和Inetd，前者是单一服务器模式，后者是超级服务器模式， 
我选的Standalone。

二、配置


<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode26" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
sudo vim /etc/shells</div>



加入如下代码 

<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode27" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
/bin/false</div>



新建用户ftpuser1和用户组ftp并设置密码，此用户不需要有效的shell(更安全)，所以选择/bin/false 
给fptuser1 

<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode28" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
sudo groupadd ftp 
sudo useradd ftpuser1 -p pass -g ftp -d /home/ftp -s /bin/false</div>



在/home/ftp目录下新建upload和download目录并修改权限 

<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode29" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
cd /home/ftp 
sudo mkdir download 
sudo mkdir upload 
cd /home 
sudo chmod 755 ftp 
cd /home/ftp 
sudo chmod 755 download 
sudo chmod 777 upload</div>



三、修改proftpd核心配置文件proftpd.conf


<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode30" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
sudo vim /etc/proftpd/proftpd.conf 
# 
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. 
# To really apply changes reload proftpd after modifications. 
# 
# Includes DSO modules 
Include /etc/proftpd/modules.conf 
# Set off to disable IPv6 support which is annoying on IPv4 only boxes. 
UseIPv6 off # 我们不需要IPv6，所以off 
ServerName "xiaoyigeng's FTP Server" # 修改服务器名 
ServerType standalone # 服务器运行模式，这里填standalone，也可以选 
inetd 
DeferWelcome on # 用户登陆时是否显示欢迎信息 
MultilineRFC2228 on 
DefaultServer on 
ShowSymlinks on 
TimeoutNoTransfer 600 
TimeoutStalled 600 # 可以降到100 
TimeoutIdle 1200 # 发呆超时 
DisplayLogin welcome.msg # 如果上边DeferWelcom设置成on，则显示 
welcome.msg中的内容 
DisplayFirstChdir .message # 更改目录时显示的内容 
ListOptions "-l" 
DenyFilter \*.*/ 
# Use this to jail all users in their homes 
DefaultRoot /home/ftp # ftp用户被限制在这个目录中 
# Users require a valid shell listed in /etc/shells to login. 
# Use this directive to release that constrain. 
# RequireValidShell off # 匿名用户要选on 
# Port 21 is the standard FTP port. 
Port 21 # 服务运行的端口 
# In some cases you have to specify passive ports range to by-pass 
# firewall limitations. Ephemeral ports can be used for that, but 
# feel free to use a more narrow range. 
# PassivePorts 49152 65534 # PASV模式下用到的端口 
# If your host was NATted, this option is useful in order to 
# allow passive tranfers to work. You have to use your public 
# address and opening the passive ports used on your firewall as well. 
# MasqueradeAddress 1.2.3.4 
# To prevent DoS attacks, set the maximum number of child processes 
# to 30. If you need to allow more than 30 concurrent connections 
# at once, simply increase this value. Note that this ONLY works 
# in standalone mode, in inetd mode you should use an inetd server 
# that allows you to limit maximum number of processes per service 
# (such as xinetd) 
MaxInstances 30 
# Set the user and group that the server normally runs at. 
User nobody # 服务器运行在nobody用户下 
Group nobody # 服务器运行在nobody组下 
# Umask 022 is a good standard umask to prevent new files and dirs 
# (second parm) from being group and world writable. 
Umask 022 022 # 默认新建文件的权限 
# Normally, we want files to be overwriteable. 
AllowOverwrite on # 文件可以被覆盖 
# Uncomment this if you are using NIS or LDAP to retrieve passwords: 
# PersistentPasswd off 
# Be warned: use of this directive impacts CPU average load! 
# Uncomment this if you like to see progress and transfer rate with ftpwho 
# in downloads. That is not needed for uploads rates. 
# 
# UseSendFile off 
# Choose a SQL backend among MySQL or PostgreSQL. 
# Both modules are loaded in default configuration, so you have to specify the backend 
# or comment out the unused module in /etc/proftpd/modules.conf. 
# Use 'mysql' or 'postgres' as possible values. 
# 
#<IfModule mod_sql.c> 
# SQLBackend mysql 
#</IfModule> 
TransferLog /var/log/proftpd/xferlog # 传送文件日志 
SystemLog /var/log/proftpd/proftpd.log # 系统运行日志 
<IfModule mod_tls.c> 
TLSEngine off 
</IfModule> 
<IfModule mod_quota.c> 
QuotaEngine on 
</IfModule> 
<IfModule mod_ratio.c> 
Ratios on 
</IfModule> # Delay engine reduces impact of the so-called Timing Attack described in 
# <a href="http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02">http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02</a> 
# It is on by default. 
<IfModule mod_delay.c> 
DelayEngine on 
</IfModule> 
<IfModule mod_ctrls.c> 
ControlsEngine on 
ControlsMaxClients 2 
ControlsLog /var/log/proftpd/controls.log 
ControlsInterval 5 
ControlsSocket /var/run/proftpd/proftpd.sock 
</IfModule> 
<IfModule mod_ctrls_admin.c> 
AdminControlsEngine on 
</IfModule> 
# A basic anonymous configuration, no upload directories. 
# <Anonymous ~ftp> 
# User ftp 
# Group nogroup 
# # We want clients to be able to login with "anonymous" as well as "ftp" 
# UserAlias anonymous ftp 
# # Cosmetic changes, all files belongs to ftp user 
# DirFakeUser on ftp 
# DirFakeGroup on ftp 
# 
# RequireValidShell off 
# 
# # Limit the maximum number of anonymous logins 
# MaxClients 10 
# 
# # We want 'welcome.msg' displayed at login, and '.message' displayed 
# # in each newly chdired directory. 
# DisplayLogin welcome.msg 
# DisplayFirstChdir .message 
# 
# # Limit WRITE everywhere in the anonymous chroot 
# <Directory *> 
# <Limit WRITE> 
# DenyAll 
# </Limit> 
# </Directory> 
# 
# # Uncomment this if you're brave. 
# # <Directory incoming> 
# # # Umask 022 is a good standard umask to prevent new files and dirs 
# # # (second parm) from being group and world writable. 
# # Umask 022 022 
# # <Limit READ WRITE> 
# # DenyAll 
# # </Limit> 
# # <Limit STOR> 
# # AllowAll 
# # </Limit> 
# # </Directory> 
# 
# </Anonymous> 
# Valid Logins # 以下部分为设置用户权限部分 
<Limit LOGIN> 
AllowUser ftpuser1 
DenyAll 
</Limit> 
<Directory /home/ftp> 
Umask 022 022 
AllowOverwrite off 
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> 
DenyAll 
</Limit> 
</Directory> 
<Directory /home/ftp/download/> 
Umask 022 022 
AllowOverwrite off 
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> 
DenyAll 
</Limit> 
</Directory> 
<Directory /home/ftp/upload/> 
Umask 022 022 
AllowOverwrite on 
<Limit READ RMD DELE> 
DenyAll 
</Limit> 
<Limit STOR CWD MKD> 
AllowAll 
</Limit> 
</Directory></div>



四、启动、停止、重启服务器


<div class="msgheader" style='margin: 3px auto 0px; padding: 0px 3px; outline: none; line-height: 21.6px; clear: both; border-width: 1px; border-style: solid; border-color: rgb(0, 153, 204); background: rgb(246, 251, 255); overflow: hidden; font-family: tahoma, arial, "Microsoft YaHei";'>
<div class="right">
复制代码
</div>
代码如下:</div>
<div class="msgborder" id="phpcode31" style='margin: 0px auto 3px; padding: 0px 3px; outline: none; line-height: 25.2px; font-size: 14px; clear: both; border-right: 1px solid rgb(0, 153, 204); background: rgb(221, 237, 251); overflow: hidden; border-left: 1px solid rgb(0, 153, 204); word-break: break-all; border-bottom: 1px solid rgb(0, 153, 204); word-wrap: break-word; font-family: tahoma, arial, "Microsoft YaHei";'>
 
sudo /etc/init.d/proftpd start 
sudo /etc/init.d/proftpd stop 
sudo /etc/init.d/proftpd restart</div>



五、维护

可以到/var/log/proftpd目录查看日志

查看ftp服务器负载命令 ftptop 
查看什么认登陆服务器 ftpwho

PS:proftpd中Limit的使用介绍

我们用到的比较多的可能是Limit的使用，Limit大致有以下动作，基本能覆盖全部的权限了。

CMD：Change Working Directory 改变目录 
MKD：MaKe Directory 建立目录的权限 
RNFR： ReName FRom 更改目录名的权限 
DELE：DELEte 删除文件的权限 
RMD：ReMove Directory 删除目录的权限 
RETR：RETRieve 从服务端下载到客户端的权限 
STOR：STORe 从客户端上传到服务端的权限 
READ：可读的权限，不包括列目录的权限，相当于RETR，STAT等 
WRITE：写文件或者目录的权限，包括MKD和RMD 
DIRS：是否允许列目录，相当于LIST，NLST等权限，还是比较实用的 
ALL：所有权限 
LOGIN：是否允许登陆的权限 
针对上面这个Limit所应用的对象，又包括以下范围 
AllowUser 针对某个用户允许的Limit 
DenyUser 针对某个用户禁止的Limit 
AllowGroup 针对某个用户组允许的Limit 
DenyGroup 针对某个用户组禁止的Limit 
AllowAll 针对所有用户组允许的Limit 
DenyAll 针对所有用户禁止的Limit

关于限制速率的参数为： 
TransferRate STOR|RETR 速度（Kbytes/s） user 使用者

頁: [1]

琼殿技术论坛's Archiver

ubuntu服务器安装proftpd ftp服务器步骤