Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "the use of Pure-ftpd under the Linux system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Installation

Ubuntu/Debian provides three different deb installation packages for Pure-FTPd, namely pure-ftpd, pure-ftpd-ldap, and pure-ftpd- mysql, where ldap and mysql represent the integration of Pure-FTPd with ldap and mysql, respectively, and all three packages rely on pure-ftpd-common. If we don't need ldap and mysql, we can just choose pure-ftpd.

The code is as follows:

Apt-get install pure-ftp-common pure-ftpd

Configuration mode

Unlike most other daemons (daemon), the configuration of Pure-FTPd is special: it does not read any configuration files, and configuration options are implemented through command-line arguments. For example, the parameter'- H' is designed to speed up the server by avoiding DNS queries. To enable this feature, we just need to add it to the command line: pure-ftpd-H. Alternative long arguments are also supported. Here is an equivalent command pure-ftpd-- dontresolve

For users who like configuration files, Pure-FTPd has officially come up with a solution: parse the configuration file and convert it into command-line arguments through a wrapper tool. First edit the configuration file pure-ftpd.conf according to your needs, and then start pure-config.pl / etc/pure-ftpd.conf with the following command. Pure-config.pl is a perl script that invokes pure-ftpd with the appropriate command-line options based on the configuration file.

In Ubuntu/Debian, developers use another wrapper approach: instead of using a single configuration file, it sets up a pure-ftpd directory under / etc, with conf, auth, db, and a file called pureftpd-alias-dir. Each configuration option exists in the / etc/pure-ftpd/conf directory as a file, with the option as the file name and the option value as the file content. For example, if you want to configure AnonymousOnly=yes (only anonymous users are allowed), create a file called AnonymousOnly in / etc/pure-ftpd/conf with only one line: yes.

In Ubuntu, we only focus on the last configuration.

Configuration option

From the man page of pure-ftpd, we can get a detailed list of command-line arguments and their explanations:

The code is as follows:

Man pure-ftpd

Man pure-ftpd

Through the man page of pure-ftpd-wrapper, we can get a list of available profile options:

The code is as follows:

Man pure-ftpd-wrapper

Man pure-ftpd-wrapper

The following is the configuration file for the second way we introduced earlier, which we can understand here as the third way. For example, to restrict all users to their home directory, create a file called ChrootEveryone in / etc/pure-ftpd/conf with a line: yes.

The code is as follows:

# restrict all users to their home directories

ChrootEveryone yes

# if the previous instruction is set to "no", the members of the following group (GID) are not restricted by the home directory. While other users are still

# will be restricted to its own home directory. If you don't want to restrict any users to your home directory, just comment out ChrootEveryone

# and TrustedGID will be fine.

# TrustedGID 100

# compatible with more irregular ftp clients such as ie

BrokenClientsCompatibility no

# Total maximum number of users allowed to connect at the same time on the server

MaxClientsNumber 50

# run as a doemon process (Fork in background)

Daemonize yes

# number of users allowed to connect simultaneously in the same IP (Maximum number of sim clients with the same IP address)

MaxClientsPerIP 8

# if you want to record all customer commands, set this command to "yes".

# This directive can be duplicated to also log server responses.

VerboseLog no

# Hidden files (dot-files) are listed even if the client does not send the'- a 'option.

DisplayDotFiles yes

# authenticated users are not allowed-only as a public anonymous FTP.

AnonymousOnly no

# anonymous connections are not allowed, only authenticated users are allowed to use them.

NoAnonymous no

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)

The default function (facility) is "ftp". "none" will disable logging.

SyslogFacility ftp

# customize the display information of users after login (Display fortune cookies)

# FortunesFile / usr/share/fortune/zippy

# the hostname is not resolved in the log file. If the log is less detailed, it uses less bandwidth. In a place with a large number of visitors

In the # site, set this command to "yes" if you don't have a working DNS.

DontResolve yes

# maximum idle time allowed by the client (minutes, default 15 minutes)

MaxIdleTime 15

# LDAP configuration file (see README.LDAP)

# LDAPConfigFile / etc/pureftpd-ldap.conf

# MySQL configuration file (see README.MySQL)

# MySQLConfigFile / etc/pureftpd-mysql.conf

# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile / etc/pureftpd-pgsql.conf

# PureDB user database (see README.Virtual-Users)

# PureDB / etc/pureftpd.pdb

# socket path of pure-authd (see README.Authentication-Modules)

# ExtAuth / var/run/ftpd.sock

# if you want to enable PAM authentication, remove the comments on the following lines.

# PAMAuthentication yes

# if you want to enable simple Unix system authentication (/ etc/passwd), remove the comments on the following lines.

# UnixAuthentication yes

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and

# UnixAuthentication these instructions can only be used once, but they can be mixed together. For example, if you use

# MySQLConfigFile and UnixAuthentication, then the SQL server will be accessed. If the user name is not found

# if SQL authentication fails, another authentication will be tried in / etc/passwd and / etc/shadow, if due to

# if SQL authentication fails because of a password error, the authentication will end here. Authentication methods are chained by the order in which they are given.

# pick it up.

Recursive restrictions on the # 'ls' command. The first parameter gives the maximum number of files displayed. The second parameter gives the maximum subdirectory depth.

LimitRecursion 2000 8

# allow anonymous users to create new directories?

AnonymousCanCreateDirs no

# if the loaded of the system exceeds the following value, anonymous users will be prohibited from downloading.

MaxLoad 4

# Port range of passive connection response. -for firewalling.

# PassivePortRange 30000 50000

# force an IP address to use passive response (PASV/EPSV/SPSV replies). -for NAT.

# Symbolic host names are also accepted for gateways with dynamic IP

# addresses.

# ForcePassiveIP 192.168.0.1

# ratio of uploads / downloads of anonymous users.

# AnonymousRatio 1 10

# upload / download ratio for all users.

# This directive superscedes the previous one.

# UserRatio 1 10

# downloads of files owned by "ftp" are not accepted. For example: files that have not been verified by the local administrator after being uploaded by anonymous users.

AntiWarez yes

Second file

The code is as follows:

# the default code when the client logs in. If this option is turned on, the windows login will not fail to display Chinese characters.

ClientCharset gbk

# the IP address and port that the service listens to. (default is all IP addresses and port 21)

# Bind 127.0.0.1,21

# maximum bandwidth (KB/s) for anonymous users.

# AnonymousBandwidth 8

# maximum bandwidth (KB/s) for all users, including anonymous users.

# Use AnonymousBandwidth * or* UserBandwidth, both makes no sense.

# UserBandwidth 8

# attribute mask values for new directories and files. ;;

# 177:077 if you feel paranoid.

Umask 133:022

# the smallest group of ID (UID) that authenticated users are allowed to log in.

MinUID 100

# only authenticated users are allowed to transmit FXP.

AllowUserFXP yes

# Anonymous FXP transmission is allowed for anonymous and non-anonymous users.

AllowAnonymousFXP no

# users cannot delete and write dot files (the file name is'.' The beginning of the file), even if the user is the owner of the file.

# if the TrustedGID instruction is enabled, users of the group to which the file belongs can access the point file (dot-files).

ProhibitDotFilesWrite no

# it is forbidden to read some files (the file name is'.' Beginning of the file) (.history, .ssh.)

ProhibitDotFilesRead no

# never overwrite files. Automatically rename the uploaded file when its file name already exists, such as file.1, file.2, file.3,...

AutoRename no

# do not allow anonymous users to upload new files (no = allow upload)

AnonymousCantUpload no

# only non-anonymous users from the following IP addresses are allowed to connect. You can use this instruction to open several public network IP to provide anonymous FTP

# and keep a private firewall-protected IP for remote management. You can also allow only one intranet address for authentication, while in another

# A pure anonymous FTP service is provided on an IP.

# TrustedIP 10.1.1.1

# if you want to add PID to each line of the log, remove the comments from the following lines.

# LogPID yes

# create an additional log file using a format similar to Apache, such as:

# fw.c9x.org-jedi [13/Dec/1975] "GET / ftp/linux.tar.bz2" 200 21809338

# this log file can be processed by www traffic analyzer.

# AltLog clf:/var/log/pureftpd.log

# create an additional log file for the statistical report using the optimized format.

# AltLog stats:/var/log/pureftpd.log

# create an additional log file using the standard W3C format. (compatible with most business log analyzers)

# AltLog w3c:/var/log/pureftpd.log

# do not accept CHMOD commands. Users cannot change the properties of their files.

# NoChmod yes

# allow users to restore and upload files, but not delete them.

# KeepAllFiles yes

# if the user home directory does not exist, it will be created automatically.

# CreateHomeDir yes

# enable virtual disk quota. The first number is the maximum number of files.

The second number is the largest total file size (in Mb).

# therefore, 1000 10Mb 10 limits each user to 1000 files, a total of 10 files.

# Quota 1000:10

# if your pure-ftpd compiles with stand-alone server (standalone) support, you can change the pid file

The location of # The default location is / var/run/pure-ftpd.pid.

# PIDFile / var/run/pure-ftpd.pid

# if your pure-ftpd compiles with pure-uploadscript support, this directive will make pure-ftpd

# send information about the new upload to / var/run/pure-ftpd.upload.pipe, so that pure-uploadscript

# can read and then call a script to handle the new upload.

# CallUploadScript yes

# this option is useful for servers that allow anonymous uploads. When / var/ftp is in / var, you need to reserve some disk space

# to protect log files. When the disk partition uses more than one percent of X, new uploads will no longer be accepted.

MaxDiskUsage 99

# if you don't want your user to rename the file, set it to 'yes'.

# NoRename yes

# is the 'customer proof': workspace (workaround) against common customer errors, similar to:' chmod 0 public_html''.

# that's a valid command, but it will lead to ignorant customers ordering their own files that will keep your technical support busy with stupid questions.

# this feature will be of little use if you are sure that all your users have basic knowledge of Unix. However, if you are a hosting provider

# if so, enable it.

CustomerProof yes

# concurrency limit for each user. This directive starts only after you add the-- with-peruserlimits compilation option to compile

# function. (most binary releases are examples.)

# format is:;:

# for example: 3:20 means that the same authenticated user can have up to three processes active at the same time. And there can only be up to 20 anonymous user processes at the same time.

# PerUserLimits 3:20

This is the end of the content of "how to use Pure-ftpd under the Linux system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.