Shulou(Shulou.com)06/01 Report--

This article mainly introduces "what are the common configuration items in the configuration file of Pureftp under CentOS". In the daily operation, I believe that many people have doubts about what common configuration items are in the configuration file of Pureftp under CentOS. The editor consulted all kinds of information and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the questions of "what common configuration items are there in the configuration file of Pureftp under CentOS?" Next, please follow the editor to study!

RPM defaults to another configuration file:

/ etc/sysconfig/pure-ftpd

Please don't forget to browse the http://www.pureftpd.org/documentation.html documentation for a full list of options.

Restrict all users to their home directories

The code is as follows:

ChrootEveryone yes

If the previous instruction is set to "no", the members of the following group (GID) are not restricted by the home directory. While other users are still

Will be restricted to their own home directory. If you don't want to restrict any users to your home directory, just comment out ChrootEveryone

And TrustedGID will be fine.

The code is as follows:

TrustedGID 100

Compatible with relatively irregular ftp clients such as ie

The code is as follows:

BrokenClientsCompatibility no

Total maximum number of users allowed to connect at the same time on the server

The code is as follows:

MaxClientsNumber 50

Run as a doemon process (Fork in background)

The code is as follows:

Daemonize yes

Number of users allowed to connect simultaneously on the same IP (Maximum number of sim clients with the same IP address)

The code is as follows:

MaxClientsPerIP 8

If you want to record all customer commands, set this command to "yes".

The code is as follows:

This directive can be duplicated to also log server responses.

VerboseLog no

Hidden files (dot-files) are listed even if the client does not send the'- a 'option.

The code is as follows:

DisplayDotFiles yes

Authenticated users are not allowed-only as a public anonymous FTP.

The code is as follows:

AnonymousOnly no

Anonymous connections are not allowed, only authenticated users are allowed to use them.

NoAnonymous no

Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)

# default function (facility is "ftp". "none" will disable logging.

SyslogFacility ftp

Customize the display information of users after login (Display fortune cookies)

The code is as follows:

FortunesFile / usr/share/fortune/zippy

Hostnames are not resolved in the log file. If the log is less detailed, it uses less bandwidth. In a place with a large number of visitors

Set this command to "yes" if you don't have a working DNS.

The code is as follows:

DontResolve yes

Maximum idle time allowed by the client (minutes, default 15 minutes)

The code is as follows:

Max

IdleTime 15

[/ code]

Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and

UnixAuthentication these instructions can only be used once, but they can be mixed together. For example, if you use

MySQLConfigFile and UnixAuthentication, then the SQL server will be accessed. If the user name is not found

If the SQL authentication fails, another authentication will be tried in / etc/passwd and / etc/shadow, if due to

If SQL authentication fails because of a password error, the authentication will end here. Authentication methods are chained by the order in which they are given.

Pick it up.

'Recursive restrictions on the ls' command. The first parameter gives the maximum number of files displayed. The second parameter gives the maximum subdirectory depth.

The code is as follows:

LimitRecursion 2000 8

Allow anonymous users to create new directories?

The code is as follows:

AnonymousCanCreateDirs no

If the loaded of the system exceeds the following value, anonymous users will be prohibited from downloading.

The code is as follows:

MaxLoad 4

The port range of the passive connection response.

-for firewalling.

PassivePortRange 30000 50000

Force an IP address to use a passive response (PASV/EPSV/SPSV replies). -for NAT.

Symbolic host names are also accepted for gateways with dynamic IP

Addresses.

ForcePassiveIP 192.168.0.1 ratio of uploads / downloads of anonymous users.

The code is as follows:

AnonymousRatio 1 10

The upload / download ratio of all users.

The code is as follows:

This directive superscedes the previous one.

UserRatio 1 10

Downloads of files owned by "ftp" are not accepted. For example: files that have not been verified by the local administrator after being uploaded by anonymous users.

The code is as follows:

AntiWarez yes

The IP address and port on which the service listens. (default is all IP addresses and port 21)

The code is as follows:

Bind 127.0.0.1,21

Maximum bandwidth (KB/s) for anonymous users.

The code is as follows:

AnonymousBandwidth 8

Maximum bandwidth (KB/s) for all users, including anonymous users.

Use AnonymousBandwidth * or* UserBandwidth, both makes no sense.

UserBandwidth 8

Property mask values for new directories and files. :.

177:077 if you feel paranoid.

Umask 133:022

The smallest number of ID (UID) that authenticated users are allowed to log in.

The code is as follows:

MinUID 100

Only authenticated users are allowed to transmit FXP.

The code is as follows:

AllowUserFXP yes

Anonymous FXP transfers are allowed for anonymous and non-anonymous users.

The code is as follows:

AllowAnonymousFXP no

Users cannot delete and write dot files (the file name is'.' The beginning of the file), even if the user is the owner of the file.

If the TrustedGID instruction is enabled, the user of the group to which the file belongs can access the point file (dot-files).

The code is as follows:

ProhibitDotFilesWrite no

It is forbidden to read some files (the file name is'.' Beginning of the file) (.history, .ssh.)

The code is as follows:

ProhibitDotFilesRead no

Never overwrite the file. Automatically rename the uploaded file when its file name already exists, such as file.1, file.2, file.3,...

The code is as follows:

AutoRename no

Anonymous users are not allowed to upload new files (no = upload allowed)

The code is as follows:

AnonymousCantUpload no

Only non-anonymous users from the following IP addresses are allowed to connect. You can use this instruction to open several public network IP to provide anonymous FTP

Keep a private firewall-protected IP for remote management. You can also allow only one intranet address for authentication, while in another

A purely anonymous FTP service is provided on IP.

The code is as follows:

TrustedIP 10.1.1.1

If you want to add PID to each line of the log, remove the comments from the following lines.

The code is as follows:

LogPID yes

Create an additional log file using a format similar to Apache, such as:

The code is as follows:

Fw.c9x.org-jedi [13/Dec/1975:19:36:39] "GET / ftp/linux.tar.bz2" 200 21809338

This log file can be processed by the www traffic analyzer.

The code is as follows:

AltLog clf:/var/log/pureftpd.log

Create an additional log file for the statistical report using the optimized format.

The code is as follows:

AltLog stats:/var/log/pureftpd.log

Create an additional log file using the standard W3C format. (compatible with most business log analyzers)

The code is as follows:

AltLog w3c:/var/log/pureftpd.log

Do not accept CHMOD commands. Users cannot change the properties of their files.

The code is as follows:

NoChmod yes

Allow users to restore and upload files, but not delete them.

The code is as follows:

KeepAllFiles yes

If the user home directory does not exist, it will be created automatically.

The code is as follows:

CreateHomeDir yes

Enable virtual disk quota. The first number is the maximum number of files.

The second number is the largest total file size in Mb.

Therefore, 1000 10Mb 10 limits each user to 1000 files, a total of 10 files.

The code is as follows:

Quota 1000:10

If your pure-ftpd compiles with a stand-alone server (standalone support, you can change the pid file

The location of. The default location is / var/run/pure-ftpd.pid.

The code is as follows:

PIDFile / var/run/pure-ftpd.pid

If your pure-ftpd compiles with pure-uploadscript support, this directive will make pure-ftpd

Send information about the new upload to / var/run/pure-ftpd.upload.pipe, so that pure-uploadscript

You can read it and call a script to process the new upload.

The code is as follows:

CallUploadScript yes

This option is useful for servers that allow anonymous uploads. When / var/ftp is in / var, you need to reserve some disk space

To protect the log files. When the disk partition uses more than one percent of X, new uploads will no longer be accepted.

The code is as follows:

MaxDiskUsage 99

If you don't want your user to rename the file, set it to 'yes'.

The code is as follows:

NoRename yes

It is the 'customer proof': workspace (workaround) that opposes common customer errors, similar to:' chmod 0 public_html''.

That's a valid order, however, which will lead to ignorant customers ordering their own files that will keep your technical support busy with stupid questions.

This feature will be of little use if you are sure that all your users have basic knowledge of Unix. However, if you are a hosting provider

If so, turn it on.

The code is as follows:

CustomerProof yes

The concurrency limit for each user. This directive starts only after you add the-- with-peruserlimits compilation option to compile

It works. (most binary releases are examples.)

The format is:

For example, 3:20 means that the same authenticated user can have up to three processes active at the same time. And there can only be up to 20 anonymous user processes at the same time.

The code is as follows:

PerUserLimits 3:20

At this point, the study on "what are the common configuration items in the configuration file of Pureftp under CentOS" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.