Shulou(Shulou.com)06/03 Report--

I. Environmental description

For Tencent CVM or Ucloud CVM, the system is Centos6 X86room64-bit. The firewall does not need to be enabled locally for the CVM, but only needs the console security group to make the firewall policy. The screenshot below opens the login port of pureftpd.

II. Pureftpd source code compilation and installation yum-y install make gcc gcc-c++ gcc-g77 openssl openssl-develwget https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.49.tar.gztar xf pure-ftpd-1.0.49.tar.gzcd pure-ftpd-1.0.49./configure-- prefix=/usr/local/pureftpd CFLAGS=-O2-- with-puredb-- with-quotas-- with-cookie-- with-virtualhosts-- with-diraliases-- with -sysquotas-with-ratios-- with-altlog-- with-paranoidmsg-- with-shadow-- with-welcomemsg-- with-throttling-- with-uploadscript-- with-language=english-- with-rfc2640-- with-ftpwho-- with-tlsmake & & make installchmod + x / etc/init.d/pureftpd chkconfig pureftpd ontouch / usr/local/pureftpd/etc/pureftpd.passwdtouch / usr/local/pureftpd/etc/pureftpd.pdbecho "export PATH=$PATH:/usr/local/pureftpd/sbin:/usr/local/pureftpd/bin" > / etc/profile.d/pureftpd.shsource / etc/profile III. Introduction to pureftpd configuration file

The following are the configuration file parameters of the build environment pure-ftpd.conf. The # comment is not supported after the parameter in the configuration file of pureftpd, so the # comment after the parameter should be removed in production, otherwise an error will be reported when starting pureftpd

[root@10-9-156-50] # cat / usr/local/pureftpd/etc/pure-ftpd.confchrootEveryone yesBrokenClientsCompatibility noMaxClientsNumber 50Daemonize yesMaxClientsPerIP 10VerboseLog noDisplayDotFiles yesAnonymousOnly noNoAnonymous yesSyslogFacility ftpDontResolve yesMaxIdleTime 15PureDB / usr/local/pureftpd/etc/pureftpd.pdbLimitRecursion 10000 8AnonymousCanCreateDirs noMaxLoad 4PassivePortRange 2037 2045 # Port range is between 20000 and 30000 by default For security reasons, you can give a smaller ForcePassiveIP 117.50.12.93 # # the default network card of a CVM is the internal network card. Therefore, the public network ipAntiWarez yesBind of VPS must be bound here. 2038Umask 133:022MinUID 100AllowUserFXP noAllowAnonymousFXP noProhibitDotFilesWrite noProhibitDotFilesRead noAutoRename noAnonymousCantUpload yesPIDFile / var/run/pure-ftpd.pidMaxDiskUsage 99UserBandwidth 80 # # only 8KB is allowed for upload by default

The cause of the problem: there is a private network IP on the server, but pureftp does not set the IP address returned in passive mode. The IP returned in the private network by default causes the client to fail to link.

Reference link: http://blog.hanlei.org/pureftpd%E7%99%BB%E5%BD%95%E5%90%8E%E8%8E%B7%E5%8F%96%E7%9B%AE%E5%BD%95%E5%A4%B1%E8%B4%A5%E7%9A%84%E9%97%AE%E9%A2%98/

IV. Daily operation and application of pure-ftpd

Note: for the sake of security, purevtpd generally forbids anonymous users to log on to ftp, and pureftpd services mainly create ftp login accounts through virtual users of the system local to the server. However, there are requirements in selecting the virtual user local to the server system, which requires that the uid of the virtual user should not be less than 100. if the uid is less than 100, the ftp login account created by this virtual user cannot log in to ftp, and the password will be prompted to be incorrect (this has been verified and tested many times by myself)

The permissions generally given to the site project directory of the web service are those of the system virtual user of www or apache.

4.1 users who adopt the system default virtual apache

If you use an apache user that exists by default in the system, the default uid and gid of this user are both 48 and less than 100, which must be directly modified to a value greater than or equal to 100.

The default values are as follows:

[root@localhost ~] # grep apache / etc/passwdapache:x:48:48::/home/apache:/sbin/nologin [root@localhost ~] # grep apache / etc/groupapache:x:48: [root@localhost www] # id apacheuid=48 (apache) gid=48 (apache) groups=48 (apache)

The modified values for directly editing the configuration file are as follows:

[root@localhost ~] # grep apache / etc/passwdapache:x:100:100::/home/apache:/sbin/nologin [root@localhost ~] # grep apache / etc/groupapache:x:100: [root@localhost www] # id apacheuid=100 (apache) gid=100 (apache) groups=100 (apache)

Authorize apache permissions to the project site directory:

Chown-R apache.apache / data/www/test/

Specify apache system virtual user to create ftp login account: sansan

[root@localhost www] # pure-pw list [root@localhost www] # pure-pw useradd sansan-u apache-d / data/www/testPassword: Enter it again: [root@localhost www] # pure-pw mkdb [root@localhost www] # cat / usr/local/pureftpd/etc/pureftpd.passwd sansan:$6 $92arGKjDIi/aODb0 $SmyMeKUpsIYXVAqarsPH9xWqO4bdOqYKUXmP8TyUFlwTbTcvGhfJiW2pNMP56J3rHzSYp.mwCP8UB30MttMK01:100:100::/data/www/test/./:

Log in to ftp account sansan through Xftp client

Come here to demonstrate and complete.

Create a ftp login account [root@localhost home] # useradd www-s / sbin/nologin-M [root@localhost home] # id wwwuid=1003 (www) gid=1003 (www) groups=1003 (www) [root@localhost home] # chown-R www.www / data/www/test [root@localhost home] # pure-pw listsansan / data/www/test/./ [root@localhost home] # pure-pw useradd huahua-u www-d / data/www/testPassword: Enter it again: [root@localhost home] # [root@localhost home] # pure-pw mkdb [root@localhost home] # pure-pw listsansan / data/www/test/./ huahua / data/www/test/./ [root@localhost home] # cat / usr/local/pureftpd/etc/pureftpd.passwd sansan:$6 $92arGKjDIi/aODb0 $SmyMeKUpsIYXVAqarsPH9xWqO4bdOqYKUXmP8TyUFlwTbTcvGhfJiW2pNMP56J3rHzSYp.mwCP8UB30MttMK01:100:100::/data/www/test/./:huahua:$6 $oUXu6U/V/UNM7K50 $ztuftPKh7ZuzkHkY.XdNlQOmr6i6krlVQ0Mhsv7kuK5Qppvz440T55fRlssB5GrKkmMrSR220I5lU3yEA5Zsu/:1003:1003::/data/www/test/./: [root@localhost home] #

Log in to the ftp account huahua through the filezilla ftp tool

File uploaded successfully

Fifth, the startup script of pureftpd on centos6 system:

Pureftpd service startup script:

[root@localhost ~] # cat / etc/init.d/pureftpd #! / bin/bash## chkconfig: 2345 85 "description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd# processname: pure-ftpd### BEGIN INIT INFO# Provides: pureftpd# Required-Start: $all# Required-Stop: $all# Default-Start: 2345 # Default-Stop: 0 1" Short-Description: starts pureftpd server# Description: starts pureftpd Server### END INIT INFO# Author: licess# website: https://lnmp.org# Pure-FTPd SettingsPURE_FTPD= "/ usr/local/pureftpd/sbin/pure-ftpd" PURE_CONF= "/ usr/local/pureftpd/etc/pure-ftpd.conf" PURE_PID= "/ var/run/pure-ftpd.pid" RETVAL=0prog= "Pure-FTPd" start () {echo-n $"Starting $prog... "$PURE_FTPD $PURE_CONF if [" $? "= 0]; then echo" done "else echo" failed "fi} stop () {echo-n $" Stopping $prog... " If [!-f "$PURE_PID"]; then echo-n $"$prog is not running." Exit 1 fi kill `cat $PURE_ PID` if ["$?" = 0]; then echo "done" else echo "failed" fi} restart () {echo $"Restarting $prog..." $0 stop sleep 2 $0 start} status () {if [- f "$PURE_PID"]; then echo $"$prog is running." Else echo $"$prog is not running." Fi} case "$1" in start) start;; stop) stop;; restart) restart;; status) status; *) echo $"Usage: $0 {start | stop | restart}" esac

Official document: https://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users

The demonstration here is complete. Interested netizens are welcome to exchange and study together.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.