暂未分类暂未分类Proftp最简匿名访问配置
zphj1987前言
每一次做ftp的配置都要弄半天,找文档,各种权限控制的坑,折腾半天,这次还是准备记录下来,以备不时之需,这里不配置什么高级的功能,就去实现一个最简单的配置
匿名用户的上传和下载
配置proftp过程
配置过程尽量少的动原配置文件,需要共享的为/share/a目录,首先修改默认的目录
修改为:
让默认的根目录为 /share,默认的为用户的根目录,匿名用户对应的ftp用户的根目录
修改匿名用户的目录
修改为
修改原匿名用户ftp的用户目录为/share
修改默认屏蔽权限WRITE
1
2
3
| <Limit WRITE SITE_CHMOD>
DenyAll
</Limit>
|
改成
1
2
3
| <Limit SITE_CHMOD>
DenyAll
</Limit>
|
默认会屏蔽掉写的操作,就没法上传了
配置访问的目录
默认启用了vroot,所以写路径的时候写相对路径即可,添加如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| <Directory "/*">
AllowOverwrite no
<Limit ALL>
DenyAll
</Limit>
<Limit DIRS>
AllowAll
</Limit>
</Directory>
<Directory "/a">
AllowOverwrite no
<Limit ALL>
AllowAll
</Limit>
</Directory>
|
/a就代表的是/share/a
开启匿名
修改配置vim /etc/sysconfig/proftpd
改成:
1
| PROFTPD_OPTIONS="-DANONYMOUS_FTP"
|
给目录访问权限
1
2
| chown ftp:ftp /share/a
chmod 755 /share/a
|
启动proftp服务
1
| systemctl restart proftpd
|
完整配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
| ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
DefaultRoot ~ !adm
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
UseReverseDNS off
User nobody
Group nobody
MaxInstances 20
UseSendfile off
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LoadModule mod_ctrls_admin.c
LoadModule mod_vroot.c
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
ControlsEngine on
ControlsACLs all allow user root
ControlsSocketACL allow user *
ControlsLog /var/log/proftpd/controls.log
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
AdminControlsACLs all allow user root
</IfModule>
<IfModule mod_vroot.c>
VRootEngine on
</IfModule>
<IfDefine TLS>
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
TLSLog /var/log/proftpd/tls.log
<IfModule mod_tls_shmcache.c>
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
</IfModule>
</IfDefine>
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
BanMessage "Host %a has been banned"
BanControlsACLs all allow user ftpadm
</IfDefine>
<IfDefine QOS>
LoadModule mod_qos.c
QoSOptions dataqos throughput ctrlqos lowdelay
</IfDefine>
<Global>
Umask 022
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>
<IfDefine ANONYMOUS_FTP>
<Anonymous /share/>
User ftp
Group ftp
AccessGrantMsg "Anonymous login ok, restrictions apply."
UserAlias anonymous ftp
MaxClients 10 "Sorry, max %m users -- try again later"
DisplayLogin /welcome.msg
DisplayChdir .message
DisplayReadme README*
DirFakeUser on ftp
DirFakeGroup on ftp
<Limit SITE_CHMOD>
DenyAll
</Limit>
<IfModule mod_vroot.c>
<Directory "/*">
AllowOverwrite no
<Limit ALL>
DenyAll
</Limit>
<Limit DIRS>
AllowAll
</Limit>
</Directory>
<Directory "/a">
AllowOverwrite no
<Limit ALL>
AllowAll
</Limit>
</Directory>
</IfModule>
WtmpLog off
ExtendedLog /var/log/proftpd/access.log WRITE,READ default
ExtendedLog /var/log/proftpd/auth.log AUTH auth
</Anonymous>
</IfDefine>
|
总结
最简配置就完成了,也可以根据需要再去做更复杂的配置,这里就不做过多的介绍,比较容易错误的点就是容易出现权限问题无法访问,或者是上下的设置关联错误,可以开启调试模式进行调试
1
| proftpd -n -d 10 -c /etc/proftpd.conf -DANONYMOUS_FTP
|
变更记录
| Why |
Who |
When |
| 创建 |
武汉-运维-磨渣 |
2016-09-01 |
