Room FTP Server with Linux

Chapter II set up an FTP server with Linux 2.1 What is FTP 2.2 Installing WU-FTP 2.3 Let the FTP server running 2.4 Settings 2.5 Open only FTP account 2.6 Setup virtual FTP host

2.1 What is FTP: File Transfer Protocol Principle

The Internet Document Transfer Protocol (FTP) standard is illustrated in RFC959. This protocol defines a standard for transferring files from remote computer systems and local computer systems. In general, the user who transports files needs to log in to the website after authentication, and then access the files in the remote server. Most FTP servers often provide a Guest public account to allow users with no remote servers to access the FTP server.

A FTP session typically includes five software elements interaction.

The user interface provides a user interface and uses the client PI client PI client PI client PI client protocol interpreter using the client protocol interpreter. Its Item Remote Server Agreem transmits commands and drivers the customer data transfer process server PI server protocol interpreter, responding to customer protocols Command and drive the server-side data transfer process customer DTP client data transfer process, which is responsible for completing and server data transfer procedures and client local file systems Communication service DTP server data transfer process, which is responsible for completing and customer data transfer processes and server-side files System communication

In RFC 959, the user's noun is generally used to refer to customers. RFC 959 defines how the client PI and server PI interactions and specifications are used. The mechanism of user interface and PI and DTP interaction is not part of the protocol standard. PI and DTP tend to be implemented in the same program module.

In the FTP session, there is a total of two separate network connections, one is used by the two ends, and the other is used by DTP at both ends. The connection between the PI is generally referred to as a Control Connection, and the connection between the DTP is called a data connection (DATA Connection)

Control and data connection using TCP services

Typically, the FTO server listening port number 21 waits for control connection establishment request. The selection of the data connection port number depends on the command to control the command. Usually the customer sends a control message to specify the client monitor and wait for the server-side port number to establish a request.

The use of different independent connections for data transfer and control commands: Two connections can choose different appropriate service quality, such as: High-to-control connection, smaller delay time, need more to data connection Large data throughput; and avoid pondering and escape of commands in the data stream.

When the transmission is established, it is always initiated by the client. However, customers and servers may be data senders. In addition to transmitting the user request download file, the data transfer process is also established when the client requests the column server-side directory structure.

2.1.1 Order Selection

When a transmission is established, the properties of the four aspects are generally usually required:

File Type This property specifies how to match the file data into the format suitable for transmission, a total of four possible choices:

The ASCII file type is converted from the local text file format to NVT ASCII format, and there is a CR / LF pair to identify each line. At the receiving end, then converted to a local text format. This shows why the amount of data transmitted between the UNIX host is greater than the actual size of the file. If the ASCII text encoding is transmitted or transmitted at both ends of the transmission, it should be implemented by the data transfer process to implement the conversion between the local coding and NVT ASCII encoding. EBCDIC file type is similar to ASCII, distinguishes only using the EBCDIC character encoding image (or binary) file type file with local transmission content transmission, in the remote to use the local identical content stored. The local file system is used in an environment where the byte size is not 8-bit. No word segment is specified by the sender. In practical applications, only ASCII and image format are used. Format Control This property is related to the transfer of text files to the print device, where there are many ways to implement the vertical format information into the file, including the way to start starting with a new page. There is an option to choose from: no print format control, which is default Telnet print control, which is included in the data stream in the data stream. Fortran print control, which is rarely used in actual use. The structural file can have an internal structure and this structure is retained in the transmission. The data transfer process is responsible for matching each other between the structure and the local structure of the transmission:

File structure This is actually meant that files are seen as a continuous byte stream without internal structures. The recording structure file is a structure with a series of records. This is only available for text files. The page structure can also be called a block structure. Each page is accompanied by a page number to complete the transmission in order. The page structure is rarely encountered in practice. The recording structure is not very common. Use the ASCII file type for text files to get the same effect. Transfer mode This attribute can take three different values:

The stream mode file is transmitted in a word stream. The block mode file is transmitted in a block connection, and there is a head in each block. Compressed mode A simple sect length compression coding is applied to compress the continuous identical byte. In practice, only flow mode is used. Compression is generally obtained by using various other tool programs.

When a transfer is established, the client generally specifies one or more of the previously described properties. If the server side cannot support an option, the server will use an error message to respond to the client and does not have a negotiation mechanism.

FTP provides a sufficient command to use the user and remotely establish a connection and access the remote file system.

2.1.2 Command Format

The command is transmitted in the format of the NVT ASCII string. Each command starts with three or four uppercase NVT ASCII characters, followed by option parameters and a CR / LF pair to identify commands

The response consists of three NVT ASCII numbers and an option message.

A long response may have multiple messages, and the three numbers of the first message have a dash, and the last message does not have a broken number. The intermediate news does not need to carry three numbers, but if you bring three numbers, you also need to dash.

Below is a list of all commands. Commands with an asterisk are rarely used, so they often do not support in the specific implementation.

String Meaning Amber Abandon Transfer * Acct Some systems Associate the account and the user with the file system * Allo as the upcoming file allocation space. The parameters carrying the ends to determine the number of bytes * APPE to attach the file to the existing file. CDUP to switch the current directory on the remote system to the upper parent directory CWD change the work of the remote system Delete the remote system file HELP read server Help information, such as: Supported list list List Send the file name list MKD in a newly established data connection to create a directory MODE specified transfer mode, the portable parameters are: s, b or C. NLST Send a "full" directory list NOOP empty operation in a current directory on a newly established data connection, preventing connection to break away PASS to provide a user login password, must immediately follow the user command * PASV specified server data transfer process monitor Waiting for the client's data connection connection establishment request port Specifies the client monitor Waiting for the server-side connected port number PWD Display server-side current work directory name quit exits logging in and terminates the connection * Rein Reinitialization, exiting the login but continue to open, back A new user command * REST will then restart the transfer from the server RETR Retrieve a file RMD from the remote system RMD Delete a directory * RNFR Specifies the old path name of the file to be named, then you must be an RNTO Command * RNTO Specifies the new path name * Site site-specific server to be named * SMNT structure load, providing a remote system path name of a file system structure * STAT status information Stor uploading a file to the server, If the file already exists, the overlay * STOU is uploaded on the server, and the existing file STRU specifies the file structure, the parameters can be F, R or P. * SYST report remote system operating system type type TYPE specified file type, parameter Can be A, E, I, L Only Type A and Type I common control connection commands have the following form:

TYPE Description 1YZ Active initial response You can retry the 5yz permanent passive response, the required action cannot be completed, should not retry

"Y" digital code further information

Digit meaning 0 Syntax Error 1 Information 2 Connection Status 3 Authentication and Accounting 4 Reserved 5 File S File System Status

Here are some typical messages:

Number Meaning 125 Data Connection Opening, Transfer 200 Command OK331 User Name OK Requires Enter Password 425 Unable to turn on Data Connection 452 Error Write File 500 Syntax Error - Unrecognizable Life

See RFC for specific details

The official authority site address of the Wu-ftpd is: http://www.wu-ftpd.org.

2.2 installation of Wu-ftpd

Currently, there are many FTP server software available in the Linux environment, but the most common is still the WU-FTPD server. This software is discussed here. The software is installed and configured.

In general, when Linux is installed, the wu-ftpd server will be installed automatically, but sometimes it is necessary to reinstall the server software in order to some needs. There are two ways to install the WU-ftpd, one is a release package in the form of an RPM; one is to do itself to compile generation of FTP servers.

The RPM package can be downloaded at http://rpmfind.net/linux/rpm/wbyname.html, and it is very simple to install by RPM packet. You can only be completed in a simple step below, assume that the download is obtained. RPM package is placed in the / TMP directory:

#CD / TMP # rpm -ivh wu-ftpd-2.6.0-9.i386.rpm Compressed source code can be obtained at ftp://ftp.wu-ftpd.org/pub/wu-ftpd/. Here we use the latest 2.6.0 as an example how to compile the installation of WU-FTPD.

1, unproform source code

1) Copy the source code of the compressed source to / usr / src

#CP wu-ftpd.2.6.0.tar.gz / usr / src

2) Unzip the compressed document:

#TAR XVFZ Wu-ftpd.2.6.0.tar.gz #cd wu-ftpd-2.6.0

2, type the command "./build xxx", you can specify a C language compiler here: "./ build cc = yyy xxx" YYY means other compilers that replace "CC". For the GCC compiler in the Linux environment, the command should be: "./ build cc = gcc xxx"

#build cc = GCC LNX

XXX can take the following values: GEN: Universal make (need to copy it when transplanted into experience system) AIX: IBM Aixaux: AU / XBDI: BSD / OSBSD: BSDDEC: DEC UNIX 3.XDU4: DEC UNIX 4.x or laten : Dynixfbs: FreeBSD 2.0 or LaTerhiu: Hitachi Unixx: HP-UXLNX: Linux (TESTED ON 2.0.30) NBS: NetBSD 1.xnx2: Nextstep 2.xnx3: NextStep 3.xosf: OSF / 1OSX: Mac OS XPTX: ?? SCO: SCO UNIX 3.2V4.2 / SCO OpenServer 5SGI: SGI Irix 4.0.5ASGI: Sony NewsosSol: SunOS 5.x / Solaris 2.xs41: Sunos 4.1.xult: ultrix 4.xuxw: unixware 1.1 or laterclean: clean up Object Files and Sui Reduce Disk Space After Building.install: Install FTPD

Copying Makefiles.Linking src / config.hMaking support library.gcc -O3 -fomit-frame-pointer -fno-strength-reduce -pipe -c strcasestr.cgcc -O3 -fomit-frame-pointer -fno-strength-reduce -pipe -c authuser.cgcc -o3 -Fomit-frame-pointer -fno-strength-reduuce -pipe -c snprintf.crm -f libsupport.aar CQ libsupport.a strcaseStr.o Author.o Snprintf.Orlib Libsupport.a:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :::: ::::

The following executable will be generated after compiling success:

FTPD FTP Server Program FTPSHUT The program ftpcount count of the FTP daemon is used to display the number of people currently FTP login. FTPWHO is the connection between the current FTP server, similar to the system's who command, only to view the user ckconfig for FTP login Check if the setting of the FTP is correct, FTPRESTART restarts the FTP server privatePW to change the WU_FTPD group access file information

3. If it is just upgraded to a new version, you should first back up all the old profiles of the system. Otherwise these profiles will be overwritten. In order to adapt to your own needs, you should edit the sample configuration file to meet your own requirements, and the requirements of the specific configuration file are referred to the contents. 4, taking a command "./build install" with superuser identity.

#build install

Installing binaries.install -c-co bin -g bin -m 110 bin / ftpd /usr/sbin/in.ftpdinstall -c-b bin -g bin -m 111 bin / ftpshut / usr / bin / ftpshutinstall -c -c -c- Bin -g bin -m 111 bin / ftprestart / usr / bin / ftprestartInstall -c-o bin -g bin -m 111 bin / ftpcount / usr / bin / ftpcountinstall -c -o bin -g bin -m 111 bin / ftpwho / usr / bin / ftpwhoinstall -c-c bin -g bin -m 111 bin / privatepw / usr / bin / privatepwinstalling manpages.install -c-in -g bin -m 444 doc / ftpcount.1 / usr / man / ftpcount.1 / usr / man / ftpcount.1 / usr / man Man1 / ftpcount.1install -c-b bin -g bin -m 444 doc / ftpwho.1 /usr/man/man1/ftpwho.1install -c-o bin -g bin -m 444 DOC / FTPACCESS.5 / USR / Man / man5 / ftpaccess.5install -c-b bin -g bin -m 444 doc / ftpConversions.5 / usr / man5 / ftpconversio5install -c-o bin -g bin -m 444 doc / ftphosts.5 / usr / MAN / man5 / ftphosts.5install -c-b bin -g bin -m 444 doc / xferlog.5 /usr/man/man5/xferlog.5install -c-b bin -g bin -m 444 doc / ftpd.8 / USR / MAN / MAN8 / FTPD.8

5, edit the "/etc/inetd.conf" file, point to the new FTPD daemon, in most cases, this step is not necessary, because in Build Install, the new daemon is copied to the old daemon. If you want to use the enhanced extension of FTPD, you should add the "-a" option in this line.

The ftpd daemon can generally carry the following parameters or without any parameters:

-d debug parameter, when the ftpd daemon occurs, write the error message to the system record file / usr / adm / syslog -L record each FTP session information to / usr / adm / messages in -t setting How long does the FTP client do not operate automatically, this parameter is specified for time, such as -t 600 means that if the client is automatically disconnected if the client does not have an action for 10 minutes, the default value is 15 minutes -a using the ftpaccess configuration file. Content for more detailed complex settings -a does not use the setting of the ftpAccess configuration file, the default value is -Ai When the client has an action of uploading the file, record the use of the -L user connection in the file XFerLog during the FTP server. All commands are recorded in / usr / adm / messages

6. Copy Tar, Gzip, Gunzip, Compress, Uncompress, etc. In "~ ftp / bin", copy "LS" is "~ ftp / bin / ls". 7. If it is installed for the first time, use the "CKConfig" program to find all the configuration files for FTPD: ftpConversions, FTPUsers, and FTPGroups. There is a sample file in the "DOC / Examples" directory. "CKConfig" is an executable program to ensure that any of the issues detected by the program.

2.3 Let the FTP server run

In general, the server can run normally as long as the WU-FTPD is installed correctly. Users can connect to the server from various systems via the FTP command.

2.4 Settings for Profiles

2.4.1 / etc / ftpAccess settings

This profile is the most important profile of the FTP server. The settings of this file determine if the FTP can work normally and a number of access to access. As shown in the following example: class all real, guest, anonymous * limit all 10 Any /etc/msgs/msg.deadreadme README * loginreadme README * cwd = * message /welcome.msg loginmessage .message cwd = * compress yes alltar yes alllog commands reallog transfers anonymous, real inbound, outboundshutdown / etc / shutmsgemail user @ hostname the following is a detailed description of each setting file indication (Directive): indicating: n loginfails password is automatically disconnected n times indicated: group name category autogroup to [ ...] If an anonymous user belongs to the class of any of the parameter categories, the FTP server will implement the setGID () call so that it belongs to the group name defined by this group name, which is to achieve some specific categories anonymous users. You can access files that only allow this group and owner to access. The group name must be a valid group defined within / etc / group. Indicates: a Real, Guest, anonumous IP address This indication is the category of setting the FTP server user. The user of the FTP server can be divided into the following three categories: REAL has a legal account user; Guest defines some users of certain groups; Anonymous anonymous users; example description: Class Outworld Real, guest, anonymous * Definition A class called Outworld, which contains three types of users: Real, Guest, Anonymous. This class is used in later instructions. Where "*" is the IP address section in the class definition, which represents the host on the network. That is to say, any host is allowed to connect to the FTP server. If you want to make certain permission settings for hosts accessing FTP, you can do this: Class Friend Real, Guest, Anonymous * .linuxAid.com.cn 202.102.13. * Specify a Friend class, which is from * .linuxAid.com .CN and 202.102.13. * There is a specific permission setting when accessing the FTP server. Indicates: LIMIT Category Number Time File Name This indication sets a restriction of the number of people to connect to the FTP server in a certain time, and specifies that when the number of connections exceeds the limit, the subsequent user connection is displayed to the user's message information.

For example: Limit Local 20 Any /TMP/MSsage/msg.Toomany The above example limits the support in this class, only 20 people can connect this FTP server at the same time simultaneously, if more than 20 people display / TMP / Message / msg.toomany's content Limit Outworld 100 MOTU | ANY 2200-0800 /TMP/MsSage/msg.limit This example limit Outworld This class can only be at 10:00 to the next morning on Monday or every day. The FTP server is accessed between 8 o'clock, and the number of people connected will not exceed 100 people. If more than 100 people, the content of /tmp/Msage/msg.limit file / TMP/Msage/msg.limit is displayed. For: Sorry! This server only allows anonymous users to visit between 8 times on Mondashir Tuesday and other 8pm to 8:00 per night, the current time is% T; and only allows at the same time with% M an anonymous user access, currently%% N users are accessing the server. Please visit this FTP server at the right time, thank you! The% M here is a variable, which represents the upper limit of the number of people allowed to connect, and the FTP server can automatically replace the variable with the previously set value, and other allowable variables include:% T local current time;% F CWD residual space, In KB. But this variable is not supported by all systems. % C Current Work Contents;% e defines the e-mail address of the system administrator in the / etc / ftpaccess file;% R remote host name;% L local host name;% U log in user name;% N Number of users currently connected; using these parameters, you can edit a detailed description file so that users can clear the current server resource usage. Indicates: ReadMe Description File Instruction When the user performs the specified "instruction", the system will automatically display the set instruction file; Displayed to the user. README README * CWD = * indicates that the user switching the directory (CWD), as long as the file content starting with the ReadMe will be displayed to the user. Usually readme * should be a description of the file in this directory, so that the logged in user can clearly know those files in the directory; indicating: Message file name instructions When the user performs a specific "instruction", the system will specify the file The content is displayed to the user; .welcome file, /HOME/ftp/msg.welcome.

Message / Welcome CWD = * Specifies that when the user switches another directory, as long as the msg.welcome file in the directory is displayed: Compress (Yes / no) category Sety which category of users can use compression features; example: compress YES Local Outworld allows both categories of local and outforld to use compressed feature instructions: TAR (YES / NO) category Specify which category of users can use TAR function; indication: passwd-check (none / trivial / rfc822) (Enforce / Warn When the user logs in to the server in an anonymous manner: NONE indicates that the password is not verified, any password can be logged in; Trival means that only the password contains @ can log in; RFC822 indicates that the password must comply with the E-specified in RFC822. -mail format can log in. If WebMaster@linuxAid.com.cn enforce indicates that the input password does not match the specified format is not allowed to log in; WARN means that the input password does not meet the specified format display warning information, but still allow login; indication: log commands Category (READ / GUEST / anonumous When setting those users to log in, the operation used will be recorded in file / usr / adm / xferlog. Indicates: Log Transfer Category (Inbound / Outbound) Set the specified user category Related information to / usr / adm / xferlog when the user category is uploaded or downloaded. For example: log transfer anonymous, real inbound, Outbound When an Anonymous or REAL user is logged in, uploading and downloading is recorded in File / USR / ADM / XFerLog. Indicates that the shutdown file name FTP server is closed, and the set time can be specified in the file in the file name later, and the setting time cannot be logged in to the FTP server, and only this file is removed to resume the FTP server. The format of the file can be created by the command ftpshut. Indicates: DELETE (YES / NO) Category (REAL / Anonymous / Guest) Set whether to allow the specified user to use the delete command. For example: delete no guest, anonymous settings the user who logs in within the guest or Anonymous does not allow the delete command to be executed. Instructions: the REALWRITE (YES / NO) Category Set whether the user is allowed to use OverWrite instructions. Indicates: Real / anonymous / guest Set whether the user is allowed to use the ReadME instruction. Indicates: a real / anonymous / guest setting whether the user is allowed to use the CHMOD instruction. Indicates: umask (yes / no) category Set whether the user is allowed to specify the user using the Umask instruction.

Indicates: Upload [Absolute | Relative] [Class = ] ... [-] ["DIRS" | NODIRS "] []

Define the directory allowed to be uploaded. If you are allowed to upload, all the owners and groups of all newly uploaded files are defined by and , the access rights will be . For upload files override the old file will keep the original owner and access rights. File uploaded by the maximum matching catalog item, such as UPLOAD / VAR / FTP * NOUPLOAD / VAR / FTP / INCOMING YES FTP DAEMON 0666UPLOAD YES FTP DAEMON 0666UPLOAD YES FTP DAEMON 0666UPLOAD / VAR / FTP / INCOMING / GIFS YES JLC GUEST 0600 NODIRSWOULD ONLEDOW UPLOADS INTO / INCOMING And / INCOM-: Allow / INCOMING and / INCOM-ING / GIFS directory to be uploaded. The files loaded in the / incoming directory will belong to FTP / Daemon, access to 0666; and file uploaded under / incoming / gifs will belong to JLC / Guest, access is 0600. It should be noted that must match the main directory in the "FTP" user's Passwd file. "DIRS" and "NODIRS" options are used to set whether the new subdirectory is created in this directory. But the default is to allow the creation of subdirectory. Sets the access to the newly created directory, default to 0777. The upload indication can only be applied to the user's home directory (chroot () parameter) equivalent to the user of , can indicate the matching of any main directory. and may also be specified as *, in which case any uploaded file or the owner of the created directory is equal to the owner of the originator. Options [absolute | relative] specifies whether is an absolute path or a relative path specified by the chroot () parameter. The default is an absolute path. You can also specify any multiple class = 'to further qualify. If any directory is specified, the upload indication only affects users of these groups. Indicates: Alias ​​directory alias directory path Set an alias for the specified directory, and you can use an alias when you switch your directory. For example: Alias ​​XWIN / PUB / Linux / XWindows sets an alias XWIN for / pub / Linux / XWindows, and you can enter the directory as soon as you enter the command CD XWIN. Indicates: CDPath Directory This function is similar to the system's path environment variable settings. When CD / ETC, FTP first checks if there is an etc subdirectory in the current directory, and it is not necessary to see if there is an alias. If it is not, the path set according to the indication Inquire. For example: CDPath / Pub / Linux CDPath / Pub CDPath / Search Order is: / Pub / Linux / Pub / Indicator: Path-Filter Category (REAL / Anonymous / Guest) directory setting upload file name limit. Example: Path-filter anonymous /etc/pathmsg ^ [-a-za-z0-9_/.]* orchard / etc / pathmsg ^ [- A-ZA-Z0-9_ / .] * $ ^ /. ^ - Set the file name uploaded by the ANONYMOMOUS and GUEST users can only contain AZ, AZ, 0-9, and ._-, the name is "." And "-" not available to the server. on.

Indicates: GuestGroup [ ...] guest ]Sername> [ ...] RealGroup [ ...] Realuser [ ...] For GuestGroup instructions, if a real (REAL) user belongs to any group specified by any , its FTP session is processed in an anonymous manner by the FTP server. That is, chroot () is called, and the user no longer allows the User and Pass commands. must be a valid group. The user's Home directory must be striving for the settings, and must indeed consistent with anonymous users. The HOME directory of the related items in / etc / passwd is split into two parts, the first part is the root directory parameters of chroot () call, second One is the main directory of the user, and the two parts are "/./ Separate", such as: guest1: : 100: 92: guest account: / ftp /./ incoming: / etc / ftponly Guest1 successfully logs in to enter, the FTP server will call Chroot ("/ ftp") and then call chDIR ("/ incoming"). The guest1 can only access the / ftp under the / ftp as an anonymous user (for Guest1, it is "/"). can be a group name or digital ID. If you use a digital ID, you need to add a "%" in front of the number. Use * to represent all groups. GuestUSER and GUESTGROUP indicate similar, but it is limited to a single user. Realuser and RealGroup have the same syntax, but the opposite role is with GuestUSER and GUSTGROUP, which allows a user or a user to access the FTP server in real identity. For example,: GuestUSER * RealGroup Admin After specifying all non anonymous users to log in to the server, they are processed as an anonymous user, but the user of the Admin Group is an exception, and the real identity is existed after logging in. Indicates: GuestGroup function Sets the function of the guest group. Example: GuestGroup ftponly

Indicates: nice [] sets the scheduling priority of the FTP server daemon.

Indicates: Defumask [] If the remote user belongs to the Class, the UMASK of the daemon created is umask. UMASK is used as the default umask without specifying the Class.

Indicates: TCPWINDOW [] Sets the TCP window size of the data connection, if you don't understand the meaning, do not set it.

Indicates: Keepalive Set the SO_KEEPALIVE parameter option for TCP Socket.

Indicates: Timeout Accept Timeout Connect Timeout Data timeout idle timeout maxidle Timeout RFC931 Setting various timeout clocks, these parameters must be very familiar with TCP protocols It should be set to set, generally do not change these values, and the specific meanings see Man FTPAccess. Indicates: file-limited [] [] Limit any one of the files of a group allows for the amount of files allowed to be uploaded, and if there is no Class, the limit is applied to All groups do not have a defined group. RAW indicates that this limit includes all transmission, not just a data file. Indicates: Byte-Limit [] [] Restricts the total amount of data that allows for any user to allow transmission.

Indicates: limit-time {* | anonymous | guest} Limited a duration allowed by a dialog, default. Real users don't have this limit.

Indicates: Guest Server [] control which site allows an anonymous connection, and if hostname is not specified, all anonymous connections are rejected.

Indicates: noretrieve [absolute | relative] [class = ] ... [-] ... Set which specific files rejects those categories access. For example: NORETRIEVE / ETC / Passwd Core Specifies that any visitor cannot access the Passwd file under the file / etc directory and all files named "core".

Indicates: allow-retrieve [absolute | relative] [class = ] ... [-] ... Allow access to these files.

Indicates: Private When a user logs in, indicating that Site Group and And Site Gpass are used to specify an enhanced access group and the corresponding password. If the set group name and password are valid, the user will become a member of the group, with access to the group.

Indicates: Greeting Full | Brief | Terse Greeting Text How much GREET information and information content are given to the user after logging in. Indicates: Banner and messages, but the Banner message is displayed to the user before the user enters the username and password.

Indicates: Hostname Defines the default host name of the FTP server.

Indicates: email Defines the EMAI address of the FTP maintor. Indicates: Log Security (Anonymous | Guest | REAL) Makes the record violates the security rules such as: (Noretrieve ,.Notar, ...) command. Indicates: log syslog log syslog xferlog Redirects Record messages to the system log file syslog, and only XFerlog is logged by default. Indicates: Daemonaddress

If this value is not set, the server listens to all access requests, otherwise, the server only accepts connection requests from

defined. This setting is generally not setup, and the functionality of the virtual host or other future extension will be blocked later. Indicates: Virtual

Opens the support of the virtual FTP server.

is the IP address of the virtual server. The second parameter specifies the path to the root directory, Bannner file, log file, and the like.

Indicates: Virtual

Set the host name or email displayed in the Greeting message.

Indicates: Virtual

allow [ ...] Virtual

deny [ ...] General and guest users do not allow logins to enter the virtual host, the two instructions User used to re-refine the definition of users who are allowed and denied visiting virtual hosts.

Indicates: Virtual

Private typically, refuses an anonymous user to log in to the virtual host.

Indicates: DefaultServer Deny [ ...] DefaultServer allow [ ...] is defined for users who are allowed to access the default (non-virtual) FTP server. Indicates: DefaultServer Private refuses an anonymous user to access the default FTP server. Indicates: DENY IP Address / Domain Name Description File setting limit which IP address or user of the domain name is not allowed to log in to the server. For example: DENY 202.102.15 * * .hacker, com /tmp/message/deny.msg Limits the IP address of 202.102.15 * and domain name * .hacker, COM machine does not allow login server

2.4.2 / etc / ftpusers and / etc / ftphosts settings

/ etc / ftpusers is used to set certain users on the system that are not allowed to use FTP transfer files, / etc / ftphosts is used to set some hosts that are not allowed to connect to this FTP server. The purpose of this is for safety considerations.

The examples used by ETC / FTPUSERS are as follows:

RootbindaemonadmlpsyncShutdownhaltmailnewsuCPopeTrgamesNobody limits Some users login FTP server for system security, for example avoid superuser login systems. And some of the same users from entering the FTP server are prohibited.

The example of / etc / ftphosts is as follows:

# EXAMPLE HOST Access File ## Everything AFTER A '#' Is Treated As Comment, # Empty Lines Are Ignored # allow [ ...] #OnsNLy Allow Host (s) matching To log in as . # deny [ ...] # always deny host (s) matching to log in as . alignow ideal * .linuxaid.com .cn 10.0.0.0.0.0.0.0.0.0.0.0.324 Here Ideal is allowed to enter the FTP server from the domain name from the domain name and 10.0.0.0/255.0.0.0.0.0.0.0.0.0.0 host; Fred from * .hacker.com and 131.211.32.0/24 log in into the FTP server. The username here refers to anonymous users if anonymous or ftp is anonymous.

2.4.3 / etc / ftpconversions settings

This file is used to set the operation when the user downloads the file, such as compression, decompression, etc. The file content is as follows:

: .Z::::. Z: / bin / compress: compress: .gz:::::::::::::::: ::: / bin / gzip-cd% s: t_reg | t_ascii: o_uncompress: gunzip::: .gz: / bin / gzip -9 -c% s: t_reg: o_compress: gzip::: .tar: / bin / tar -c -f -% s: t_reg | t_dir: o_tar: Tar::: .tar.z: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Compress::::. Tar.gz: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Gzip::: .crc: / bin / cksum% s: t_reg :: Cksum:::. MD5: / bin / md5sum% s: t_reg :: md5sum

File setting instructions:

: .Z::: / bin / compress -d -c% s: t_reg | t_ascii: o_uncompress: uncompress Decomposing all the files used / bin / compress -d -c "in the" .z "end. :: .Z: / bin / compress -c% s: t_reg: o_compress: Compress indicates that the file is compressed into ".z" format.

: .gz::: / bin / gzip-cd% s: t_reg | t_ascii: o_uncompress: gunzip Decomposes all files with ".gz" with "/ bin / gzip -cd".

::: .gz: / bin / gzip -9 -c% s: t_reg: o_compress: gzip Indicates that the file is compressed into ".gz" format.

::: .tar: / bin / tar -c -f -% s: t_reg | t_dir: o_tar: TAR means that the file to be transmitted is packaged with "TAR".

:: .tar.z: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: TAR Compress indicates that the file to be transmitted into "tar.z"::::::::::: .tar.gz: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: tar gzip Indicates that files to be transferred into "tar.gz" format

::: .crc: / bin / cksum% s: t_reg :: cksum Indicates that the file to be transmitted is CRC check processing.

::: .md5: / bin / md5sum% s: t_reg :: md5sum Indicates the file to be transmitted to MD5 check.

In fact, the default configuration file after the installation of FTP has defined the commonly used compressed program definition, so it is generally not necessary to modify the content of this file, but can modify the order according to actual needs. For example, the user wants to download a "file.tar.gz" file, but this file does not have this file on this FTP, but there is file file, then the FTP server compresses File to file. Tar.gz is passed to the user. If there is no File file on the server, the server will search in the order specified in the / etc / ftpconversions file. In this case, search file.z, file.gz, file.tar, file.tar.z , File.tar.gz, file.crc, file.md5 file, will be found to the user. Therefore, the contents of the file / etc / ftpconversions can change the order in need.

So far, the installed configuration has been installed a FTP server that provides anonymous access, which can be connected to whether the test function meets the needs.

2.4.1 related procedures for Wu-ftp

ftpcount This program can count the number of users currently connected, and give the upper limit, such as:

[root @ Linux doc] # ftpcountservice Class Friend - 0 Users (No Maximum) Service Class Local - 0 Users (no maximum) Service Class Outworld - 0 Users (no maximum) Here is 0 people who are Local belonging to Local, no upper limit . Same other types of categories.

[root @ Linux doc] # ftpwhoService Class Friend: - 0 Users (no maximum) Service Class Local: - 0 Users (no maximum) Service Class Local: - 0 Users (no maximum) There is no user connection.

ftpshut

The program is primarily used to generate / etc / shutmsg, which is the shutdown command set in the front / etc / ftpaccess. The format of FTPSHUT is as follows:

FTPSHUT [-V] [-l min] [-d min] TIME [WARNING-Message ...] -L This option is set to shut down how many minutes before the FTP server stops the user's connection request - D This option is set to close the FTP server Previously, how many minutes have set up the connected user to turn off the FTP server. For example, it is desirable to turn off the FTP server at 10:00, and the alarm information that is previously displayed for the user before the 2200Warning-Message is displayed, for example,:

[root @ Linux / etc] # ftpshut -l15 -d5 1800 "FTP Server Will Shutdown" [root @ link / etc] # less shutmsg2000 04 07 18 00 0015 0005FTP server will shutdown2.5 Open only FTP account

Many times you need to open some users who allow FTP to the server, implement the method:

1. Open an account on the system according to the usual way.

[root @ ns / etc] # useradd ftp_user1 [root @ ns / etc] #CHMOD 700 / etc / shadows [root @ ns / etc] #vi / etc / shadows

Delete item: ftp_user1: !!: 11113: 0: 99999: 1113: 0: 99999: 11: -1: 0: 134537372 "!!", then log in with ftp_usre1 users, will not ask the password, then use Passwd Set password for this user

2, use the VI to modify the / etc / shells file, add / dev / null items or / bin / passwd, as shown below:

[root @ ns / etc] # Cat shells / bin / bash / bin / sh / bin / ash / bin / bsh / bin / tcsh / bin / csh modified to:

[root @ ns / etc] # cat shells / bin / bash / bin / sh / bin / ash / bin / bsh / bin / tcsh / bin / csh / dev / null / bin / passwd

2. Use the VI to open the file / etc / passwd3, change the login shell of users who allow the FTP to change to / dev / null (if the user is not allowed to modify its password) or / bin / passwd (if the user is allowed to modify its password Word), as shown below:

FTP_USER1: X: 503: 504 :: / bash / ftp_user1: / bin / bash change to: ftp_user1: x: 503: 504 :: / Home / ftp_user1: / dev / null or ftp_user1: x: 503: 504 :: / Home / ftp_user1: / bin / passwd

In this way, the user can only use services such as POP3, FTP, and cannot log in to the system via Telnet.

2.6 Set the virtual FTP host

The so-called virtual anonymous host refers to a plurality of IP addresses on a machine, and can provide an anonymous FTP server, which is logically independent, different access control tables, different downloads. Below is the step of setting up a virtual FTP server: