I used to get something you, now I have a post, I hope everyone is a bit :)
1.1 What is FTP: File Transfer Protocol Principle
1.1.1 Command Selection
1.1.2 Command format
1.2 WU-ftpd installation
1.3 Let the FTP server run
1.4 Profile settings
1.4.1 / etc / ftpaccess settings
1.4.2 / etc / ftpusers and / etc / ftphosts settings
1.4.3 / etc / ftpconversions settings
1.4.1 related procedures for Wu-ftp
1.5 Open only FTP account
1.6 Set the virtual FTP host
What is FTP: Principle of File Transfer Protocol
The Internet Document Transfer Protocol (FTP) standard is illustrated in RFC959. This protocol defines a standard for transferring files from remote computer systems and local computer systems. In general, the user who transports files needs to log in to the website after authentication, and then access the files in the remote server. Most FTP servers often provide a Guest public account to allow users with no remote servers to access the FTP server.
A FTP session typically includes five software elements interaction.
The user interface provides a user interface and uses the service of the client protocol interpreter.
Customer PI Customer Protocol Interpreter, its Item Remote Server Agreem Sends a command and drives the customer data transfer process
Server PI Server Protocol Interpreter, Responding to the command issued by the client protocol and drives the server-side data transfer process
Customer DTP Customer Data Transfer Process, which is responsible for completion and server data transfer process and client local file system
Services DTP server data transfer process, which is responsible for completing and communicating with customer data transfer procedures and server-side file systems
In RFC 959, the user's noun is generally used to refer to customers. RFC 959 defines how the client PI and server PI interactions and specifications are used. The mechanism of user interface and PI and DTP interaction is not part of the protocol standard. PI and DTP tend to be implemented in the same program module.
In the FTP session, there is a total of two separate network connections, one is used by the two ends, and the other is used by DTP at both ends. The connection between the PI is generally referred to as a Control Connection, and the connection between the DTP is called a data connection (DATA Connection)
Control and data connection using TCP services
Typically, the FTO server listening port number 21 waits for control connection establishment request. The selection of the data connection port number depends on the command to control the command. Usually the customer sends a control message to specify the client monitor and wait for the server-side port number to establish a request.
The use of different independent connections for data transfer and control commands: Two connections can choose different appropriate service quality, such as: High-to-control connection, smaller delay time, need more to data connection Large data throughput; and avoid pondering and escape of commands in the data stream.
When the transmission is established, it is always initiated by the client. However, customers and servers may be data senders. In addition to transmitting the user request download file, the data transfer process is also established when the client requests the column server-side directory structure.
1.1.1 Command Selection
When a transmission is established, the properties of the four aspects are generally usually required:
file type
This property specifies how to match the file data into the format suitable for transmission, with four possible options:
ASCII file type
In the sender, the file is converted from the local text file format to the NVT ASCII format, and there is a CR / LF pair to identify each line. At the receiving end, then converted to a local text format.
This shows why the amount of data transmitted between the UNIX host is greater than the actual size of the file. If the ASCII text encoding is transmitted or transmitted at both ends of the transmission, it should be implemented by the data transfer process to implement the conversion between the local coding and NVT ASCII encoding.
EBCDIC file type
Similar to ASCII, distinguish between just use EBCDIC character encoding
The image (or binary) file type file is transmitted locally, stored on the same local content stored on the remote end.
Local file system
Used in an environment where the byte size is not 8-bit. No word segment is specified by the sender.
In practical applications, only ASCII and image format are used.
Format control
This attribute is related to the final transfer of text files to the printing device, where there are many ways to implement the vertical format information into the file, including the way to start starting with a new page. There is an option to choose from:
No need to print format control, this is the default value
Telnet print control, the control characters defined in the Telnet protocol are included in the data stream. .
FORTRAN print control,
This attribute is rarely used in practice.
structure
The file can have an internal structure and this structure is retained in the transmission. The data transfer process is responsible for matching each other between the structure and the local structure of the transmission:
File structure
This actually means that files are seen as a continuous byte stream without internal structures.
Recording structure
The file is a structure with a series of records. This is only available for text files.
Page structure
It can also be called a block structure. Each page is accompanied by a page number to complete the transmission in order.
The page structure is rarely encountered in practice. The recording structure is not very common. Use the ASCII file type for text files to get the same effect.
Transmission mode
This attribute can take three different values:
Flow mode
The file is transmitted in words.
Block mode
The file is transmitted in a block to connect a block, and there is a head in each block.
Compression mode
A simple sect length compression coding is applied to compress the continuous identical bytes.
In practice, only flow mode is used. Compression is generally obtained by using various other tool programs.
When a transfer is established, the client generally specifies one or more of the previously described properties. If the server side cannot support an option, the server will use an error message to respond to the client and does not have a negotiation mechanism.
FTP provides a sufficient command to use the user and remotely establish a connection and access the remote file system.
1.1.2 Command format
The command is transmitted in the format of the NVT ASCII string. Each command starts with three or four uppercase NVT ASCII characters, followed by option parameters and a CR / LF pair to identify commands
The response consists of three NVT ASCII numbers and an option message.
A long response may have multiple messages, and the three numbers of the first message have a dash, and the last message does not have a broken number. The intermediate news does not need to carry three numbers, but if you bring three numbers, you also need to dash.
Below is a list of all commands. Commands with an asterisk are rarely used, so they often do not support in the specific implementation.
String meaning
Abor abandoned transmission
* ACCT Some systems associate accounts and users with file systems
* Allo is allocated to allocate files. The parameters carrying the ends to determine the number of bytes
* APPE attached files to the existing file
CDUP switches the current directory on the remote system to the superior parent directory
CWD changes the working directory of the remote system
Dele deletes files for remote systems
Help reads the help information of the server, such as the list of supported commands
List sends a list of file names in the current work directory on a newly established data connection
MKD creates a directory
Mode Specifies the transmission mode, the portable parameters are: s, b or C.
NLST sends a list of "complete" directory in a current directory on a newly established data connection
NOOP empty operation, prevent connection is broken
PASS provides a user login password, must immediately follow the user command
* PASV Specifies the server data transfer process monitor waiting for the client's data connection connection establishment request
Port specifies the port number of the client listening to the connection waiting for the server-side connection
PWD Displays the current work directory name of the server side
Quit exits login and terminates the connection
* Rein Reinitialize, exit login but continue to connect, and then you must then issue a new user command.
* REST restarts from the server to retrieve a file from the remote system
RMD deletes a directory
* RNFR Specifies the old path name of the file to be named, then must be an RNTO command.
* RNTO Specifies the new path name for files to be named
* Site Site-unique server provided by Services
* SMNT structure load, provide a remote system path name for a file system structure
* STAT status information
STOR uploads a file to the server, if the file already exists, overwate
* STOU uploads a file to the server, does not overwrite the existing file
The STRU specifies the file structure, and the parameters can be F, R or P.
* SYST reports the operating system type of the remote system
TYPE specifies the file type, the parameters can be A, E, I, L only Type A and Type I commonly used
The control connection command has the following form:
Type Description
1YZ active initial response, waiting for another response before sending another command
2yz actively responded, the last command succeeded
3yz actively responds, you must send a command
4yz temporarily answered, the required movements can not be completed at the time, but they can try
5yz permanently passive response, the required movement cannot be completed, should not retry
"Y" digital code further information
Digit meaning
0 syntax error
1 information
2 connection status
3 certification and accounting
4 reserved
5 File S file system status
Here are some typical messages:
Number meaning
125 data connection open, transmission start
200 command OK
331 User Name OK Need to Enter a password
425 cannot open data connection
452 error write file
500 syntax error - unrecognizable life
See RFC for specific details
The official authority of the Wu-ftpd is: http://www.wu-ftpd.org/.
1.2 WU-ftpd installation
Currently, there are many FTP server software available in the Linux environment, but the most common is still the WU-FTPD server. This software is discussed here. The software is installed and configured.
In general, when Linux is installed, the wu-ftpd server will be installed automatically, but sometimes it is necessary to reinstall the server software in order to some needs. There are two ways to install the WU-ftpd, one is a release package in the form of an RPM; one is to do itself to compile generation of FTP servers.
The RPM package can be downloaded at http://rpmfind.net/linux/rpm/wbyname.html, and it is very simple to install by RPM packet. You can only be completed in a simple step below, assume that the download is obtained. RPM package is placed in the / TMP directory:
#CD / TMP
# rpm -ivh wu-ftpd-1.6.0-9.i386.rpm
The compressed source code can be obtained in ftp://ftp.wu-ftpd.org/pub/wu-ftpd/. Here we use the latest 1.6.0 as an example how to compile the installation of WU-FTPD.
1, unproform source code
1) Copy the source code of the compressed source to / usr / src
#CP wu-ftpd.1.6.0.tar.gz / usr / src
2) Unzip the compressed document:
#TAR XVFZ wu-ftpd.1.6.0.tar.gz
#CD wu-ftpd-1.6.0
2, type the command "./build xxx", you can specify a C language compiler here: "./ build cc = yyy xxx" YYY means other compilers that replace "CC". For the GCC compiler in the Linux environment, the command should be: "./ build cc = gcc xxx"
#build cc = GCC LNX
XXX can take the following value:
GEN: Universal make (need to copy it when transplanted into experience system)
AIX: IBM AIX
AUX: AU / X
BDI: BSD / OS
BSD: BSD
DEC: DEC UNIX 3.X
DU4: DEC UNIX 4.x or Later
Dyn: Dynix
FBS: FreeBSD 1.0 or Later
HiU: Hitachi Unix
HPX: HP-UX
LNX: Linux (TESTED ON 1.0.30)
NBS: NetBSD 1.x
NX2: NextStep 1.x
NX3: NextStep 3.x
OSF: OSF / 1
Osx: Mac OS X
PTX:???
SCO: SCO UNIX 3.2V4.2 / SCO OpenServer 5
SGI: SGI Irix 4.0.5A
SNY: SONY NEWSOS
Sol: SunOS 5.x / Solaris 1.x
S41: Sunos 4.1.x
ULT: Ultrix 4.x
UXW: Unixware 1.1 or Later
Clean: Clean Up Object Files and Such To Reduce Disk SpaceAfter Building.
Install: install ftpd
Copying makefiles.
Linking src / config.h
Making support library.
GCC -O3 -FOMIT-FRAME-POINTER -FNO-strength-reduuce -pipe -c strcasestr.c
GCC -O3 -FOMIT-FRAME-POINTER -FNO-Strength-reduuce -pipe -c Authi.c
GCC -O3 -FOMIT-FRAME-POINTER -FNO-strength-reduuce -pipe -c snprintf.c
RM-F Libsupport.a
Ar CQ Libsupport.a strcaseStr.o Authi.o Snprintf.o
Ranlib Libsupport.a
:::::
:::::
:::::
The following executable will be generated after compiling success:
FTPD FTP server program
FTPSHUT is used to turn off the FTP daemon
FTPCount count programs show the number of people who are currently FTP login
FTPWHO View the connection between the current FTP server, similar to the system's who command, just view users who log in for FTP
CKCONFIG Checks if the FTP settings are correct
FTPRESTART restarts the FTP server
PrivatePW Changes the WU_FTPD group access file information
3. If it is just upgraded to a new version, you should first back up all the old profiles of the system. Otherwise these configuration files will be overwritten. In order to adapt to your own needs, you should edit the sample configuration file to meet your own requirements, and the requirements of the specific configuration file are referred to the contents.
4, taking a command "./build install" with superuser identity.
#build install
Installing binaries.
Install -c -o bin -g bin -m 110 bin / ftpd /usr/sbin/in.ftpd
Install -c -o bin -g bin -m 111 bin / ftpshut / usr / bin / ftpshut
Install -c -o bin -g bin -m 111 bin / ftprestart / usr / bin / ftprestart
Install -c -o bin -g bin -m 111 bin / ftpcount / usr / bin / ftpcount
Install -c -o bin -g bin -m 111 bin / ftpwho / usr / bin / ftpwhoinstall -c-b -g bin -m 111 bin / privatepww / usr / bin / privatePW
INSTALLING MANPAGES.
Install -c-b bin -g bin -m 444 doc / ftpcount.1 /usr/man/man1/ftpcount.1
Install -c -o bin -g bin -m 444 doc / ftpwho.1 /uSR/man/man1/ftpwho.1
Install -c-b bin -g bin -m 444 doc / ftpaccess.5 /usr/man/man5/ftpaccess.5
Install -c-b bin -g bin -m 444 doc / ftpConversions.5 / usr / man / man5 / ftpconversio5
Install -c-b bin -g bin -m 444 doc / ftphosts.5 /usr/man/man5/ftphosts.5
Install -c-b bin -g bin -m 444 doc / xferlog.5 /usr/man/man5/xferlog.5
Install -c -o bin -g bin -m 444 doc / ftpd.8 /usr/man/man8/ftpd.8
5, edit the "/etc/inetd.conf" file, point to the new FTPD daemon, in most cases, this step is not necessary, because in Build Install, the new daemon is copied to the old daemon. If you want to use the enhanced extension of FTPD, you should add the "-a" option in this line.
The ftpd daemon can generally carry the following parameters or without any parameters:
-d debug parameter, when an error occurs when an FTPD daemon occurs, the error message is written to the system record file / usr / adm / syslog
-l Record each FTP session information to / usr / adm / messages
-t setting When the FTP client has no operation, it automatically disconnects. This parameter is specified after the time, such as the -t 600 means if the customer
If there is no action in 10 minutes for 10 minutes, it is automatically disconnected. The default is 15 minutes.
-a uses the FTPAccess configuration file content for more detailed complex settings for FTPD
-A does not use the setting of the ftpaccess configuration file, the default value is -a
-i When the client has the action of uploading the file, record it in the file XFerlog
-L All commands used during the user to connect to the FTP server are recorded in / usr / adm / messages
6. Copy Tar, Gzip, Gunzip, Compress, Uncompress, etc. In "~ ftp / bin", copy "LS" is "~ ftp / bin / ls".
7. If it is installed for the first time, use the "CKConfig" program to find all the configuration files for FTPD: ftpConversions, FTPUsers, and FTPGroups. There is a sample file in the "DOC / Examples" directory. "CKConfig" is an executable program to ensure that any of the issues detected by the program.
1.3 Let the FTP server run
In general, the server can run normally as long as the WU-FTPD is installed correctly. Users can connect to the server from various systems via the FTP command.
1.4 Profile settings
1.4.1 / etc / ftpaccess settings
This profile is the most important profile of the FTP server. The settings of this file determine if the FTP can work normally and a number of access to access. As shown in the following example: Class All Real, Guest, Anonymous *
Limit all 10 any /etc/msgs/msg.dead
Readme Readme * login
README README * CWD = *
Message /welcome.msg login
Message .Message CWD = *
Compress Yes All
Tar Yes All
Log Commands Real
Log TransferS Anonymous, Real Inbound, Outbound
Shutdown / etc / shutmsg
Email user @ hostname
Below is a detailed description of each indication of the file: Directive:
Indicate: loginfails n
Password input N times automatically disconnected
Indicates: AutoGroup Group Name Category [...]
If an anonymous user belongs to the class of any parameter category, the FTP server will implement the setGID () call to bring this group name defined group, which is to achieve some specific categories anonymous users to access some only allowed this group. And the owner can access the file. The group name must be a valid group defined within / etc / group.
Indicates: Class Category Category (Real, Guest, Anonumous) IP address
This indication is the category of setting the FTP server user.
Users of FTP servers can be divided into the following three categories:
REAL has a legal account on the FTP server;
GUEST defines users of certain groups;
Anonymous anonymous users;
for example:
Class Outworld Real, Guest, Anonymous *
Define a class named Outworld, which contains three types of users: Real, Guest, Anonymous. This class is used in later instructions. Where "*" is the IP address section in the class definition, which represents the host on the network. That is to say, any host is allowed to connect to the FTP server. If you want to make certain permissions settings for hosts accessing FTP, you can do this:
Class Friend Real, Guest, Anonymous * .linuxAid.com.cn 201.101.13. *
Specifies a Friend class, which has a specific permission setting when accessing the FTP server from * .linuxAid.com.cn and 201.101.13. * Access to the FTP server.
Indicates: LIMIT Category Number of Time File Name
This indication is set to a limited number of people to allow the number of people to connect to the FTP server in a certain period, and specify that when the number of connections exceeds the limit, the subsequent user connection is displayed to the user's message information.
for example:
Limit Local 20 Any /TMP/MESSAGE / Msg.Toomany
The above example limits the support in this class, only 20 people can connect this FTP server at the same time simultaneously, if more than 20 people display /TMP/MsSg.Toomany file content
Limit Outworld 100 Motu | ANY 2200-0800 /TMP/MESSAGE / MSG.LIMIT
This example limits the user of Outworld's class to access the FTP server between 10 or 8 times on Monday or every day to 8:00 in the morning, and the number of people connecting can not exceed 100 people, if more than 100 people , Display / TMP/MESSAGE /MSG.LIMIT file content
/TMP/Msage/msg.limit is:
I am sorry! This server only allows anonymous users to visit between 8 times on Mondashir Tuesday and other 8pm to 8:00 per night, the current time is% T; and only allows at the same time with% M an anonymous user access, currently%% N users are accessing the server. Please visit this FTP server at the right time, thank you! The% M here is a variable that represents the upper limit of the number of people allowed to connect, and the FTP server can automatically replace the variable with the previously set value, and other allowable variables include:
% T local current time;
The partition remaining space in the% F CWD, in KB. But this variable is not supported by all systems.
% C Current work catalog;
% E defines the e-mail address of the system administrator in the / etc / ftpaccess file;
% R distal host name;
% L local hostname;
The user name given when% is logged in;
% N The number of users currently connected in this category;
With these parameters, you can edit a detailed explanation, so you can make the user know the current server resource usage.
Indicates: Readme Description File Instruction
When the user performs the specified "instruction", the system will automatically display the description files set;
for example:
Readme Readme * login
When the user performs the login action, as long as the content of the readme is displayed, it will be displayed to the user.
README README * CWD = *
Indicates that the user switches the directory (CWD), as long as the file content starting with the ReadMe will be displayed to the user.
Usually readme * should be an instructions for files in this directory, so that the logged in user can clearly know those files in the directory;
Indicate: Message file name instruction
When the user performs specific "instructions", the system displays the specified file content to the user;
for example:
Message / msg.welcome login
Specifies that when the user logs in, the content of /tmp/message/msg.welcome will be automatically displayed to the user, note that /msg.welcome refers to the msg.welcome file under the FTP root, ie /Home/ftp/msg.welcome.
Message / Welcome CWD = *
Specifies that when the user switches another directory, as long as there is a msg.welcome file in the directory, it is displayed to the user.
Indicates: Compress (YES / NO) Category
Set which category user can use the compression function;
Example: Compress Yes Local Outworld
Allows both categories of local and outword to use compression
Indicates: TAR (YES / NO) Category
Specify which category user can use TAR function;
Indicates: Passwd-Check (None / Trivial / RFC822) (Enforce / Warn)
Set the way when the user logs in to the server in an anonymous manner:
NONE indicates that you don't verify your password, and any password can be logged in;
Trival means that you can log in as long as you contain @.
RFC822 indicates that the password must meet the E-mail format specified in RFC822 to log in. Such as: webmaster@linuxaid.com.cn
Enforce does not allow login if the input password does not meet the specified format;
WARN indicates that the input password does not meet the specified format display warning information, but still allows you to log in;
Indicates: log commands category (Read / Guest / Anonumous)
When setting those users log in, the operations used are recorded in file / usr / adm / xferlog. Indicates: Log Transfer Category (Read / Guest / Anonumous) (Inbound / Outbound)
Setting the specified user category The related information is recorded in / usr / ADM / XFerLog during upload or download.
for example:
Log Transfer Anonymous, Real Inbound, Outbound
When an Anonymous or REAL user is logged in, the operation uploaded and downloaded is recorded in the file / usr / adm / xferlog.
Indicate: Shutdown file name
The FTP server is turned off, you can specify in the file specified in the file name later, and you cannot log in to the FTP server, and only this file can be restored to the FTP server. The format of the file can be created by the command ftpshut.
Indicates: DELETE (YES / NO) Category (REAL / Anonymous / Guest)
Set whether to allow the specified user to use the delete command.
for example:
Delete no guest, anonymous
Set the user who is logged in to be logged in not allows the delete command to be executed on Guest or Anonymous.
Indicates: OverWrite (YES / NO) Category (Real / Anonymous / Guest)
Set whether to allow the specified user to use OverWrite instructions.
Indicates: Real / Anonymous / Guest)
Set whether to allow the specified user to use the README instruction.
Indicates: a CHMOD (YES / NO) category (Real / Anonymous / Guest)
Set whether to allow the specified user to use the CHMOD instruction.
Indicates: umask (yes / no) category (Real / Anonymous / Guest)
Set whether you allow the specified user to use the Umask instruction.
Indicates: Upload [Absolute | Relative] [Class =] ... [-]
["DIRS" | "nodirs"] []
Define the directory allowed to be uploaded. If you are allowed to upload, all the owners and components of all newly uploaded files are allowed to be accessed. For upload files override the old file will keep the original owner and access rights. The permission information uploaded by the file is defined by the maximum matching directory item, such as:
UPLOAD / VAR / FTP * NO
UPLOAD / VAR / FTP / INCOMING YES FTP DAEMON 0666
Upload / var / ftp / incoming / gifs Yes JLC Guest 0600 NODIRS
Would INLY Allow Uploads INTO / INCOMING AND / INCOM-
:
Allow / INCOMING and / INCOM-ING / GIFS directory to be allowed. The files loaded in the / incoming directory will belong to FTP / Daemon, access to 0666; and file uploaded under / incoming / gifs will belong to JLC / Guest, access is 0600. It should be noted that the main directory in the Passwd file of the "FTP" user must be matched.
"DIRS" and "NODIRS" options are used to set whether the new subdirectory is created in this directory. But the default is to allow the creation of subdirectory.
Set access to the newly created directory, default to 0777.
The upload indication can only be applied to the user's home directory (the parameter of chroot () is equivalent, and can represent the matching of any primary directory.
And may also be specified as *, in which case any uploaded file or the owner of the created directory is equal to the owner of the originator.
Option [Absolute | Relative] specifies the relative path of the absolute path or the directory specified by the chroot () parameter. The default is an absolute path. You can also specify any plurality of Class = 'to further limit. If any directory is specified, the upload indication only affects users of these groups. Indicates: alias directory alias directory path
Set an alias for the specified directory, you can use an alias when you switch your directory.
for example:
Alias XWIN / PUB / Linux / XWindows
Set alias XWIN for / pub / linux / xwindows, you can enter the directory as soon as you enter the command CD XWIN after logging in.
Indicate: CDPATH Directory
This function is similar to the system's path environment variable setting. When the CD / ETC, the FTP first checks if there is an etc subdirectory in the current directory, and it is impossible to see if there is an alias.
for example:
CDPATH / PUB / Linux
CDPATH / PUB
CDPATH /
Search order is: / pub / linux / pub /
Indicates: Path-Filter Category (REAL / Anonymous / Guest) directory
Set the upload file name limit.
for example:
Path-filter anonymous /etc/pathmsg ^ [-a-za-z0-9_/.]* / feet)
Path-filter guest /etc/pathmsg ^ [-a-za-z0-9_/.]* orical,
Settings Limit ANONYMOMOUS and GUEST users can only contain A-Z, A-Z, 0-9, and ._-, names that start with "." And "-" cannot be uploaded to the server.
Indicates: guestgroup [...]
Guestuser [...]
Realgroup [...]
Realuser [...]
For GuestGroup instructions, if a real (REAL) user belongs to any of the specified group, its FTP session is processed in an anonymous manner by the FTP server. That is, chroot () is called, and the user no longer allows the User and Pass commands. Must be a valid group.
The user's Home directory must be striving for the settings, and must indeed consistent with anonymous users. The HOME directory of the related items in / etc / passwd is split into two parts, the first part is the root directory parameters of chroot () call, second One is the main directory of the user relative to the root directory, and the two parts are "/./ separated", such as:
Guest1 :: 100: 92: Guest Accent: / ftp /./ incoming: / etc / ftponly
When Guest1 successfully logs in, the FTP server will call Chroot ("/ ftp") and then call chDIR ("/ incoming"). The guest1 can only access the / ftp under the / ftp as an anonymous user (for Guest1, it is "/").
Can be a group name or a digital ID. If you use a digital ID, you need to add a "%" in front of the number. Use * to represent all groups.
GuestUSER and GUESTGROUP indicate similar, but it is limited to a single user.
Realuser and RealGroup have the same syntax, but the opposite role is with GuestUSER and GUSTGROUP, which allows a user or a user to access the FTP server in real identity. Such as:
GuestUSER *
Realgroup admin
After all non-anonymous users log in into the server, they are processed as an anonymous user, but the user of the Admin Group is an exception, and there is a real identity after logging in.
Guide: GuestGroup function
Set the function of the guest group.
for example:
GuestGroup ftponly
Indicates: nice []
Set the scheduling priority of the FTP server daemon.
Indicate: defumask []
If the remote user belongs to the Class, the UMASK of the file created by the daemon is umask. UMASK is used as the default umask without specifying the Class.
Indicates: tcpwindow []
Set the TCP window size of the data connection, if you don't understand the meaning, don't set it it.
KEEPALIVE
Set the SO_KEEPALIVE parameter option for TCP Socket.
Timeout Accept
Timeout Connect
Timeout Data
Timeout IDle
Timeout MaxIdle
Timeout RFC931
Set a variety of timeout clocks, these parameters must be set in the case of TCP protocols, generally do not change these values, and the specific meanings see Man FTPAccess.
Indicates: file-limited [] []
Restricting any of the files of a group to allow the number of files to be uploaded, if the Class is not specified, the limit is applied to all unlimited groups. RAW indicates that this limit includes all transmission, not just a data file.
Indicates: byte-limited [] []
Limit any one of the users of a class allows the total amount of data to be transmitted.
Indicates: limit-time {* | anonymous | guest}
Limit a duration of duration, default and unlimited. Real users don't have this limit.
Guide: guestserver []
Control which site allows an anonymous connection. If you do not specify hostname, you will reject all anonymous connections.
Indicates: noretrieve [absolute | relative] [class =] ... [-] ...
Set which specific files to reject those classes. E.g:
Noretrieve / etc / passwd core
Specifies that any visitor cannot access the Passwd file under the file / etc directory and all files named "core".
Indicates: allow-retrieve [absolute | relative] [class =] ... [-] ...
Allow access to these files.
PRIVATE
When a user logs in, indicating that Site Group and And Site Gpass are used to specify an enhanced access group and the corresponding password. If the set group name and password are valid, the user will become a member of the group, with access to the group.
Guide: Greeting Full | Brief | Terse
Greeting text
Allow control of how much GREET information and information content is given to the user after the remote user logs in.
Banner
Similar to Message, but the Banner message is displayed to the user before the user enters the username and password.
Indicate: hostname
Define the default host name of the FTP server.
Indicate: email
Define the EMAI address of the FTP maintor.
Indicates: log security (anonymous | guest | real)
Make records that violate the safety rules such as: (Noretrieve ,.Notar, ...) command.
Log syslog
LOG SYSLOG XFERLOG
Redirect recording messages to the system log file syslog, and only the XFerlog is logged only.
DAEMONADDRESS
If this value is not set, the server listens to all access requests, otherwise, the server only accepts connection requests from the definition. This setting is generally not setup, and the functionality of the virtual host or other future extension will be blocked later. Indicate: Virtual
Open the support of the virtual FTP server. It is the IP address of the virtual server. The second parameter specifies the path to the root directory, Bannner file, log file, and the like.
Indicate: Virtual
Set the host name or email displayed in the GRETING message.
Indicate: Virtual Allow [...]
Virtual deny [...]
Generally, the real and guest users do not allow the login to enter the virtual host, which is used to refine the user to refine the user to refine the user's user.
Indicates: Virtual Private
Typically, refused anonymous users to log in to the virtual host.
Indicates: defaultserver deny [...]
DefaultServer allow [...]
Users that allow access to default (non-virtual) FTP servers to be defined.
Indicate: DefaultServer Private
Refuse an anonymous user access to the default FTP server.
Indicates: DENY IP Address / Domain Name Description
Settings to limit which IP address or domain name is not allowed to log in to the server.
for example:
Deny 201.101.15 * * .hacker, com /tmp/message/deny.msg
Limiting the IP address of 201.101.15 * and domain name * .hacker, COM machine does not allow login to servers
1.4.2 / etc / ftpusers and / etc / ftphosts settings
/ etc / ftpusers is used to set certain users on the system that are not allowed to use FTP transfer files, / etc / ftphosts is used to set some hosts that are not allowed to connect to this FTP server. The purpose of this is for safety considerations.
The examples used by ETC / FTPUSERS are as follows:
root
bin
Daemon
ADM
LP
Sync
Shutdown
Halt
news
UUCP
Operator
Games
NoBody
Limiting certain users logging in to the FTP server is for system security, for example avoid superuser login systems. And some of the same users from entering the FTP server are prohibited.
The example of / etc / ftphosts is as follows:
# EXample Host Access File
#
# Everything instine a '#' is what is comment,
# EMPTY LINES Are Ignored
#allow [...]
# Only Allow Host (s) Matching to log in.
# deny [...]
# Always deny host (s) matching to log in.
Allow ideal * .linuxAid.com.cn 10.0.0.0/8
Deny fred * .hacker.com 131.211.31.0/24
Here only allows IDEAL to log in to the FTP server from the domain name and 10.0.0.0.0.0.0.0, 10.0.0.0/255.0.0, which is linuxaid.com. The username here refers to anonymous users if anonymous or ftp is anonymous.
1.4.3 / etc / ftpconversions settings
This file is used to set the operation when the user downloads the file, such as compression, decompression, etc. The file content is as follows:
: .Z::: / bin / compress -d -c% s: t_reg | t_ascii: o_uncompress: uncompress
:: :: compress: .gz::: / bin / gzip-cd% s: t_reg | t_ascii: o_uncompress: gunzip
::: .Gz: / bin / gzip -9 -c% s: t_reg: o_compress: gzip
::: .Tar: / bin / tar -c -f -% s: t_reg | t_dir: o_tar: Tar
::: .Tar.z: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Compress
::: .Tar.gz: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Gzip
::: .Crc: / bin / cksum% s: t_reg :: CKSUM
::: .Md5: / bin / md5sum% s: t_reg :: md5sum
File setting instructions:
: .Z::: / bin / compress -d -c% s: t_reg | t_ascii: o_uncompress: uncompress
Indicates that all modes of ".z" ending using / bin / compress -d -c "is queued.
::. Z: / bin / compress -c% s: t_reg: o_compress: Compress
Indicates that the file is compressed into ".z" format.
: .gz::: / bin / gzip-cd% s: t_reg | t_ascii: o_uncompress: gunzip
Indicates that all files "/ bin / gzip -cd" with ".gz" are decompressed.
::: .Gz: / bin / gzip -9 -c% s: t_reg: o_compress: gzip
Indicates that the transferred file is compressed into ".gz" format.
::: .Tar: / bin / tar -c -f -% s: t_reg | t_dir: o_tar: Tar
Indicates that the file to be transmitted is packaged with "TAR".
::: .Tar.z: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Compress
Indicates that the file to be transmitted is compressed into a "tar.z" format
::: .Tar.gz: / bin / tar -c -z -f -% s: t_reg | t_dir: o_compress | o_tar: Tar Gzip
Indicates that the file to be transmitted is compressed into a "tar.gz"
::: .Crc: / bin / cksum% s: t_reg :: CKSUM
Indicates that the file to be transmitted is CRC calibration processing.
::: .Md5: / bin / md5sum% s: t_reg :: md5sum
Indicates that the file to be transmitted is MD5 check.
In fact, the default configuration file after the installation of FTP has defined the commonly used compressed program definition, so it is generally not necessary to modify the content of this file, but can modify the order according to actual needs. For example, the user wants to download a "file.tar.gz" file, but this file does not have this file on this FTP, but there is file file, then the FTP server compresses File to file. Tar.gz is passed to the user. If there is no File file on the server, the server will search in the order specified in the / etc / ftpconversions file. In this case, search file.z, file.gz, file.tar, file.tar.z , File.tar.gz, file.crc, file.md5 file, will be found to the user. Therefore, the contents of the file / etc / ftpconversions can change the order in need.
So far, the installed configuration has been installed a FTP server that provides anonymous access, which can be connected to whether the test function meets the needs. 1.4.1 related procedures for Wu-ftp
ftpcount This program can count the number of users currently connected, and give the upper limit, such as:
[root @ linux doc] # ftpcount
Service Class Friend - 0 Users (No Maximum)
Service Class Local - 0 Users (no maximum)
Service Class Outworld - 0 Users (no maximum)
There are 0 people who belong to LOCAL here, without the upper limit. Same other types of categories.
[root @ linux doc] # ftpwho
Service Class Friend:
- 0 Users (no maximum)
Service Class Local:
- 0 Users (no maximum)
Service Class Local:
- 0 Users (no maximum)
There is no user connection in the current three categories.
ftpshut
The program is primarily used to generate / etc / shutmsg, which is the shutdown command set in the front / etc / ftpaccess. The format of FTPSHUT is as follows:
FTPSHUT [-V] [-l min] Time [Warning-Message ...]
-L This option is set to stop the user's connection request before turning off the FTP server.
-d This option is set to shut down the FTP server how to disconnect the user who has been connected.
Time settings Turn off the FTP server, for example, it is 2200 to close the FTP server at 10:00.
WARNING-Message is displayed to the user's alarm information
E.g:
[root @ Linux / etc] # ftpshut -l15 -d5 1800 "FTP Server Will Shutdown"
[root @ link / etc] # Less shutmsg
2000 04 07 18 00 0015 0005
FTP Server Will Shutdown
1.5 Open only FTP account
Many times you need to open some users who allow FTP to the server, implement the method:
1. Open an account on the system according to the usual way.
[root @ ns / etc] # useradd ftp_user1
[root @ ns / etc] #CHMOD 700 / etc / shadows
[root @ ns / etc] #vi / etc / shadows
Delete item:
FTP_USER1: !!: 11113: 0: 99999: 7: -1: -1: 134537372
"!!" !! "!!", then log in with ftp_usre1 users, will not ask the password, then use the passwd to set the password for the user
2, use the VI to modify the / etc / shells file, add / dev / null items or / bin / passwd, as shown below:
[root @ ns / etc] # cat shells
/ BIN / BASH
/ bin / sh
/ BIN / ASH
/ bin / bsh
/ bin / tcsh
/ bin / csh
change into:
[root @ ns / etc] # cat shells
/ BIN / BASH
/ bin / sh
/ BIN / ASH
/ bin / bsh
/ bin / tcsh
/ bin / csh
/ dev / null
/ bin / passwd
2, use VI to open file / etc / passwd
3, change the login shell of users who allow only FTPs to be changed to / dev / null (if the user is not allowed to modify their password) or / bin / passwd (if the user is allowed to modify its password), as shown below: ftp_user1: x: 503: 504 :: / Home / FTP_USER1: / BIN / BASH
Change to:
FTP_USER1: X: 503: 504 :: / Home / ftp_user1: / dev / null
or
FTP_USER1: X: 503: 504 :: / HOME / FTP_USER1: / BIN / Passwd
In this way, the user can only use services such as POP3, FTP, and cannot log in to the system via Telnet.
1.6 Set the virtual FTP host
The so-called virtual anonymous host refers to a plurality of IP addresses on a machine, and can provide an anonymous FTP server, which is logically independent, different access control tables, different downloads. Below is the step of setting up a virtual FTP server:
1. First set an alias IP address on a network card, that is, bind multiple IP addresses on a single network card: such as your internal FTP host is 191.168.0.4
You can bind an IP address as follows:
/ sbin / ifconfig eth0: 0 191.168.0.5 Up // Add a new IP to the interface
/ sbin / route add -host 191.168.11.7 Eth0: 0 // Add route information
1. Create a directory / home / virtualftp and / var / log / virtualftp. Generate banner file / home / virtualftp / banner_message Modify the main configuration file / etc / ftpAccess for the FTP server, add support information for the virtual FTP, plus the line to this file:
Virtual 191.168.0.5 root / home / virtualftp
Virtual 191.168.0.5 banner / home / virtualftp / banner_message
Virtual 191.168.0.5 logfile / var / log / virtualftp / xferlog
The above three indicates the root directory of the virtual host, the login display information of the virtual host, and the login display information of the virtual host. The above path and file name can be defined casually.
3. The anonymous FTP file required for copying is mainly / lib, / etc, / bin directory
# Cp / home / ftp / * / home / virtualftp -a
4. Define 191.168.0.5 in DNS and set the domain name mapping of the virtual FTP.
