一、下载安装:
1、网站中能够下载到profptd源码:
http://www.proftpd.org/
这个是软件源码ftp地址:
ftp://ftp.proftpd.org/distrib/source/
2、进入目录/root/download解压:
tar -zxvf proftpd-1.3.8.tar.gz #将源码压缩包解压到当前目录中
cd proftpd-1.3.8/ #进入到解压目录中
执行:
./configure --enable-nls --prefix=/usr/local/proftpd
#如果提示没有安装gcc,那么执行:
yum -y install gcc
或者下载gcc 下载网址:https://mirrors.tuna.tsinghua.edu.cn/gnu/gcc/
gcc-10.3.0.tar.gz
#安装完后:
make
make install
二、配置:
1、创建本地用户proftpd禁止ssh登录。创建之后所有虚拟用户使用这个系统用户访问文件:
[root@localvm ~]# useradd proftpd -d /home/proftpd -s /bin/false -u 1001
2、将ftp根目录权限设置成系统用户proftpd上:
chown -R proftpd:proftpd /data/ftpdata
3、创建虚拟用户admin虚拟到proftpd上:
/usr/local/proftpd/bin/ftpasswd --passwd --uid=1001 --gid=1001 --home=/data/ftpdata --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftpd.passwd --name=admin
/usr/local/proftpd/bin/ftpasswd --passwd --uid=1001 --gid=1001 --home=/data/ftpdata --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftpd.passwd --name=shangchuan
/usr/local/proftpd/bin/ftpasswd --passwd --uid=1001 --gid=1001 --home=/data/ftpdata --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftpd.passwd --name=xiazai
#上面命令的说明:
#name是登陆ftp的用户名 file是密码文件位置 home是ftp用户的根目录
/*执行后显示:
ftpasswd: using alternate file: /usr/local/proftpd/etc/ftpd.passwd
ftpasswd: creating passwd entry for user admin
ftpasswd: /sbin/nologin is not among the valid system shells. Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.
输入密码:
*/
/usr/local/proftpd/bin/ftpasswd --group --file=/usr/local/proftpd/etc/ftp.group --gid=1001 --name=proftpd --member=admin
#创建用户组,生成配置文件 member将创建的用户添加到用户组中
2、ftp用户配置要求:admin 权限不限 shangchuan 只能上传文件夹上传 xiazai 只能下载文件下载:
#配置文件《开始》:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default by wo"
ServerIdent off
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 1000
# Set the user and group under which the server will run.
User proftpd
Group proftpd
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot /data/ftpdata
# Normally, we want files to be overwriteable.
AllowOverwrite on
TimeoutLogin 60
TimeoutNoTransfer 1200
TimeoutStalled 2400
AllowStoreRestart on
#允许断点续上传
AllowRetrieveRestart on
#允许断点续下载
PassivePorts 60000 60100
#指定数据端口的范围
UseReverseDNS off
#关闭DNS反向查询,节省连接时间
TransferLog /var/spool/syslog/proftpd/xferlog.legacy
#数据传输记录
# Bar use of SITE CHMOD by default
AuthOrder mod_auth_file.c mod_auth_unix.c
AuthUserFile /usr/local/proftpd/etc/ftpd.passwd
AuthGroupFile /usr/local/proftpd/etc/ftp.group
MaxClients 100
#IdentLookups off
UseReverseDNS off
DeleteAbortedStores on
DirFakeGroup on
DirFakeUser on
DirFakeMode 0600
RequireValidShell off
LangOptions PreferServerEncoding #在编译时加入 --enable-nls才能用
UseEncoding utf8 gbk #在编译时加入 --enable-nls才能用
<Limit Login>
Order deny,allow
AllowGroup proftpd
</Limit>
#显示~/welcome.msg中的欢迎信息,可以编辑welcome.msg自己制定欢迎信息
# %T 当前的时间
# %F 所在硬盘剩下的空间
# %C 当前所在的目录
# %R:客户的主机名
# %U:客户登陆的帐号
# %M:允许最大连接数
# %N:当前的连接人数
# %E:FTP服务器管理员的email
# %i:本次上传的文件数量
# %o:本次下载的文件数量
AllowOverwrite YES
#允许文件可以重新写
#IdentLookups off
#查找客户的远程用户名,关掉节省连接时间
#ExtendedLog /var/spool/syslog/proftpd/access.log WRITE,READ write
#以write的日志格式记录READ,WRITE的日志
#ExtendedLog /var/spool/syslog/proftpd/auth.log AUTH auth
#以auth的日志格式记录AUTH的日志
<Directory /data/ftpdata>
<Limit ALL>
AllowUser admin shangchuan xiazai
</Limit>
<Limit CWD RETR DIRS RMD>
AllowUser shangchuan xiazai
</Limit>
<Limit WRITE STOR RMD READ>
Order allow, deny
DenyUser shangchuan xiazai
</Limit>
</Directory>
<Directory "/data/ftpdata/上传">
<Limit ALL>
DenyAll
</Limit>
<Limit WRITE READ CWD STOR MKD DIRS RMD>
AllowUser admin
</Limit>
<Limit CWD STOR MKD DIRS>
AllowUser shangchuan
</Limit>
</Directory>
<Directory "/data/ftpdata/下载">
<Limit ALL>
DenyAll
</Limit>
<Limit WRITE READ CWD STOR MKD DIRS RMD>
AllowUser admin
</Limit>
<Limit READ CWD RETR DIRS>
AllowUser xiazai
</Limit>
</Directory>
<Limit SITE_CHMOD>
DenyAll
</Limit>
配置文件《结束》
========
Limit配置说明:
CMD:Change Working Directory 改变目录
MKD:MaKe Directory 建立目录的权限
RNFR: ReName FRom 更改目录名的权限
DELE:DELEte 删除文件的权限
RMD:ReMove Directory 删除目录的权限
RETR:RETRieve 从服务端下载到客户端的权限
STOR:STORe 从客户端上传到服务端的权限
READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等
WRITE:写文件或者目录的权限,包括MKD和RMD
DIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的
ALL:所有权限
LOGIN:是否允许登陆的权限
========
三、防火墙开启配置:
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --add-port=21/tcp
firewall-cmd --permanent --add-port=60000-60100/tcp
#firewall-cmd --permanent --remove-port=8021/tcp
firewall-cmd --reload
四、启动服务:
1、启动
cd /usr/local/proftpd/sbin #进入到服务运行文件目录
./proftpd #启动服务
2、停止
ps -ef | grep proftpd #检查服务进程是否启动
pkill proftp
=============
参考文章
https://blog.csdn.net/xiazhipeng1000/article/details/85224076
)
. #学习方法#学习方法)
)
)