C:WINDOWS>ftp 192.168.2.33
Connected to 192.168.2.33.
220 ProFTPD 1.2.0rc3 Server (ProFTPD Default Installation)[ftpd.test.com.cn]
User (192.168.2.33:(none)): ideal
Password:
230 User ideal logged in.
ftp>
则现在你就拥有了一个安全可靠的FTP服务器。
三、 FAQ
1) 我安装proftpd以后,出现了问题,我如何调试?
通过通过命令! /usr/local/sbin/proftpd -d9 -n启动proftpd来进行调试,则proftp d就会将
调试信息打印到consle上以供调试之用。
2) 为什么我的proftpf启动以后,匿名用户不能登录?
查看proftp配置文件/usr/local/etc/proftpd.conf,修改<Anonymous ~ftp>为 <Anonymous /home/ftp>(这里/home/ftp可以是任何希望匿名用户登录以后的当前根目录, 但是确保要使该目录答应ftp用户访问),并且若<Anonymous /home/ftp>部分的User指令 指定的用户为ftp用户,则需要在配置文件中添加如下命令指示:RequireValidShell off
3) 我如何实现一个正常用户登录以后将其的访问限定在某个目录之下?
可以通过指令DefaultRoot来实现。例如若希望将ftpusers组的用户限定在自己的home目录下,则需要首先创建该组:
/usr/sbin/groupadd ftpusers
然后将用户ideal加入到该组中:
usrmod -G ftpusers ideal
最后在在proftpd.conf文件中添加如下内容:
DefaultRoot ~ ftpusers
也可以限制用户登录以后仅仅访问自己主目录下的一个子目录:
Default! Root ~/anoftp ftpusers
当然也可以将用户限制在其他目录之下,而不是自己的home目录下:
DefaultRoot /tmp ftpusers
也可以限定一个用户组的某些用户被限制,而其他不作限制:
DefaultRoot ~ ftpusers,!empolyee
这个指令指示仅仅限制ftpusers组中的不是empolyee组的用户进行限制。
4) 我如何使用户登陆时不显示FTP服务器版本信息,以增强安全性?
在proftpd.conf中添加如下内容:
ServerIdent off
则再次登录时,显示如下内容:
C:WINDOWS>ftp 192.168.2.33
Connected to 192.168.2.33.
220 ftpd.test.com.cn FTP server ready.
User (192.168.2.33:(none)):
5) 在proftpd环境下如何设定虚拟主机?
可以通过指令:VirtualHost来实现,一个最简单的例子:
<VirtualHost 192.168.2.35>
ServerName "virtual FTP server"
</VirtualHost>
若你仅仅希望通过匿名访问某个虚拟主机,则使用如下! 的指令:
<VirtualHost 192.168.2.35>
Serv erName "virtual FTP server"
<Limit LOGIN>
DenyAll
</Limit>
<Anonymous /usr/local/private>
User private
Group private
<Limit LOGIN>
AllowAll
</Limit>
</Anonymous>
</VirtualHost>
这样192.168.2.35的这台主机则仅仅答应匿名登录。
笔者的proftpd.conf配置文件内容为:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName &! quot;test.com.cn FTP Server"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to&! nbsp;limit maximum number of processes per&nb sp;service
# (such as xinetd)
MaxInstances 30
RequireValidShell off
ServerIdent off
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories.
<Anonymous /home/ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We ! ;want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
DefaultRoot ~ ftpusers
<VirtualHost 192.168.2.35>
ServerName "virtual FTP server"
<Limit LOGIN>
DenyAll
</Limit>
<Anonymous /usr/local/private>
User private
Group private
<Limit LOGIN>
AllowAll
</Limit>
</Anonymous>
</VirtualHost>