Ubuntu搭建proftpd服务器

引言

工作需要前端工程师在测试环境测试,但是前端工程师大多不用LINUX,调试起来我这种兼职运维的就是一个苦逼了,因此搭建一个FTP服务器方便前端工程师部署调试自己的代码

搭建proftpd服务器

安装proftpd

sudo apt-get install proftpd


配置proftpd

vim /etc/proftpd/proftpd.conf

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"HAO_GEEK_TEAM"
ServerIdent 			off
ServerType			standalone
DefaultAddress			IP1 IP2 IP3
SocketBindTight			on

# Port 21 is the standard FTP port.
Port				21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances			30

# Set the user and group under which the server will run.
User				geek
Group				geek

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
AllowOverwrite		yes

# Normally, we want files to be overwriteable.
<Directory ~/incoming>
<Limit WRITE>
AllowUser lczhftp
DenyAll
</Limit>
</Directory>

<Directory ~>
<Limit READ DIRS>
AllowUser lczhftp
AllowUser filemanager
AllowUser kfx
AllowUser lsy
AllowUser yangli
DenyAll
</Limit>
<Limit WRITE>
DenyAll
</limit>
</Directory>


# 设置客户端认证方式,通过文件认证
AuthOrder                               mod_auth_file.c mod_auth_unix.c
# 指定文件认证的passwd文件
AuthUserFile   /etc/proftpd/ftp.passwd
# 指定文件认证的group文件
AuthGroupFile  /etc/proftpd/ftp.group
# 认证帐号不需要有有效的shell
RequireValidShell    off
# 设置每秒接受的连接请求个数,防止DoS攻击
MaxConnectionRate       5
# 最大的连接上的client的数量
MaxClients   20 "Sorry,the maximum number of allowed users (%m) are already connected. "
# 允许端点续传
AllowStoreRestart   on
#关闭dns反向解析
UseReverseDNS off
IdentLookups off


ftpasswd创建访问用户

sudo ftpasswd --passwd --file=/etc/proftpd/ftp.passwd --name=wangzhengyi --uid=33 --shell=/bin/false --home=/home/nohome
每个参数的定义可以man一下,如果你完全抄袭我的,那我只能说你运维做的太傻逼了,动动脑子想想自己的需求还是很必要的!

重启proftpd服务器

sudo  /etc/init.d/proftpd  restart

proftpd权限控制

目的

实现不同的用户不同的根目录

需求

目录结构如下:
--root(根目录):
       --test1(子目录1)
       --test2(子目录2)
       --test3(子目录3)

有三个用户user1,user2,user3,user1默认到/root目录下,user1默认到/root/test1目录下,user2默认到/root/test2目录下

实现方法

(1)设置user1的home目录为/root,user1的home目录为/home/test1,user2的home目录为/home/test2,设置方法:

sudo ftpasswd --passwd --file=/etc/proftpd/ftp.passwd --name=wangzhengyi --uid=33 --shell=/bin/false --home=/root{ /test1 /test2}



(2)增加权限控制
DefaultRoot /root
<Directory /root/test1>
<Limit WRITE>
AllowUser user1
DenyAll
</Limit>
</Directory>

<Directory /root/test2>
<Limit WRITE>
AllowUser user2
DenyAll
</Limit>
</Directory>

原理

用户登录FTP服务器后,proftpd会默认首先寻找该系统用户的/home目录,并将该目录与proftpd.conf文件中的相关配置进行匹配,若无匹配,则转至proftpd.conf文件中的DefaultRoot命令登录服务器默认的根目录

参考链接

点击打开链接


你可能感兴趣的:(Ubuntu搭建proftpd服务器)