当前位置: 技术问答>linux和unix
一个关于proftp的问题,希望高手指点。
来源: 互联网 发布时间:2014-12-09
本文导语: 我需要不定期的使用ftp来维护我的linux服务器的文件,需要的时候启动ftp,平时ftp进程是不启动的。我看了一些相关的文章,选择了proftp。现在我想给特的用户某些目录的ftp写权限,好像可以通过.ftpaccess来设定,可我...
我需要不定期的使用ftp来维护我的linux服务器的文件,需要的时候启动ftp,平时ftp进程是不启动的。我看了一些相关的文章,选择了proftp。现在我想给特的用户某些目录的ftp写权限,好像可以通过.ftpaccess来设定,可我找不到相关的文章,希望高手能给于帮助,谢谢。
|
你这个问题不关ftpaccess的事,你可以建立专门的用户来ftp,把他的目录属性设成只有他自己能操作,别人无权,在ftpaccess里把class属性设为real即可,默认就是允许real的.
这里是一个wu-ftp的,但pro-ftp的应该同理配置的.
关于ftpaccess配置文件的解释:
//Designed by ZhouLifa on April 29, 2002
//If any bug found, please inform me as soon as possible!
//Contact info:
//post addr: 广州市天河区华南理工大学计算机研究所 周立发 510640
//Computer Application Research Institution, South China University of Technology
//e-mail: zhoulifa@yahoo.com
//Tel: 020-87113239-9322
//LastModifiedDate:2002.8.5
一点说明:
1.如果你要用ftpaccess文件,你首先得指定ftpd这个守护进程用ftpaccess里得配置文件,因为默认为不用ftpaccess文件.具体参考man ftpd
If the -a option is specified, the use of the ftpaccess(5)
configuration file is enabled.
If the -A option is specified, use of the ftpaccess(5)
configuration file is disabled. This is the default.
2.一种简单的指定用户目录的方法就是在ftpd守护进程启动时用-r rootdir参数指定目录到rootdir,这通常用来限定匿名登录的用户的目录.man ftpd解释如下:
The -r option instructs the daemon to chroot(2) to the
specified rootdir immedeately upon loading. This can
improve system security by limiting the files which may be
damaged should a breakin occur through the daemon. Set is
much like anonymous FTP, with additional files needed
which vary from system to system.
3.如果是命名用户登录,那么用户名必须在/etc/passwd里存在.否则无法进行验证.
4.进行用户验证的机制在/etc/login.conf里指定,如果没有此文件就用默认方式验证.
ftpaccess的解释,下面是一个wu-ftpd的ftpaccess的例子:
# This file controls the behavior of the wu-ftpd
# ftp server.
#
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.
# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp
# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it.
#
# You will need to setup the required applications
# and libraries in the root directory (set using
# guest-root).
#
# Look at the anonftp package for the files you'll need.
guestgroup ftpchroot
# User classes...
class all real,guest,anonymous *
# Set this to your email address
email root@localhost
# Allow 5 mistyped passwords
loginfails 5
# Notify the users of README files at login and when
# changing to a different directory
readme README* login
readme README* cwd=*
# Messages displayed to the user
message /welcome.msg login
message .message cwd=*
# Allow on-the-fly compression and tarring
compress yes all
tar yes all
# Prevent anonymous users (and partially guest users)
# from executing dangerous commands
chmod no guest,anonymous
delete no anonymous
#overwrite no anonymous
rename no anonymous
# Turn on logging to /var/log/xferlog
log transfers anonymous,guest,real inbound,outbound
# If /etc/shutmsg exists, don't allow logins
# see ftpshut man page
shutdown /etc/shutmsg
# Ask users to use their email address as anonymous
# password
passwd-check rfc822 warn
ftpaccess详细解释如下:
1.deny-uid和deny-gid可以用来限制某些用户或某些组的用户登录到此ftp服务器,此例中就限制了系统用户的登录.
同理allow-uid和allow-gid指定允许登录的用户,此语句的作用就是再指明deny-uid和deny-gid里限制的某个用户又可以登录,比如此例中ftp也是系统用户,如果没这句将不允许用ftp登录
2.guestgroup,guestuser,realgroup,realuser等分别指定登录上来只有guest权限的用户组及用户,登录上来可以执行real用户的权限的组及用户.
比如:guestuser zhou
那么用户zhou登录上来后只能看到匿名用户所有的那几个目录/,/bin,/etc,/imcoming,/pub等.即使zhou是个系统用户也罢
3.class属性,此参数指明允许登录的用户类别,比如
class real将只允许认证用户登录到本服务器,匿名及guest登录方式被禁止.
4.email和loginfails分别设定管理员的email及登录重试次数
5.readme和message分别指定readme文件和banner消息文件.
6.compress和tar指定那些用户可以用这两种方式get/put文件
7.chmod,delete,rename等用来指定这些命令的许可情况.比如:
delete yes anonymous使得匿名用户可以删除文件.
rename no real使得认证的用户也没发更名文件.
8.另外还有guest-root,anonymous-root等指定guest和anonymous的访问目录.
9. timeout accept
timeout connect
timeout data
timeout idle
timeout maxidle
等指定超时时间.
其他参数还有很多,参考man ftpaccess.
这里是一个wu-ftp的,但pro-ftp的应该同理配置的.
关于ftpaccess配置文件的解释:
//Designed by ZhouLifa on April 29, 2002
//If any bug found, please inform me as soon as possible!
//Contact info:
//post addr: 广州市天河区华南理工大学计算机研究所 周立发 510640
//Computer Application Research Institution, South China University of Technology
//e-mail: zhoulifa@yahoo.com
//Tel: 020-87113239-9322
//LastModifiedDate:2002.8.5
一点说明:
1.如果你要用ftpaccess文件,你首先得指定ftpd这个守护进程用ftpaccess里得配置文件,因为默认为不用ftpaccess文件.具体参考man ftpd
If the -a option is specified, the use of the ftpaccess(5)
configuration file is enabled.
If the -A option is specified, use of the ftpaccess(5)
configuration file is disabled. This is the default.
2.一种简单的指定用户目录的方法就是在ftpd守护进程启动时用-r rootdir参数指定目录到rootdir,这通常用来限定匿名登录的用户的目录.man ftpd解释如下:
The -r option instructs the daemon to chroot(2) to the
specified rootdir immedeately upon loading. This can
improve system security by limiting the files which may be
damaged should a breakin occur through the daemon. Set is
much like anonymous FTP, with additional files needed
which vary from system to system.
3.如果是命名用户登录,那么用户名必须在/etc/passwd里存在.否则无法进行验证.
4.进行用户验证的机制在/etc/login.conf里指定,如果没有此文件就用默认方式验证.
ftpaccess的解释,下面是一个wu-ftpd的ftpaccess的例子:
# This file controls the behavior of the wu-ftpd
# ftp server.
#
# If you're looking for a graphical frontend to
# editing it, try kwuftpd from the kdeadmin
# package.
# Don't allow system accounts to log in over ftp
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp
# The ftpchroot group doesn't exist by default, this
# entry is just supplied as an example.
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it.
#
# You will need to setup the required applications
# and libraries in the root directory (set using
# guest-root).
#
# Look at the anonftp package for the files you'll need.
guestgroup ftpchroot
# User classes...
class all real,guest,anonymous *
# Set this to your email address
email root@localhost
# Allow 5 mistyped passwords
loginfails 5
# Notify the users of README files at login and when
# changing to a different directory
readme README* login
readme README* cwd=*
# Messages displayed to the user
message /welcome.msg login
message .message cwd=*
# Allow on-the-fly compression and tarring
compress yes all
tar yes all
# Prevent anonymous users (and partially guest users)
# from executing dangerous commands
chmod no guest,anonymous
delete no anonymous
#overwrite no anonymous
rename no anonymous
# Turn on logging to /var/log/xferlog
log transfers anonymous,guest,real inbound,outbound
# If /etc/shutmsg exists, don't allow logins
# see ftpshut man page
shutdown /etc/shutmsg
# Ask users to use their email address as anonymous
# password
passwd-check rfc822 warn
ftpaccess详细解释如下:
1.deny-uid和deny-gid可以用来限制某些用户或某些组的用户登录到此ftp服务器,此例中就限制了系统用户的登录.
同理allow-uid和allow-gid指定允许登录的用户,此语句的作用就是再指明deny-uid和deny-gid里限制的某个用户又可以登录,比如此例中ftp也是系统用户,如果没这句将不允许用ftp登录
2.guestgroup,guestuser,realgroup,realuser等分别指定登录上来只有guest权限的用户组及用户,登录上来可以执行real用户的权限的组及用户.
比如:guestuser zhou
那么用户zhou登录上来后只能看到匿名用户所有的那几个目录/,/bin,/etc,/imcoming,/pub等.即使zhou是个系统用户也罢
3.class属性,此参数指明允许登录的用户类别,比如
class real将只允许认证用户登录到本服务器,匿名及guest登录方式被禁止.
4.email和loginfails分别设定管理员的email及登录重试次数
5.readme和message分别指定readme文件和banner消息文件.
6.compress和tar指定那些用户可以用这两种方式get/put文件
7.chmod,delete,rename等用来指定这些命令的许可情况.比如:
delete yes anonymous使得匿名用户可以删除文件.
rename no real使得认证的用户也没发更名文件.
8.另外还有guest-root,anonymous-root等指定guest和anonymous的访问目录.
9. timeout accept
timeout connect
timeout data
timeout idle
timeout maxidle
等指定超时时间.
其他参数还有很多,参考man ftpaccess.
本站(WWW.)旨在分享和传播互联网科技相关的资讯和技术,将尽最大努力为读者提供更好的信息聚合和浏览方式。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。
本站(WWW.)站内文章除注明原创外,均为转载、整理或搜集自网络。欢迎任何形式的转载,转载请注明出处。