linux proftpd 1.3.4 c installation configuration instance
- 2020-05-12 06:32:05
- OfStack
1. Download and install the software
[root@chenghy ~]# cd /root
[root@chenghy ~]# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4c.tar.gz
[root@chenghy ~]# tar zxvf proftpd-1.3.4c.tar.gz
[root@chenghy ~]# cd proftpd-1.3.4c
[root@chenghy ~]# ./configure --prefix=/usr/local/proftpd
[root@chenghy ~]# make
[root@chenghy ~]# make install
2. Modify the configuration file
[root@chenghy ~]# vim /usr/local/proftpd/etc/proftpd.conf
ServerName "chenghy's FTP Server"
ServerType standalone # Run as a separate process
DefaultServer on
Port 21 # FTP port
Umask 002 # Permissions are recommended to be set to 002
UseReverseDNS off # ban DNS The check
IdentLookups off # ban DNS The check
ServerIdent off # Hide software version information
AllowRetrieveRestart on # Download breakpoint continuation
AllowStoreRestart on # Upload and upload
## Virtual user authentication information
AuthOrder mod_auth_file.c # Only virtual users are allowed to log in
AuthUserFile /usr/local/proftpd/etc/ftp.users
AuthGroupFile /usr/local/proftpd/etc/ftp.group
DefaultRoot ~ # Restrict the user to the root directory
PassivePorts 20000 30000 # Passive mode port segment
SystemLog /var/log/proftpd/proftpd.log # Software log
TransferLog /var/log/proftpd/proftpd.xfer.log
LogFormat default "%h %u %t %D \"%r\" %s %b" # Log format
ExtendedLog /var/log/proftpd/access.log WRITE,READ default # Access log
MaxInstances 250 # Maximum connection allowed
MaxClients 20 # Maximum number of users
MaxLoginAttempts 3 # Maximum number of attempts to connect
TimeoutLogin 30 # Authentication timeout
TimeoutIdle 120 # Stunned the timeout
TimeoutNoTransfer 300 # No data transmission timeout
User nobody # define ftp Which user to run as
Group nobody # define ftp Which user group to run as
<Directory ~/>
AllowOverwrite on # Allow write overwrite
<Limit LOGIN CWD RETR READ DIRS> # Set virtual user read permissions
AllowALL
</Limit>
<Limit ALL> # Set up the omd All user privileges
Order allow,deny
AllowUser omd
DenyALL
</Limit>
</Directory>
3. Add virtual users and groups
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=bsmp --home=/home/omd/file/ --uid=2001 --gid=2000 --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftp.users
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=omd --home=/home/omd/ --uid=2002 --gid=2000 --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftp.users
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --group --name=myftp --gid=2000 --member=bsmp --member=omd --file=/usr/local/proftpd/etc/ftp.group
4. Set permissions on the user directory
[root@chenghy ~]# chown -R 2002:2000 /home/omd/
#### The next two lines are used to delete users and groups ###########
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=bsmp --delete-user --file=/usr/local/proftpd/etc/ftp.users[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --group --name=myftp --delete-group --file=/usr/local/proftpd/etc/ftp.group
5. Add proftpd to system services
According to the online information to modify/etc/rc d/init d/proftpd files found configuration is not successful, then modify the finished configuration 1 under this file
[root@chenghy ~]# vim /etc/rc.d/init.d/proftpd
#!/bin/sh
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
start() {
echo -n $"Starting proftpd : "
daemon /usr/local/proftpd/sbin/proftpd -c /usr/local/proftpd/etc/proftpd.conf 2>/dev/null
# daemon Command is /etc/rc.d/init.d/functions The built-in
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}
stop() {
echo -n $"Shutting down proftpd : "
killproc proftpd
# killproc Command is /etc/rc.d/init.d/functions The built-in
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage: proftpd { start | stop | restart }"
esac
[root@chenghy ~]# chmod 755 /etc/rc.d/init.d/proftpd
[root@chenghy ~]# chkconfig add proftpd
[root@chenghy ~]# chkconfig --level 35 proftpd on
[root@chenghy ~]# service proftpd start
6. Firewall setup
Only active mode access is allowed to add the following,,, only passive mode access to add the following,,, both allow to add the following,,.
[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -j ACCEPT
[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20000:30000 -j ACCEPT