CONTENT
- CHANGES
Szukaj
#top Instalacja¶
- Instalacja
- Poinstalacyjna konfiguracja
- Keep oryginal start script
- Respect config file in start script
- Create config directory
- Create /etc/sysconfig/proftpd file
- Create ftp-home directory
- Update system account ftp
- Create/Update config
- Update daemon User/Group
- Update run path daemon
- Update Logging options
- Update Anonymous section
- start proftpd server
- chroot proftpd server (version2-symbolic-links)
Instalację serwera ProFTPd można wykonać na różne sposoby: od kompilacji ze źdródeł poprzez instalację pojedynczych paczek rpm za pomocą polecenia rpm skończywszy na instalacja z użyciem menedżera pakietów, który zainstaluje wszystkie niezbędne paczki wraz zależnościami.
Celem niniejszego dokumentu nie jest rozważanie różnych metod instalacji tylko nieco usprawnienie użyteczności konfiguracji serwera ProFTPd po zainstalowaniu.
Wszystko to zostało opisane poniżej.
#top Poinstalacyjna konfiguracja¶
#top Keep oryginal start script¶
mv /etc/init.d/proftpd /etc/init.d/proftpd-rpm cp -av /etc/init.d/proftpd-rpm /etc/init.d/proftpd
#top Respect config file in start script¶
sed 's,/etc/sysconfig/network,/etc/sysconfig/network\n\n# Source proftpd configuration.\n[ -f /etc/sysconfig/proftpd ] \&\& . /etc/sysconfig/proftpd,g' -i /etc/init.d/proftpd sed 's,daemon proftpd,daemon proftpd $OPTIONS,g' -i /etc/init.d/proftpd sed 's,\(touch /var/lock/subsys/proftpd\),\1\n\t[ $RETVAL -eq 1 ] \&\& proftpd -t $OPTIONS,g' -i /etc/init.d/proftpd
#top Create config directory¶
mkdir /etc/proftpd mv /etc/proftpd.conf /etc/proftpd/proftpd.conf
#top Create /etc/sysconfig/proftpd file¶
cat > /etc/sysconfig/proftpd << EOF # Currently, you can use the following options: # ROOTDIR="/some/where" -- will run named in a chroot environment. # you must set up the chroot environment before # doing this. # OPTIONS="whatever" -- These additional options will be passed to named # at startup. Don't add -t here, use ROOTDIR instead. OPTIONS="-c /etc/proftpd/proftpd.conf" EOF
#top Create ftp-home directory¶
mkdir /srv/ftpd chown ftp:ftp /srv/ftpd touch /srv/ftpd/ftpd-file
#top Update system account ftp¶
cat /etc/passwd | grep ^ftp
ftp:x:14:50:FTP User:/var/ftp:/bin/sh
Shell for user must be /sbin/nologin, home directory for user would be /srv/ftpd
ftp:x:14:50:FTP User:/srv/ftpd:/sbin/nologin
usermod -s /sbin/nologin ftp usermod -d /srv/ftpd ftp
#top Create/Update config¶
#top Update daemon User/Group¶
- Set the user and group that the server normally runs at.
User ftpGroup ftpsed 's,^\(User.*\)$,User ftp,g' -i /etc/proftpd/proftpd.conf sed 's,^\(Group.*\)$,Group ftp,g' -i /etc/proftpd/proftpd.conf
#top Update run path daemon¶
- This is where we want to put the pid file
PidFile /var/run/proftpd/proftpd.pidScoreboardFile /var/run/proftpd/proftpd.scoreboardsed 's,^\(ScoreboardFile.*\)$,PidFile /var/run/proftpd/proftpd.pid\n\1,g' -i /etc/proftpd/proftpd.conf sed 's,/var/run/proftpd.score,/var/run/proftpd/proftpd.scoreboard,g' -i /etc/proftpd/proftpd.conf
#top Update Logging options¶
move below section from <Anonymous...> to above <Anonymous...> (make it as global config)
# # Don't write anonymous accesses to the system wtmp file (good idea!) WtmpLog off # Logging for the anonymous transfers #ExtendedLog /var/log/proftpd/access.log WRITE,READ default ExtendedLog /var/log/proftpd/auth.log AUTH auth ExtendedLog /var/log/proftpd/proftpd.log ALL default ExtendedLog /var/log/proftpd/proftpd.xfer.log WRITE,READ default
#top Update Anonymous section¶
# A basic anonymous configuration, with an upload directory. <Anonymous ~ftp> User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply." # # # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # # # Limit the maximum number of anonymous logins MaxClients 10 "Sorry, max %m users -- try again later" # # # Put the user into /pub right after login DefaultChdir /pub # # # We want 'welcome.msg' displayed at login, '.message' displayed in # # each newly chdired directory and tell users to read README* files. DisplayLogin /welcome.msg # do not uncomment DisplayFirstChdir # - Fatal: unknown configuration directive 'DisplayFirstChdir' on line 132 of '/etc/proftpd/proftpd.conf' #DisplayFirstChdir .message DisplayReadme README* # # # Some more cosmetic and not vital stuff DirFakeUser on ftp DirFakeGroup on ftp # # # Limit WRITE everywhere in the anonymous chroot <Limit WRITE SITE_CHMOD> DenyAll </Limit> # # # An upload directory that allows storing files but not retrieving # # or creating directories. # <Directory uploads/*> # AllowOverwrite no # <Limit READ> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> # </Directory> # # # Don't write anonymous accesses to the system wtmp file (good idea!) # WtmpLog off # # # Logging for the anonymous transfers # ExtendedLog /var/log/proftpd/access.log WRITE,READ default # ExtendedLog /var/log/proftpd/auth.log AUTH auth # </Anonymous>
#top start proftpd server¶
/etc/init.d/proftpd start tail -f /var/log/proftpd/auth.log tail -f /var/log/proftpd/proftpd.log
#top chroot proftpd server (version2-symbolic-links)¶
Zmodyfikowany ostatnio: 2013/12/11 18:08:30 (11 lat temu),
textsize: 5,48 kB,
htmlsize: 13,7 kB
Zapraszam do komentowania, zgłaszania sugestii, propozycji, własnych przykładów, ...
Dodaj komentarzKomentarze użytkowników