Proftpd配置最佳实践

安装前的一些准备工作

1、用户组

设置4个用户组 

分别为 500(Ftp管理员，拥有Ftp所有权限) 

501(只允许上传，不允许下载) 

502(只允许下载，不允许上传) 

503(既允许上传，也允许下载)

注：以上4组用户除了500 均不允许删除以及修改文件名

2、proftpd安装过程

(1)、下载proftpd 程序压缩包，解压到当前目录(tar –zxvf *.tar)

(2)、进入程序目录，输入 

 ./configure –profix=/usr/local/proftpd –sysconfdir=/etc/

编译proftpd程序，为其设置安装目录为/usr/local/下，并且将配置文件放置到/etc/ 下

(3) 执行

make & make install

安装  完成

3、proftpd配置文件/etc/proftpd.conf

内容为以下（红色部分为功能标注）

# This is a basic ProFTPD configuration file (rename it to

# 'proftpd.conf' for actual use.  It establishes a single server

# and a single anonymous login.  It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.

ServerName                      "transfer"

#代表服务器名称

ServerType                      standalone

#服务器类型 ： 独立的一台

DefaultServer                   on

#缺省服务器：开启

DefaultAddress                  192.168.1.10

#缺省IP（独立服务器必须设置，否则有可能无法启动）

# Port 21 is the standard FTP port.

Port                            21

#端口：21

Extendedlog /mnt/log/proftpd.accesee.log All

#记录服务器所有日志

#Extendedlog /mnt/log/proftpd.auth_log AUTH auth

#Extendedlog /mnt/log/proftpd.paranoid_log ALL default

Transferlog /mnt/log/transfer.log

#记录服务器上传下载日志

LogFormat       write   "%u %a %h %D %F"

#定义日志数据格式

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    30

# Set the user and group under which the server will run.

User                            nobody

Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

DefaultRoot ~

# Normally, we want files to be overwriteable.

AllowOverwrite          on

# Bar use of SITE CHMOD by default

<Limit SITE_CHMOD>

  DenyAll

</Limit>

# A basic anonymous configuration, no upload directories.  If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

#which group can login

#设置可以登录FTP的用户组

  <Limit LOGIN>

  AllowGroup 500

  AllowGroup 501

  AllowGroup 502

  AllowGroup 503

#500 ftpmaster

#501 only up

#502 only down

#503 up and down

 </limit>

#not allow allusers del everything

#设置不允许非管理员删除和改名

  <Limit DELE RMD>

  DenyGroup 501

  DenyGroup 502

  DenyGroup 503

 </Limit>

# not all download

#设置不允许下载

  <Limit RETR RNFR>

  DenyGroup 501

 </Limit>

# not allow upload

#设置不允许上传

  <Limit WRITE STOR>

  DenyGroup 502

 </Limit>

# up and download but not allow delete

#设置允许上传，下载的权限

  <Limit WRITE READ RETR STOR>

 AllowGroup 503

 </Limit>

以上为proftpd的配置文件

4、新建用户脚本

#/bin/bash
echo 'This program tell you how to make an account for this ftpserver'
echo 'step 1'
echo 'Enter your username'
read username
echo 'step 2'
echo 'Choose a Limit for your account'
echo '500  can do everything ,include delete '
echo '501  only upload '
echo '502  only download'
echo '503  up and down ,but no delete'
echo 'Enter your choose'
read limit
echo 'step 3'
echo 'Enter a number for your account ,this number must big than 200,and only one number for one user'
echo 'Enter your Number'
read number
echo 'step4'
echo 'Choose a list for your account ,for Exp " ftplist "'
read list
 
useradd $username -g $limit -u $number -d /mnt/ftpdir/$list -s /sbin/nologin
echo 'Then you can enter "passwd username" to change the passwd for your account'
exit;

5、以下为分析transfer日志的脚本，并生成htm文件

#/bin/bash
 
time=$(date -d last-day '+%b %d')
echo '<table width="980" border="1">' >>/var/www/html/read.htm
echo '<tr>'  >>/var/www/html/read.htm
echo '<td width="100px;">'  >>/var/www/html/read.htm
echo 'Username' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="100px;">' >>/var/www/html/read.htm
echo 'Date' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="70px;">' >>/var/www/html/read.htm
echo 'Time' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="100px;">' >>/var/www/html/read.htm
echo 'Ip Address' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="20px">' >>/var/www/html/read.htm
echo 'UD' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="400px;">' >>/var/www/html/read.htm
echo 'Filename' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '<td width="140px;">' >>/var/www/html/read.htm
echo 'FileSize' >>/var/www/html/read.htm
echo '</td>' >>/var/www/html/read.htm
echo '</tr>' >>/var/www/html/read.htm
echo '</table>' >>/var/www/html/read.htm
 
 
for ((i=1; i < $(cat /mnt/log/transfer.log|grep "$(date -d yesterday '+%b %d')"|wc -l)+1 ;i++)){
#echo $time
echo '<table width="980" border="1">'
echo '<tr>'
echo '<td width="100px">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $14}'
echo '</td>'
echo '<td width="100px">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $5}'
echo '-'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $2}'
echo '-'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $3}'
echo '</td>'
echo '<td width="70px;">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $4}'
echo '</td>'
echo '<td width="100px;">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $7}'
echo '</td>'
echo '<td width="20px">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $12}'
echo '</td>'
echo '<td width="400px;">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 |  awk '{print $9}'
echo '</td>'
echo '<td width="140px;">'
cat /mnt/log/transfer.log |grep "$(date -d yesterday '+%b %d')"|head -$i |tail -1 | awk '{print $8}'
echo 'Kb'
echo '</td>'
echo '</tr>'
echo '</table>'
} >> /var/www/html/read.htm
 
echo '<table width="980px border="2">'  >>/var/www/html/read.htm
echo '<tr>'  >>/var/www/html/read.htm
echo '<td fontsize="19px" fontcolor="red">Help:List UD,i=download o=upload </td>' >>/var/www/html/read.htm
echo '</tr>'  >>/var/www/html/read.htm
echo '</table>' >>/var/www/html/read.htm

6、以下为Proftpd的启动脚本

#!/bin/bash
FTPD_BIN=/usr/local/proftpd/sbin/proftpd
FTPD_CONF=/etc/proftpd.conf
PIDFILE=/usr/local/proftpd/var/proftpd.pid
if [ -f $PIDFILE ]; then
pid=`cat $PIDFILE`
fi
if [ ! -x $FTPD_BIN ]; then
echo "$0: $FTPD_BIN: cannot execute"
exit 1
fi
case $1 in
start)
if [ -n "$pid" ]; then
echo "$0: proftpd [PID $pid] already running"
exit
fi
if [ -r $FTPD_CONF ]; then
echo "Starting proftpd..."
$FTPD_BIN -c $FTPD_CONF
else
echo "$0: cannot start proftpd -- $FTPD_CONF missing"
fi
;;
stop)
if [ -n "$pid" ]; then
echo "Stopping proftpd..."
kill -TERM $pid
else
echo "$0: proftpd not running"
exit 1
fi
;;
restart)
if [ -n "$pid" ]; then
echo "Rehashing proftpd configuration"
kill -HUP $pid
else
echo "$0: proftpd not running"
exit 1
fi
;;
*)
echo "usage: $0 {start|stop|restart}"
exit 1
;;
Esac

将脚本复制到/etc/init.d/proftpd文件内（没有自建）。

然后执行 

chmod +x /etc/init.d/proftpd

然后添加proftpd为系统工具 

chkconfig –add /etc/init.d/proftpd

即可使用 

service proftpd start|stop|restart

来控制proftpd 的启动·关闭·重启