来源:http://hi.baidu.com/lidongxing1005/blog/item/df3e378e19babaf3513d92fb.html

This is how to install and configure the pure-ftpd ftp server on your Ubuntu or Debian server or workstation.

(下面是在你的ubuntu或者Debian服务器中安装和部署pure-ftpd ftp服务)

首先安装基本的包pure-ftpd(一般系统源中有此包)

以下操作都是在root用户下进行的操作

root@box:~# apt-get install pure-ftpd
.
.
.
Setting up pure-ftpd (1.0.21-11ubuntu1) ...
Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -u 1000 -E -O clf:/var/log/pure-ftpd/transfer.log -B

As the latest line of apt output tells us, the server is already started with some default options passed to the binary via the command line.

(当安装成功后,在命令行输出的最低端显示的是该ftp服务器的默认设置)

The way to configure pure-ftpd is quite different from to other Debian / Ubuntu software. When installed as a service and started during the init process, pure-ftpd is invoked by a script called pure-ftpd-wrapper. What’s unusual is that instead of reading a single configuration file for all options, the script uses a directory full of one-line files. Let’s have a look in /etc/pure-ftpd/conf :

(配置pure-ftpd不同于Debian/ubuntu上的其他软件,安装运行启动该进程的过程中,pure-ftpd的配置是通过pure-ftpd-wrapper来实现的,它使得pure-ftpd的配置不是通过在一个配置文件中的多个选项实现的,而是在一个目录中的多个文件中实现它的配置的,每个文件只有一行的配置,下面我们看一下它的配置路径及文件:

root@box:~# cd /etc/pure-ftpd/conf/
root@box:/etc/pure-ftpd/conf# ls -la
total 24K
-rw-r--r-- 1 root 36 2007-06-22 02:01 AltLog
-rw-r--r-- 1 root 5 2007-06-22 02:01 MinUID
-rw-r--r-- 1 root 4 2007-06-22 02:01 NoAnonymous
-rw-r--r-- 1 root 4 2007-06-22 02:01 PAMAuthentication
-rw-r--r-- 1 root 28 2007-06-22 02:01 PureDB
-rw-r--r-- 1 root 3 2007-06-22 02:01 UnixAuthentication

Each of those files describes a command-line option of the pure-ftpd server. For example, the file AltLog contains the format of, and path to, the tranfer log file :

每一个文件描述了pure-ftpd命令的一个选项,例如,文件AltLog包含了一些日志文件

root@box:/etc/pure-ftpd/conf# cat AltLog
clf:/var/log/pure-ftpd/transfer.log

Let’s now set some of the basic options by editing those one-liners (our server will listen to port 21 on all available interfaces, and will use IP 12.34.56.78 and ports 4500-4600 for passive mode - don’t forget to forward those from your NAT router if you are behind one):

下面我们编辑一些基本的配置(pure-ftpd监听21端口,使用ip为12.34.56.78)

root@box:/etc/pure-ftpd/conf# echo ,21 > Bind
root@box:/etc/pure-ftpd/conf# echo 12.34.56.78 > ForcePassiveIP
root@box:/etc/pure-ftpd/conf# echo 4500 4600 > PassivePortRange

Now for some recommended security stuff :

现在推荐一些安全配置:

root@box:/etc/pure-ftpd/conf# echo yes > ChrootEveryone
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesRead
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesWrite
root@box:/etc/pure-ftpd/conf# echo yes > NoChmod
root@box:/etc/pure-ftpd/conf# echo yes > BrokenClientsCompatibility

Let’s also set some limits to avoid abuse :

然后设置一些连接限制:

root@box:/etc/pure-ftpd/conf# echo 4 > MaxClientsPerIP(每个ip的最大连接数)
root@box:/etc/pure-ftpd/conf# echo 20 > MaxClientsNumber(客户端同时连接最大数)

Now the important thing we need to decide is what user authorization method(s) our server will support. Options include Unix Authentication (anyone with a login account on the server will have ftp access), but I chose PureDB authentication, which involves a dedicated pure-ftpd “virtual users” base.

下一步比较重要的是我们需要我们的ftp服务器将支持什么样的用户认证方法(任何人都可以通过一个账号进行登录,),这里我选择pureDB认证,它包含一种设计巧妙的prue-ftpd 虚拟用户数据库。
So let’s disable Unix and PAM auth, set the path to the PureDB user file, and add PureDB as an auth method by linking to it from the /etc/pure-ftpd/auth directory :

设置unix和PAM认证为no,设置pureDB用户文件的路径,并添加pureDB作为从/etc/pure-ftpd/auth到该文件的认证方法,

root@box:/etc/pure-ftpd/conf# echo no > PAMAuthentication
root@box:/etc/pure-ftpd/conf# echo no > UnixAuthentication
root@box:/etc/pure-ftpd/conf# echo /etc/pure-ftpd/pureftpd.pdb > PureDB
root@box:/etc/pure-ftpd/conf# ln -s /etc/pure-ftpd/conf/PureDB ../auth/50pure

Let’s now create a (system) user and group that will be bound to all ftp virtual users. For security reasons, that special user should have no home directory (-d /bin/null) and no shell access (-s /bin/false) :

下面创建一个用户和组,绑定到所有的ftp虚拟用户上。基于安全考虑,该用户应该不存在home目录(-d /bin/null),而且没有进行命令操作的权限(-s /bin/false)。

root@box:/etc/pure-ftpd/conf# groupadd -g 2001 ftpgroup
root@box:/etc/pure-ftpd/conf# useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

We can now use the pure-pw command to add our first virtual user (don’t forget the “pure-pw mkdb” command : it is required to commit/confirm changes to the user file)

下面我们可以使用prue-pw命令来添加我们的第一个虚拟用户,不要忘记使用pure-pw命令,他需要对原来创建的用户文件进行重新配置

root@box:/etc/pure-ftpd/conf# pure-pw useradd myfirstuser -u ftpuser -d /var/ftp/public/
Password:
Enter it again:
root@box:/etc/pure-ftpd/conf# pure-pw mkdb

(第一个虚拟用户的账号为myfirstuser,密码为刚才设置的密码,/var/ftp/public/为ftp目录)

Let’s add TLS/SSL support and generate a private certificate (you will be asked to provide some information to put in the cert)

添加 TLS/SSL支持和激活一个私有证书
root@box:/etc/pure-ftpd/conf# apt-get install openssl
root@box:/etc/pure-ftpd/conf# echo 1 > TLS
root@box:/etc/pure-ftpd/conf# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Generating a 1024 bit RSA private key
.
.
.
root@box:/etc/pure-ftpd/conf# chmod 600 /etc/ssl/private/pure-ftpd.pem

(设置pure-ftpd.pem权限,使root可读、可写但不执行,其他用户既不可读、不可写、也不执行)

Let’s finally restart the server with our all-new config :

最后重启pure-ftpd服务,over

root@box:/etc/pure-ftpd/conf# /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -X -b -u 1000 -C 4 -E -S ,21 -x -c 20 -R -A -p 4500:4600 -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -P 12.34.56.78 -B

(参考:http://www.ubuntu-howto.info/howto/how-to-install-and-configure-pure-ftpd)
arrow
arrow
    全站熱搜

    akiraken 發表在 痞客邦 留言(0) 人氣()