安装 完XAMPP,proftp只有一个用户 nobody,而且固定指向/opt/lampp/htdocs

这不符合我们大家特殊的需求,仔细学习了一下,其实很方便就可以增加用户与控制权限,前提是掌握好proftp.conf。

一、掌握好proftp.conf的格式

#全局设置

设置项目1 参数1

设置项目2 参数2

#某个目录的设置

<Directory “路径名”>

</Directory>

#关于匿名用户的设置

<Anonymous “匿名登陆的目录”>

<Limit 限制动作>

</Limit>

</Anonymous>

二、参考一个案例

1、需求描述

  • ftp服务器支持断点续传,且最大支持同时10人在线,每个ip只允许一个连接;
  • 允许ftpusers用户组只能访问自己的目录,而不能访问上级或者其他目录;
  • 用户登陆服务器时不显示ftp服务器版本信息,以增加安全性;
  • 建立一个kaoyan的ftp帐户,属于ftpusers组,kaoyan用户只允许下载,没有可写的权限。下载速率限制在50Kbytes/s。
  • 建立一个upload用户,也属于ftpusers组,同kaoyan用户的宿主目录一样,允许upload用户上传文件和创建目录的权限,但不允许下载,并且不允许删除目录和文件的权限,上传的速率控制在100Kbytes/s

2、用户增加与权限设置

group add ftpusers

useradd -d /home/kaoyan -g ftpusers -s /bin/fales kaoyan

useradd -d /home/kaoyan -g ftpusers -s /bin/fales upload

chown -R kaoyan:upload /home/kaoyan

chmod -R 775 /home/kaoyan

3、proftp.conf配置

ServerName “Frank’s FTP Server”

ServerType standalone

DefaultServer on

Port 21

Umask 022

MaxInstances 30 #最多有30个proftpd的PID

User nobody

Group nobody

TimeoutStalled 10

MaxClients 10 #最多允许10个用户在线

MaxClientsPerHost 1 “对不起,一个IP只允许一个连接”

AllowStoreRestart on

#允许断点续传(上传),断点续续(下载)是默认支持的,不用设置

DisplayLogin welcome.msg #欢迎词文件

ServerIdent off #屏蔽服务器版本信息

DefaultRoot ~ ftpusers #设置ftpusers组只能访问自己的目录

<Directory />

AllowOverwrite on

</Directory>

<Directory /home/kaoyan>

<Limit WRITE> #不允许写

DenyUser kaoyan

</Limit>

<Limit RMD RNFR DELE RETR> #不允许删除,改名,下载

DenyUser upload

</Limit>

TransferRate RETR 50 user kaoyan

TransferRate STOR 100 user upload

</Directory>

三、我的proftp.conf修改配置结果

ServerName                      "ProFTPD"
ServerType                      standalone
DefaultServer                   on
# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30
# Set the user and group that the server normally runs at.
User                            nobody
#Group                          nogroup
rmally, we want files to be overwriteable.
<Directory /opt/lampp/*>
  AllowOverwrite                on
</Directory>
<Directory /opt/lampp/htdocs>
<Limit WRITE> #不允许写
DenyUser nobody
</Limit>
<Limit RMD RNFR DELE RETR> #不允许删除,改名,下载
DenyUser nobody
</Limit>
TransferRate RETR 50 user nobody
TransferRate STOR 100 user nobody
</Directory>