Re: proftpd
Witaj Marcin,
W Twoim liście datowanym 12 marca 2004 (16:01:26) można przeczytać:
M> witam!
M> pytanie chyba banalne - ale nietety nie dla mnie ;)
M> wykupilem sobie domenke - ale mam tylko jeden adres ip....jak moge
M> postawic ftp (najlepiej uzywajac proftpd) tylko pod adresem
M> ftp.mojadomena.pl, Chodzi mi o to, zeby serwer ftp dostepny byl tylo
M> pod tym adresem a nie takze pod np mojadomena.pl.
M> pozdr Marcin
Proftpd realizuje coś takiego jak Wirtualne hosty.
Jednym słowem na pewno idzie zrobić coś takiego, że ftp będzie pracował
na danym ip i realizował dwie odrębne domeny.
Ustawiam na proftp serwer domyślny, który będzie obsługiwał każdą
domene, która przychodzi, ale będzie pozwalał tylko na logowanie
użytkownikom posiadającym hasło. Natomiast możemy sobie wybrać, że
tylko dla jednej domeny będzie obsługiwał logowanie anonimowe.
Oto przykład:
-- POCZATEK --
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "Debian"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
<Global>
DefaultRoot ~
AllowRetrieveRestart on
AllowStoreRestart on
</Global>
# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
</Directory>
DefaultRoot ~
# A basic anonymous configuration, no upload directories.
# These lines are marked with ##proftpd.deb anon access## so that they
# can be recognized, and edited by postinst. You can remove them once
# you're sure you don't want to keep them around.
#<Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# <Directory incoming>
# # Umask 022 is a good standard umask to prevent new files and dirs
# # (second parm) from being group and world writable.
# Umask 022 022
# <Limit READ WRITE>
# DenyAll
# </Limit>
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
#</Anonymous>
AllowRetrieveRestart on
AllowStoreRestart on
<VirtualHost xxx.org.pl>
ServerName "Nazwa serwa"
ServerAdmin emil@cos.pl
TransferLog /var/log/proftpd/ftp.xxx.org.pl.log
<Anonymous /home/strony/ftp.xxx.org.pl>
User ftp
Group nogroup
TransferRate APPE,STOR,RETR,STOU 8.0
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
RequireValidShell off
# Limit the maximum number of anonymous logins
MaxClients 10 "Za duzo polaczen. Sprobuj pozniej."
MaxClientsPerHost 2 "Za duzo polaczen z hosta."
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
## Uncomment this if you're brave.
## <Directory incoming>
## # Umask 022 is a good standard umask to prevent new files and dirs
## # (second parm) from being group and world writable.
## Umask 022 022
## <Limit READ WRITE>
## DenyAll
## </Limit>
## <Limit STOR>
## AllowAll
## </Limit>
## </Directory>
</Anonymous>
ServerIdent on
</VirtualHost>
--KONIEC--
Podejrzewam, że dałoby się tak ustawić serwer domyślny, aby nie zezwalał
na logowanie nawet użytkownika z hasłem, ale nie bawiłem się w to.
ProFTPd ma naprawdę duże możliwość tylko trzeba się trochę na szukać i
na kombinować.
--
Pozdrowienia,
******************************
* Marek (SirAdams) Adamski *
* ICQ:42751516 *
* GG:14747 *
* Linux user:#253788 *
******************************
Reply to:
- References:
- proftpd
- From: Marcin <i.w.i@interia.pl>