[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proftpd

Witaj Marcin,

W Twoim liście datowanym 12 marca 2004 (16:01:26) można przeczytać:

M> witam!
M> pytanie chyba banalne - ale nietety nie dla mnie ;)

M> wykupilem sobie domenke - ale mam tylko jeden adres ip....jak moge
M> postawic ftp (najlepiej uzywajac proftpd) tylko pod adresem
M> ftp.mojadomena.pl,  Chodzi mi o to, zeby serwer ftp dostepny byl tylo
M> pod tym adresem a nie takze pod np mojadomena.pl.


M> pozdr Marcin

Proftpd realizuje coś takiego jak Wirtualne hosty.
Jednym słowem na pewno idzie zrobić coś takiego, że ftp będzie pracował
na danym ip i realizował dwie odrębne domeny.
Ustawiam na proftp serwer domyślny, który będzie obsługiwał każdą
domene, która przychodzi, ale będzie pozwalał tylko na logowanie
użytkownikom posiadającym hasło. Natomiast możemy sobie wybrać, że
tylko dla jednej domeny będzie obsługiwał logowanie anonimowe.
Oto przykład:
-- POCZATEK --
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite                  on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin                    welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter                      \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd               off

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

<Global>
    DefaultRoot ~
AllowRetrieveRestart on
AllowStoreRestart on
</Global>

# Normally, we want files to be overwriteable.
<Directory /*>
  # Umask 022 is a good standard umask to prevent new files and dirs
  # (second parm) from being group and world writable.
  Umask                         022  022

  AllowOverwrite                on
  AllowRetrieveRestart on
  AllowStoreRestart on
</Directory>

DefaultRoot ~

# A basic anonymous configuration, no upload directories.

# These lines are marked with ##proftpd.deb anon access## so that they
# can be recognized, and edited by postinst.  You can remove them once
# you're sure you don't want to keep them around.

#<Anonymous ~ftp>
#  User                         ftp
#  Group                                nogroup
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp
#
#  RequireValidShell            off
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10
#
#  # We want 'welcome.msg' displayed at login, and '.message' displayed
#  # in each newly chdired directory.
# DisplayLogin                  welcome.msg
#  DisplayFirstChdir            .message
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Directory *>
#    <Limit WRITE>
#      DenyAll
#    </Limit>
#  </Directory>
#
# # Uncomment this if you're brave.
#   <Directory incoming>
#     # Umask 022 is a good standard umask to prevent new files and dirs
#     # (second parm) from being group and world writable.
#     Umask                             022  022
#              <Limit READ WRITE>
#              DenyAll
#              </Limit>
#              <Limit STOR>
#              AllowAll
#              </Limit>
#   </Directory>
#
#</Anonymous>
AllowRetrieveRestart on
AllowStoreRestart on

<VirtualHost xxx.org.pl>
ServerName "Nazwa serwa"
ServerAdmin emil@cos.pl
TransferLog     /var/log/proftpd/ftp.xxx.org.pl.log
<Anonymous /home/strony/ftp.xxx.org.pl>
   User                         ftp
   Group                        nogroup
   TransferRate APPE,STOR,RETR,STOU 8.0
   # We want clients to be able to login with "anonymous" as well as "ftp"
   UserAlias                    anonymous ftp
 
   RequireValidShell            off
 
   # Limit the maximum number of anonymous logins
   MaxClients                   10 "Za duzo polaczen. Sprobuj pozniej."
   MaxClientsPerHost            2 "Za duzo polaczen z hosta."

   # We want 'welcome.msg' displayed at login, and '.message' displayed
   # in each newly chdired directory.
   DisplayLogin                 welcome.msg
   DisplayFirstChdir            .message
 
   # Limit WRITE everywhere in the anonymous chroot
   <Directory *>
     <Limit WRITE>
       DenyAll
     </Limit>
   </Directory>
 
  ## Uncomment this if you're brave.
  ## <Directory incoming>
  ##   # Umask 022 is a good standard umask to prevent new files and dirs
  ##   # (second parm) from being group and world writable.
  ##   Umask                            022  022
  ##            <Limit READ WRITE>
  ##            DenyAll
  ##            </Limit>
  ##            <Limit STOR>
  ##            AllowAll
  ##            </Limit>
  ## </Directory>
 
</Anonymous>
ServerIdent on
</VirtualHost>
--KONIEC--

Podejrzewam, że dałoby się tak ustawić serwer domyślny, aby nie zezwalał
na logowanie nawet użytkownika z hasłem, ale nie bawiłem się w to.
ProFTPd ma naprawdę duże możliwość tylko trzeba się trochę na szukać i
na kombinować.


-- 
Pozdrowienia,
    ******************************
    *  Marek (SirAdams) Adamski  *
    *        ICQ:42751516        *
    *          GG:14747          *
    *     Linux user:#253788     *
    ******************************
Reply to: