[±Ð¾Ç]Ãö©óFTP¥þ³¡³]©w WU-FTP $$°ÝÃD¡G ??Readme ªº§@¥Î A ´£¥Ü¥Î¤áreadme¤å¥ó¤w¸g§ó·s ??¦p¦ó­­¨î¨Ó¦Û¦P¤@¦a§}ªºµn³°­Ó¼Æ A host-limit ??upload ¹ï¨C¤@­Ó¥Ø¿ý³£­n³]¸m¶Ü A¤£¥Î¡A¥u»Ý­n¹ï»Ý­n¤W¶Çªº¥Ø¿ý¾Þ§@¡CÀq»{¤£¤¹³\¤W¶Ç ??°Î¦Wµn³°ªº¥Ø¿ý¦b­þ¨½ A /var/ftp ??¬O¤£¬O¦bguestgroup¤¤«ü©úªº¥Î¤á¤~¬Oguest A ¬O ??chroot¹B¥Î A ???¤°?¦bµn³°«áls¤£·|¦C¥X¥Ø¿ýdir·|¡H A ¥Î¤áºÝª©¥»°ÝÃD $$Àô¹Ò¡G Redhat Linux 7.2 Kernel 2.4.7-10 wu-ftp-2.6.1-18 $$©R¥O¡G rpm -qa |grep wu-ftp ¹î¬Ý¬O§_¦w¸Ë¤FWU-FTP rpm -ql wu-ftpd-2.6.1-18 ¹î¬Ý¦w¸Ë¤F­þ¨ÇWU-FTP¬ÛÃö¤å¥ó /usr/sbin/ckconfig ÀˬdFTP¦øªA¾¹ªº³]¸m¬O§_¥¿½T /usr/bin/ftpcount Åã¥Ü¥Ø«e¦b½u¤H¼Æ /usr/bin/ftpwho ¬d¬Ý¥Ø«eFTP¦øªA¾¹ªº³s±µ±¡ªp /usr/sbin/ftprestart ¥Î©ó­«?FTP¦øªA¾¹µ{¦¡ /usr/sbin/ftpshut ¥Î©ó¥Í¦¨Ãö³¬FTP¦øªA¾¹µ{¦¡ªº¤å¥ó /usr/sbin/in.ftpd FTP¦øªA¾¹µ{¦¡ /usr/sbin/in.wuftpd -->in.ftpd /usr/sbin/privatepw /usr/sbin/wu.ftpd -->in.ftpd /usr/sbin/xferstats xferlogs¤ÀªR¤u¨ã $ckconfig ÀˬdFTP¦øªA¾¹ªº³]¸m¬O§_¥¿½T [root@localhost /]# ckconfig Checking _PATH_FTPUSERS :: /etc/ftpusers ok. Checking _PATH_FTPSERVERS :: /etc/ftpservers I can't find it... look in doc/examples for an example. Checking _PATH_FTPACCESS :: /etc/ftpaccess ok. Checking _PATH_PIDNAMES :: /var/run/ftp.pids-%s ok. Checking _PATH_CVT :: /etc/ftpconversions ok. Checking _PATH_XFERLOG :: /var/log/xferlog ok. Checking _PATH_PRIVATE :: /etc/ftpgroups ok. Checking _PATH_FTPHOSTS :: /etc/ftphosts ok. $ftpcount §Ú­Ì¥i¥H¨Ï¥Îftpcount©R¥O¤Q¤À²M·¡¦a²Î­p¥X·í«e³s±µ¨ìFTP¦øªA¾¹¤Wªº¥Î¤á¼Æ¥Ø¡A¨Ã¥B¦P®É¦C¥X¤W­­¡C©R¥O¿é¥X¦p¤U©Ò¥Ü¡G [root@localhost /]# ftpcount Service class all - 1 users (no maximum) Service class local - 0 Users (20maximum) Service class remote - 5 Users (100maximum) $ftpwho §Ú­Ì¥i¥H¨Ï¥Îftpwho©R¥O¤Q¤À²M·¡¦a¦C¥X·í«e³s±µªº¥Î¤áªº¸Ô²Ó±¡ªp¡C [root@localhost /]# ftpwho Service class all: 1874 ? SN 0:00 ftpd: 192.168.0.1: anonymous/: IDLE - 1 users (no maximum) $ftpshut §Ú­Ì¥i¥H¨Ï¥Îftpshut©R¥O¥Í¦¨¤@­Ó¦b/etc/ftpaccess¤¤³]¸mªºshut.msg¤å¥ó¡A¥Î©óÃö¾÷³]©w¡Cftpshut©R¥Oªº®æ¦¡?¡G $ftpshut <-l min> <-d min> time <»¡©ú> -l ³o­Ó°Ñ¼Æ³]©w¦bÃö³¬FTP¦øªA¾¹¥\¯à«e¦h¤Ö¤ÀÄÁ®É°±¤î¥Î¤áªº³s±µ¡F Àq»{10 -d ³o­Ó°Ñ¼Æ³]©w¦bÃö³¬FTP¦øªA¾¹¥\¯à«e¦h¤Ö¤ÀÄÁ®É¤ÁÂ_¥Î¤á³s±µ¡F Àq»{5 time «ü©wÃö³¬FTP¦øªA¾¹ªº®É¶¡¡C¨Ò¦p6¡G20¤À«h¼g?0620¡F ¦øªA¾¹ºÝ [root@localhost /]# ftpshut 1005 [root@localhost /]# less /etc/shutmsg 2002 05 30 10 05 0010 0005 #2002¦~6¤ë30¸¹10ÂI05¤ÀÃö³¬¡A´£«e10¤ÀÄÁ©Úµ´³s±µ¡A´£«e5¤ÀÄÁ¤ÁÂ_³s±µ ¤w¸gµn³°ªº¥Î¤á¡G ftp> ls 200 PORT command successful. 550-System shutdown at Sun Jun 30 10:05:00 2002 ftp> ls 200 PORT command successful. 221 Server shutting down. Goodbye. ¸Õ¹Ïµn³°ªº¥Î¤á¡G E:\>ftp 192.168.0.2 Connected to 192.168.0.2. 500 localhost.localdomain FTP server shut down -- please try again later. Connection closed by remote host. $ftprestart ¥Î©ó­«?FTP¦øªA¾¹µ{¦¡ [root@localhost /]# ftprestart ftprestart: /var/ftp/etc/shutmsg does not exist. ftprestart: /etc/shutmsg does not exist. [root@localhost /]# ftprestart ftprestart: /var/ftp/etc/shutmsg removed. ftprestart: /etc/shutmsg removed. $in.ftpd in.ftpd ¨Ï¥Îªº°Ñ¼Æ¡A -d ·íFTP¦øªA¾¹¥X¿ù®É¡A±N¿ù»~¤J¨t²Îªºsyslog¤¤¡F -l ±N¨C¦¸FTP¥Î¤áºÝ¶i¦æ³s±µªº¤J¨t²Îªºsyslog¤¤¡F -t ³]¸mFTP¥Î¤áºÝ³s±µ´X¤ÀÄÁµL¾Þ§@´N¤ÁÂ_³s±µ¡F -a ¨Ïwu-ftp¨Ï¥Î/etc/ftpaccessªº³]©w¡F -A ¨Ïwu-ftp¤£¨Ï¥Î/etc/ftpaccessªº³]©w¡F -L ±NFTP¥Î¤áºÝ³s½u«á©Ò°õ¦æªºµ{¦¡°O¿ý¦b¨t²Îªºsyslog¤¤¡F -I ±NFTP¥Î¤áºÝ¤W¸ü¤å¥óªº¤é»x°O¿ý¦b/usr/adm.xferlog¤å¥ó¤¤¡F -o ±NFTP¥Î¤áºÝ¤U¸ü¤å¥óªº¤é»x°O¿ý¦b/usr/adm/xferlog¤å¥ó¤¤¡C ³q¹L¹ï¥H¤W°Ñ¼Æªº²z¸Ñ¡A§Ú­Ì«Øij¡A¦b/etc/xinetd.d/wu-ftpd ¤¤¨Ï¥Î¦p¤U°t¸m # default: on # description: The wu-ftpd FTP server serves FTP connections. It uses \ # normal, unencrypted usernames and passwords for authentication. service ftp { disable = no socket_type = stream wait = no user = root server = /usr/sbin/in.ftpd server_args = -l -a log_on_success += DURATION USERID log_on_failure += USERID nice = 10 } $$°t¸m¤å¥ó¡G /etc/ftpaccess (¥D­n°t¸m¤å¥ó¡A±±¨î¦s¨ú³\¥iÅv) /etc/ftpconvertions (°t¸m¤å¥óÀ£ÁY/¸ÑÀ£ÁYÂà´«) /etc/ftpgroups (³]©wftp¦Û¤v©w¸qªº¸s²Õ) /etc/ftphosts (³]©w­Ó§Oªº¥Î¤á³\¥iÅv) /etc/ftpservers (³]©w¤£¦PIP/Domain Name¥H¹ïÀ³¨ì¤£¦PªºµêÀÀ¥D¾÷) /etc/ftpusers (³]©w­þ¨Ç±b¸¹¤£¯à¥Îftp³s½u) /etc/logrotate.d/ftpd /etc/pam.d/ftp ?? /etc/xinetd.d/wu-ftpd ?°Ê¸}¥» /var/ftp °Î¦Wµn³°ªº®Ú¥Ø¿ý !!¨t²Î¦w¸Ë¤Fwu-ftp«á¡A·|«Ø¥ß¤@­Ó¯S®íªº¥Î¤áftp¡A¨Ã¦b/var¥Ø¿ý¤U«Ø¥ß¤F¤@­Óftp¥Ø¿ý¡A·í¥Î¤á¥H°Î¦Wµn¿ý¤W¨Ó®É¡A±N·|¦Û°Ê©w¦ì©ó³o­Ó¥Ø¿ý¤U¡C¦b³o­Ó¥Ø¿ý¤U¤@¯ë·|«Ø¥ß´X­Ó¤l¥Ø¿ý¡C /bin ¦s©ñ¤@¨Ç¨ÑFTP¥Î¤á¨Ï¥Îªº¥i°õ¦æ¤å¥ó /etc ¦s©ñ¤@¨Ç¨ÑFTP¥Î¤á¨Ï¥Îªº°t¸m¤å¥ó /pub ¦s©ñ¨Ñ¤U¸üªº¸ê°T /incoming ¦s©ñ¨Ñ¤W¸ü¸ê°TªºªÅ¶¡ !!¤@¯ëªº¡A¹ï/etc/ftpaccessªº°t¸m¬Oª½±µ§@¥Î©ó³]¸m«áªº¤U¤@¦¸FTPªA°È¶iµ{¡C¦Ó¨ä¥Lªº«h­n¹ïxinetd¶iµ{­«·s?°Ê¡C $/etc/ftpaccess ??autogroup ®æ¦¡¡Gautogroup <groupname> <class> [<class> ...] ¥\¯à¡G¦Û°Ê¹ïÀ³¸s²Õ¡A·í§A©w¸q¦nªº¨º¨Ç¦PÄÝ©ó¤@­Óclassªº¥Î¤á¡A¤@¥¹³s½u¤W¨Ó´N·|³Q¹ïÀ³¨ì¤@­Ó¬ÛÀ³ªº¸s²Õ¤U­±¡A³o¼Ë§A´N¥i¥H¥ÎUnixªº¤å¥ó³\¥iÅv¹ï¬Y¤@¸s¤H°µ­­¨î¡C ¹ê¨Ò¡Gautogroup guest any class ®æ¦¡¡Gclass <class> <typelist> <addrglob> [<addrglob> ...] ¥\¯à¡G¥Ñclass©w¸qªº¸s²Õ¥Î¤á¤~¥i¥H³s½u¶i¨Ó¡A¥i¥H¨Ï¥Î¦h¼h¦¡ªºclass¨Ó³W½d­þ¨Ç¸s²Õªº¥Î¤á¯à°÷±q­þ¨Ç¦a¤è¤W¨Ó¡C ³oùئ³¤T­Ó­«­nªººØÃþ¡Areal¡Banonymous©Mguest¡C real¦pªG¨S¦³¦C¦b©w¸q¤¤¡A¨º?³o¥x¾÷¾¹¤¤¥ô¦ó¯u¹êªº¤@¯ë¥Î¤á³£µLªk¥Î¦Û¤vªº±b¸¹³s¤W¨Ó¡C anonymous¦pªG¨S¦³¦b©w¸q¡A´Nªí¥Ü¤£Åý¨S¦³±b¸¹ªºªº¤H³s¤W¨Ó¡C ¦pªG¦³©w¸qguest¡A¨º?guest¸s²Õªº¤H´N¥i¥H¤W¨Ó¡C ¥t¥~<¥Î¤á¦a§}>¬O«üftp¤W¨Óªº¥Î¤á·|¥Î¨ìªºIP¦a§}¡A ¥i¦Û¦æ³]©w¡C ¹ê¨Ò¡G class all real,guest,anonymous * ©w¸q¤F¤@­Ó¦W?allªºclass¡A¥]§t¤TºØ¤H¡A©Ò¦³IPªº³s½u¥Î¤á(¤]´N¬O©Ò¦³¤H³£¥]¬A¤F)7 class local real localhost loopback local³o­Óclass»¡¡A¥u¦³realªº¥Î¤á¥i¥H±q¥»¾÷¾÷¾¹³s¤W¨Ó class remote guest,anonymous * remote³o­Óclass¥]§t¤F±q¥ô¦ó¦a¤è¤W¨Óªºguest©Manonymous¥Î¤á¡A¦ý¬Oreal¥Î¤á¤£¥iµn³° class rmtuser real !*.example.com rmtuser³o­Óclass¥]§t¤F±q¥~­±¨Óªº(°£¤Fexample.com)¯u¹ê¥Î¤á !! ¦bFTP¦øªA¾¹¤Wªº¥Î¤á°ò¥»¤W¥i¥H¤À?¥H¤U¤TÃþ¡G real ¦b¸ÓFTP¦øªA¾¹¦³¦Xªk±b¸¹ªº¥Î¤á¡F Real FTP is when someone logs in with a real username and password and has access to the entire disk structure. This form of access can be extremely dangerous to system security and should be avoided unless absolutely necessary and well controlled. guest ¦³°O¿ýªº°Î¦W¥Î¤á¡F Guest FTP is a form of real FTP; one logs in with a real user name and password, but the user is chroot'ed to his home directory and cannot escape from it. This is much safer, and it is a useful way for remote clients to maintain their Web accounts. anonymous ³\¥iÅv³Ì§Cªº°Î¦W¥Î¤á Anonymous FTP is well known; one logs in with the username 'anonymous' and an email type password. deny ®æ¦¡¡Gdeny <©Úµ´³s½uªº¦a§}> <¸ê°T¤å¥ó> ¥\¯à¡G©Úµ´·½¦ì§}²Å¦Xªº³X°Ý¡A¦P®ÉÅã¥Ü¤å¥óªº¤º®e¡C¤]¥i¥H¬O¬Y¤@¤å¥ó¡A¸Ó¤å¥ó¥]§t¤F©Úµ´ªºip¦a§}Ãþªº©w¸q¡C ¥i¥H¥Î !nameserverd¨Ó©Úµ´¨S¦³µù¥U¥\¯àÅܼƦWºÙªº¥Î¤áºÝ½Ð¨D¡C ¹ê¨Ò¡G deny 210.62.146.*:255.255.255.254 /etc/reject.msg deny !nameserverd /var/ftp/etc/noname.msg ©Úµ´¨S¦³µù¥U¥\¯àÅܼƦWºÙªº¥Î¤áºÝ½Ð¨D,¨Ã¥BÅã¥Ünoname.msgªº¤º®e¡C noname.msg¤º®e [root@localhost /var/ftp/etc]# cat noname.msg You are not allow! ¥Î¤áºÝÅã¥Ü¡G E:\>ftp 192.168.0.2 Connected to 192.168.0.2. 220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. User (192.168.0.2:(none)): vip 331 Password required for vip. Password: 530-You are not allow! 530 Login incorrect. !! ¸ê°T¤å¥ó¥Îªº¬O¥þ¸ô®| guestgroup --³]©w³X«È¸s guestuser --³]©w³X«È±b¸¹ realgroup --³]©w¯u¹ê¸s²Õ realuser --³]©w¯u¹ê±b¸¹ ®æ¦¡¡G guestgroup <groupname> [<groupname> ...] guestuser <username> [<username> ...] realgroup <groupname> [<groupname> ...] realuser <username> [<username> ...] ¥\¯à¡G guestgroup©Mguesyuser§â«D°Î¦W³s±µµø?°Î¦W³s±µ¨Ãchroot¡C realgroup©Mrealuser§â«D°Î¦W³s±µµø?¯u¹ê¥Î¤á³s±µ¡C ¹ê¨Ò¡G guestuser * realgroup admin ªí¥Ü°£¤Fadmin²Õ¥H¥~ªº¥ô¦ó«D°Î¦W³s±µµø?guest¥Î¤á³s±µ¡Aadmin¤´Âµø?¯u¹ê¥Î¤á³s±µ¡C !! For guestgroup, if a REAL user is a member of any of <groupname>, the session is set up exactly as with anonymous FTP. In other words, a chroot() is done, and the user is no longer permitted to issue the USER and PASS commands. <groupname> is a valid group from /etc/group (or whatever mechanism your getgrent(3)library routine uses). The user's home directory must be properly set up, exactly as anonymous FTP would be. The home directory field of the passwd entry is divided into two directories. The first field is the root directory which will be the argument to the chroot(2) call.The second half is the user's home directory relative to the root directory. The two halves are separated by a "/./". For example, in /etc/passwd, the real entry: guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly When guest1 successfully logs in, the ftp server will chroot("/ftp") and then chdir("/incoming"). The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest1), just as an anonymous FTP user would. /etc/passwd¤å¥ó¡G vip:x:500:500::/home/vip/:/bin/bash ­×§ï?¡G vip:x:500:500::/home/vip/./:/bin/bash /etc/ftpaccess¤å¥ó¤¤²K¥[¡G #guestgroup guestgroup vip /home/vip¤å¥ó . .. thisisviproot vip ¥Î¤áµn³°Åã¥Ü¡G E:\>ftp 192.168.0.2 Connected to 192.168.0.2. 220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. User (192.168.0.2:(none)): vip 331 Password required for vip. Password: 230 User vip logged in. Access restrictions apply. ftp> ls 200 PORT command successful. 150 Opening ASCII mode data connection for file list. thisisviproot vip 226 Transfer complete. ftp: 20 bytes received in 0.01Seconds 2.00Kbytes/sec. ftp> pwd 257 "/" is current directory. nice ®æ¦¡¡Gnice <nice-delta> [<class>] ¥\¯à¡G¦bLinux¤¤¡Aniceªº­È¬O-20(³ÌÀu¥ý)¨ì19(³Ì«á³B²z)¡A³oùاA¥i¥H«ü©w­tªº­È¨Ó´£°ª¬YclassªºÀu¥ý¶¶§Ç¡C ¹ê¨Ò¡G !! This default nice value adjustment is used to adjust the nice value of the server process only for those users who do not belong to any class for which a class-specific `nice' directive exists in the ftpaccess file. defumask ®æ¦¡¡Gdefumask <umask> [<class>] ¥\¯à¡G³]©w¬Yclassªºumask ¹ê¨Ò¡G !! umask¬O«Ø¥ß¤å¥ó®É¸Ó¤å¥óªºªº³\¥iÅv¾B¸n tcpwindow ®æ¦¡¡Gtcpwindow <size> [<class>] ¥\¯à¡G³]©wtcpwindowªº¤j¤p ¹ê¨Ò¡G ??keepalive ®æ¦¡¡Gkeepalive <yes|no> ¥\¯à¡G³]©w¬O§_¨Ï¥ÎTCP SO_KEEPALIVE¨Ó±±¨îÂ_½u±¡§Î ¹ê¨Ò¡G timeout --³]©w³s½u¶W®É¡A¥Îªk¦p¤U¡G timeout accept timeout connect timeout data timeout idle timeout maxidle timeout RFC931 ®æ¦¡¡G timeout accept <seconds> timeout connect <seconds> timeout data <seconds> timeout idle <seconds> timeout maxidle <seconds> timeout RFC931 <seconds> ¥\¯à¡G³]¸m¦UºØ¶W®É¡C accept³]¸mftpdªA°Èµ¥«Ý³Q°Ê¸ê®Æ³q¹D³s±µ½Ð¨Dªº¶W®É¡C¡]¯Ê¬Ù?120¬í¡^ connect³]¸mftpdªA°È¼Ð·Ç¸ê®Æ³q¹D³s±µ½Ð¨Dªº¶W®É¡C¡]¯Ê¬Ù?120¬í¡^ data³]¸mftpdªA°Èµ¥«Ý¥Î¤áºÝ¦b¸ê®Æ³q¹D¤W¦hªø®É¶¡¨S¦³°Ê§@?¶W®É¡C¡]¯Ê¬Ù?1200¬í¡^ idle ³]¸mftpdªA°Èµ¥«Ý¥Î¤áºÝ¥Î¤á¦b©R¥O³q¹D¤W¦hªø®É¶¡¨S¦³°Ê§@?¶W®É¡C¡]¯Ê¬Ù?900¬í¡^ maxidle ³]¸m¥Î¤á¥i¥H¦b¥Î¤áºÝ³]¸mªº§óªøªºªÅ¶¢®É¶¡ªº¤W­­¡C¡]¯Ê¬Ù?10¬í¡^ RFC931 ³]¸m¤@­ÓRFC931¨ó©w·|¸Üªº³Ìªø®É¶¡¡C?¹s«h¨ú®ø¹ï¸Ó¨ó©wªº¤ä´©¡C file-limit ®æ¦¡¡Gfile-limit [<raw>] <in|out|total> <count> [<class>] ¥\¯à¡G¹ï¬Y­Óclass­­¨î¦s¨ú¤å¥óªº¼Æ¥Ø¡A¥]§t¤Fin(¤W¶Ç)¡Bout(¤U¸ü)¡Atotal. raw¥Nªí¾ã­Ó¶Ç¿éªºµ²ªG¡A¤£¥ú¬O¸ê®ÆÀÉ®×. ¹ê¨Ò¡Gfile-limit out 20 lvfour ­­¨îlvfour³o­Óclassªº¥Î¤á³Ì¦h¥u¯à¤U¸ü20­Ó¤å¥ó data-limit --­­¨î¬Yclass¥u¯à¶Ç´X­Ó¦ì¤¸²Õ¡A¥Îªk¸òfile-limit¬Û¦ü limit-time ®æ¦¡¡Glimit-time {*|anonymous|guest} <minutes> ¥\¯à¡G­­¨î¤@­Ó³s½u¥u¯à«ùÄò¦h¤[,?¤FÁקK¦³¤H¬E¦b¯¸¤W¤£¤U¨Ó¡A¥i¥H¥Î³o­Ó¤èªk­­¨î¥Î¤áªº¤W½u®É¶¡ ¹ê¨Ò¡Glimit-time guest 5 Åýguest±b¸¹ªº¥Î¤á¥u¯à¥Î5¤ÀÄÁ !! Limit the total time a session can take. By default, there is no limit. Real users are never limited. ¥Î¤áºÝÅã¥Ü¡G E:\>ftp 192.168.0.2 Connected to 192.168.0.2. 220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. User (192.168.0.2:(none)): vip 331 Password required for vip. Password: 230 User vip logged in. Access restrictions apply. ftp> ls 421 Timeout (900 seconds): closing control connection. Connection closed by remote host. ?? guestserver [<hostname>] Controls which hosts may be used for anonymous access. If used without <hostname>, denies all anonymous access to this site. More than one <host? name> may be specified. Anonymous access will only be allowed on the named machines. If access is denied, the user will be asked to use the first <hostname> listed. limit ®æ¦¡¡Glimit [Ãþ§O] [¤H¼Æ] [®É¶¡] [ÀɮצW] (ÀɮצW¥Î¥þ¸ô®|) ¥\¯à¡G³]©w¬Y­Óclass¦b¬Y¤@®É¶¡°Ï¬q¤º³Ì¦h¯à°÷´X¤H¦P®É¤W½u¡A«á­±¬O·í¶W¹L³s½u¼Æ¥Ø®É­nÅã¥Üªº¸ê°T¡C ¹ê¨Ò¡G limit all 32 Any /home/ftp/etc/toomanyuser.msg ­­¨î©Ò¦³³s½u¦b¥ô¦ó®É¶¡¥u¯à¦³32­Ó¥Î¤á¡A¶W¹L«h©Úµ´³s½u¨ÃÅã¥Ü¸ê°T limit levellone 5 Any2300-0600 /var/ftp/etc/toomanyuser.msg ­­¨îlevellone³o­Óclassªº¥Î¤á¦b23:00¨ì6:00³o¬q®É¶¡¤º¥u¯à¦³5¤H³s½u /etc/ftpaccess¤º®e limit all 1 Any /etc/toomanyuser.msg /etc/toomanyuser.msg¤º®e toomanyuser !try again! ¥Î¤áºÝÅã¥Ü¡G Connected to 192.168.0.2. 220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. User (192.168.0.2:(none)): ftp 331 Guest login ok, send your complete e-mail address as password. Password: 530-toomanyuser !try again! 530 Login incorrect. Login failed. host-limit <class> <n> <times> <message_file> Limit <class> to <n> simultaneous connections per host IP address at times <times>, displaying <mes sage_file> if the user is denied access. Limit check is performed at login time only. If multiple "host- limit" commands can apply to the current session, the first applicable one is used. Failing to define a valid limit, or a limit of -1, is equivalent to unlimited. <times> is in same format as the times in the UUCP L.sys file. /etc/ftpaccess¤º®e host-limit all 1 Any /etc/toomanyconnact.msg /etc/toomanyconnect.msg¤º®e toomanyconnect !try again! ¥Î¤áºÝÅã¥Ü¡G Connected to 192.168.0.2. 220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. User (192.168.0.2:(none)): vip 331 Password required for vip. Password: 530-toomanyconnect ! try again! 530 Login incorrect. Login failed. ftp> noretrieve ®æ¦¡¡Gnoretrieve [absolute|relative] ([class=<classname>]|[user=<username>]) ... [-] <filename> <filename>... !!absolute©Îrelative«ü¤å¥ó¬O¥Îµ´¹ï¸ô®|ÁÙ¬O¬Û¹ï¸ô®| ¥\¯à¡G³]©w­þ¨Ç¤å¥ó¤£¥i¤U¸ü ¹ê¨Ò¡G noretrieve /etc/passwd core ¤£¤¹³\¤U¸ü/etc/passwd core noretrieve /etc /home/*/.htaccess allow-retrieve ®æ¦¡¡Gallow[absolute/relative][class= ]¡K[-][<ÀɮצW>¡K] ¥\¯à¡G³]©w­þ¨Ç¤å¥ó¦bnoretrieve«á¤´¥i¤U¸ü loginfails --³]¸mµn¤J¿ù»~¥i¹Á¸Õªº¦¸¼Æ ®æ¦¡¡Gloginfails [¦¸¼Æ] ¥\¯à¡G·í¥Î¤á³s½u®É¥i¯à¥´¿ùID©Î±K½X¡A³o­Ó³]©w¥i¥HÅý¥L¥´¿ù´X¦¸¥H«á´NÂ_½u¡AÁקK¦³¤H¥Î½aÁ|ªk²q´ú±K½X¡C ¹ê¨Ò¡Gloginfails 3¡G ±K½X¿é¤J¿ù»~¤T¦¸´N¤ÁÂ_³s±µ¡C ??private --³]©w½u¤W¬O§_¥i¥H°õ¦æSITE GROUP/SITE GPASS ·í¶}©ñSITE GROUP»PSITE GPASS«ü¥O®É¡A¥i¥H¥Î³o¨â­Ó«ü¥O¤Á´«¨ì/etc/ftpgroupªº¸s²Õ¡C¤@¯ë¦Ó¨¥§Ú­Ì¤£·|¥Î¨ì³o­Ó¥\¯à¡A¥HÁקK¦w¥þº|¬}¡C ®æ¦¡¡Gprivate [yes/no] ¥\¯à¡G³]©w¬O§_¤ä´©¸s²Õ¹ï¤å¥óªº¨ú¥Î¡C ¹ê¨Ò¡Gprivate yes¡G¤ä´©¸s²Õ¹ï¤å¥óªº¨ú¥Î¡C private [<yes|no>] After user logs in, the SITE GROUP and SITE GPASS commands may be used to specify an enhanced access group and associated password. If the group name and password are valid, the user becomes (via setegid()) a member of the group specified in the group access file /etc/ftpgroups. If no parameter is given, the default is "no" and SITE GROUP/GPASS will not be honored. The format of the group access file is: access_group_name:encrypted_password:real_group_name where access_group_name is an arbitrary (alphanumeric + punctuation) string. encrypted_password is the password encrypted via crypt(3), exactly like in /etc/passwd. real_group_name is the name of a valid group listed in /etc/group. NOTE: For this option to work for anonymous FTP users, the ftp server must keep /etc/group perma nently open and the group access file is loaded into memory. This means that (1) the ftp server now has an additional file descriptor open, and (2) the nec essary passwords and access privileges granted to users via SITE GROUP will be static for the duration of an FTP session. If you have an urgent need to change the access groups and/or passwords *NOW*, you just kill all of the running FTP servers. greeting --Åã¥ÜServerªºª©¥»¸ê°T¡A¥Îªk¦p¤U¡G ®æ¦¡¡G greeting full|brief|terse greeting text <message> ¥\¯à¡G ·í¥Î¤áµn¤Jµe­±Åã¥Üªºserver¸ê°T¡A full¬O¹w³]­È¡A¥]§tª©¥»¸¹¥H¤Îhostname¡A brief¥u¦³hostname¡A terse¥u¦³¡§FTP server ready¡¨ªº¸ê°T¡C text <message> Åã¥Ü¦Û©w¸qªº¸ê°T ¹ê¨Ò¡G greeting text Colormouse's FTP! greeting text terse signoff full|brief|terse signoff text <message> Allows you to control how much information is given out when the remote user logs out. 'signoff full' is the default and shows the transfer counts (if compiled into the daemon), and a thank-you message showing the host name. 'signoff brief' whose shows only the thank-you message. 'signoff terse' simply says "Goodbye." Although full is the default, terse is recommended. The 'text' form allows you to specify any signoff message you desire. <mes sage> can be any string; whitespace (spaces and tabs) is converted to a sing le space. stat full|brief|terse stat text|brieftext <message> Allows you to control how much information is given out when the remote user requests the server's status (the STAT command). 'stat full' is the default and shows the hostname and daemon version along with transfer counts (if compiled in) and quota information (also, if compiled in). quota informa tion. 'stat terse' shows only the connection status with no hostname. Although full is the default, brief is recommended. The 'text' and 'brieftext' forms allows you to specify any text you desire to appear where the version information would be displayed. <message> can be any string; whitespace (spaces and tabs) is converted to a single space. barnner --³]©w¥¼¶i¤JLoginµe­±¤§«e¥Î¤á¬Ý¨ìªº¸ê°T¡A¥Îªk¦p¤U¡G ®æ¦¡¡Gbanner <¤å¥ó¸ô®|> ¥\¯à¡G³oùØ?­z¤F¦b¥Î¤áµn¤J®É¡A¦bÁÙ¨S¥´ID/Password¤§«e­n¥X²{ªº¸ê°T¡C ¤å¥ó¸ô®|«üªº¬O¬Û¹ï©ó¯u¹êªº¸ô®|¡A¦Ó¤£¬O¬Û¹ï©óftpªº®Ú¥Ø¿ý¡C hostname <some.host.name> Defines the default host name of the ftp server. This string will be printed on the greeting message and every time the %L magic cookie is used. The host name for virtual servers overrides this value. If not specified, the default host name for the local machine is used. email <name> Defines the email address of the ftp archive maintainer. This string will be printed every time the %E magic cookie is used. message ®æ¦¡¡Gmessage <path> {<when> {<class> ...}} ³oùتº¤å¥óªº¸ô®|¬O¬Û¹ï©óftpªº®Ú¥Ø¿ýªº¡A¡§¦ó®É¡¨¬O«ü·í§A°µ¤F¤°?°Ê§@¤§«áªº¤ÏÀ³¡A¦³´X­Ó¿ï¾Ü¡G login(µn¤J®É) cwd=<¥Ø¿ý>(¶i¤J¬Y¥Ø¿ý®É) class ¦WºÙ¬O«e­±¤w¸g©w¸q¹Lªº¡A¤¹³\§Aªº¸ê°T¥u¹ï­þ¨Ç¤Hµo¥X¡C ¦Ó¸ê°T¤å¥óªº¤º®e°£¤F¤å¦r¥H¥~¡AÁÙ¥i¥H¨Ï¥Î¥H¤U¤@¨Ç¨Æ¥ý©w¸q¦nªº¥N¸¹¡G %T(¥»¾÷®É¶¡) %F(¥Ø«e¤À°Ï©Ò³Ñ¾lªºªÅ¶¡) %C(¥Ø«e©Ò¦bªº¥Ø¿ý) %E(ºÞ²zªÌªºE-mail) %R(¥Î¤áºÝ¥D¾÷¦WºÙ) %L(¥»¾÷¥D¾÷¦WºÙ) %U(¥Î¤á¦WºÙ) %M(»P§Ú¬Û¦Pclass¥Î¤á¤¹³\¦h¤Ö¤H³s½u) %N(»P§Ú¬Û¦Pclass¥Î¤á¥Ø«e¦³¦h¤Ö¤H³s½u) %B(µ´¹ïºÏ¤ù­­¨î¤j¤p¡A¥Ø«e¤À°Ï(³æ¦ìblocks)) %b(preferredºÏ¤ù­­¨î¤j¤p¡A¥Ø«e¤À°Ï(³æ¦ìblocks)) %Q(¥Ø«e¤w¨Ï¥Îªºblocks) %I(³Ì¤j¥i¨Ï¥Îªºinodes(+1)) %i(Preferred inodes­­¨î) %q(¥Ø«e¨Ï¥Îªºindoes) %H(¶W¶q¨Ï¥ÎºÏºÐªÅ¶¡ªº®É¶¡­­¨î) %h(¶W¶q¨Ï¥Î¤å¥ó¼Æ¥Øªº®É¶¡­­¨î) ratios: %xu Uploaded bytes %xd Downloaded bytes %xR Upload/Download ratio (1:n) %xc Credit bytes %xT Time limit (minutes) %xE Elapsed time since login (minutes) %xL Time left %xU Upload limit %xD Download limit ¥\¯à¡G³]©w¸ê°T¤å¥ó ¹ê¨Ò¡Gmessage /etc/ftpd/welcome.msg login¡G·í¥Î¤á°õ¦ælogin©R¥O®É¡A¤]´N¬Oµn¿ý¨ìFTP¦øªA¾¹¤Wªº®É­Ô¡A¨t²Î±NÅã¥Ü¤å¥ó/etc/ftpd/welcome.msgªº¤º®e¡C !! The message will only be displayed once to avoid annoying the user. Remem ber that when MESSAGEs are triggered by an anonymous FTP user, the <path> must be relative to the base of the anonymous FTP directory tree. ??readme --³qª¾¥Î¤á­þ¨ÇREADME¤å¥ó¤w¸g§ó·s readme README* login readme README* cwd=* log commands --°O¿ý¥Î¤á©Ò¨Ï¥Î¹Lªº©R¥O¡A¥Îªk¦p¤U¡G ®æ¦¡¡Glog commands<¥Î¤áºØÃþ> ¥\¯à¡G³]¸m­þ¨Ç¥Î¤áµn¿ý«áªº¾Þ§@°O¿ý¦b¤å¥ó/usr/adm/xferlog¤¤¡C ¹ê¨Ò¡Glog commands real ¡G·íreal¥Î¤áµn¿ý«á¡A±N¥Lªº¾Þ§@°O¿ý¤U¨Ó¡C log transfers --°O¿ý¥Î¤á©Ò¶Ç¿éªº¤å¥ó¡A¥Îªk¦p¤U¡G ®æ¦¡¡G log transfers<¥Î¤áºØÃþ><¶Ç¿é¤è¦V> ¥\¯à¡G ³]©w¦³­þ¨ÇÃþ«¬ªº¥Î¤á¶Ç¿é¤å¥ó»Ý­n°O¿ý¡A¥]§t¤Finbound(¥Î¤á¤W¶Ç)©Moutbound(¥Î¤á¤U¸ü)¡A¨Ò¦p¡G ¹ê¨Ò¡G log transfers anonymous,real inbound,outbound ¡G¹ï©ó°Î¦W¥Î¤á­n§ó¥[ªºÃöª`¥¦­Ìªº¤å¥ó¾Þ§@¡A©Ò ¥HµL½×¤W¸ü¡B¤U¸ü³£¶i¦æ°O¿ý¡C log transfer real inbound¡G¹ï©ó¦Xªk¥Î¤á«h¥u°O¿ý¥Lªº¤W¸ü°O¿ý¡C log security --°O¿ý¦w¥þ©Ê¡A¥Îªk¦p¤U¡G log security<¥Î¤áºØÃþ> ¯S§O¥Î©ó°O¿ý¬YÃþ¥Î¤áÃö©ónoretrive¡Bnotarµ¥¦³Ãö¦w¥þ©Êªº°O¿ý log syslog log syslog+xferlog Redirects the logging messages for incoming and outgoing transfers to sys log. Without this option the messages are written to xferlog. syslog+xferlog sends the transfer log messages to both the system log and the xferlog. ??Upload/Download ratios In order for any of these commands to work, you must compile WU-FTPD with --enable-ratios. ul-dl-rate <rate> [<class> ...] Specify Upload/Download ratio (1:rate). When ftp user uploaded 1 bytes, (s)he can take <rate> bytes. By default, there is no ratio. dl-free <filename> [<class> ...] The file <filename> can be downloaded freely (=ignoring the ratio) dl-free-dir <dirname> [<class> ...] All files in the directory <dirname> and its subdirectories can be down loaded freely (=ignoring the ratio) Note that both dl-free and dl-free-dir are relative to the system's root, not the chroot environment. alias --³]©w¥Ø¿ý§O¦W¡A¥Îªk¦p¤U¡G ®æ¦¡¡Galias [¥Ø¿ý§O¦W] [¥Ø¿ý¦W] ¥\¯à¡Gµ¹«ü©w¥Ø¿ý³]¸m¤@­Ó§O¦W¡A¦b¤Á´«¥Ø¿ý®É´N¥i¥H¨Ï¥Î¸ûµuªº¥Ø¿ý§O¦W¡C ¹ê¨Ò¡Galias inc¡G /incoming¡G?¤l¥Ø¿ýincoming³]¸m¤@­Ó§O¦Winc¡G¡C cdpath ¥\¯à¡G ³]©wcd§ó´«¥Ø¿ý·j¯Á¶¶§Ç ¹ê¨Ò¡G cdpath /pub/packages cdpath /.aliases compress,tar --³]©w¬O§_¦Û°ÊÀ£ÁY¡A¥Îªk¦p¤U¡G ®æ¦¡: compress <yes|no> [<classglob> ...] tar <yes|no> [<classglob> ...] ¥\¯à¡G ©w¸q­þ¨Ç¤H¥i¥H°õ¦æÀ£ÁY¥H¤Îtar ¹ê¨Ò¡G compress yes local remote¡G¤¹³\local©Mremote¨â­ÓÃþ§Oªº¥Î¤á³£¯à¨Ï¥Î compress(À£ÁY)¥\¯à¡C tar yes local remote¡G¤¹³\local©Mremote¨âÃþªº¥Î¤á³£¯à¨Ï¥Îtar¥\¯à¡C shutdown --³qª¾¥Î¤á­nÃö¯¸¤F ®æ¦¡¡Gshutdown <¸ê°T¤å¥ó> ¥\¯à¡G¦pªG¸ê°T¤å¥ó¦s¦bªº¸Ü¡A·í³o­Ó¤å¥ó«ü©wªº¬Y®É¶¡¥H«á¡A´N·|©Úµ´³s½u¨Ã¤ÁÂ_¤w¦³ªº³s½u¡Aµ¥®É¶¡¤@¨ì´NÃö¾÷¡C³o­Ó¸ê°T¤å¥óªº®æ¦¡¦p¤U¡G <¦~><¤ë><¤é><®É><¤À><©Úµ´­Ë¼Æ><Â_½u­Ë¼Æ><¤å¦r> (¤ë¥÷?0~11) ¹ê¨Ò¡Gshutdown /etc/ftpd/shut.msg daemonaddress <address> If the value is not set, then the server will listen for connections on every IP addresses, otherwise it will only listen on the IP address speci fied. Use of this clause is discouraged. It was added to support a single site's needs. It will completely break virtual hosting and the syntax is likely to change in a future version of the daemon. logfile <path> Specifies the transfer log file (xferlog) for the default server. Virtual hosts can override this with the virtual logfile option. If omitted, a default log file is used. virtual --³]©wµêÀÀFTP¯¸»O ®æ¦¡¡Gvirtual <address> <root|banner|logfile> <path> virtual <address> <hostname|email> <string> virtual <address> allow <username> [<username> ...] virtual <address> deny <username> [<username> ...] ¥\¯à¡Gwu-ftpd´£¨Ñ¤FµêÀÀ¥D¾÷ªº¥\¯à¡A¤]´N¬O»¡¡A¦b¦P¤@¥x¾÷¾¹¤W´£¨Ñ¤F¤£¦PFTP¯¸»O¡A¥H¥D¾÷¦WºÙ©ÎIP¨Ó°Ï¤À¡F·íµM§A­n¥Î¦WºÙªº¸Ü¡AÁٻݭn¸òDNS°t¦X¤~¦æ¡Cvirtual¦³«Ü¦h­Ó³]©w¡G address¡]¥i¥H¬O¥D¾÷¦W©ÎIP¦ì§}¡^ root«üªº¬Oftpªº®Ú¥Ø¿ý¡A banner¬OÅwªï¸ê°T¡A logfile«üªº¬O³o­ÓµêÀÀ¯¸»Oªºlog¤å¥ó ¥Î¤á¥i¥H¬d¨ìhostname©MºÞ²zªÌemail¡A ¹ê¨Ò¡G virtual virtual.com.bj root /home/ftp2 virtual virtual.com.bj banner /etc/vftpbanner.2 virtual virtual.com.bj logfile /etc/viftplog.2 ¥Î¤á¥i¥H¬d¨ìhostname©MºÞ²zªÌemail virtual 210.62.146.50 hostname virtual.site.com.bj virtual vritual.site.com.bj email ftpown@virtual.site.com.bj ³]©w¬O§_¤¹³\³s½u virtual virtual.site.com.bj allow * virtual virtual.site.com.bj deny badman virtual <address> private Normally, anonymous users are allowed to log in on the virtual server. This option denies them access. virtual <address> passwd <file> Use a different passwd file for the virtual domain. The daemon needs to be compiled with --enable-passwd (or OTHER_PASSWD) for this option to work. virtual <address> shadow <file> Use a different shadow file for this virtual domain. The daemon needs to be compiled with --enable-passwd (or OTHER_PASSWD) for this option to work. defaultserver deny <¥Î¤á>[<¥Î¤á>¡K¡K] defaultserver allow <¥Î¤á>[<¥Î¤á>¡K¡K] ¥\¯à¡G·í§Ú­Ì¨Ï¥Î¤FµêÀÀ¥D¾÷¡A­ì¥ýªºdeny¡Aallow³]©w¤£ª¾¹D­n³]­þ­Óserver¡A©Ò¥H·|µL®Ä¡A¥Îdefaultserver¥Nªí­ì¨Óªº¥D¾÷ ¹ê¨Ò¡G defaultserver private ¥D¯¸»O©Úµ´anonymous¥Î¤á defaultserver deny * ¥D¯¸»O©Úµ´©Ò¦³³s±µ ??passive address <externalip> <cidr> Allows control of the address reported in response to a PASV command. When any control connection matching the <cidr> requests a passive data connec tion (PASV), the <externalip> address is reported. NOTE: this does not change the address the daemone actually listens on, only the address reported to the client. This feature allows the daemon to operate correctly behind IP-renumbering firewalls. For example: passive address 10.0.1.15 10.0.0.0/8 passive address 192.168.1.5 0.0.0.0/0 Clients connecting from the class-A network 10 will be told the passive con nection is listening on IP-address 10.0.1.15 while all others will be told the connection is listening on 192.168.1.5 Multiple passive addresses may be specified to handle complex, or multi- gatewayed, networks. ??passive ports <cidr> <min> <max> Allows control of the TCP port numbers which may be used for a passive data connection. If the control connection matches the <cidr> a port in the range <min> to <max> will be randomly selected for the daemon to listen on. This feature allows firewalls to limit the ports which remote clients may use to connect into the protected network. <cidr> is shorthand for an IP address in dotted-quad notation followed by a slash and the number of left-most bits which represent the network address (as opposed to the machine address). For example, if you're using the reserved class-A network 10, instead of a netmask of 255.0.0.0 use a CIDR of /8 as in 10.0.0.0/8 to represent your network. ??pasv-allow <class> [<addrglob> ...] ??port-allow <class> [<addrglob> ...] Normally, the daemon does not allow a PORT command to specify an address different than that of the control connection. And it does not allow a PASV connection from another address. The port-allow clause provides a list of addresses which the specified class of user may give on a PORT command. These addresses will be allowed even if they do not match the IP-address of the client-side of the control connec tion. The pasv-allow clause provides a list of addresses which the specified class of user may make data connections from. These addresses will be allowed even if they do not match the IP-address of the client-side of the control connection. mailserver --«ü©wUpload³qª¾ªºmail¦øªA¾¹ incmail --«ü©wanonymous uploadªºemail³qª¾¦a§} virtual incmail --«ü©wµêÀÀ¥D¾÷anonymous uploadªºemail³qª¾¦ì§} defaultserver incmail --«ü©w¹w³]¥D¾÷anonymous uploadªºemail³qª¾¦a§} mailfrom --³qª¾ªº±H«H¤Hupload virtual mailfrom --µêÀÀ¥D¾÷upload³qª¾ªº±H«H¤H defaultserver mailfrom --¹w³]¥D¾÷upload³qª¾ªº±H«H¤H chmod --³]©w¬O§_¥i¥H§ïÅܤå¥ó³\¥iÅv delete --³]©w¬O§_¥i¥H§R°£¤å¥ó overwrite --Âл\¤å¥ó\ rename --­«©R¦W¤å¥ó ®æ¦¡¡G delete [yes/no] [real/anonymous/guest] overwrite [yes/no] [real/anonymous/guest] rename [yes/no] [real/anonymous/guest] chmod [yes/no] [real/anonymous/guest] ¹ê¨Ò¡G delete no anonymous,guest; umask --¤¹³\³]©wumask ®æ¦¡¡Gumask [yes/no] [real/anonymous/guest] ¥\¯à¡G³]¸m¬O§_¤¹³\«ü©w¥Î¤á¨Ï¥Îumask©R¥O¡CÀq»{¬O¤¹³\¡C ¹ê¨Ò¡Gumask no anonymous¡G?¤F§ó¦n¦aºÞ²zFTP¦øªA¾¹¡A¤@¯ë±¡ªp¤U¡A§Ú­Ì¤£¤¹³\°Î¦W¥Î¤á°õ¦æumask©R¥O¡C passwd-check --³]©wanonymous FTPªº±K½XÀˬdµ{«×¡A¥Îªk¦p¤U¡G ®æ¦¡¡Gpasswd-check [none/trivial/rfc822] [enforce/warn] ¥\¯à¡G³]©w¹ï°Î¦W¥Î¤áanonymousªº±K½X¨Ï¥Î¤è¦¡¡C none ªí¥Ü¤£°µ±K½XÅçÃÒ¡A¥ô¦ó±K½X³£¥i¥Hµn¿ý¡F trival ªí¥Ü¥u­n¿é¤Jªº±K½X¤¤§t¦³¦r¤¸¡§@¡¨´N¥i¥Hµn¿ý¡F rfc822 ªí¥Ü±K½X¤@©w­n²Å¦XRFC822¤¤©Ò³W©wªºE-Mail®æ¦¡¤~¯àµn¿ý¡F enfore ªí¥Ü¿é¤Jªº±K½X¤£²Å¦X¥H¤W«ü©wªº®æ¦¡´N¤£Åýµn¿ý¡F warn ªí¥Ü±K½X¤£²Å¦X³W©w®É¥u¥X²{ĵ§i¸ê°T¡A¤´µM¯à°÷µn¿ý¡C ¹ê¨Ò¡Gpasswd-check rfc822 warn¡G§Æ±æ¯à°÷±o¨ì²Å¦X³W©wªºE-Mail§@?±K½X¡A¦ý¦pªG¤£¬O¡A¤]¤¹³\µn¿ý¡C deny=email --©Úµ´¯S©wªºemail·í±K½X path-filer --Äá©w­þ¨ÇÀɮצW¤£¥i¨Ï¥Î ®æ¦¡¡Gpath-filter <typelist> <mesg> <allowed_charset> {<disallowed regexp> ...} ¹ê¨Ò¡G path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^- path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^- For example: path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^- specifies that all upload filenames for anonymous users must be made of only the characters A-Z, a-z, 0-9, and "._-" and may not begin with a "." or a "-". If the filename is invalid, /etc/pathmsg will be displayed to the user. upload --³]©wupload³\¥iÅv upload [absolute|relative] ([class=<classname>]|[user=<username>])... [-] <root- dir> <dirglob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"] [<d_mode>] [<dirowner> <dirgroup>] ¥Î¨Ó¹ï§Ú­Ì­n³]©wªº¥Ø¿ý°µ³\¥iÅv³]©w¡G absoulte/relative¨Ï¥Îµ´¹ï¸ô®|©Î¬O¬Û¹ï¸ô®| class=«ü©w¬Y­Óclass root-dir«üªº¬O¹ï­þ¨Çroot-dirªº¤H¡A¤]´N¬Ochroot«áªºµn¤J¥Ø¿ý¡AÀ³¥Î³o­Ó³W«h³]©wªº¥Ø¿ý«üªº´N¬O§Ú­Ì­n­­¨îªº¥Ø¿ý yes/no«ü±o¬O¯à§_¦b¦¹¥Ø¿ý¤U¶}·s¤å¥ó owner,group«ü¥X¬O¶}¥X¨Óªº¤å¥ó¾Ö¦³ªÌ¤Î¸s²Õ Mode«üªº¬O¤å¥ó³\¥iÅv dirs/nodirs«üªº¬O¯à§_¶}·s¥Ø¿ý d_mode³]©w«Ø¥ß·s¥Ø¿ý®É¥Ø¿ýªº³\¥iÅv¡A¦pªG¤£³]©w·|®Ú¾Úmode¨Ó³]©w ®æ¦¡¡G upload [®Ú¥Ø¿ý] [¤W¸ü¥Ø¿ý] [yes/no] [¥Î¤á] [³\¥iÅv] [dirs/nodirs] ¥\¯à¡G ¹ï¥i¥H¤W¸üªº¥Ø¿ý¶i¦æ§ó¥[¸Ô²Óªº³]¸m¡C ¹ê¨Ò¡G upload /home/ftpd * no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd¤U¤£¤¹³\¤W¸ü¡F upload /home/ftpd /bin no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd/bin¤U¤£¤¹³\¤W¸ü¡F upload /home/ftpd /etc no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd/etc¤U¤£¤¹³\¤W¸ü¡F upload /home/ftpd /pub yes real 0644 dirs¡G¤¹³\¥Î¦øªA¾¹¤Wªº¦Xªk¥Î¤á¦b¤l¥Ø¿ý/home/ftpd/pub ¥Ø¿ý¤U¯à¤W¸ü³\¥iÅv?0644(¤]´N¬O-rw-r--r--)ªº¤å¥ó¡A¦Ó¥B¦b³o­Ó¥Ø¿ý¤U¥i¥H·s«Ø¤l¥Ø¿ý¡C upload /home/ftpd /incoming yes real guest anonymous 0644 dirs¡G¤¹³\©Ò¦³ªº¥Î¤á¦b¤l¥Ø¿ý /home/ftpd/incoming¤U¯à¤W¸ü³\¥iÅv?0644ªº¤å¥ó¡A¦Ó¥B¦b³o­Ó¥Ø¿ý¤U¥i¥H·s«Ø¤l¥Ø¿ý¡C thoughput --±±¨î¤U¸ü³t«× ®æ¦¡¡Gthoughput <¤l¥Ø¿ý¦Cªí><¤å¥ó> <»·ºÝ¦a§}¦Cªí> ¥\¯à¡G¹ï»·ºÝªº¦ì§}¡A±±¨î¥L§ì¬Y­Ó¤l¥Ø¿ý¤Uªº¬Y¨Ç¤å¥ó®Éªº³t«×¡A¨Ò¦p¡G ¹ê¨Ò¡G thoughput /e/ftp * * oo - * thoughput /e/ftp /sw* * 1024 0.5 * thoughput /e/ftp sw* readme oo - * thoughput /e/ftp sw* * oo - *.foo.com ¥H¤Wªº³]©w§A¬O§_¯à°÷¬Ý¥X¨Ó©O¡H¡§oo¡¨ªí¥Ü¤£­­¨îbytes/sec¡A¡§-¡¨©Î¬O¡§1.0¡¨³£¬O¥Nªí¤@­¿¡C ²Ä¤@¦æªº·N«ä¬O»¡¡A¦b/e/ftp¤U­±ªº¤å¥ó¤£­­¨î¤U¸ü³t«×¡F ²Ä¤G¦æ»¡¡A¦b/sw*¤U­±ªº¥ô¦ó¤å¥ó­­³t?1024bytes/sec* 0.5=512bytes/sec¡F ²Ä¤T¦æ¤S§âreadme¤å¥óªº­­³t¨ú®ø¡F ³Ì«á¤@¦æ«h¹ï*.foo.com¶}©ñ¥þ³t¡C anonymous-root --¹ï¬Yclass³]©w°Î¦W¥Î¤áªº®Ú¥Ø¿ý ®æ¦¡¡Ganonymous-root <root-dir> [<class>] ¹ê¨Ò <root-dir> specifies the chroot() path for anonymous users. If no anony mous-root is matched, the old method of parsing the home directory for the 'ftp' user is used. If no <class> is specified, this is the root directory for anonymous users who do not any other anonymous-root specification. Mul tiple classes may be given on the line. If an anonymous-root is chosen for the user, the 'ftp' user's home directory in the <root-dir>/etc/passwd file is used to determine the initial directory and the 'ftp' user's home direc tory in the system-wide /etc/passwd is not used. For example: anonymous-root /home/ftp anonymous-root /home/localftp localnet causes all anonymous users to be chroot()'d to the directory /home/ftp then, if the 'ftp' user exists in /home/ftp/etc/passwd, their initial CWD is that home directory. Anonymous users in the class localnet, however, are chroot()'d to the directory /home/localftp and their initial CWD is taken from the 'ftp' user's home directory in /home/localftp/etc/passwd. guest-root --¹w³]¤@­Óguest¥Î¤á®Ú¥Ø¿ý guest-root <root-dir> [<uid-range>] For example: guest-root /home/users guest-root /home/staff %100-999 sally guest-root /home/users/frank/ftp frank causes all guest users to chroot() to /home/users then starts each user in their home directory specified in /home/users/etc/passwd. Users in the range 100 through 999, inclusive, and user sally, will be chroot()'d to /home/staff and the CWD will be taken from their entries in /home/staff/etc/passwd. The single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry in /home/users/owner/ftp/etc/passwd. Note that order is important for both anonymous-root and guest-root. If a user would match multiple clauses, only the first applies; with the excep tion of the clause which has no <class> or <uid-range>, which applies only if no other clause matches. deny-uid¡Adeny-gid --©Úµ´¬Y¬qUID(GID)½d³ò allow-uid¡Aallow-gid --¤¹³\¬Y¬qUID(GID)½d³ò For example: deny-gid %-99 %65535 deny-uid %-99 %65535 restricted-uid¡Arestricted-gid --­­¨î¥Î¤á¤£¯àÂ÷¶}¥Lªºµn¿ý¥Ø¿ý unrestricted-uid¡Aunrestricted-gid --¥Î¤á¥i¥HÂ÷¶}¥Lªºµn¿ý¥Ø¿ý An example of the use of these clauses shows their intended use. Assume user 'dick' has a home directory /home/dick and 'jane' /home/jane: guest-root /home dick jane restricted-uid dick jane While both dick and jane are chroot'd to /home, they cannot access each other's files because they are restricted to their home directories. Whereever possible, in situations such as this example, try not to rely solely upon the ftp restrictions. As with all other ftp access rules, try to use directory and file permissions to backstop the operation of the ftpaccess configuration. dns refuse_mismatch --³]©wDNS¬d¨ì¦WºÙ»P¥Î¤á³]©w¤£²Åªº°Ê§@ dns refuse_mismatch<¸ê°T¤å¥ó>[override] ·í¥Î¤á¨Ï¥Î¥¼µù¥UIP®É¡A©Úµ´¥Lªº³s½u¡Aoverride«h¬O¤£²z·|¿ù»~¦ÓÅý¥L³s½u¡A¸ê°T¤å¥ó«h¬O§Ú­Ì­nµ¹¥Î¤á¬Ýªº¡C dns refuse_no_reverse--³]©wµL¤Ï¬d°O¿ý©Úµ´³s½u dns refuse_no_reverse<¸ê°T¤å¥ó>[override] ·í¥Î¤áªºIP¤Ï¬dµL°O¿ý®É¡A©Úµ´¥Lªº³s½u dns resolveoptions--³]©wDNS¸ÑªR¿ï¶µ dns resolveoptions[options] ³oùØ¥i¥H³]©wDNS¸ÑªR¿ï¶µ site-exec-max-lines <number> [<class> ...] The SITE EXEC feature traditionally limits the number of lines of output which may be sent to the remote client. This clause allows you to set this limit. If omitted, the limit is 20 lines. A limit of 0 (zero) implies no limit; be very careful if you choose to remove the limit. If a clause is found matching the remote user's class, that limit is used. Otherwise, the clause with class '*', or no class given, is used. For example: site-exec-max-lines 200 remote site-exec-max-lines 0 local site-exec-max-lines 25 limits output from SITE EXEC (and therefore SITE INDEX) to 200 lines for sets a limit of 25 lines for all other users. $/etc/ftphosts ftphosts¤å¥ó¨ä¹ê¸òftpaccessùØ­±ªºaccess¡Adeny«Ü¹³¡A¥¦¬O¯S§O¥Î¨Ó³]©w¬Y¨ÇIDªº³s½u¡A¥¦¨S¦³class©w¸q¡A©Ò¥H¥²¶·¬O¯u¹ê¥Î¤á¡C allow|deny<¥Î¤á><¦a§}>[<¦a§}>¡K¡K] ¥H¤U¬O¤@¨Ç¨Ò¤l¡G allow rose 140.0.0.0/8 deny jack 140.123.0.0:255.255.0.0 ¤¹³\\ ose±q140.*.*.*¶i¨Ó¡A©Úµ´jack±q140.123.*.*¤W¨Ó ??$/etc/ftpservers ³o­Ó¤å¥ó±±¨î¤F·í§A¦³¤£¦PªºIP/hostnameªº®É­Ô¡A¶i¨Óªº³s½u¨Ï¥Î­þ¤@­Ó°t¸m¤å¥ó¡C¨Ò¦p¡G 10.196.145.10 /etc/ftpd/ftpaccess.somedomain/ 10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/ some.domain internal 10.196.145.20 /etc/ftpd/config/faqs.org/ ftp.some.domain /etc/ftpd/config/faqs.org/ $/etc/ftpusers ¦b³o­Ó¤å¥óùØ°O¿ýªº¥Î¤á¸T¤î¨Ï¥ÎFTP $/etc/ftpgroups µ¹SITE GROUP«ü¥O¨Ï¥Î¡A½u¤W¤Á´«group¡CSITE EXEC®e©ö³y¦¨¦w¥þº|¬}¡A¤@¯ë§Ú­Ì³£¤£¶}©ñ¡C ½d¨Ò¡G test:ENCRYPTED PASSWORD HERE:archive $/etc/ftpconversions ¥Î¨Ó°µtar¡Bcompress¡Bgzipµ¥°Ê§@«ü¥O°t¸m¤å¥ó¡A¥u­n¥Î¹w³]§Y¥i¡A¦pªG§A¤£¶}©ñ§Y®ÉÀ£ÁY¥´¥]¡A¤]¥i¥H§â¤º®e²M°£¡C $$§Þ³N¤ä´©¡G ©x¤èºô¯¸ www.wu-ftpd.org ¥i¥H¨ìftp://ftp.wu-ftpd.org¤U¸ü³Ì·sª©¥»ªº·½¥N½X¥]¡C $$°t¸m¹ê¨Ò¡G ¹ê¨Ò1 $begin °t¸m¥Ø¼Ð ¤£¤¹³\anonymous¥Î¤áµn¿ý¡A«Ø¥ß¤@­Óguest½ã¸¹¡A¨Ï¤½¥q¤º³¡¤H­û¨Ï¥Î¡A¨Ã¥B¤£¤¹³\¥ÎTelnetµn¿ý¡C °t¸m¨BÆJ¡G 1¡B¼W¥[¤@­Ó¥Î¤á½ã¸¹¡G useradd szanlai passwd szanlai 2¡B©w¸q«ü¦V¥Î¤áªºshell ?ªÅshell: chsh szanlai ¿é¤J /bin/hello (¥ý¦b/etc/shells¤¤²K¥[¤@¦æ/bin/hello) ¥H¤W¨â¨B¥i¥H¥Î¤@±ø©R¥O°µ usedadd -d szanlai -s /bin/hello szanlai (-d ¬O¥Î¤á¥Ø¿ý¡A-s ¬O«ü¦V¤°?shell) 3¡B­×§ï/etc/shells¤å¥ó¡A¦bshells¤å¥½¼W¥[©Ò«ü¦Vªºshell vi shells 4¡B­×§ï/etc/passwd ¤å¥ó¡A´N¬O±N¥Î¤á½ã¸¹¥Ø¿ý«ü¦¨µêÀÀµn¿ý®Ú¥Ø¿ý¡A¡]³o´N¬Ochroot©Ò«üªº®ÄªG¡^ eg: szanlai:x:503:504::/home/szanlai/:/bin/hello change szanlai:x:503:504::/home/szanlai/./:/bin/hello ª`·N¤£­n¦bi : ¤§¶¡¥[¤W "/" ¡A¡A¡A§_«hµn¿ý¤£¶i ³o¤@­Ó§ï°Ê¬O±N/home/szanlai/ µêÀÀ«ü¦V /¡C 5¡B¤§«á¡A»Ý°µ¤@­Óºc¬[¡A¡A¦bszanlai¥Ø¿ý¤U·s«Ø /bin , /etc , /lib , /dev ¥Ø¿ý (¦]?©w¸q¤FµêÀÀµn¿ý®Ú¥Ø¿ý) 6¡B±Nls©R¥O¤å¥ócp ¤@¥÷¨ìµêÀÀ¥Ø¿ý(/home/szanlai/bin) cp /bin/ls /home/szanlai/bin 7¡B¦A±Nls ÃöÁp¦@¥Î¤å¥ócp¶iµêÀÀ¥Ø¿ý¡]/home/szanlai/lib¡^ ¦Ó¦p¦óª¾¹D¤@­Ó°õ¦æ¤å¥ó©Ò»Ý­nªº¦@¥Î¤å¥ó©O¡H #¥i¥H¦b/var/ftp¤UÀò±o ¥Îldd ©R¥O¥iª¾¡C Eg : ldd /bin/ls ¦A±N©Ò¨£¨ìªº¤å¥ó¥þ³¡cp ¨ì/home/szanlai/lib 8¡B±NªÅshell ­×§ï¡A¡A mknod /bin/hello c 1 3 (1 ¤£¬O L) #°µ·sªº¶ô¤å¥ó ¦A½á»P³\¥iÅv chmod 666 hello 9¡B¦A±N/etc/group ,/etc/passwd ¤å¥ócp ¶i/home/ftp/etc ¦A¤À§O­×§ï¨â­Ó¤å¥ó¡C¨Ï¦bµêÀÀµn¿ý¥Ø¿ý¤U¡A¥u¯à¦³¤@­Ó¥Î¤áµn¤J¦W 10¡B­×§ïftpaccess ¤@­Ó¬Oclass Ãþ§O«ü¦V guest ¤G­Ó¬O±Nguestgroup «ü¦V ¥Î¤á½ã¸¹ 11¡B¤§«á¡A´N¬O¥Îchmod©R¥O¨Ó³]¸m³\¥iÅv¡A¡A¡A end °ÝÃD¡G 1\¦b²K¥[shell®É¡A¥i¤£¥i¥H¥Î½Ñ¦p "/usr/bin/passwd"³o¼Ëªº©R¥O¡A¥N´À¶ô¤å¥ó? 2\¤@©w­nmknod /bin/hello c 1 3 ¤§«á¡A¨t²Î¤~·|»{³o­Óshell¶Ü? 3\¦b/home/szanlai¤U«Ø¥ßªº¥Ø¿ýµ²ºc¦³¤°?¥Î©O¡H¥Î¤á¦p¦ó¤~¯à¹B¦æ³o¨Ç¦øªA¾¹ºÝ©R¥O¡H 4\«ç¼Ë¤~¯à¨Ï/home/szanlai/etc/¤Uªºpasswd°_§@¥Î©O¡HÀq»{ÁÙ¬O¥Î¨t²Îªºpasswd¸ê®Æ®w¡I 5\chroot() ¨ãÅé¥Îªk szanlai:x:503:504::/home/szanlai/./:/bin/hello 6\«ç¼Ë¨Ïtelnet¤]chroot©O¡H 7\¬O§_¥i¯àÅý¥Î¤áºûÅ@¦Û¤vªºpasswd? ¹ê¨Ò2 $begin ²Ä¤@¨B¡G³]¸m°Î¦W¥Î¤á²Õ anonftp¦w¸Ë§¹¦¨«á¡A·|¦Û°Ê³Ð«Ø¤@­Ó°Î¦W¥Î¤á²Õ¡Gftp,³o­Ó¥Î¤á²Õ¬O§¹¦¨³]¸mªºÃöÁä¡C­º¥ý¡A­n­×§ï/etc/ftpaccess¤å¥ó¡C # vi /etc/ftpaccess (¦³Ãövi½s¿è¾¹ªº¨Ï¥Î¤èªk½Ð°Ñ¨£¦³Ãö¤å³¹) ¦b¤å¥ó¤º®e¤¤¥[¤J¦p¤U´X¦æ: guestgroup ftp chmod yes guest delete yes guest overwrite yes guest rename yes guest ¨ä¤¤²Ä¤@¦æ¬O©w¸qftp¥Î¤áªº²Õ¦W¡]¤]¥i¥H³]?¨ä¥L¥Î¤á²Õ¦W¡A¦p¡Gftpgroup,¤£¹L­n¥ý³Ð«Ø³o­Ó¥Î¤á²Õ¡^«á¥|¦æ¬O³]¸mftp¥Î¤áªº³\¥iÅv¡A§Y¾Ö¦³§ó§ï¤å¥óÄÝ©Ê¡B§R°£¤å¥ó¡BÂл\¤å¥ó¡B­«©R¦W¤å¥óªº³\¥iÅv¡A³o¬O¤@­Óftp¥Î¤á©Ò»Ýªº°ò¥»³\¥iÅv¡A¦pªG¤£³]¸m¡A¥Î¤á«hµLªk¥¿±`¨Ï¥Î¸ÓftpªA°È¡C ²Ä¤G¨B¡G³Ð«Øftp¥Î¤á # adduser test -g ftp ³Ð«Øtest¥Î¤á¡A¨ä²Õ¦W?ftp¡A¥Î¤á¥Ø¿ýÀq»{?/home/test # passwd test ?test¥Î¤á³]¸m±K½X ²Ä¤T¨B¡G«þ¨©°Î¦W¥Î¤á©Ò»Ýªº¤å¥ó # cp -rf /var/ftp/lib /home/test # cp -rf /var/ftp/bin /home/test ©Ò«þ¨©ªº¤å¥ó¬Oanonftp¦Û±aªº°Î¦W¥Î¤á©Ò»Ýªº©R¥O¤å¥ó©M®w¤å¥ó¡A¦pªG¨S¦³«h¥Î¤á¤£¯à¨Ï¥Î°ò¥»©R¥O¡A¦p¡Glsµ¥¡C ²Ä¥|¨B¡GÃö³¬¥Î¤áªºTelnet³\¥iÅv¡A´£°ª¨t²Î¦w¥þ©Ê¡CÃö³¬Telnet³\¥iÅv¦³¦hºØ¤èªk¡A²{¤¶²Ð¨âºØ¤ñ¸û¹ê¥ÎªºÅªªÌ¥i¦Û¦æ¿ï¾Ü¡G ¤èªk¤@¡G±N¥Î¤áªºshell³]?ªÅ¡A¨Ï¥Î¤áµLªkµn¿ý¡C­º¥ý¡A­n½s¿è/etc/shells¤å¥ó¡A¥[¤J¤@¦æ/dev/null,µM«á³]¸mtest¥Î¤áªºshell?/dev/null§Y¡G # chsh -s /dev/null test ¤èªk¤G¡G¨Ï¥Î¤áTelnetµn¿ý¦¨¥\«á¥u¯à­×§ï¦Û¤wªº±K½X¡C¦P¼Ë­n½s¿è/etc/shell¤å¥ó¡A¥[¤J¤@¦æ /usr/bin/passwd,µM«á³]¸mtest¥Î¤áªºshell?/usr/bin/passwd§Y¡G # chsh -s /usr/bin/passwd test ²Ä¤­¨B¡G¶}³q¥Î¤áªº­Ó¤H¥D­¶ ¦b¥Î¤á¥Ø¿ý¤U«Ø¥ßpublic_html¥Ø¿ý§Y¡G # mkdir /home/test/public_html ¨Ã¦b¸Ó¥Ø¿ý¤U«Ø¥ßindex.html¤å¥ó¡A¦¹¤å¥ó¬O¥Î¤áªº­º­¶¡C¥Ñ©ó public_html ¥Ø¿ý©M index.html ¤å¥ó¬Oroot¥Î¤á©Ò«Ø¡A¨ä¥L¥Î¤á¤£¯à­×§ï¡A¦]¦¹»Ý­n­«·s³]¸m³\¥iÅv¡G # chown -R test.ftp /home/test/public_html # chown test.ftp /home/test/public_html/index.html ¥Î¤á¥D¥Ø¿ý°£©Ò¦³ªÌ¥~¡A¨ä¥L¥ô¦ó¤H§¡¤£¯àŪ¨ú¡A³o¼Ë¥Î¤á­Ó¤H¥D­¶«K¤£¯à¨Ï¥Î¡A¦]¦¹­n¹ï¥Î¤á¥Ø¿ý³\¥iÅv°µ­×§ï§Y¡G # chmod 755 /home/test ²Ä¤»¨B¡G´ú¸Õ°t¸m ²{¦b¤@­Ó§¹¾ã¥\¯àªºftp¥Î¤á¤w¸g³Ð«Ø¦¨¥\¡A¤U­±¥i¥H¹ï¨ä¥\¯à¶i¦æ´ú¸Õ¡G (1)´ú¸ÕftpªA°È ¨Ï¥Î©R¥O¡G# ftp localhostµn¿ýftpªA°È¡A¿é¤Jtestªº¥Î¤á¦W©M±K½X«á¡A¥i¥Hª½±µ¶i¤Jtestªº¥D¥Ø¿ý¡A¨Ã¥B¥u¯à¦b¦¹¥Ø¿ý¤U¤u§@¡A§A¥i¥H§R°£¡B­×§ï¡BÂл\ÄÝ©ótestªº¤å¥ó¡A¦Ó¤£¯à¶i¤J¤W¤@¯Å¥Ø¿ý¬d¬Ý¨ä¥L¤å¥ó¡A³o¼Ë¦øªA¾¹´N¦w¥þ¦h¤F¡C (2)´ú¸ÕTelnet³\¥iÅv ³q¹L©R¥O¡G# Telnet localhostµn¿ý¡A¿é¤Jtestªº¥Î¤á¦W©M±K½X«á·|µo²{¡A©ÎªÌ¨t²Î©Úµ´µn¿ý(¨Ï¥Î¤W­z¤èªk¤@)©ÎªÌ¥u¯à­×§ï¦Û¤vªº±K½X(¨Ï¥Î¤W­z¤èªk¤G)¥²§K¤F¥Î¤á³q¹LTelnetµn¿ý¬d¬Ý¨ä¥L¤å¥ó¡C (3)´ú¸Õ¥Î¤á­Ó¤H¥D­¶ ­º¥ý¡A«OÃÒApache¦øªA¾¹¥~©ó?°Êª¬ºA¡A¨Ã¶}?¤F¥Î¤á­Ó¤H¥D­¶¥Ø¿ý§Ypublic_html¥Ø¿ý(Àq»{¬O¶}?ªº)µM«á´N¥i¨Ï¥Înetscape¦¡lynxÂsÄýhttp://localhost/~test,¦pªG¬Ý¨ì«e­±©Ò«Ø¥ßªºindex.html¤å¥ó¡A¨º?³]¸m´N¨S¦³°ÝÃD¤F¡C(Apacheªº¦w¥þ©Ê³]¸m½Ð°Ñ¾\¬ÛÃö¤å³¹) ¦Û°Ê³Ð«ØFtp¥Î¤á ¦pªG»Ý­n³Ð«Ø³\¦h³o¼ËªºFtp¥Î¤á¡A¨º?³o¨Ç¨BÆJÅãµM¤ñ¸û¶O®É¡A¦]¦¹µ§ªÌ¯S¦a¼g¤F¤@­Óshell¸}¥»¨Ó¦Û°Ê§¹¦¨¥H¤Wªº¦U¶µ¤u§@¡G ²Ä¤@¨B¡G¦b/etc/skel¥Ø¿ý¤U«Ø¥ßpublic_html¥Ø¿ý¡A¨Ã¦b¨ä¥Ø¿ý¤U«Ø¥ßindex.html¤å¥ó (ª`¡G/etc/skel¥Ø¿ý¤Uªº©Ò¦³¤º®e³£±N¦Û°Ê½Æ»sµ¹·s³Ð«Øªº¥Î¤á) ²Ä¤G¨B¡G«þ¨©/var/ftp/bin©M/var/ftp/lib¥Ø¿ý¨ì/etc/skel¥Ø¿ý¤U ²Ä¤T¨B¡G§ï¼g/etc/shells¤å¥ó¡A¥[¤J¤@¦æ¡G/usr/bin/passwd ²Ä¥|¨B¡G¥Îvi©Î¨ä¥L¤å¥»½s¿è¾¹¦b/bin¤U«Ø¥ß¤@­Óshell¸}¥»¡AÀɮצW?addftpuser¤å¥ó¡A¤º®e¦p¤U¡G #! /bin/bash if test $# != 1 then echo "Usage: addftpuser username" echo "Thanks." exit fi if test `grep ftp: /etc/group -c` != "1" then echo "Create ftp group..." groupadd ftp fi if test `grep $1: /etc/passwd -c` = "1" then echo "Username already have, please, change and try..." exit fi username=$1 userhome=/home/$1 echo "Create username and home directory..." adduser $username -g 'ftp' -d $userhome passwd $username chsh -s /usr/bin/passwd $username chmod 755 $userhome echo "Success in adding a ftp user !" ­×§ïaddftpuser¤å¥óÄÝ©Ê?755¡A¨Ï¤å¥ó¥i°õ¦æ¡A¤µ«á¨Ï¥Î®É¥u»ÝºV¡Gaddftpuser ¥Î¤á¦W¡AµM«á¨Ì´£¥Ü³]¸m¥Î¤á±K½X¡A§Y¥i¦Û°Ê§¹¦¨¤@­Óftp¥Î¤áªº²K¥[¡C³o¼Ë¡A³B²z¤@§å¥Î¤á®É´N¤è«K¦h¤F¡A§A¥i¥H§â³o­ÓFtp¦øªA¾¹¬[³]¦b§½°ìºô¤¤¡A¦V«È¤á¶}©ñFtpªA°È©M­Ó¤H¥D­¶ªÅ¶¡¡A·íµM¤]¥i¥H§â¥¦¬[³]¦bInternet¤W¡C end ¹ê¨Ò3 $begin 1.¡@³]¸m§O¦WIP¦ì§}¡A§Y¦b¤@¶ôºô¥d¤W¸j©w¦h­ÓIP¦ì§}¡C ¦p§Aªº¤º³¡FTP¥D¾÷?192.168.11.12 §A¥i¦A¸j©w¤@­ÓIP¦a§}¦p¤U¡G /sbin/ifconfig¡@eth0:0¡@192.168.11.7¡@up /sbin/route¡@add¡@-host¡@192.168.11.7¡@eth0:0 2.¡@­×§ï/etc/ftpaccess,#enable¡@virtual¡@ftp¡@. ¥[¤U­±ªº¦æ¨ì¸Ó¤å¥ó¤¤ virtual¡@192.168.11.7¡@root¡@/home/virtualftp virtual¡@192.168.11.7¡@banner¡@/home/virtualftp/banner_message virtual¡@192.168.11.7¡@logfile¡@/var/log/virtualftp/xferlog ·íµM¡A§A»Ý­n¥ýµn¿ý§@?root¡A³Ð«Ø¥Ø¿ý/home/virtualftp and¡@/var/log/virtualftp §A¤]­n·Ç³Æbanner¤å¥ó/home/virtualftp/banner_message ¤W­±¤T¦æªº¸ô®|©MÀɮצW§A¥iÀH«K©w¸q¡C 3.¡@«þ¨©©Ò»Ý­nªº°Î¦WFTP¤å¥ó,¥D­n¬O/lib,/etc,/bin¥Ø¿ý #¡@cp¡@/home/ftp/*¡@/home/virtualftp¡@-a 4.¦p¥i¯à¡A§A¤]³Ì¦n¦bDNS¤¤©w¸q192.168.11.7¡A³]¸m¦¨§A»Ý­nªºµêÀÀFTP ¥D¾÷¦W¡C end ¹ê¨Ò4 $$begin §Ú­Ì¤j®a³£ª¾¹D FTP ¦øªA¾¹ªº¤f¥OÅçÃÒ¬O°ò©ó©ú½Xªº¡A¦]¦¹¡A«Ü®e©ö³Q¶å±´¨ì¡C¥»¤å¤¶²ÐªºµêÀÀ FTP ¦øªA¾¹±Ä¥Î chroot ªº¿ìªk¡AÁöµM¤£¯à¨¾¤î¤f¥O³Q¶å±´¡A¦ý¬O¯à«OÅ@§Aªº¨t²Î¦b¤f¥O§Y¨Ï³Q¶å±´¨ìªº±¡ªp¤U¡A¤´µM¤£¯à§ð¯}¡C µêÀÀ FTP ªA°È¡A°£¤F chroot ¥\¯à¥H¥~¡AÁٱĥΤF²Ä¤G­Ó¤f¥O¸ê®Æ®w¨ÓÅçÃҥΤá¡A³o¼Ë§A´N¤£»Ý­n«Ø¥ß FTP ¥Î¤á±b¸¹¡A§Y¨Ï¤f¥Oªnº|¡A¥Î¤á¤]¤£¯àµn¿ý¨ì¨t²Î¡C §Ú­Ì±Ä¥Î¤@­Ó¥s§@ vftpd ªº¦uÅ@µ{¦¡¨Ó§êºtµêÀÀ FTP ¦øªA¾¹ªº¨¤¦â¡A¥D­nªº¦w¥þ¯S¦â¥]¬A¡G - ©l²×±Ä¥Î chroot ³B²z¥Î¤áªº home ¥Ø¿ý - ¤¹³\¥Î¤á¦b¨S¦³ shell ªº±¡ªp¤U¦s¨ú - VFTPD ¤£¤¹³\¥Î¤áªº home ?¡G/, /etc, /bin, /sbin, /usr/bin, /usr/sbin, /dev/, /lib, /tmp. - Home ¥Ø¿ýªº¸ô®|¤£¯à¥]§t²Å¸¹³s±µ - °£¤F root ¥Î¤á¨ã¦³ UID 0 ¥H¥~¡A¤£¤¹³\¨ä¥L¥Î¤á - ¤£¤¹³\¥Î¤áªº¤f¥O¤å¥ó¹ï²Õ©M¨ä¥L¦³¼g³\¥iÅv ¦w¸Ë vftpd «Ü²³æ¡A¥Ø«e³Ì·sªºª©¥»? 6.5.8 ¡A¤U¸ü«á tar xvfz ... ¡Amake ¡Amake install ¡A´N³o?²³æ¡C¤U¸ü¦a§}¡G http://startuplinux.com/virtualftpd.html ¤j¦h¼Æªº°t¸m¤u§@³£¬O¦Û°Ê§¹¦¨ªº¡A°ß¤@»Ý­n­×§ïªº¬O /etc/ftppasswd ¤å¥ó¡A³o­Ó¤å¥ó¥]§t¤F¥Î¤á¯u¥¿ªº FTP ±b¸¹¡C³o­Ó¤å¥óªº®æ¦¡°ò¥»¤W /etc/password ¤@¼Ë¡A¨C¦æ®æ¦¡?¡G login:encryptedpassword:uid:gid:description:ftppath:/no/shell vftpd ´£¨Ñ¤F¤@­Ó¥s°µ addvuser ªº¤u¨ã¡A¯à«Ü¤è«Kªº¼W¥[ FTP ¥Î¤á¡A­×§ï·í«e¥Î¤áªº¤f¥O¬O "ftppasswd username"¡C ¦pªG·í«e½T¦³ shell ±b¤áªº¥Î¤á­n¼W¥[¡A¤]»Ý­n¦b ftppasswd ¤¤²K¥[¸Ó¥Î¤á¡A¦ý¬O¤f¥O³Ì¦n¤£­n¤@¼Ë¡C ¹ï©ó¤£»Ý­n ftp ªº¥Î¤á¡A¥i¥H§â±b¸¹¥[¤J /etc/ftpusers¡C ³Ì«á¡A? /etc/ftpwelcome¡]³s±µ«áÅã¥Ü¡^©M /etc/motd¡]¦¨¥\µn³°«áÅã¥Ü¡^¼W¥[ ftp µn³°¸ê°T¡C ²{¦b¥i¥H?°Ê¶iµ{¤F¡G vftpd -D -l -U -D ¨Ï¦¨?¦uÅ@µ{¦¡¦b«á»O¹B¦æ -l logs FTP ¦b syslog ¤¤µn³°¤é»x°O¿ý (¥¢±Ñ©M¦¨¥\ªº°O¿ý) ¡A¨â¦¸ -l °O¿ý¸Ô²Ó¸ê°T -U ¤¹³\§A¨Ï¥Î who ©R¥O¬d¬Ý·í«e±Ò°Êªº ftp ·|¸Ü -A ¥u¤¹³\°Î¦W¥Î¤á³s±µ -S §â°Î¦W³s±µªº¤é»x°O¿ý¨ì /var/log/ftpd -p °ð¸¹¡A¯Ê¬Ù? 21 ¨Ò¦p¡A§Ú­Ì¥i¥H¦b rc.local ùØ­±¼g¤J¡G /usr/local/bin/vftpd -D -U -l -l ¨þ¨þ¡A¦¨¤F¡C end