[±Ð¾Ç]Ãö©óFTP¥þ³¡³]©w 
WU-FTP 
$$°ÝÃD¡G 
??Readme ªº§@¥Î 
A ´£¥Ü¥Î¤áreadme¤å¥ó¤w¸g§ó·s 

??¦p¦ó­­¨î¨Ó¦Û¦P¤@¦a§}ªºµn³°­Ó¼Æ 
A host-limit 

??upload ¹ï¨C¤@­Ó¥Ø¿ý³£­n³]¸m¶Ü 
A¤£¥Î¡A¥u»Ý­n¹ï»Ý­n¤W¶Çªº¥Ø¿ý¾Þ§@¡CÀq»{¤£¤¹³\¤W¶Ç 

??°Î¦Wµn³°ªº¥Ø¿ý¦b­þ¨½ 
A /var/ftp 

??¬O¤£¬O¦bguestgroup¤¤«ü©úªº¥Î¤á¤~¬Oguest 
A ¬O 

??chroot¹B¥Î 
A 

???¤°?¦bµn³°«áls¤£·|¦C¥X¥Ø¿ýdir·|¡H 
A ¥Î¤áºÝª©¥»°ÝÃD 

$$Àô¹Ò¡G 
Redhat Linux 7.2 
Kernel 2.4.7-10 
wu-ftp-2.6.1-18 

$$©R¥O¡G 
rpm -qa |grep wu-ftp ¹î¬Ý¬O§_¦w¸Ë¤FWU-FTP 
rpm -ql wu-ftpd-2.6.1-18 ¹î¬Ý¦w¸Ë¤F­þ¨ÇWU-FTP¬ÛÃö¤å¥ó 
/usr/sbin/ckconfig ÀˬdFTP¦øªA¾¹ªº³]¸m¬O§_¥¿½T 
/usr/bin/ftpcount Åã¥Ü¥Ø«e¦b½u¤H¼Æ 
/usr/bin/ftpwho ¬d¬Ý¥Ø«eFTP¦øªA¾¹ªº³s±µ±¡ªp 
/usr/sbin/ftprestart ¥Î©ó­«?FTP¦øªA¾¹µ{¦¡ 
/usr/sbin/ftpshut ¥Î©ó¥Í¦¨Ãö³¬FTP¦øªA¾¹µ{¦¡ªº¤å¥ó 
/usr/sbin/in.ftpd FTP¦øªA¾¹µ{¦¡ 
/usr/sbin/in.wuftpd -->in.ftpd 
/usr/sbin/privatepw 
/usr/sbin/wu.ftpd -->in.ftpd 
/usr/sbin/xferstats xferlogs¤ÀªR¤u¨ã 

$ckconfig 
ÀˬdFTP¦øªA¾¹ªº³]¸m¬O§_¥¿½T 
[root@localhost /]# ckconfig 
Checking _PATH_FTPUSERS :: /etc/ftpusers 
ok. 

Checking _PATH_FTPSERVERS :: /etc/ftpservers 
I can't find it... look in doc/examples for an example. 

Checking _PATH_FTPACCESS :: /etc/ftpaccess 
ok. 

Checking _PATH_PIDNAMES :: /var/run/ftp.pids-%s 
ok. 

Checking _PATH_CVT :: /etc/ftpconversions 
ok. 

Checking _PATH_XFERLOG :: /var/log/xferlog 
ok. 

Checking _PATH_PRIVATE :: /etc/ftpgroups 
ok. 

Checking _PATH_FTPHOSTS :: /etc/ftphosts 
ok. 


$ftpcount 
§Ú­Ì¥i¥H¨Ï¥Îftpcount©R¥O¤Q¤À²M·¡¦a²Î­p¥X·í«e³s±µ¨ìFTP¦øªA¾¹¤Wªº¥Î¤á¼Æ¥Ø¡A¨Ã¥B¦P®É¦C¥X¤W­­¡C©R¥O¿é¥X¦p¤U©Ò¥Ü¡G 
[root@localhost /]# ftpcount 
Service class all - 1 users (no maximum) 
Service class local - 0 Users (20maximum) 
Service class remote - 5 Users (100maximum) 

$ftpwho 
§Ú­Ì¥i¥H¨Ï¥Îftpwho©R¥O¤Q¤À²M·¡¦a¦C¥X·í«e³s±µªº¥Î¤áªº¸Ô²Ó±¡ªp¡C 
[root@localhost /]# ftpwho 
Service class all: 
1874 ? SN 0:00 ftpd: 192.168.0.1: anonymous/: IDLE 
- 1 users (no maximum) 

$ftpshut 
§Ú­Ì¥i¥H¨Ï¥Îftpshut©R¥O¥Í¦¨¤@­Ó¦b/etc/ftpaccess¤¤³]¸mªºshut.msg¤å¥ó¡A¥Î©óÃö¾÷³]©w¡Cftpshut©R¥Oªº®æ¦¡?¡G 

$ftpshut <-l min> <-d min> time <»¡©ú> 

-l ³o­Ó°Ñ¼Æ³]©w¦bÃö³¬FTP¦øªA¾¹¥\¯à«e¦h¤Ö¤ÀÄÁ®É°±¤î¥Î¤áªº³s±µ¡F Àq»{10 
-d ³o­Ó°Ñ¼Æ³]©w¦bÃö³¬FTP¦øªA¾¹¥\¯à«e¦h¤Ö¤ÀÄÁ®É¤ÁÂ_¥Î¤á³s±µ¡F Àq»{5 
time «ü©wÃö³¬FTP¦øªA¾¹ªº®É¶¡¡C¨Ò¦p6¡G20¤À«h¼g?0620¡F 

¦øªA¾¹ºÝ 
[root@localhost /]# ftpshut 1005 
[root@localhost /]# less /etc/shutmsg 
2002 05 30 10 05 0010 0005 #2002¦~6¤ë30¸¹10ÂI05¤ÀÃö³¬¡A´£«e10¤ÀÄÁ©Úµ´³s±µ¡A´£«e5¤ÀÄÁ¤ÁÂ_³s±µ 

¤w¸gµn³°ªº¥Î¤á¡G 
ftp> ls 
200 PORT command successful. 
550-System shutdown at Sun Jun 30 10:05:00 2002 
ftp> ls 
200 PORT command successful. 
221 Server shutting down. Goodbye. 

¸Õ¹Ïµn³°ªº¥Î¤á¡G 
E:\>ftp 192.168.0.2 
Connected to 192.168.0.2. 
500 localhost.localdomain FTP server shut down -- please try again later. 
Connection closed by remote host. 

$ftprestart 
¥Î©ó­«?FTP¦øªA¾¹µ{¦¡ 
[root@localhost /]# ftprestart 
ftprestart: /var/ftp/etc/shutmsg does not exist. 
ftprestart: /etc/shutmsg does not exist. 

[root@localhost /]# ftprestart 
ftprestart: /var/ftp/etc/shutmsg removed. 
ftprestart: /etc/shutmsg removed. 

$in.ftpd 
in.ftpd ¨Ï¥Îªº°Ñ¼Æ¡A 
-d ·íFTP¦øªA¾¹¥X¿ù®É¡A±N¿ù»~¤J¨t²Îªºsyslog¤¤¡F 
-l ±N¨C¦¸FTP¥Î¤áºÝ¶i¦æ³s±µªº¤J¨t²Îªºsyslog¤¤¡F 
-t ³]¸mFTP¥Î¤áºÝ³s±µ´X¤ÀÄÁµL¾Þ§@´N¤ÁÂ_³s±µ¡F 
-a ¨Ïwu-ftp¨Ï¥Î/etc/ftpaccessªº³]©w¡F 
-A ¨Ïwu-ftp¤£¨Ï¥Î/etc/ftpaccessªº³]©w¡F 
-L ±NFTP¥Î¤áºÝ³s½u«á©Ò°õ¦æªºµ{¦¡°O¿ý¦b¨t²Îªºsyslog¤¤¡F 
-I ±NFTP¥Î¤áºÝ¤W¸ü¤å¥óªº¤é»x°O¿ý¦b/usr/adm.xferlog¤å¥ó¤¤¡F 
-o ±NFTP¥Î¤áºÝ¤U¸ü¤å¥óªº¤é»x°O¿ý¦b/usr/adm/xferlog¤å¥ó¤¤¡C 
³q¹L¹ï¥H¤W°Ñ¼Æªº²z¸Ñ¡A§Ú­Ì«Øij¡A¦b/etc/xinetd.d/wu-ftpd ¤¤¨Ï¥Î¦p¤U°t¸m 

# default: on 
# description: The wu-ftpd FTP server serves FTP connections. It uses \ 
# normal, unencrypted usernames and passwords for authentication. 
service ftp 
{ 
disable = no 
socket_type = stream 
wait = no 
user = root 
server = /usr/sbin/in.ftpd 
server_args = -l -a 
log_on_success += DURATION USERID 
log_on_failure += USERID 
nice = 10 
} 


$$°t¸m¤å¥ó¡G 
/etc/ftpaccess (¥D­n°t¸m¤å¥ó¡A±±¨î¦s¨ú³\¥iÅv) 
/etc/ftpconvertions (°t¸m¤å¥óÀ£ÁY/¸ÑÀ£ÁYÂà´«) 
/etc/ftpgroups (³]©wftp¦Û¤v©w¸qªº¸s²Õ) 
/etc/ftphosts (³]©w­Ó§Oªº¥Î¤á³\¥iÅv) 
/etc/ftpservers (³]©w¤£¦PIP/Domain Name¥H¹ïÀ³¨ì¤£¦PªºµêÀÀ¥D¾÷) 
/etc/ftpusers (³]©w­þ¨Ç±b¸¹¤£¯à¥Îftp³s½u) 
/etc/logrotate.d/ftpd 
/etc/pam.d/ftp ?? 
/etc/xinetd.d/wu-ftpd ?°Ê¸}¥» 
/var/ftp °Î¦Wµn³°ªº®Ú¥Ø¿ý 

!!¨t²Î¦w¸Ë¤Fwu-ftp«á¡A·|«Ø¥ß¤@­Ó¯S®íªº¥Î¤áftp¡A¨Ã¦b/var¥Ø¿ý¤U«Ø¥ß¤F¤@­Óftp¥Ø¿ý¡A·í¥Î¤á¥H°Î¦Wµn¿ý¤W¨Ó®É¡A±N·|¦Û°Ê©w¦ì©ó³o­Ó¥Ø¿ý¤U¡C¦b³o­Ó¥Ø¿ý¤U¤@¯ë·|«Ø¥ß´X­Ó¤l¥Ø¿ý¡C 
/bin ¦s©ñ¤@¨Ç¨ÑFTP¥Î¤á¨Ï¥Îªº¥i°õ¦æ¤å¥ó 
/etc ¦s©ñ¤@¨Ç¨ÑFTP¥Î¤á¨Ï¥Îªº°t¸m¤å¥ó 
/pub ¦s©ñ¨Ñ¤U¸üªº¸ê°T 
/incoming ¦s©ñ¨Ñ¤W¸ü¸ê°TªºªÅ¶¡ 

!!¤@¯ëªº¡A¹ï/etc/ftpaccessªº°t¸m¬Oª½±µ§@¥Î©ó³]¸m«áªº¤U¤@¦¸FTPªA°È¶iµ{¡C¦Ó¨ä¥Lªº«h­n¹ïxinetd¶iµ{­«·s?°Ê¡C 

$/etc/ftpaccess 

??autogroup 
®æ¦¡¡Gautogroup <groupname> <class> [<class> ...] 
¥\¯à¡G¦Û°Ê¹ïÀ³¸s²Õ¡A·í§A©w¸q¦nªº¨º¨Ç¦PÄÝ©ó¤@­Óclassªº¥Î¤á¡A¤@¥¹³s½u¤W¨Ó´N·|³Q¹ïÀ³¨ì¤@­Ó¬ÛÀ³ªº¸s²Õ¤U­±¡A³o¼Ë§A´N¥i¥H¥ÎUnixªº¤å¥ó³\¥iÅv¹ï¬Y¤@¸s¤H°µ­­¨î¡C 
¹ê¨Ò¡Gautogroup guest any 

class 
®æ¦¡¡Gclass <class> <typelist> <addrglob> [<addrglob> ...] 
¥\¯à¡G¥Ñclass©w¸qªº¸s²Õ¥Î¤á¤~¥i¥H³s½u¶i¨Ó¡A¥i¥H¨Ï¥Î¦h¼h¦¡ªºclass¨Ó³W½d­þ¨Ç¸s²Õªº¥Î¤á¯à°÷±q­þ¨Ç¦a¤è¤W¨Ó¡C 
³oùئ³¤T­Ó­«­nªººØÃþ¡Areal¡Banonymous©Mguest¡C 
real¦pªG¨S¦³¦C¦b©w¸q¤¤¡A¨º?³o¥x¾÷¾¹¤¤¥ô¦ó¯u¹êªº¤@¯ë¥Î¤á³£µLªk¥Î¦Û¤vªº±b¸¹³s¤W¨Ó¡C 
anonymous¦pªG¨S¦³¦b©w¸q¡A´Nªí¥Ü¤£Åý¨S¦³±b¸¹ªºªº¤H³s¤W¨Ó¡C 
¦pªG¦³©w¸qguest¡A¨º?guest¸s²Õªº¤H´N¥i¥H¤W¨Ó¡C 
¥t¥~<¥Î¤á¦a§}>¬O«üftp¤W¨Óªº¥Î¤á·|¥Î¨ìªºIP¦a§}¡A ¥i¦Û¦æ³]©w¡C 
¹ê¨Ò¡G class all real,guest,anonymous * 
©w¸q¤F¤@­Ó¦W?allªºclass¡A¥]§t¤TºØ¤H¡A©Ò¦³IPªº³s½u¥Î¤á(¤]´N¬O©Ò¦³¤H³£¥]¬A¤F)7 

class local real localhost loopback 
local³o­Óclass»¡¡A¥u¦³realªº¥Î¤á¥i¥H±q¥»¾÷¾÷¾¹³s¤W¨Ó 

class remote guest,anonymous * 
remote³o­Óclass¥]§t¤F±q¥ô¦ó¦a¤è¤W¨Óªºguest©Manonymous¥Î¤á¡A¦ý¬Oreal¥Î¤á¤£¥iµn³° 

class rmtuser real !*.example.com 
rmtuser³o­Óclass¥]§t¤F±q¥~­±¨Óªº(°£¤Fexample.com)¯u¹ê¥Î¤á 


!! ¦bFTP¦øªA¾¹¤Wªº¥Î¤á°ò¥»¤W¥i¥H¤À?¥H¤U¤TÃþ¡G 

real ¦b¸ÓFTP¦øªA¾¹¦³¦Xªk±b¸¹ªº¥Î¤á¡F 
Real FTP is when someone logs in with a real username and password and 
has access to the entire disk structure. This form of access can be 
extremely dangerous to system security and should be avoided unless 
absolutely necessary and well controlled. 

guest ¦³°O¿ýªº°Î¦W¥Î¤á¡F 
Guest FTP is a form of real FTP; one logs in with a real user name and 
password, but the user is chroot'ed to his home directory and cannot 
escape from it. This is much safer, and it is a useful way for remote 
clients to maintain their Web accounts. 

anonymous ³\¥iÅv³Ì§Cªº°Î¦W¥Î¤á 
Anonymous FTP is well known; one logs in with the username 'anonymous' 
and an email type password. 


deny 
®æ¦¡¡Gdeny <©Úµ´³s½uªº¦a§}> <¸ê°T¤å¥ó> 
¥\¯à¡G©Úµ´·½¦ì§}²Å¦Xªº³X°Ý¡A¦P®ÉÅã¥Ü¤å¥óªº¤º®e¡C¤]¥i¥H¬O¬Y¤@¤å¥ó¡A¸Ó¤å¥ó¥]§t¤F©Úµ´ªºip¦a§}Ãþªº©w¸q¡C 
¥i¥H¥Î !nameserverd¨Ó©Úµ´¨S¦³µù¥U¥\¯àÅܼƦWºÙªº¥Î¤áºÝ½Ð¨D¡C 
¹ê¨Ò¡G deny 210.62.146.*:255.255.255.254 /etc/reject.msg 

deny !nameserverd /var/ftp/etc/noname.msg 
©Úµ´¨S¦³µù¥U¥\¯àÅܼƦWºÙªº¥Î¤áºÝ½Ð¨D,¨Ã¥BÅã¥Ünoname.msgªº¤º®e¡C 

noname.msg¤º®e 
[root@localhost /var/ftp/etc]# cat noname.msg 
You are not allow! 

¥Î¤áºÝÅã¥Ü¡G 
E:\>ftp 192.168.0.2 
Connected to 192.168.0.2. 
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 
User (192.168.0.2:(none)): vip 
331 Password required for vip. 
Password: 
530-You are not allow! 
530 Login incorrect. 

!! ¸ê°T¤å¥ó¥Îªº¬O¥þ¸ô®| 

guestgroup --³]©w³X«È¸s 
guestuser --³]©w³X«È±b¸¹ 
realgroup --³]©w¯u¹ê¸s²Õ 
realuser --³]©w¯u¹ê±b¸¹ 
®æ¦¡¡G guestgroup <groupname> [<groupname> ...] 
guestuser <username> [<username> ...] 
realgroup <groupname> [<groupname> ...] 
realuser <username> [<username> ...] 
¥\¯à¡G guestgroup©Mguesyuser§â«D°Î¦W³s±µµø?°Î¦W³s±µ¨Ãchroot¡C 
realgroup©Mrealuser§â«D°Î¦W³s±µµø?¯u¹ê¥Î¤á³s±µ¡C 
¹ê¨Ò¡G guestuser * 
realgroup admin 
ªí¥Ü°£¤Fadmin²Õ¥H¥~ªº¥ô¦ó«D°Î¦W³s±µµø?guest¥Î¤á³s±µ¡Aadmin¤´Âµø?¯u¹ê¥Î¤á³s±µ¡C 

!! For guestgroup, if a REAL user is a member of any of <groupname>, the session is set up exactly as with anonymous FTP. In other words, a chroot() is done, and the user is no longer permitted to issue the USER and PASS commands. <groupname> is a valid group from /etc/group (or whatever mechanism your getgrent(3)library routine uses). 
The user's home directory must be properly set up, exactly as anonymous FTP would be. The home directory field of the passwd entry is divided into two directories. The first field is the root directory which will be the argument to the chroot(2) call.The second half is the user's home directory relative to the root directory. The two halves are separated by a "/./". 
For example, in /etc/passwd, the real entry: 
guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly 
When guest1 successfully logs in, the ftp server will chroot("/ftp") and then chdir("/incoming"). The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest1), just as an anonymous FTP user would. 

/etc/passwd¤å¥ó¡G 
vip:x:500:500::/home/vip/:/bin/bash ­×§ï?¡G 
vip:x:500:500::/home/vip/./:/bin/bash 

/etc/ftpaccess¤å¥ó¤¤²K¥[¡G 
#guestgroup 
guestgroup vip 

/home/vip¤å¥ó 
. 
.. 
thisisviproot 
vip 

¥Î¤áµn³°Åã¥Ü¡G 
E:\>ftp 192.168.0.2 
Connected to 192.168.0.2. 
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 
User (192.168.0.2:(none)): vip 
331 Password required for vip. 
Password: 
230 User vip logged in. Access restrictions apply. 
ftp> ls 
200 PORT command successful. 
150 Opening ASCII mode data connection for file list. 
thisisviproot 
vip 
226 Transfer complete. 
ftp: 20 bytes received in 0.01Seconds 2.00Kbytes/sec. 
ftp> pwd 
257 "/" is current directory. 

nice 
®æ¦¡¡Gnice <nice-delta> [<class>] 
¥\¯à¡G¦bLinux¤¤¡Aniceªº­È¬O-20(³ÌÀu¥ý)¨ì19(³Ì«á³B²z)¡A³oùاA¥i¥H«ü©w­tªº­È¨Ó´£°ª¬YclassªºÀu¥ý¶¶§Ç¡C 
¹ê¨Ò¡G 

!! This default nice value adjustment is used to adjust the nice value of the server process only for those users who do not belong to any class for which a class-specific `nice' directive exists in the ftpaccess file. 

defumask 
®æ¦¡¡Gdefumask <umask> [<class>] 
¥\¯à¡G³]©w¬Yclassªºumask 
¹ê¨Ò¡G 

!! umask¬O«Ø¥ß¤å¥ó®É¸Ó¤å¥óªºªº³\¥iÅv¾B¸n 

tcpwindow 
®æ¦¡¡Gtcpwindow <size> [<class>] 
¥\¯à¡G³]©wtcpwindowªº¤j¤p 
¹ê¨Ò¡G 

??keepalive 
®æ¦¡¡Gkeepalive <yes|no> 
¥\¯à¡G³]©w¬O§_¨Ï¥ÎTCP SO_KEEPALIVE¨Ó±±¨îÂ_½u±¡§Î 
¹ê¨Ò¡G 

timeout --³]©w³s½u¶W®É¡A¥Îªk¦p¤U¡G 
timeout accept 
timeout connect 
timeout data 
timeout idle 
timeout maxidle 
timeout RFC931 
®æ¦¡¡G timeout accept <seconds> 
timeout connect <seconds> 
timeout data <seconds> 
timeout idle <seconds> 
timeout maxidle <seconds> 
timeout RFC931 <seconds> 
¥\¯à¡G³]¸m¦UºØ¶W®É¡C 
accept³]¸mftpdªA°Èµ¥«Ý³Q°Ê¸ê®Æ³q¹D³s±µ½Ð¨Dªº¶W®É¡C¡]¯Ê¬Ù?120¬í¡^ 
connect³]¸mftpdªA°È¼Ð·Ç¸ê®Æ³q¹D³s±µ½Ð¨Dªº¶W®É¡C¡]¯Ê¬Ù?120¬í¡^ 
data³]¸mftpdªA°Èµ¥«Ý¥Î¤áºÝ¦b¸ê®Æ³q¹D¤W¦hªø®É¶¡¨S¦³°Ê§@?¶W®É¡C¡]¯Ê¬Ù?1200¬í¡^ 
idle ³]¸mftpdªA°Èµ¥«Ý¥Î¤áºÝ¥Î¤á¦b©R¥O³q¹D¤W¦hªø®É¶¡¨S¦³°Ê§@?¶W®É¡C¡]¯Ê¬Ù?900¬í¡^ 
maxidle ³]¸m¥Î¤á¥i¥H¦b¥Î¤áºÝ³]¸mªº§óªøªºªÅ¶¢®É¶¡ªº¤W­­¡C¡]¯Ê¬Ù?10¬í¡^ 
RFC931 ³]¸m¤@­ÓRFC931¨ó©w·|¸Üªº³Ìªø®É¶¡¡C?¹s«h¨ú®ø¹ï¸Ó¨ó©wªº¤ä´©¡C 

file-limit 
®æ¦¡¡Gfile-limit [<raw>] <in|out|total> <count> [<class>] 
¥\¯à¡G¹ï¬Y­Óclass­­¨î¦s¨ú¤å¥óªº¼Æ¥Ø¡A¥]§t¤Fin(¤W¶Ç)¡Bout(¤U¸ü)¡Atotal. raw¥Nªí¾ã­Ó¶Ç¿éªºµ²ªG¡A¤£¥ú¬O¸ê®ÆÀÉ®×. 
¹ê¨Ò¡Gfile-limit out 20 lvfour 
­­¨îlvfour³o­Óclassªº¥Î¤á³Ì¦h¥u¯à¤U¸ü20­Ó¤å¥ó 
data-limit --­­¨î¬Yclass¥u¯à¶Ç´X­Ó¦ì¤¸²Õ¡A¥Îªk¸òfile-limit¬Û¦ü 

limit-time 
®æ¦¡¡Glimit-time {*|anonymous|guest} <minutes> 
¥\¯à¡G­­¨î¤@­Ó³s½u¥u¯à«ùÄò¦h¤[,?¤FÁקK¦³¤H¬E¦b¯¸¤W¤£¤U¨Ó¡A¥i¥H¥Î³o­Ó¤èªk­­¨î¥Î¤áªº¤W½u®É¶¡ 
¹ê¨Ò¡Glimit-time guest 5 
Åýguest±b¸¹ªº¥Î¤á¥u¯à¥Î5¤ÀÄÁ 
!! Limit the total time a session can take. By default, there is no limit. 
Real users are never limited. 

¥Î¤áºÝÅã¥Ü¡G 
E:\>ftp 192.168.0.2 
Connected to 192.168.0.2. 
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 
User (192.168.0.2:(none)): vip 
331 Password required for vip. 
Password: 
230 User vip logged in. Access restrictions apply. 
ftp> ls 
421 Timeout (900 seconds): closing control connection. 
Connection closed by remote host. 

?? guestserver [<hostname>] 

Controls which hosts may be used for anonymous 
access. If used without <hostname>, denies all 
anonymous access to this site. More than one <host? 
name> may be specified. Anonymous access will only 
be allowed on the named machines. If access is 
denied, the user will be asked to use the first 
<hostname> listed. 

limit 
®æ¦¡¡Glimit [Ãþ§O] [¤H¼Æ] [®É¶¡] [ÀɮצW] (ÀɮצW¥Î¥þ¸ô®|) 
¥\¯à¡G³]©w¬Y­Óclass¦b¬Y¤@®É¶¡°Ï¬q¤º³Ì¦h¯à°÷´X¤H¦P®É¤W½u¡A«á­±¬O·í¶W¹L³s½u¼Æ¥Ø®É­nÅã¥Üªº¸ê°T¡C 
¹ê¨Ò¡G limit all 32 Any /home/ftp/etc/toomanyuser.msg 
­­¨î©Ò¦³³s½u¦b¥ô¦ó®É¶¡¥u¯à¦³32­Ó¥Î¤á¡A¶W¹L«h©Úµ´³s½u¨ÃÅã¥Ü¸ê°T 

limit levellone 5 Any2300-0600 /var/ftp/etc/toomanyuser.msg 
­­¨îlevellone³o­Óclassªº¥Î¤á¦b23:00¨ì6:00³o¬q®É¶¡¤º¥u¯à¦³5¤H³s½u 

/etc/ftpaccess¤º®e 
limit all 1 Any /etc/toomanyuser.msg 

/etc/toomanyuser.msg¤º®e 
toomanyuser !try again! 

¥Î¤áºÝÅã¥Ü¡G 
Connected to 192.168.0.2. 
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 
User (192.168.0.2:(none)): ftp 
331 Guest login ok, send your complete e-mail address as password. 
Password: 
530-toomanyuser !try again! 
530 Login incorrect. 
Login failed. 

host-limit <class> <n> <times> <message_file> 

Limit <class> to <n> simultaneous connections per 
host IP address at times <times>, displaying <mes 
sage_file> if the user is denied access. Limit check 
is performed at login time only. If multiple "host- 
limit" commands can apply to the current session, the 
first applicable one is used. Failing to define a 
valid limit, or a limit of -1, is equivalent to 
unlimited. <times> is in same format as the times in 
the UUCP L.sys file. 

/etc/ftpaccess¤º®e 
host-limit all 1 Any /etc/toomanyconnact.msg 

/etc/toomanyconnect.msg¤º®e 
toomanyconnect !try again! 

¥Î¤áºÝÅã¥Ü¡G 
Connected to 192.168.0.2. 
220 localhost.localdomain FTP server (Version wu-2.6.1-18) ready. 
User (192.168.0.2:(none)): vip 
331 Password required for vip. 
Password: 
530-toomanyconnect ! try again! 
530 Login incorrect. 
Login failed. 
ftp> 


noretrieve 
®æ¦¡¡Gnoretrieve [absolute|relative] ([class=<classname>]|[user=<username>]) ... [-] <filename> <filename>... 
!!absolute©Îrelative«ü¤å¥ó¬O¥Îµ´¹ï¸ô®|ÁÙ¬O¬Û¹ï¸ô®| 
¥\¯à¡G³]©w­þ¨Ç¤å¥ó¤£¥i¤U¸ü 
¹ê¨Ò¡G noretrieve /etc/passwd core 
¤£¤¹³\¤U¸ü/etc/passwd core 
noretrieve /etc /home/*/.htaccess 


allow-retrieve 
®æ¦¡¡Gallow[absolute/relative][class= ]¡K[-][<ÀɮצW>¡K] 
¥\¯à¡G³]©w­þ¨Ç¤å¥ó¦bnoretrieve«á¤´¥i¤U¸ü 

loginfails --³]¸mµn¤J¿ù»~¥i¹Á¸Õªº¦¸¼Æ 
®æ¦¡¡Gloginfails [¦¸¼Æ] 
¥\¯à¡G·í¥Î¤á³s½u®É¥i¯à¥´¿ùID©Î±K½X¡A³o­Ó³]©w¥i¥HÅý¥L¥´¿ù´X¦¸¥H«á´NÂ_½u¡AÁקK¦³¤H¥Î½aÁ|ªk²q´ú±K½X¡C 
¹ê¨Ò¡Gloginfails 3¡G ±K½X¿é¤J¿ù»~¤T¦¸´N¤ÁÂ_³s±µ¡C 

??private --³]©w½u¤W¬O§_¥i¥H°õ¦æSITE GROUP/SITE GPASS 
·í¶}©ñSITE GROUP»PSITE GPASS«ü¥O®É¡A¥i¥H¥Î³o¨â­Ó«ü¥O¤Á´«¨ì/etc/ftpgroupªº¸s²Õ¡C¤@¯ë¦Ó¨¥§Ú­Ì¤£·|¥Î¨ì³o­Ó¥\¯à¡A¥HÁקK¦w¥þº|¬}¡C 
®æ¦¡¡Gprivate [yes/no] 
¥\¯à¡G³]©w¬O§_¤ä´©¸s²Õ¹ï¤å¥óªº¨ú¥Î¡C 
¹ê¨Ò¡Gprivate yes¡G¤ä´©¸s²Õ¹ï¤å¥óªº¨ú¥Î¡C 
private [<yes|no>] 

After user logs in, the SITE GROUP and SITE GPASS 
commands may be used to specify an enhanced access 
group and associated password. If the group name and 
password are valid, the user becomes (via setegid()) 
a member of the group specified in the group access 
file /etc/ftpgroups. 

If no parameter is given, the default is "no" and 
SITE GROUP/GPASS will not be honored. 

The format of the group access file is: 
access_group_name:encrypted_password:real_group_name 
where access_group_name is an arbitrary (alphanumeric 
+ punctuation) string. encrypted_password is the 
password encrypted via crypt(3), exactly like in 
/etc/passwd. real_group_name is the name of a valid 
group listed in /etc/group. 

NOTE: For this option to work for anonymous FTP 
users, the ftp server must keep /etc/group perma 
nently open and the group access file is loaded into 
memory. This means that (1) the ftp server now has 
an additional file descriptor open, and (2) the nec 
essary passwords and access privileges granted to 
users via SITE GROUP will be static for the duration 
of an FTP session. If you have an urgent need to 
change the access groups and/or passwords *NOW*, you 
just kill all of the running FTP servers. 


greeting --Åã¥ÜServerªºª©¥»¸ê°T¡A¥Îªk¦p¤U¡G 
®æ¦¡¡G greeting full|brief|terse 
greeting text <message> 

¥\¯à¡G ·í¥Î¤áµn¤Jµe­±Åã¥Üªºserver¸ê°T¡A 
full¬O¹w³]­È¡A¥]§tª©¥»¸¹¥H¤Îhostname¡A 
brief¥u¦³hostname¡A 
terse¥u¦³¡§FTP server ready¡¨ªº¸ê°T¡C 
text <message> Åã¥Ü¦Û©w¸qªº¸ê°T 
¹ê¨Ò¡G greeting text Colormouse's FTP! 
greeting text terse 

signoff full|brief|terse 
signoff text <message> 

Allows you to control how much information is given out when the remote user 
logs out. 'signoff full' is the default and shows the transfer counts (if 
compiled into the daemon), and a thank-you message showing the host name. 
'signoff brief' whose shows only the thank-you message. 'signoff terse' 
simply says "Goodbye." Although full is the default, terse is recommended. 

The 'text' form allows you to specify any signoff message you desire. <mes 
sage> can be any string; whitespace (spaces and tabs) is converted to a sing 
le space. 

stat full|brief|terse 
stat text|brieftext <message> 

Allows you to control how much information is given out when the remote user 
requests the server's status (the STAT command). 'stat full' is the default 
and shows the hostname and daemon version along with transfer counts (if 
compiled in) and quota information (also, if compiled in). quota informa 
tion. 'stat terse' shows only the connection status with no hostname. 
Although full is the default, brief is recommended. 

The 'text' and 'brieftext' forms allows you to specify any text you desire 
to appear where the version information would be displayed. <message> can 
be any string; whitespace (spaces and tabs) is converted to a single space. 



barnner --³]©w¥¼¶i¤JLoginµe­±¤§«e¥Î¤á¬Ý¨ìªº¸ê°T¡A¥Îªk¦p¤U¡G 
®æ¦¡¡Gbanner <¤å¥ó¸ô®|> 
¥\¯à¡G³oùØ?­z¤F¦b¥Î¤áµn¤J®É¡A¦bÁÙ¨S¥´ID/Password¤§«e­n¥X²{ªº¸ê°T¡C 
¤å¥ó¸ô®|«üªº¬O¬Û¹ï©ó¯u¹êªº¸ô®|¡A¦Ó¤£¬O¬Û¹ï©óftpªº®Ú¥Ø¿ý¡C 


hostname <some.host.name> 

Defines the default host name of the ftp server. This string will be 
printed on the greeting message and every time the %L magic cookie is used. 
The host name for virtual servers overrides this value. If not specified, 
the default host name for the local machine is used. 

email <name> 

Defines the email address of the ftp archive maintainer. This string will 
be printed every time the %E magic cookie is used. 

message 
®æ¦¡¡Gmessage <path> {<when> {<class> ...}} 
³oùتº¤å¥óªº¸ô®|¬O¬Û¹ï©óftpªº®Ú¥Ø¿ýªº¡A¡§¦ó®É¡¨¬O«ü·í§A°µ¤F¤°?°Ê§@¤§«áªº¤ÏÀ³¡A¦³´X­Ó¿ï¾Ü¡G 
login(µn¤J®É) 
cwd=<¥Ø¿ý>(¶i¤J¬Y¥Ø¿ý®É) 
class ¦WºÙ¬O«e­±¤w¸g©w¸q¹Lªº¡A¤¹³\§Aªº¸ê°T¥u¹ï­þ¨Ç¤Hµo¥X¡C 
¦Ó¸ê°T¤å¥óªº¤º®e°£¤F¤å¦r¥H¥~¡AÁÙ¥i¥H¨Ï¥Î¥H¤U¤@¨Ç¨Æ¥ý©w¸q¦nªº¥N¸¹¡G 
%T(¥»¾÷®É¶¡) 
%F(¥Ø«e¤À°Ï©Ò³Ñ¾lªºªÅ¶¡) 
%C(¥Ø«e©Ò¦bªº¥Ø¿ý) 
%E(ºÞ²zªÌªºE-mail) 
%R(¥Î¤áºÝ¥D¾÷¦WºÙ) 
%L(¥»¾÷¥D¾÷¦WºÙ) 
%U(¥Î¤á¦WºÙ) 
%M(»P§Ú¬Û¦Pclass¥Î¤á¤¹³\¦h¤Ö¤H³s½u) 
%N(»P§Ú¬Û¦Pclass¥Î¤á¥Ø«e¦³¦h¤Ö¤H³s½u) 
%B(µ´¹ïºÏ¤ù­­¨î¤j¤p¡A¥Ø«e¤À°Ï(³æ¦ìblocks)) 
%b(preferredºÏ¤ù­­¨î¤j¤p¡A¥Ø«e¤À°Ï(³æ¦ìblocks)) 
%Q(¥Ø«e¤w¨Ï¥Îªºblocks) 
%I(³Ì¤j¥i¨Ï¥Îªºinodes(+1)) 
%i(Preferred inodes­­¨î) 
%q(¥Ø«e¨Ï¥Îªºindoes) 
%H(¶W¶q¨Ï¥ÎºÏºÐªÅ¶¡ªº®É¶¡­­¨î) 
%h(¶W¶q¨Ï¥Î¤å¥ó¼Æ¥Øªº®É¶¡­­¨î) 
ratios: 
%xu Uploaded bytes 
%xd Downloaded bytes 
%xR Upload/Download ratio (1:n) 
%xc Credit bytes 
%xT Time limit (minutes) 
%xE Elapsed time since login (minutes) 
%xL Time left 
%xU Upload limit 
%xD Download limit 

¥\¯à¡G³]©w¸ê°T¤å¥ó 
¹ê¨Ò¡Gmessage /etc/ftpd/welcome.msg login¡G·í¥Î¤á°õ¦ælogin©R¥O®É¡A¤]´N¬Oµn¿ý¨ìFTP¦øªA¾¹¤Wªº®É­Ô¡A¨t²Î±NÅã¥Ü¤å¥ó/etc/ftpd/welcome.msgªº¤º®e¡C 

!! The message will only be displayed once to avoid annoying the user. Remem 
ber that when MESSAGEs are triggered by an anonymous FTP user, the <path> 
must be relative to the base of the anonymous FTP directory tree. 


??readme --³qª¾¥Î¤á­þ¨ÇREADME¤å¥ó¤w¸g§ó·s 
readme README* login 
readme README* cwd=* 

log commands --°O¿ý¥Î¤á©Ò¨Ï¥Î¹Lªº©R¥O¡A¥Îªk¦p¤U¡G 
®æ¦¡¡Glog commands<¥Î¤áºØÃþ> 
¥\¯à¡G³]¸m­þ¨Ç¥Î¤áµn¿ý«áªº¾Þ§@°O¿ý¦b¤å¥ó/usr/adm/xferlog¤¤¡C 
¹ê¨Ò¡Glog commands real ¡G·íreal¥Î¤áµn¿ý«á¡A±N¥Lªº¾Þ§@°O¿ý¤U¨Ó¡C 

log transfers --°O¿ý¥Î¤á©Ò¶Ç¿éªº¤å¥ó¡A¥Îªk¦p¤U¡G 
®æ¦¡¡G log transfers<¥Î¤áºØÃþ><¶Ç¿é¤è¦V> 
¥\¯à¡G ³]©w¦³­þ¨ÇÃþ«¬ªº¥Î¤á¶Ç¿é¤å¥ó»Ý­n°O¿ý¡A¥]§t¤Finbound(¥Î¤á¤W¶Ç)©Moutbound(¥Î¤á¤U¸ü)¡A¨Ò¦p¡G 
¹ê¨Ò¡G log transfers anonymous,real inbound,outbound ¡G¹ï©ó°Î¦W¥Î¤á­n§ó¥[ªºÃöª`¥¦­Ìªº¤å¥ó¾Þ§@¡A©Ò ¥HµL½×¤W¸ü¡B¤U¸ü³£¶i¦æ°O¿ý¡C 
log transfer real inbound¡G¹ï©ó¦Xªk¥Î¤á«h¥u°O¿ý¥Lªº¤W¸ü°O¿ý¡C 

log security --°O¿ý¦w¥þ©Ê¡A¥Îªk¦p¤U¡G 
log security<¥Î¤áºØÃþ> 
¯S§O¥Î©ó°O¿ý¬YÃþ¥Î¤áÃö©ónoretrive¡Bnotarµ¥¦³Ãö¦w¥þ©Êªº°O¿ý 

log syslog 
log syslog+xferlog 
Redirects the logging messages for incoming and outgoing transfers to sys 
log. Without this option the messages are written to xferlog. 
syslog+xferlog sends the transfer log messages to both the system log and 
the xferlog. 

??Upload/Download ratios 
In order for any of these commands to work, you must compile WU-FTPD with 
--enable-ratios. 

ul-dl-rate <rate> [<class> ...] 

Specify Upload/Download ratio (1:rate). When ftp user uploaded 1 bytes, 
(s)he can take <rate> bytes. By default, there is no ratio. 

dl-free <filename> [<class> ...] 

The file <filename> can be downloaded freely (=ignoring the ratio) 

dl-free-dir <dirname> [<class> ...] 

All files in the directory <dirname> and its subdirectories can be down 
loaded freely (=ignoring the ratio) Note that both dl-free and dl-free-dir 
are relative to the system's root, not the chroot environment. 


alias --³]©w¥Ø¿ý§O¦W¡A¥Îªk¦p¤U¡G 
®æ¦¡¡Galias [¥Ø¿ý§O¦W] [¥Ø¿ý¦W] 
¥\¯à¡Gµ¹«ü©w¥Ø¿ý³]¸m¤@­Ó§O¦W¡A¦b¤Á´«¥Ø¿ý®É´N¥i¥H¨Ï¥Î¸ûµuªº¥Ø¿ý§O¦W¡C 
¹ê¨Ò¡Galias inc¡G /incoming¡G?¤l¥Ø¿ýincoming³]¸m¤@­Ó§O¦Winc¡G¡C 

cdpath 
¥\¯à¡G ³]©wcd§ó´«¥Ø¿ý·j¯Á¶¶§Ç 
¹ê¨Ò¡G cdpath /pub/packages 
cdpath /.aliases 

compress,tar --³]©w¬O§_¦Û°ÊÀ£ÁY¡A¥Îªk¦p¤U¡G 
®æ¦¡: compress <yes|no> [<classglob> ...] 
tar <yes|no> [<classglob> ...] 
¥\¯à¡G ©w¸q­þ¨Ç¤H¥i¥H°õ¦æÀ£ÁY¥H¤Îtar 
¹ê¨Ò¡G compress yes local remote¡G¤¹³\local©Mremote¨â­ÓÃþ§Oªº¥Î¤á³£¯à¨Ï¥Î compress(À£ÁY)¥\¯à¡C 
tar yes local remote¡G¤¹³\local©Mremote¨âÃþªº¥Î¤á³£¯à¨Ï¥Îtar¥\¯à¡C 

shutdown --³qª¾¥Î¤á­nÃö¯¸¤F 
®æ¦¡¡Gshutdown <¸ê°T¤å¥ó> 
¥\¯à¡G¦pªG¸ê°T¤å¥ó¦s¦bªº¸Ü¡A·í³o­Ó¤å¥ó«ü©wªº¬Y®É¶¡¥H«á¡A´N·|©Úµ´³s½u¨Ã¤ÁÂ_¤w¦³ªº³s½u¡Aµ¥®É¶¡¤@¨ì´NÃö¾÷¡C³o­Ó¸ê°T¤å¥óªº®æ¦¡¦p¤U¡G 
<¦~><¤ë><¤é><®É><¤À><©Úµ´­Ë¼Æ><Â_½u­Ë¼Æ><¤å¦r> (¤ë¥÷?0~11) 
¹ê¨Ò¡Gshutdown /etc/ftpd/shut.msg 

daemonaddress <address> 

If the value is not set, then the server will listen for connections on 
every IP addresses, otherwise it will only listen on the IP address speci 
fied. 
Use of this clause is discouraged. It was added to support a single site's 
needs. It will completely break virtual hosting and the syntax is likely to 
change in a future version of the daemon. 

logfile <path> 

Specifies the transfer log file (xferlog) for the default server. Virtual 
hosts can override this with the virtual logfile option. If omitted, a 
default log file is used. 


virtual --³]©wµêÀÀFTP¯¸»O 
®æ¦¡¡Gvirtual <address> <root|banner|logfile> <path> 
virtual <address> <hostname|email> <string> 
virtual <address> allow <username> [<username> ...] 
virtual <address> deny <username> [<username> ...] 
¥\¯à¡Gwu-ftpd´£¨Ñ¤FµêÀÀ¥D¾÷ªº¥\¯à¡A¤]´N¬O»¡¡A¦b¦P¤@¥x¾÷¾¹¤W´£¨Ñ¤F¤£¦PFTP¯¸»O¡A¥H¥D¾÷¦WºÙ©ÎIP¨Ó°Ï¤À¡F·íµM§A­n¥Î¦WºÙªº¸Ü¡AÁٻݭn¸òDNS°t¦X¤~¦æ¡Cvirtual¦³«Ü¦h­Ó³]©w¡G 
address¡]¥i¥H¬O¥D¾÷¦W©ÎIP¦ì§}¡^ 
root«üªº¬Oftpªº®Ú¥Ø¿ý¡A 
banner¬OÅwªï¸ê°T¡A 
logfile«üªº¬O³o­ÓµêÀÀ¯¸»Oªºlog¤å¥ó 
¥Î¤á¥i¥H¬d¨ìhostname©MºÞ²zªÌemail¡A 
¹ê¨Ò¡G virtual virtual.com.bj root /home/ftp2 
virtual virtual.com.bj banner /etc/vftpbanner.2 
virtual virtual.com.bj logfile /etc/viftplog.2 
¥Î¤á¥i¥H¬d¨ìhostname©MºÞ²zªÌemail 
virtual 210.62.146.50 hostname virtual.site.com.bj 
virtual vritual.site.com.bj email ftpown@virtual.site.com.bj 
³]©w¬O§_¤¹³\³s½u 
virtual virtual.site.com.bj allow * 
virtual virtual.site.com.bj deny badman 

virtual <address> private 

Normally, anonymous users are allowed to log in on the virtual server. This 
option denies them access. 

virtual <address> passwd <file> 

Use a different passwd file for the virtual domain. The daemon needs to be 
compiled with --enable-passwd (or OTHER_PASSWD) for this option to work. 

virtual <address> shadow <file> 

Use a different shadow file for this virtual domain. The daemon needs to be 
compiled with --enable-passwd (or OTHER_PASSWD) for this option to work. 

defaultserver deny <¥Î¤á>[<¥Î¤á>¡K¡K] 
defaultserver allow <¥Î¤á>[<¥Î¤á>¡K¡K] 
¥\¯à¡G·í§Ú­Ì¨Ï¥Î¤FµêÀÀ¥D¾÷¡A­ì¥ýªºdeny¡Aallow³]©w¤£ª¾¹D­n³]­þ­Óserver¡A©Ò¥H·|µL®Ä¡A¥Îdefaultserver¥Nªí­ì¨Óªº¥D¾÷ 
¹ê¨Ò¡G defaultserver private ¥D¯¸»O©Úµ´anonymous¥Î¤á 
defaultserver deny * ¥D¯¸»O©Úµ´©Ò¦³³s±µ 

??passive address <externalip> <cidr> 
Allows control of the address reported in response to a PASV command. When 
any control connection matching the <cidr> requests a passive data connec 
tion (PASV), the <externalip> address is reported. NOTE: this does not 
change the address the daemone actually listens on, only the address 
reported to the client. This feature allows the daemon to operate correctly 
behind IP-renumbering firewalls. 
For example: 
passive address 10.0.1.15 10.0.0.0/8 
passive address 192.168.1.5 0.0.0.0/0 
Clients connecting from the class-A network 10 will be told the passive con 
nection is listening on IP-address 10.0.1.15 while all others will be told 
the connection is listening on 192.168.1.5 
Multiple passive addresses may be specified to handle complex, or multi- 
gatewayed, networks. 

??passive ports <cidr> <min> <max> 
Allows control of the TCP port numbers which may be used for a passive data 
connection. If the control connection matches the <cidr> a port in the 
range <min> to <max> will be randomly selected for the daemon to listen on. 
This feature allows firewalls to limit the ports which remote clients may 
use to connect into the protected network. 
<cidr> is shorthand for an IP address in dotted-quad notation followed by a 
slash and the number of left-most bits which represent the network address 
(as opposed to the machine address). For example, if you're using the 
reserved class-A network 10, instead of a netmask of 255.0.0.0 use a CIDR of 
/8 as in 10.0.0.0/8 to represent your network. 

??pasv-allow <class> [<addrglob> ...] 
??port-allow <class> [<addrglob> ...] 
Normally, the daemon does not allow a PORT command to specify an address 
different than that of the control connection. And it does not allow a PASV 
connection from another address. 
The port-allow clause provides a list of addresses which the specified class 
of user may give on a PORT command. These addresses will be allowed even if 
they do not match the IP-address of the client-side of the control connec 
tion. 
The pasv-allow clause provides a list of addresses which the specified class 
of user may make data connections from. These addresses will be allowed 
even if they do not match the IP-address of the client-side of the control 
connection. 


mailserver --«ü©wUpload³qª¾ªºmail¦øªA¾¹ 

incmail --«ü©wanonymous uploadªºemail³qª¾¦a§} 
virtual incmail --«ü©wµêÀÀ¥D¾÷anonymous uploadªºemail³qª¾¦ì§} 
defaultserver incmail --«ü©w¹w³]¥D¾÷anonymous uploadªºemail³qª¾¦a§} 

mailfrom --³qª¾ªº±H«H¤Hupload 
virtual mailfrom --µêÀÀ¥D¾÷upload³qª¾ªº±H«H¤H 
defaultserver mailfrom --¹w³]¥D¾÷upload³qª¾ªº±H«H¤H 

chmod --³]©w¬O§_¥i¥H§ïÅܤå¥ó³\¥iÅv 
delete --³]©w¬O§_¥i¥H§R°£¤å¥ó 
overwrite --Âл\¤å¥ó\ 
rename --­«©R¦W¤å¥ó 
®æ¦¡¡G delete [yes/no] [real/anonymous/guest] 
overwrite [yes/no] [real/anonymous/guest] 
rename [yes/no] [real/anonymous/guest] 
chmod [yes/no] [real/anonymous/guest] 
¹ê¨Ò¡G delete no anonymous,guest; 

umask --¤¹³\³]©wumask 
®æ¦¡¡Gumask [yes/no] [real/anonymous/guest] 
¥\¯à¡G³]¸m¬O§_¤¹³\«ü©w¥Î¤á¨Ï¥Îumask©R¥O¡CÀq»{¬O¤¹³\¡C 
¹ê¨Ò¡Gumask no anonymous¡G?¤F§ó¦n¦aºÞ²zFTP¦øªA¾¹¡A¤@¯ë±¡ªp¤U¡A§Ú­Ì¤£¤¹³\°Î¦W¥Î¤á°õ¦æumask©R¥O¡C 

passwd-check --³]©wanonymous FTPªº±K½XÀˬdµ{«×¡A¥Îªk¦p¤U¡G 
®æ¦¡¡Gpasswd-check [none/trivial/rfc822] [enforce/warn] 
¥\¯à¡G³]©w¹ï°Î¦W¥Î¤áanonymousªº±K½X¨Ï¥Î¤è¦¡¡C 
none ªí¥Ü¤£°µ±K½XÅçÃÒ¡A¥ô¦ó±K½X³£¥i¥Hµn¿ý¡F 
trival ªí¥Ü¥u­n¿é¤Jªº±K½X¤¤§t¦³¦r¤¸¡§@¡¨´N¥i¥Hµn¿ý¡F 
rfc822 ªí¥Ü±K½X¤@©w­n²Å¦XRFC822¤¤©Ò³W©wªºE-Mail®æ¦¡¤~¯àµn¿ý¡F 
enfore ªí¥Ü¿é¤Jªº±K½X¤£²Å¦X¥H¤W«ü©wªº®æ¦¡´N¤£Åýµn¿ý¡F 
warn ªí¥Ü±K½X¤£²Å¦X³W©w®É¥u¥X²{ĵ§i¸ê°T¡A¤´µM¯à°÷µn¿ý¡C 
¹ê¨Ò¡Gpasswd-check rfc822 warn¡G§Æ±æ¯à°÷±o¨ì²Å¦X³W©wªºE-Mail§@?±K½X¡A¦ý¦pªG¤£¬O¡A¤]¤¹³\µn¿ý¡C 

deny=email --©Úµ´¯S©wªºemail·í±K½X 

path-filer --Äá©w­þ¨ÇÀɮצW¤£¥i¨Ï¥Î 
®æ¦¡¡Gpath-filter <typelist> <mesg> <allowed_charset> {<disallowed regexp> ...} 
¹ê¨Ò¡G path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^- 
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^- 
For example: 
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^- 
specifies that all upload filenames for anonymous users must be made of only 
the characters A-Z, a-z, 0-9, and "._-" and may not begin with a "." or a 
"-". If the filename is invalid, /etc/pathmsg will be displayed to the 
user. 

upload --³]©wupload³\¥iÅv 
upload [absolute|relative] ([class=<classname>]|[user=<username>])... [-] <root- 
dir> <dirglob> <yes|no> <owner> <group> <mode> ["dirs"|"nodirs"] [<d_mode>] 
[<dirowner> <dirgroup>] 

¥Î¨Ó¹ï§Ú­Ì­n³]©wªº¥Ø¿ý°µ³\¥iÅv³]©w¡G 
absoulte/relative¨Ï¥Îµ´¹ï¸ô®|©Î¬O¬Û¹ï¸ô®| 
class=«ü©w¬Y­Óclass 
root-dir«üªº¬O¹ï­þ¨Çroot-dirªº¤H¡A¤]´N¬Ochroot«áªºµn¤J¥Ø¿ý¡AÀ³¥Î³o­Ó³W«h³]©wªº¥Ø¿ý«üªº´N¬O§Ú­Ì­n­­¨îªº¥Ø¿ý 
yes/no«ü±o¬O¯à§_¦b¦¹¥Ø¿ý¤U¶}·s¤å¥ó 
owner,group«ü¥X¬O¶}¥X¨Óªº¤å¥ó¾Ö¦³ªÌ¤Î¸s²Õ 
Mode«üªº¬O¤å¥ó³\¥iÅv 
dirs/nodirs«üªº¬O¯à§_¶}·s¥Ø¿ý 
d_mode³]©w«Ø¥ß·s¥Ø¿ý®É¥Ø¿ýªº³\¥iÅv¡A¦pªG¤£³]©w·|®Ú¾Úmode¨Ó³]©w 

®æ¦¡¡G upload [®Ú¥Ø¿ý] [¤W¸ü¥Ø¿ý] [yes/no] [¥Î¤á] [³\¥iÅv] [dirs/nodirs] 
¥\¯à¡G ¹ï¥i¥H¤W¸üªº¥Ø¿ý¶i¦æ§ó¥[¸Ô²Óªº³]¸m¡C 
¹ê¨Ò¡G upload /home/ftpd * no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd¤U¤£¤¹³\¤W¸ü¡F 
upload /home/ftpd /bin no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd/bin¤U¤£¤¹³\¤W¸ü¡F 
upload /home/ftpd /etc no¡Gªí¥Ü¦b¤l¥Ø¿ý/home/ftpd/etc¤U¤£¤¹³\¤W¸ü¡F 
upload /home/ftpd /pub yes real 0644 dirs¡G¤¹³\¥Î¦øªA¾¹¤Wªº¦Xªk¥Î¤á¦b¤l¥Ø¿ý/home/ftpd/pub ¥Ø¿ý¤U¯à¤W¸ü³\¥iÅv?0644(¤]´N¬O-rw-r--r--)ªº¤å¥ó¡A¦Ó¥B¦b³o­Ó¥Ø¿ý¤U¥i¥H·s«Ø¤l¥Ø¿ý¡C 
upload /home/ftpd /incoming yes real guest anonymous 0644 dirs¡G¤¹³\©Ò¦³ªº¥Î¤á¦b¤l¥Ø¿ý /home/ftpd/incoming¤U¯à¤W¸ü³\¥iÅv?0644ªº¤å¥ó¡A¦Ó¥B¦b³o­Ó¥Ø¿ý¤U¥i¥H·s«Ø¤l¥Ø¿ý¡C 

thoughput --±±¨î¤U¸ü³t«× 
®æ¦¡¡Gthoughput <¤l¥Ø¿ý¦Cªí><¤å¥ó> <»·ºÝ¦a§}¦Cªí> 
¥\¯à¡G¹ï»·ºÝªº¦ì§}¡A±±¨î¥L§ì¬Y­Ó¤l¥Ø¿ý¤Uªº¬Y¨Ç¤å¥ó®Éªº³t«×¡A¨Ò¦p¡G 
¹ê¨Ò¡G thoughput /e/ftp * * oo - * 
thoughput /e/ftp /sw* * 1024 0.5 * 
thoughput /e/ftp sw* readme oo - * 
thoughput /e/ftp sw* * oo - *.foo.com 
¥H¤Wªº³]©w§A¬O§_¯à°÷¬Ý¥X¨Ó©O¡H¡§oo¡¨ªí¥Ü¤£­­¨îbytes/sec¡A¡§-¡¨©Î¬O¡§1.0¡¨³£¬O¥Nªí¤@­¿¡C 
²Ä¤@¦æªº·N«ä¬O»¡¡A¦b/e/ftp¤U­±ªº¤å¥ó¤£­­¨î¤U¸ü³t«×¡F 
²Ä¤G¦æ»¡¡A¦b/sw*¤U­±ªº¥ô¦ó¤å¥ó­­³t?1024bytes/sec* 0.5=512bytes/sec¡F 
²Ä¤T¦æ¤S§âreadme¤å¥óªº­­³t¨ú®ø¡F 
³Ì«á¤@¦æ«h¹ï*.foo.com¶}©ñ¥þ³t¡C 

anonymous-root --¹ï¬Yclass³]©w°Î¦W¥Î¤áªº®Ú¥Ø¿ý 
®æ¦¡¡Ganonymous-root <root-dir> [<class>] 
¹ê¨Ò <root-dir> specifies the chroot() path for anonymous users. If no anony 
mous-root is matched, the old method of parsing the home directory for the 
'ftp' user is used. If no <class> is specified, this is the root directory 
for anonymous users who do not any other anonymous-root specification. Mul 
tiple classes may be given on the line. If an anonymous-root is chosen for 
the user, the 'ftp' user's home directory in the <root-dir>/etc/passwd file 
is used to determine the initial directory and the 'ftp' user's home direc 
tory in the system-wide /etc/passwd is not used. 

For example: 
anonymous-root /home/ftp 
anonymous-root /home/localftp localnet 
causes all anonymous users to be chroot()'d to the directory /home/ftp then, 
if the 'ftp' user exists in /home/ftp/etc/passwd, their initial CWD is that 
home directory. Anonymous users in the class localnet, however, are 
chroot()'d to the directory /home/localftp and their initial CWD is taken 
from the 'ftp' user's home directory in /home/localftp/etc/passwd. 


guest-root --¹w³]¤@­Óguest¥Î¤á®Ú¥Ø¿ý 
guest-root <root-dir> [<uid-range>] 
For example: 
guest-root /home/users 
guest-root /home/staff %100-999 sally 
guest-root /home/users/frank/ftp frank 
causes all guest users to chroot() to /home/users then starts each user in 
their home directory specified in /home/users/etc/passwd. Users in the 
range 100 through 999, inclusive, and user sally, will be chroot()'d to 
/home/staff and the CWD will be taken from their entries in 
/home/staff/etc/passwd. The single user frank will be chroot()'d to 
/home/users/owner/ftp and the CWD will be from his entry in 
/home/users/owner/ftp/etc/passwd. 

Note that order is important for both anonymous-root and guest-root. If a 
user would match multiple clauses, only the first applies; with the excep 
tion of the clause which has no <class> or <uid-range>, which applies only 
if no other clause matches. 

deny-uid¡Adeny-gid --©Úµ´¬Y¬qUID(GID)½d³ò 
allow-uid¡Aallow-gid --¤¹³\¬Y¬qUID(GID)½d³ò 

For example: 
deny-gid %-99 %65535 
deny-uid %-99 %65535 

restricted-uid¡Arestricted-gid --­­¨î¥Î¤á¤£¯àÂ÷¶}¥Lªºµn¿ý¥Ø¿ý 
unrestricted-uid¡Aunrestricted-gid --¥Î¤á¥i¥HÂ÷¶}¥Lªºµn¿ý¥Ø¿ý 

An example of the use of these clauses shows their intended use. Assume 
user 'dick' has a home directory /home/dick and 'jane' /home/jane: 
guest-root /home dick jane 
restricted-uid dick jane 
While both dick and jane are chroot'd to /home, they cannot access each 
other's files because they are restricted to their home directories. 

Whereever possible, in situations such as this example, try not to rely 
solely upon the ftp restrictions. As with all other ftp access rules, try 
to use directory and file permissions to backstop the operation of the 
ftpaccess configuration. 

dns refuse_mismatch --³]©wDNS¬d¨ì¦WºÙ»P¥Î¤á³]©w¤£²Åªº°Ê§@ 
dns refuse_mismatch<¸ê°T¤å¥ó>[override] 
·í¥Î¤á¨Ï¥Î¥¼µù¥UIP®É¡A©Úµ´¥Lªº³s½u¡Aoverride«h¬O¤£²z·|¿ù»~¦ÓÅý¥L³s½u¡A¸ê°T¤å¥ó«h¬O§Ú­Ì­nµ¹¥Î¤á¬Ýªº¡C 

dns refuse_no_reverse--³]©wµL¤Ï¬d°O¿ý©Úµ´³s½u 
dns refuse_no_reverse<¸ê°T¤å¥ó>[override] 
·í¥Î¤áªºIP¤Ï¬dµL°O¿ý®É¡A©Úµ´¥Lªº³s½u 

dns resolveoptions--³]©wDNS¸ÑªR¿ï¶µ 
dns resolveoptions[options] 
³oùØ¥i¥H³]©wDNS¸ÑªR¿ï¶µ 

site-exec-max-lines <number> [<class> ...] 

The SITE EXEC feature traditionally limits the number of lines of output 
which may be sent to the remote client. This clause allows you to set this 
limit. If omitted, the limit is 20 lines. A limit of 0 (zero) implies no 
limit; be very careful if you choose to remove the limit. If a clause is 
found matching the remote user's class, that limit is used. Otherwise, the 
clause with class '*', or no class given, is used. For example: 
site-exec-max-lines 200 remote 
site-exec-max-lines 0 local 
site-exec-max-lines 25 
limits output from SITE EXEC (and therefore SITE INDEX) to 200 lines for 
sets a limit of 25 lines for all other users. 


$/etc/ftphosts 
ftphosts¤å¥ó¨ä¹ê¸òftpaccessùØ­±ªºaccess¡Adeny«Ü¹³¡A¥¦¬O¯S§O¥Î¨Ó³]©w¬Y¨ÇIDªº³s½u¡A¥¦¨S¦³class©w¸q¡A©Ò¥H¥²¶·¬O¯u¹ê¥Î¤á¡C 
allow|deny<¥Î¤á><¦a§}>[<¦a§}>¡K¡K] 
¥H¤U¬O¤@¨Ç¨Ò¤l¡G 
allow rose 140.0.0.0/8 
deny jack 140.123.0.0:255.255.0.0 
¤¹³\\ ose±q140.*.*.*¶i¨Ó¡A©Úµ´jack±q140.123.*.*¤W¨Ó 

??$/etc/ftpservers 
³o­Ó¤å¥ó±±¨î¤F·í§A¦³¤£¦PªºIP/hostnameªº®É­Ô¡A¶i¨Óªº³s½u¨Ï¥Î­þ¤@­Ó°t¸m¤å¥ó¡C¨Ò¦p¡G 
10.196.145.10 /etc/ftpd/ftpaccess.somedomain/ 
10.196.145.200 /etc/ftpd/ftpaccess.someotherdomain/ 
some.domain internal 
10.196.145.20 /etc/ftpd/config/faqs.org/ 
ftp.some.domain /etc/ftpd/config/faqs.org/ 

$/etc/ftpusers 
¦b³o­Ó¤å¥óùØ°O¿ýªº¥Î¤á¸T¤î¨Ï¥ÎFTP 

$/etc/ftpgroups 
µ¹SITE GROUP«ü¥O¨Ï¥Î¡A½u¤W¤Á´«group¡CSITE EXEC®e©ö³y¦¨¦w¥þº|¬}¡A¤@¯ë§Ú­Ì³£¤£¶}©ñ¡C 
½d¨Ò¡G 
test:ENCRYPTED PASSWORD HERE:archive 


$/etc/ftpconversions 
¥Î¨Ó°µtar¡Bcompress¡Bgzipµ¥°Ê§@«ü¥O°t¸m¤å¥ó¡A¥u­n¥Î¹w³]§Y¥i¡A¦pªG§A¤£¶}©ñ§Y®ÉÀ£ÁY¥´¥]¡A¤]¥i¥H§â¤º®e²M°£¡C 


$$§Þ³N¤ä´©¡G 
©x¤èºô¯¸ www.wu-ftpd.org 
¥i¥H¨ìftp://ftp.wu-ftpd.org¤U¸ü³Ì·sª©¥»ªº·½¥N½X¥]¡C 

$$°t¸m¹ê¨Ò¡G 

¹ê¨Ò1 
$begin 
°t¸m¥Ø¼Ð 
¤£¤¹³\anonymous¥Î¤áµn¿ý¡A«Ø¥ß¤@­Óguest½ã¸¹¡A¨Ï¤½¥q¤º³¡¤H­û¨Ï¥Î¡A¨Ã¥B¤£¤¹³\¥ÎTelnetµn¿ý¡C 

°t¸m¨BÆJ¡G 
1¡B¼W¥[¤@­Ó¥Î¤á½ã¸¹¡G 
useradd szanlai 
passwd szanlai 
2¡B©w¸q«ü¦V¥Î¤áªºshell ?ªÅshell: 
chsh szanlai 
¿é¤J /bin/hello (¥ý¦b/etc/shells¤¤²K¥[¤@¦æ/bin/hello) 
¥H¤W¨â¨B¥i¥H¥Î¤@±ø©R¥O°µ 
usedadd -d szanlai -s /bin/hello szanlai (-d ¬O¥Î¤á¥Ø¿ý¡A-s ¬O«ü¦V¤°?shell) 
3¡B­×§ï/etc/shells¤å¥ó¡A¦bshells¤å¥½¼W¥[©Ò«ü¦Vªºshell 
vi shells 
4¡B­×§ï/etc/passwd ¤å¥ó¡A´N¬O±N¥Î¤á½ã¸¹¥Ø¿ý«ü¦¨µêÀÀµn¿ý®Ú¥Ø¿ý¡A¡]³o´N¬Ochroot©Ò«üªº®ÄªG¡^ 
eg: szanlai:x:503:504::/home/szanlai/:/bin/hello 
change szanlai:x:503:504::/home/szanlai/./:/bin/hello 
ª`·N¤£­n¦bi : ¤§¶¡¥[¤W "/" ¡A¡A¡A§_«hµn¿ý¤£¶i 
³o¤@­Ó§ï°Ê¬O±N/home/szanlai/ µêÀÀ«ü¦V /¡C 
5¡B¤§«á¡A»Ý°µ¤@­Óºc¬[¡A¡A¦bszanlai¥Ø¿ý¤U·s«Ø /bin , /etc , /lib , /dev ¥Ø¿ý 
(¦]?©w¸q¤FµêÀÀµn¿ý®Ú¥Ø¿ý) 
6¡B±Nls©R¥O¤å¥ócp ¤@¥÷¨ìµêÀÀ¥Ø¿ý(/home/szanlai/bin) 
cp /bin/ls /home/szanlai/bin 
7¡B¦A±Nls ÃöÁp¦@¥Î¤å¥ócp¶iµêÀÀ¥Ø¿ý¡]/home/szanlai/lib¡^ 
¦Ó¦p¦óª¾¹D¤@­Ó°õ¦æ¤å¥ó©Ò»Ý­nªº¦@¥Î¤å¥ó©O¡H #¥i¥H¦b/var/ftp¤UÀò±o 
¥Îldd ©R¥O¥iª¾¡C 
Eg : ldd /bin/ls 
¦A±N©Ò¨£¨ìªº¤å¥ó¥þ³¡cp ¨ì/home/szanlai/lib 
8¡B±NªÅshell ­×§ï¡A¡A 
mknod /bin/hello c 1 3 (1 ¤£¬O L) #°µ·sªº¶ô¤å¥ó 
¦A½á»P³\¥iÅv chmod 666 hello 
9¡B¦A±N/etc/group ,/etc/passwd ¤å¥ócp ¶i/home/ftp/etc 
¦A¤À§O­×§ï¨â­Ó¤å¥ó¡C¨Ï¦bµêÀÀµn¿ý¥Ø¿ý¤U¡A¥u¯à¦³¤@­Ó¥Î¤áµn¤J¦W 
10¡B­×§ïftpaccess 
¤@­Ó¬Oclass Ãþ§O«ü¦V guest 
¤G­Ó¬O±Nguestgroup «ü¦V ¥Î¤á½ã¸¹ 
11¡B¤§«á¡A´N¬O¥Îchmod©R¥O¨Ó³]¸m³\¥iÅv¡A¡A¡A 
end 
°ÝÃD¡G 1\¦b²K¥[shell®É¡A¥i¤£¥i¥H¥Î½Ñ¦p "/usr/bin/passwd"³o¼Ëªº©R¥O¡A¥N´À¶ô¤å¥ó? 
2\¤@©w­nmknod /bin/hello c 1 3 ¤§«á¡A¨t²Î¤~·|»{³o­Óshell¶Ü? 
3\¦b/home/szanlai¤U«Ø¥ßªº¥Ø¿ýµ²ºc¦³¤°?¥Î©O¡H¥Î¤á¦p¦ó¤~¯à¹B¦æ³o¨Ç¦øªA¾¹ºÝ©R¥O¡H 
4\«ç¼Ë¤~¯à¨Ï/home/szanlai/etc/¤Uªºpasswd°_§@¥Î©O¡HÀq»{ÁÙ¬O¥Î¨t²Îªºpasswd¸ê®Æ®w¡I 
5\chroot() ¨ãÅé¥Îªk szanlai:x:503:504::/home/szanlai/./:/bin/hello 
6\«ç¼Ë¨Ïtelnet¤]chroot©O¡H 
7\¬O§_¥i¯àÅý¥Î¤áºûÅ@¦Û¤vªºpasswd? 

¹ê¨Ò2 
$begin 

²Ä¤@¨B¡G³]¸m°Î¦W¥Î¤á²Õ 
anonftp¦w¸Ë§¹¦¨«á¡A·|¦Û°Ê³Ð«Ø¤@­Ó°Î¦W¥Î¤á²Õ¡Gftp,³o­Ó¥Î¤á²Õ¬O§¹¦¨³]¸mªºÃöÁä¡C­º¥ý¡A­n­×§ï/etc/ftpaccess¤å¥ó¡C 
# vi /etc/ftpaccess 
(¦³Ãövi½s¿è¾¹ªº¨Ï¥Î¤èªk½Ð°Ñ¨£¦³Ãö¤å³¹) 
¦b¤å¥ó¤º®e¤¤¥[¤J¦p¤U´X¦æ: 
guestgroup ftp 
chmod yes guest 
delete yes guest 
overwrite yes guest 
rename yes guest 
¨ä¤¤²Ä¤@¦æ¬O©w¸qftp¥Î¤áªº²Õ¦W¡]¤]¥i¥H³]?¨ä¥L¥Î¤á²Õ¦W¡A¦p¡Gftpgroup,¤£¹L­n¥ý³Ð«Ø³o­Ó¥Î¤á²Õ¡^«á¥|¦æ¬O³]¸mftp¥Î¤áªº³\¥iÅv¡A§Y¾Ö¦³§ó§ï¤å¥óÄÝ©Ê¡B§R°£¤å¥ó¡BÂл\¤å¥ó¡B­«©R¦W¤å¥óªº³\¥iÅv¡A³o¬O¤@­Óftp¥Î¤á©Ò»Ýªº°ò¥»³\¥iÅv¡A¦pªG¤£³]¸m¡A¥Î¤á«hµLªk¥¿±`¨Ï¥Î¸ÓftpªA°È¡C 

²Ä¤G¨B¡G³Ð«Øftp¥Î¤á 
# adduser test -g ftp 
³Ð«Øtest¥Î¤á¡A¨ä²Õ¦W?ftp¡A¥Î¤á¥Ø¿ýÀq»{?/home/test 
# passwd test 
?test¥Î¤á³]¸m±K½X 

²Ä¤T¨B¡G«þ¨©°Î¦W¥Î¤á©Ò»Ýªº¤å¥ó 
# cp -rf /var/ftp/lib /home/test 
# cp -rf /var/ftp/bin /home/test 
©Ò«þ¨©ªº¤å¥ó¬Oanonftp¦Û±aªº°Î¦W¥Î¤á©Ò»Ýªº©R¥O¤å¥ó©M®w¤å¥ó¡A¦pªG¨S¦³«h¥Î¤á¤£¯à¨Ï¥Î°ò¥»©R¥O¡A¦p¡Glsµ¥¡C 

²Ä¥|¨B¡GÃö³¬¥Î¤áªºTelnet³\¥iÅv¡A´£°ª¨t²Î¦w¥þ©Ê¡CÃö³¬Telnet³\¥iÅv¦³¦hºØ¤èªk¡A²{¤¶²Ð¨âºØ¤ñ¸û¹ê¥ÎªºÅªªÌ¥i¦Û¦æ¿ï¾Ü¡G 
¤èªk¤@¡G±N¥Î¤áªºshell³]?ªÅ¡A¨Ï¥Î¤áµLªkµn¿ý¡C­º¥ý¡A­n½s¿è/etc/shells¤å¥ó¡A¥[¤J¤@¦æ/dev/null,µM«á³]¸mtest¥Î¤áªºshell?/dev/null§Y¡G 
# chsh -s /dev/null test 
¤èªk¤G¡G¨Ï¥Î¤áTelnetµn¿ý¦¨¥\«á¥u¯à­×§ï¦Û¤wªº±K½X¡C¦P¼Ë­n½s¿è/etc/shell¤å¥ó¡A¥[¤J¤@¦æ 
/usr/bin/passwd,µM«á³]¸mtest¥Î¤áªºshell?/usr/bin/passwd§Y¡G 
# chsh -s /usr/bin/passwd test 

²Ä¤­¨B¡G¶}³q¥Î¤áªº­Ó¤H¥D­¶ 
¦b¥Î¤á¥Ø¿ý¤U«Ø¥ßpublic_html¥Ø¿ý§Y¡G 
# mkdir /home/test/public_html 
¨Ã¦b¸Ó¥Ø¿ý¤U«Ø¥ßindex.html¤å¥ó¡A¦¹¤å¥ó¬O¥Î¤áªº­º­¶¡C¥Ñ©ó public_html ¥Ø¿ý©M index.html ¤å¥ó¬Oroot¥Î¤á©Ò«Ø¡A¨ä¥L¥Î¤á¤£¯à­×§ï¡A¦]¦¹»Ý­n­«·s³]¸m³\¥iÅv¡G 
# chown -R test.ftp /home/test/public_html 
# chown test.ftp /home/test/public_html/index.html 
¥Î¤á¥D¥Ø¿ý°£©Ò¦³ªÌ¥~¡A¨ä¥L¥ô¦ó¤H§¡¤£¯àŪ¨ú¡A³o¼Ë¥Î¤á­Ó¤H¥D­¶«K¤£¯à¨Ï¥Î¡A¦]¦¹­n¹ï¥Î¤á¥Ø¿ý³\¥iÅv°µ­×§ï§Y¡G 
# chmod 755 /home/test 

²Ä¤»¨B¡G´ú¸Õ°t¸m 
²{¦b¤@­Ó§¹¾ã¥\¯àªºftp¥Î¤á¤w¸g³Ð«Ø¦¨¥\¡A¤U­±¥i¥H¹ï¨ä¥\¯à¶i¦æ´ú¸Õ¡G 
(1)´ú¸ÕftpªA°È 
¨Ï¥Î©R¥O¡G# ftp localhostµn¿ýftpªA°È¡A¿é¤Jtestªº¥Î¤á¦W©M±K½X«á¡A¥i¥Hª½±µ¶i¤Jtestªº¥D¥Ø¿ý¡A¨Ã¥B¥u¯à¦b¦¹¥Ø¿ý¤U¤u§@¡A§A¥i¥H§R°£¡B­×§ï¡BÂл\ÄÝ©ótestªº¤å¥ó¡A¦Ó¤£¯à¶i¤J¤W¤@¯Å¥Ø¿ý¬d¬Ý¨ä¥L¤å¥ó¡A³o¼Ë¦øªA¾¹´N¦w¥þ¦h¤F¡C 
(2)´ú¸ÕTelnet³\¥iÅv 
³q¹L©R¥O¡G# Telnet localhostµn¿ý¡A¿é¤Jtestªº¥Î¤á¦W©M±K½X«á·|µo²{¡A©ÎªÌ¨t²Î©Úµ´µn¿ý(¨Ï¥Î¤W­z¤èªk¤@)©ÎªÌ¥u¯à­×§ï¦Û¤vªº±K½X(¨Ï¥Î¤W­z¤èªk¤G)¥²§K¤F¥Î¤á³q¹LTelnetµn¿ý¬d¬Ý¨ä¥L¤å¥ó¡C 
(3)´ú¸Õ¥Î¤á­Ó¤H¥D­¶ 
­º¥ý¡A«OÃÒApache¦øªA¾¹¥~©ó?°Êª¬ºA¡A¨Ã¶}?¤F¥Î¤á­Ó¤H¥D­¶¥Ø¿ý§Ypublic_html¥Ø¿ý(Àq»{¬O¶}?ªº)µM«á´N¥i¨Ï¥Înetscape¦¡lynxÂsÄýhttp://localhost/~test,¦pªG¬Ý¨ì«e­±©Ò«Ø¥ßªºindex.html¤å¥ó¡A¨º?³]¸m´N¨S¦³°ÝÃD¤F¡C(Apacheªº¦w¥þ©Ê³]¸m½Ð°Ñ¾\¬ÛÃö¤å³¹) 

¦Û°Ê³Ð«ØFtp¥Î¤á 
¦pªG»Ý­n³Ð«Ø³\¦h³o¼ËªºFtp¥Î¤á¡A¨º?³o¨Ç¨BÆJÅãµM¤ñ¸û¶O®É¡A¦]¦¹µ§ªÌ¯S¦a¼g¤F¤@­Óshell¸}¥»¨Ó¦Û°Ê§¹¦¨¥H¤Wªº¦U¶µ¤u§@¡G 
²Ä¤@¨B¡G¦b/etc/skel¥Ø¿ý¤U«Ø¥ßpublic_html¥Ø¿ý¡A¨Ã¦b¨ä¥Ø¿ý¤U«Ø¥ßindex.html¤å¥ó 
(ª`¡G/etc/skel¥Ø¿ý¤Uªº©Ò¦³¤º®e³£±N¦Û°Ê½Æ»sµ¹·s³Ð«Øªº¥Î¤á) 
²Ä¤G¨B¡G«þ¨©/var/ftp/bin©M/var/ftp/lib¥Ø¿ý¨ì/etc/skel¥Ø¿ý¤U 
²Ä¤T¨B¡G§ï¼g/etc/shells¤å¥ó¡A¥[¤J¤@¦æ¡G/usr/bin/passwd 
²Ä¥|¨B¡G¥Îvi©Î¨ä¥L¤å¥»½s¿è¾¹¦b/bin¤U«Ø¥ß¤@­Óshell¸}¥»¡AÀɮצW?addftpuser¤å¥ó¡A¤º®e¦p¤U¡G 

#! /bin/bash 
if test $# != 1 
then 
echo "Usage: addftpuser username" 
echo "Thanks." 
exit 
fi 

if test `grep ftp: /etc/group -c` != "1" 
then 
echo "Create ftp group..." 
groupadd ftp 
fi 

if test `grep $1: /etc/passwd -c` = "1" 
then 
echo "Username already have, please, change and try..." 
exit 
fi 

username=$1 
userhome=/home/$1 

echo "Create username and home directory..." 
adduser $username -g 'ftp' -d $userhome 

passwd $username 

chsh -s /usr/bin/passwd $username 
chmod 755 $userhome 

echo "Success in adding a ftp user !" 

­×§ïaddftpuser¤å¥óÄÝ©Ê?755¡A¨Ï¤å¥ó¥i°õ¦æ¡A¤µ«á¨Ï¥Î®É¥u»ÝºV¡Gaddftpuser ¥Î¤á¦W¡AµM«á¨Ì´£¥Ü³]¸m¥Î¤á±K½X¡A§Y¥i¦Û°Ê§¹¦¨¤@­Óftp¥Î¤áªº²K¥[¡C³o¼Ë¡A³B²z¤@§å¥Î¤á®É´N¤è«K¦h¤F¡A§A¥i¥H§â³o­ÓFtp¦øªA¾¹¬[³]¦b§½°ìºô¤¤¡A¦V«È¤á¶}©ñFtpªA°È©M­Ó¤H¥D­¶ªÅ¶¡¡A·íµM¤]¥i¥H§â¥¦¬[³]¦bInternet¤W¡C 
end 

¹ê¨Ò3 
$begin 
1.¡@³]¸m§O¦WIP¦ì§}¡A§Y¦b¤@¶ôºô¥d¤W¸j©w¦h­ÓIP¦ì§}¡C 
¦p§Aªº¤º³¡FTP¥D¾÷?192.168.11.12 

§A¥i¦A¸j©w¤@­ÓIP¦a§}¦p¤U¡G 
/sbin/ifconfig¡@eth0:0¡@192.168.11.7¡@up 
/sbin/route¡@add¡@-host¡@192.168.11.7¡@eth0:0 

2.¡@­×§ï/etc/ftpaccess,#enable¡@virtual¡@ftp¡@. 
¥[¤U­±ªº¦æ¨ì¸Ó¤å¥ó¤¤ 

virtual¡@192.168.11.7¡@root¡@/home/virtualftp 
virtual¡@192.168.11.7¡@banner¡@/home/virtualftp/banner_message 
virtual¡@192.168.11.7¡@logfile¡@/var/log/virtualftp/xferlog 

·íµM¡A§A»Ý­n¥ýµn¿ý§@?root¡A³Ð«Ø¥Ø¿ý/home/virtualftp and¡@/var/log/virtualftp 
§A¤]­n·Ç³Æbanner¤å¥ó/home/virtualftp/banner_message 

¤W­±¤T¦æªº¸ô®|©MÀɮצW§A¥iÀH«K©w¸q¡C 

3.¡@«þ¨©©Ò»Ý­nªº°Î¦WFTP¤å¥ó,¥D­n¬O/lib,/etc,/bin¥Ø¿ý 
#¡@cp¡@/home/ftp/*¡@/home/virtualftp¡@-a 

4.¦p¥i¯à¡A§A¤]³Ì¦n¦bDNS¤¤©w¸q192.168.11.7¡A³]¸m¦¨§A»Ý­nªºµêÀÀFTP 
¥D¾÷¦W¡C 
end 

¹ê¨Ò4 
$$begin 
§Ú­Ì¤j®a³£ª¾¹D FTP ¦øªA¾¹ªº¤f¥OÅçÃÒ¬O°ò©ó©ú½Xªº¡A¦]¦¹¡A«Ü®e©ö³Q¶å±´¨ì¡C¥»¤å¤¶²ÐªºµêÀÀ FTP ¦øªA¾¹±Ä¥Î chroot ªº¿ìªk¡AÁöµM¤£¯à¨¾¤î¤f¥O³Q¶å±´¡A¦ý¬O¯à«OÅ@§Aªº¨t²Î¦b¤f¥O§Y¨Ï³Q¶å±´¨ìªº±¡ªp¤U¡A¤´µM¤£¯à§ð¯}¡C 

µêÀÀ FTP ªA°È¡A°£¤F chroot ¥\¯à¥H¥~¡AÁٱĥΤF²Ä¤G­Ó¤f¥O¸ê®Æ®w¨ÓÅçÃҥΤá¡A³o¼Ë§A´N¤£»Ý­n«Ø¥ß FTP ¥Î¤á±b¸¹¡A§Y¨Ï¤f¥Oªnº|¡A¥Î¤á¤]¤£¯àµn¿ý¨ì¨t²Î¡C 

§Ú­Ì±Ä¥Î¤@­Ó¥s§@ vftpd ªº¦uÅ@µ{¦¡¨Ó§êºtµêÀÀ FTP ¦øªA¾¹ªº¨¤¦â¡A¥D­nªº¦w¥þ¯S¦â¥]¬A¡G 
- ©l²×±Ä¥Î chroot ³B²z¥Î¤áªº home ¥Ø¿ý 
- ¤¹³\¥Î¤á¦b¨S¦³ shell ªº±¡ªp¤U¦s¨ú 
- VFTPD ¤£¤¹³\¥Î¤áªº home ?¡G/, /etc, /bin, /sbin, /usr/bin, /usr/sbin, /dev/, /lib, /tmp. 
- Home ¥Ø¿ýªº¸ô®|¤£¯à¥]§t²Å¸¹³s±µ 
- °£¤F root ¥Î¤á¨ã¦³ UID 0 ¥H¥~¡A¤£¤¹³\¨ä¥L¥Î¤á 
- ¤£¤¹³\¥Î¤áªº¤f¥O¤å¥ó¹ï²Õ©M¨ä¥L¦³¼g³\¥iÅv 

¦w¸Ë vftpd «Ü²³æ¡A¥Ø«e³Ì·sªºª©¥»? 6.5.8 ¡A¤U¸ü«á tar xvfz ... ¡Amake ¡Amake install ¡A´N³o?²³æ¡C¤U¸ü¦a§}¡G 

http://startuplinux.com/virtualftpd.html 

¤j¦h¼Æªº°t¸m¤u§@³£¬O¦Û°Ê§¹¦¨ªº¡A°ß¤@»Ý­n­×§ïªº¬O /etc/ftppasswd ¤å¥ó¡A³o­Ó¤å¥ó¥]§t¤F¥Î¤á¯u¥¿ªº FTP ±b¸¹¡C³o­Ó¤å¥óªº®æ¦¡°ò¥»¤W /etc/password ¤@¼Ë¡A¨C¦æ®æ¦¡?¡G 

login:encryptedpassword:uid:gid:description:ftppath:/no/shell 


vftpd ´£¨Ñ¤F¤@­Ó¥s°µ addvuser ªº¤u¨ã¡A¯à«Ü¤è«Kªº¼W¥[ FTP ¥Î¤á¡A­×§ï·í«e¥Î¤áªº¤f¥O¬O "ftppasswd username"¡C 

¦pªG·í«e½T¦³ shell ±b¤áªº¥Î¤á­n¼W¥[¡A¤]»Ý­n¦b ftppasswd ¤¤²K¥[¸Ó¥Î¤á¡A¦ý¬O¤f¥O³Ì¦n¤£­n¤@¼Ë¡C 

¹ï©ó¤£»Ý­n ftp ªº¥Î¤á¡A¥i¥H§â±b¸¹¥[¤J /etc/ftpusers¡C 

³Ì«á¡A? /etc/ftpwelcome¡]³s±µ«áÅã¥Ü¡^©M /etc/motd¡]¦¨¥\µn³°«áÅã¥Ü¡^¼W¥[ ftp µn³°¸ê°T¡C 

²{¦b¥i¥H?°Ê¶iµ{¤F¡G 

vftpd -D -l -U 

-D ¨Ï¦¨?¦uÅ@µ{¦¡¦b«á»O¹B¦æ 
-l logs FTP ¦b syslog ¤¤µn³°¤é»x°O¿ý (¥¢±Ñ©M¦¨¥\ªº°O¿ý) ¡A¨â¦¸ -l °O¿ý¸Ô²Ó¸ê°T 
-U ¤¹³\§A¨Ï¥Î who ©R¥O¬d¬Ý·í«e±Ò°Êªº ftp ·|¸Ü 
-A ¥u¤¹³\°Î¦W¥Î¤á³s±µ 
-S §â°Î¦W³s±µªº¤é»x°O¿ý¨ì /var/log/ftpd 
-p °ð¸¹¡A¯Ê¬Ù? 21 

¨Ò¦p¡A§Ú­Ì¥i¥H¦b rc.local ùØ­±¼g¤J¡G 

/usr/local/bin/vftpd -D -U -l -l 

¨þ¨þ¡A¦¨¤F¡C 
end