引言
工作需要前端工程师在测试环境测试,但是前端工程师大多不用LINUX,调试起来我这种兼职运维的就是一个苦逼了,因此搭建一个FTP服务器方便前端工程师部署调试自己的代码
搭建proftpd服务器
安装proftpd
sudo apt-get install proftpd
配置proftpd
vim /etc/proftpd/proftpd.conf
# This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "HAO_GEEK_TEAM" ServerIdent off ServerType standalone DefaultAddress IP1 IP2 IP3 SocketBindTight on # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 # Set the user and group under which the server will run. User geek Group geek # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. DefaultRoot ~ AllowOverwrite yes # Normally, we want files to be overwriteable. <Directory ~/incoming> <Limit WRITE> AllowUser lczhftp DenyAll </Limit> </Directory> <Directory ~> <Limit READ DIRS> AllowUser lczhftp AllowUser filemanager AllowUser kfx AllowUser lsy AllowUser yangli DenyAll </Limit> <Limit WRITE> DenyAll </limit> </Directory> # 设置客户端认证方式,通过文件认证 AuthOrder mod_auth_file.c mod_auth_unix.c # 指定文件认证的passwd文件 AuthUserFile /etc/proftpd/ftp.passwd # 指定文件认证的group文件 AuthGroupFile /etc/proftpd/ftp.group # 认证帐号不需要有有效的shell RequireValidShell off # 设置每秒接受的连接请求个数,防止DoS攻击 MaxConnectionRate 5 # 最大的连接上的client的数量 MaxClients 20 "Sorry,the maximum number of allowed users (%m) are already connected. " # 允许端点续传 AllowStoreRestart on #关闭dns反向解析 UseReverseDNS off IdentLookups off
ftpasswd创建访问用户
sudo ftpasswd --passwd --file=/etc/proftpd/ftp.passwd --name=wangzhengyi --uid=33 --shell=/bin/false --home=/home/nohome
每个参数的定义可以man一下,如果你完全抄袭我的,那我只能说你运维做的太傻逼了,动动脑子想想自己的需求还是很必要的!
重启proftpd服务器
sudo /etc/init.d/proftpd restart
proftpd权限控制
目的
实现不同的用户不同的根目录
需求
目录结构如下: --root(根目录): --test1(子目录1) --test2(子目录2) --test3(子目录3)
有三个用户user1,user2,user3,user1默认到/root目录下,user1默认到/root/test1目录下,user2默认到/root/test2目录下
实现方法
(1)设置user1的home目录为/root,user1的home目录为/home/test1,user2的home目录为/home/test2,设置方法:
sudo ftpasswd --passwd --file=/etc/proftpd/ftp.passwd --name=wangzhengyi --uid=33 --shell=/bin/false --home=/root{ /test1 /test2}(2)增加权限控制
DefaultRoot /root <Directory /root/test1> <Limit WRITE> AllowUser user1 DenyAll </Limit> </Directory> <Directory /root/test2> <Limit WRITE> AllowUser user2 DenyAll </Limit> </Directory>
原理
用户登录FTP服务器后,proftpd会默认首先寻找该系统用户的/home目录,并将该目录与proftpd.conf文件中的相关配置进行匹配,若无匹配,则转至proftpd.conf文件中的DefaultRoot命令登录服务器默认的根目录
参考链接
点击打开链接
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
