"Debian server installed portal" Guide Series II-[Blue forest-free software]

1 opening

Five years ago, I also find it a very mysterious thing Ftp. Time, I know that most people even think the Internet is all http. We downloaded from the web site, http link is the most. But the fact is, ftp (File Transfer Protocol, File Transfer Protocol) This service has been in existence for a long time and, if necessary documents downloaded from the link http addition, we can provide Linux, this can save server resources, such as connecting several anything. Ftp is specially designed for the transmission of data between two computer avoided much of the distal implementation. In particular, when transmitting larger documents, ftp, http than savings. In addition, ftp can be very convenient to upload documents and http is not so convenient.

2 choice wu-ftpd

Apt-cache search with orders look at what Linux could have chosen :

# Apt-cache search ftpd

You will find that many ftpd Debian to produce a server software package, including atftpd, bsd-ftpd, ftpd, oftpd, muddleftpd, proftpd, twoftpd, vsftpd, wu-ftpd so on. Of which the most widely used, it should be wu-ftpd, which is currently the most popular form of free FTP server software, the majority of FTP are wu-ftpd to set up a point, it was originally developed by the University of Washington wuarchive.wustl.edu. is a consideration of the efficiency and stability of the process. Wu-ftp so popular, a major reason is because it's powerful functions, such as :
On different domain can be controlled by the Access and FTP server machines to visit time.
The fact that users download documents, the automatic compression or decompression of the document work.
On record in the process of downloading or uploading files.
-- Can restrict the maximum number of visits to maintain the best operating efficiency.
On indication of the relevant information in order to enable users to understand the current state of the reception.
On FTP Server can be temporarily closed for maintenance.
Wu-ftpd provided by the current version of Debian 2.6.2. , We chose this wu-ftpd!

Installation 3

Installation is very simple to install with the following order :

# Apt-get install wu-ftpd

It will ask you, do you want to set up an anonymous ftp account? Y importation, the transport.
Then let you import ftp root catalog is /home/ftp acquiescence, we will use the tacit bars.
It then asked you, you want to create a list to enable users to upload documents? Y input, the creation of a.
The installation program will create a new user ftp, and the creation of a new user to join the group ftp go.
Then it will say :

Anonymous FTP users will only see UID and GID numbers, instead of names, because the libnss_files.so library hasn 't installed.

It is not installed by default, since there is no easy way to find out what version we need to install.

If you want to install it manually, it should be palced in /home/ftp/lib, owned by root, and with permissions of 444 (r--r--r--)

(It is impossible to judge because the version libnss_files.so not installed, the installation manual, /home/ftp/lib to find. I did not finish understand this, please enlighten me master). Beginners need to note here that this document which is retrieved from the /etc/passwd been UID and GID to determine user permissions on the document. We would like to talk later in the configuration file ftpaccess, Channels for certain groups of users or some authority to set up the GID.

4 configuration

In fact, after the installation, no need for any configuration, the Linux device can be used. If you, like me is impatient, and before you can try to download the course of the allocation. Then, the general Debian users, anonymous users can visit it can also upload documents to the incoming list, but has not learned from the papers. But we still need to do some configuration, customization because we need their safety.

To ensure the availability of FTP Server will not bring security risks to our system, we must first of all take the following measures :

# Chmod 555 /home/ftp
# Chmod 111 /home/ftp/bin/*
# Chmod 555 /home/ftp/lib/*
# Chmid 444 /home/ftp/etc/*

4.1 configuration file on

Wu-ftpd configuration files on /etc/wu-ftpd below, are :

Ftpaccess wu-ftpd -- This is the main configuration file, Access Control
Ftpconvertions definition of the document -- the document compression / decompression conversion programs
Ftpservers -- used to set up a number of domain names and IP addresses to correspond to different virtual server
Ftpusers -- all included in this document which users can connect Linux devices
Msg.denu -- refused to visit, the information shown to users
Msg.nodns inquiries -- When DNS failure, the information shown to users
Msg.toomany -- connecting a few too many, the information shown to users
Pathmsg -- When users use illegal trails / file name, the information shown to users
Welcome.msg -- When users build connected, information shown to users welcome

In /usr/share/doc/wu-ftpd/examples Now, some of the sample configuration file, we can refer to some.

4.2 configuration changes /etc/wu-ftpd/ftpaccess

Wu-ftpd this document is the main configuration file, many important topics are included in these cases, for example, the users can visit to get Debian, it is necessary to make this document which defined the Class paragraphs inside.
Now we ftpaccess according to the order paper, section by section introduced. Usually not used, or I do not know, not on :-), otherwise it will be great length.

4.2.1 managers email address

# This not a

Email ftpadmin@misconfigured.host

4.2.2 installed UID/GID

# UID/GID set up what can and can not use FTP Server. I have never understood the %-99 here, experts advise.
#deny-uid %-99
#deny-gid %-99
#allow-uid Ftp ftpadmin
#allow-gid Ftp ftpadmin

4.2.3 recorded several failures

# Posted below five installed after the failure, continuous link

Loginfails 5

4.2.4 restricted list

# In addition to the root of the user list, which enables users to see something else. This is very important!
# You can download Linux for a look at this amendment before, and then removed the # then download see a big difference oh

Restricted-uid kanaka

4.2.5 unenforceable SITE GROUP/SITE GPASS

# Private users determine whether an order can be implemented SITE GROUP/SITE GPASS
# /etc/ftpgroup Switched to the use of these two groups of instructions. Generally, we will not go so far as to use this function to avoid loopholes.
No #private

4.2.6 definition User category -- 14.00

From the class definition and IP addresses of users can download them. FTP Server are three types of users are "real" -- expressed in the FTP server on the account of a legitimate user. "Guest" -- said further definition of the use of certain groups of users; "Anonymous" minimum competence -- an anonymous user. With these three users, in ftpaccess documents can be set up according to different users different access rights. However, only three general definition is not enough, we can order more control over the definition of a grammar class.

Grammar :

Class "type class name," "address" the "users" [users address ": :]

Which he may have set : the "class name", "type" is the aforementioned three, ftp "user address" means that a user will use the IP address.
Following are some examples :

# Default below this trip, all of which define a class called, contains three kinds of people allowed to connect all the IP addresses

Class all real, guest, anonymous *

Now this is called the local # 14.00, the only real users even from the plane onto machines

14.00 local real localhost loopback

# Now this remote called the class includes the line from anywhere in the guest and anonymous users, but not real users

14.00 remote guest, anonymous *

# Rmtuser below this event from the outside of the class includes (in addition to example.com) real users

14.00 rmtuser real !*.example.com

4.2.7 installed for the various categories of users connecting the largest number of

# Can connect the largest number of definitions for each category, and the result will be different the wrong message. Allow 30 below link.

Any limit all 30 /etc/wu-ftpd/msg.toomany

Accountability installed readme文件

# Readme order : Logon or other designated operators (such as the replacement of Contents), FTP Server to prompt the user to read the paper.

Readme README* Login
Readme README* cwd=*

The use of compressed 9.3.13

# The following definition of the entry permit from the local and remote machines in the transmission of documents,
# Implementation can compress documents or use compressed tar paper bundles multiple orders into one document.

Compress yes local remote all
Tar yes local remote all

4.2.10 log records

Notes # symbols in front if removed, it will record relevant information.
#log Commands anonymous, guest, real
#log Security
#log Syslog
Log transfers anonymous, guest, real inbound, outbound

4.2.11 installed overtime

# Now set up more than 30 seconds : If no action on calls for anonymous connections

Limit-time anonymous 30

Some of the authority orders 4.2.12

Rename no anonymous # rename authority?
Delete no anonymous # delete authority?
Overwrite no anonymous # overwrite authority?
Chmod no anonymous # chmod authority?
Umask no anonymous # umask authority?

4.2.13 anonymous users upload authority

They all add to its # Well, not anonymous users upload documents

* No. #upload /home/ftp
#upload /home/ftp /pub/incoming Yes ftp decrypted German nodirs

As ftpd inetd was calling, so we amended the configuration file, restart wu-ftpd not.
For ordinary ftp application to amend the wording of the above documents would be sufficient. If you have higher demands, it continues to look down.

4.3 revise /etc/wu-ftpd/ Ftpusers

We have said that, if included in the document which users can download the Linux for the.
Restrict users FTP Server is based mainly on the security of their systems, to avoid excessive rights of users (such as root, ftpadm) FTP Server and entered an order to avoid using the system as account numbers (such as shutdown, sync), a management system to avoid confusion. We can use according to their needs, users to add or remove documents.
This document is the fastest way to /etc/ftpusers attention. The following is a tacit ftpusers contents :

# /etc/ftpusers : List of users disallowed FTP access. See ftpusers (5).

Root
Blowfish
Bin
Sys
Sync
Games
Man
Lp
Mail
News
Uucp
Nobody

4.4 Laws /etc/wu-ftpd/ Ftpconversions documents

Ftpconversions definition of the paper's main users of the documents downloaded from the FTP server document format conversion rules. For example, compression, decompression, opened packages and bundles operational, users would not have to. Tar.gz,. Tgz,. Z and. Z such a complicated document. Ftpconversions beginning of the format looks very complicated, but not to worry, we basically do not disturb, we are prepared for this configuration debian, we have been able to meet the needs of the use. Let us look at the content of the document : ftpconversions

:. Z : : : : T_REG|T_ASCII:O_UNCOMPRESS:uncompress %s /usr/bin/compress-d-c
: : :. Z:/usr/bin/compress %s:T_REG:O_COMPRESS:compress Ones
:. Gz : : : /bin/gzip tentatively %s:T_REG|T_ASCII:O_UNCOMPRESS:gunzip
: : :. Gz:/bin/gzip -c9 %s:T_REG:O_COMPRESS:gzip
:. Localization : : : /usr/bin/bzip2 tentatively %s:T_REG|T_ASCII:O_UNCOMPRESS:bunzip2
: : :. Bz2:/usr/bin/bzip2 -c9 %s:T_REG:O_COMPRESS:bzip2
:. : : : Zip /usr/bin/zip q r -9 - %s:T_REG|T_DIR:O_TAR|O_COMPRESS:zip
: : :. Zip:/usr/bin/unzip q-c-%s:T_REG|T_DIR:O_TAR|O_UNCOMPRESS:unzip
: : :. Tar:/bin/tar -chf - %s:T_REG|T_DIR:O_TAR:tar
: : :. Tar.Z:/bin/tar -chZf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+compress
: : :. Tar.gz:/bin/tar -chzf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+gzip
: : :. Tgz:/bin/tar -chzf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+gzip
: : :. Tar.bz2:/bin/tar -chIf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+bzip2
: : :. Ltar:/bin/tar -cf - %s:T_REG|T_DIR:O_TAR:tar
: : :. Ltar.Z:/bin/tar -cZf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+compress
: : :. Ltar.gz:/bin/tar -czf - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:tar+gzip

You might think I look like Hualeyan, but Fortunately, we do not pedantic. It basically put this document commonly used compression, packing orders are included, as long as it exists, FTP Server procedures will be implemented in accordance with the needs of users in order to squeeze or packing.
For example, users want to download a list of all documents Howto, then he does not use mget orders, and the use of get Howto.tar.gz, then compressed and sent packing list wu-ftpd will include users of the machines. Therefore, the use of the document will be completed transfer of data compression to reduce transmission time effects.
There is little need to note that the definition of the document refers to the executable files are /home/ftp/bin /bin position rather than Linux / Contents of the bin, so please check whether /home/ftp/bin Catalog Orders If these procedures do not need complicated systems to the catalog. I looked at them, because I just installed the basic system of Debian, bzip2 This order is not, we can install bzip2 at-get order to download and install it, then bzip2 /home/ftp/bin order to be a complex system.

5 test

Here, anonymous FTP server configuration essentially completed, we can connect their own ftp server order to check the legitimate user and anonymous users connect to the catalog, as well as various powers correctly. The FTP Server can be prepared after the opening.

6 TODO

The next version of which I will describe how to use Linux to create ftpmirror mirroring.

7 1985

This paper is the "portal installed Debian servers," the second chapter Guide series, "according to the proposed order you read, and the author may have problems Kanaka Ties.

8 References

This chapter reference to the following article :
"Wu-ftpd erected using FTP Server," a text that addressed http://www.lslnet.com/linux/docs/linux-3300.htm
"FTP server set up," Wen addressed http://www.linuxsir.com/bbs/showthread.php?s=&threadid=8455&highlight=wuftpd
I am sorry I did not find these two articles author's name, but we still should be eternally grateful.

[ Closed window ]

E-mail : Webmaster@lslnet.com