Centos7.4 64bit安装pure-ftpd及配置笔记,用了多年vsftp,今天试试pure-ftpd,

  

centos 7.4 64bit

vsftp的权限组合配置很强大,但是对于一般人来说比较复杂,老牛从头就开始用vsftp,到现在很多年了
虽然知道其他几种ftp,但这么多年都没安装来试试,今天在一台VPS上需要用到ftp,就顺便换换pure-ftpd试试
安装

1
yum install pure-ftpd -y

修改配置文件pure-ftpd.conf

1
vi /etc/pure-ftpd/pure-ftpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
############################################################
#                                                          #
#         Configuration file for pure-ftpd wrappers        #
#                                                          #
############################################################

# If you want to run Pure-FTPd with this configuration  
# instead of command-line options, please run the
# following command :
#
# /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.shtml for a complete list of
# options.

# Cage in every user in his home directory
#限制所有用户只能访问主目录
ChrootEveryone              yes



# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
#信任组ID,不用设置,注释掉
# TrustedGID                    100



# Turn on compatibility hacks for broken clients
#是否断开非兼容的客户端,设置no时,兼容ie等比较非正规化的ftp客户端
BrokenClientsCompatibility  no



# Maximum number of simultaneous users
#最大连接的客户端数量
MaxClientsNumber            10



# Fork in background
#是否以守护(doemon)进程运行,设置yes
Daemonize                   yes



# Maximum number of sim clients with the same IP address
#单个IP最大连接数
MaxClientsPerIP             8



# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
#是否记录所有用户的ftp连接命令
VerboseLog                  no



# List dot-files even when the client doesn't send "-a".
#客户端未发出-a命令时,是否列出隐藏文件(dot-files)?
DisplayDotFiles             yes



# Don't allow authenticated users - have a public anonymous FTP only.
#只允许匿名用户?我们用于非公共ftp,所以要进行认证,不能匿名登录
AnonymousOnly               no



# Disallow anonymous connections. Only allow authenticated users.
#设置为yes时,禁止匿名用户登录,只允许认证用户登录
NoAnonymous                 yes



# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
#默认( facility )是 "ftp"。 "none" 将禁止日志。
SyslogFacility              ftp



# Display fortune cookies
#设置用户登陆后的显示信息
# FortunesFile              /usr/share/fortune/zippy



# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
#//禁止反向解析,在日志文件中不解析主机名。
DontResolve                 yes



# Maximum idle time in minutes (default = 15 minutes)
#客户端允许的最大的空闲时间,
#MaxIdleTime                 15



# LDAP configuration file (see README.LDAP)
#LDAP配置文件目录
# LDAPConfigFile                /etc/pure-ftpd/pureftpd-ldap.conf



# MySQL configuration file (see README.MySQL)
#MySQL配置文件目录
# MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf


# Postgres configuration file (see README.PGSQL)
#PGSQL配置文件目录
# PGSQLConfigFile               /etc/pure-ftpd/pureftpd-pgsql.conf


# PureDB user database (see README.Virtual-Users)
#删除注释,并启用,如果需要上面那几种数据库来存放用户信息,请自行删除注释
#此为虚拟用户数据库路径,我们创建的虚拟用户就保存在这里
PureDB                        /etc/pure-ftpd/pureftpd.pdb


# Path to pure-authd socket (see README.Authentication-Modules)
#验证服务pure-authd 的socket 路径
# ExtAuth                       /var/run/ftpd.sock



# If you want to enable PAM authentication, uncomment the following line
#启用 PAM 认证方式
PAMAuthentication             yes



# If you want simple Unix (/etc/passwd) authentication, uncomment this
#unix认证方式,只用一种即可
# UnixAuthentication            yes



# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.



# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
#递归方式列出文件的数量及深度
LimitRecursion              100000 1



# Are anonymous users allowed to create new directories ?
#是否允许匿名用户创建文件目录
AnonymousCanCreateDirs      no



# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
#设定负载阙值,当系统负载大于以下设定的数值后,将禁止匿名用户下载!
MaxLoad                     2



# Port range for passive connections replies. - for firewalling.
#FTP启用主动模式时用到的端口范围,建议设置为31888 to 36888
#主要是不想去改防火墙了,用以前vsftp的防火墙端口规则
PassivePortRange          31888 36888


# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
#强制一个IP地址使用被动响应( PASV/EPSV/SPSV replies)
#ForcePassiveIP                192.168.0.1



# Upload/download ratio for anonymous users.
#匿名用户和认证用户下载时的速度比例
# AnonymousRatio                1 10



# Upload/download ratio for all users.
# This directive superscedes the previous one.
#上传下载速度比例设置,全局变量
# UserRatio                 1 10



# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
#不允许下载ftp属主的文件
AntiWarez                   yes



# IP address/port to listen to (default=all IP and port 21).
#服务监听的IP 地址和端口。(缺省是所有IP地址和21端口)
# Bind                      127.0.0.1,21



# Maximum bandwidth for anonymous users in KB/s
#匿名用户带宽
# AnonymousBandwidth            8



# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
#认证用户带宽
# UserBandwidth             8



# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.
#文件和目录的umask
Umask                       133:022



# Minimum UID for an authenticated user to log in.
#用户ID至少要大于1000才能登陆
MinUID                      1000



# Do not use the /etc/ftpusers file to disable accounts. We're already
# using MinUID to block users with uid < 1000
#是否使用/etc/ftpusers配置文件来禁用帐号,默认为no
UseFtpUsers no



# Allow FXP transfers for authenticated users.
#是否仅允许认证用户进行 FXP 传输?默认为no,这里改yes
AllowUserFXP                yes



# Allow anonymous FXP for anonymous and non-anonymous users.
#是否对匿名用户和非匿名用户允许进行匿名 FXP 传输。
AllowAnonymousFXP           no



# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
#用户不能删除和写点文件(文件名以 '.' 开头的文件),即使用户是文件的所有者也不行。
ProhibitDotFilesWrite       no



# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
#同上
ProhibitDotFilesRead        no



# Never overwrite files. When a file whose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
#是否对已存在的文件自动重命名?必须no
AutoRename                  no



# Disallow anonymous users to upload new files (no = upload is allowed)
#设置yes禁止匿名用户上传新文件
AnonymousCantUpload         yes



# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#设定仅允许来自以下IP地址的非匿名用户连接。
#TrustedIP                  10.1.1.1



# If you want to add the PID to every logged line, uncomment the following
# line.
#如果需要为日志每一行添加 PID 去掉下面行的注释
LogPID                     yes



# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
#log文件路径
AltLog                     clf:/var/log/pureftpd.log



# Create an additional log file with transfers logged in a format optimized
# for statistic reports.

# AltLog                     stats:/var/log/pureftpd.log



# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)

# AltLog                     w3c:/var/log/pureftpd.log



# Disallow the CHMOD command. Users can't change perms of their files.
#设置为yes时,不接受 CHMOD 命令。用户不能更改他们文件的属性。
#NoChmod                     yes



# Allow users to resume and upload files, but *NOT* to delete them.
#设置yes时,允许用户恢复和上传文件,不允许删除他们
#KeepAllFiles                yes



# Automatically create home directories if they are missing
#用户主目录不存在的话,自动创建。
CreateHomeDir               no



# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#删除注释后,启用配额管理,1000:10 就限制每一个用户只能使用 1000 个文件,共10Mb。
#Quota                       1000:10



# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
#运行时的pid路径
#PIDFile                     /var/run/pure-ftpd.pid



# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.
# 如果你的 pure-ftpd 编译时加入了 pure-uploadscript 支持,这个指令将会使 pure-ftpd
# 发送关于新上传的情况信息到 /var/run/pure-ftpd.upload.pipe,这样 pure-uploadscript
# 就能读然后调用一个脚本去处理新的上传。
#这个功能用好了可以做很多事。。。

#CallUploadScript yes



# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
#限定上传文件占用硬盘的极限值,超过后不再接收上传数据
MaxDiskUsage               99



# Set to 'yes' if you don't want your users to rename files.
#是否禁止用户重命名已存在的文件
NoRename                  no



# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
#设置为yes,防止chmod修改错误导致文件锁定
CustomerProof              yes



# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
#3:20 意思是同一个认证用户最大可以有3个同时活动的进程。而且同时最多只能有20个匿名用户进程。
# PerUserLimits            3:20



# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual
# yes文件相同直接删除旧的,no先保留再更新
NoTruncate               yes



# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
#     including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

# TLS                      1


# OpenSSL ciphers suite for TLS sessions.
# Prefix with -C: in order to require valid client certificates.
# If -C: is used, make sure that clients' public keys are installed
# on the server.
# SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are available by
# default.

# TLSCipherSuite           HIGH



# Certificate file, for TLS

# CertFile                 /etc/ssl/private/pure-ftpd.pem



# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.
#只允许IPV4连接
IPV4Only                 yes



# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.

# IPV6Only                 yes

# UTF-8 support for file names (RFC 2640)
# Define charset of the server filesystem and optionnally the default charset
# for remote clients if they don't use UTF-8.
# Works only if pure-ftpd has been compiled with --with-rfc2640

FileSystemCharset   UTF-8
ClientCharset       UTF-8

添加用户及用户组

1
/usr/sbin/groupadd -f ftpgroup;/usr/sbin/useradd -g ftpgroup ftpuser

添加虚拟用户ftpnow,寄生到系统用户名ftpuser

1
pure-pw useradd ftpnow -d /whoisyourdaddy -u ftpuser -m

//pure-pw useradd 虚拟用户名 –u 寄生到系统用户名 –d FTP目录 –m(把用户密码加入PDB数据库中,不需要重启FTP)
按提示输入两次ftpnow用户的密码

修改目录的属主及用户

1
chown ftpuser.ftpgroup /whoisyourdaddy -R

建立pure-ftpd虚拟用户数据

1
pure-pw mkdb

然后参照下面命令,启动服务,没问题再设置开机启动
centos 7 pure-ftpd安装与配置,pure-ftpd最新安装配置教程,Centos7.4 64bit安装pure-ftpd及配置笔记,用了多年vsftp,今天试试pure-ftpd,

然后重启,试试用ftp客户端连接吧

centos 7.4 64bit系统下pure-ftpd的操作命令
启动pure-ftpd服务

1
systemctl start pure-ftpd.service

停止pure-ftpd服务

1
systemctl stop pure-ftpd.service

重启pure-ftpd服务

1
systemctl restart pure-ftpd.service

pure-ftpd状态

1
systemctl status pure-ftpd.service

设置pure-ftpd开机启动

1
systemctl enable pure-ftpd.service

1、删除pure-ftpd用户

1
pure-pw userdel[-f] [-m]

这时,用户的信息会被从指定的 passwd 文件中删除,但是用户的 home 目录会被保留,需要手工删除。
2、修改pure-ftpd用户

1
pure-pw passwd[-f] [-m]

3、显示pure-ftpd用户信息
在 /etc/pureftpd.passwd 文件中记录的信息,但不方便用户的阅读,因此 pure-ftpd 提供了显示用户信息的命令。其语法是:

1
pure-pw show[-f]

后记:
(1)用后体验比vsftp好,配置简单,清晰明了,分分钟搞定,适合我这种懒人用
(2)生成列表产生的文件比vsftp大一点

pure-ftp连接不上,报错 530 Login authentication failed 处理方法

查看下日志:

1
cat /var/log/messages

其中核心报错为:“account disabled”账户被禁用,

查看pureftpd.conf的配置,其中:

1
2
3
# Minimum UID for an authenticated user to log in.

MinUID 500

pure-ftpd配置中只允许uid大于等于500的,才可以登录ftp(系统安全考虑)

我们可以修改配置,把uid阈值调小,也可以在pure-ftp网页管理中设置一个uid大于500的用户。

您必须才能评论!

收藏
新建分类
没有账号? 忘记密码?