本文详细介绍了ProFTPD服务器的基本配置方法,包括匿名登录、虚拟主机设置、MySQL认证支持等内容。通过具体配置示例,帮助读者理解如何进行权限管理、目录限制及连接控制等关键配置。
basic conf
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
virtual host conf
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# This is a basic ProFTPD configuration file (rename it toanonymous conf
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)
ServerName "ProFTPD Anonymous Server"
ServerType standalone
# Port 21 is the standard FTP port.
Port 21
# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>
# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>
# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>
# A second anonymous ftp section. Users can login as "private". Here
# we hide files owned by root from being manipulated in any way.
<Anonymous /usr/local/private>
User bobf
Group users
UserAlias private bobf
UserAlias engineering bobf
# Deny access from *.evil.net and *.otherevil.net, but allow
# all others.
<Limit LOGIN>
Order deny,allow
Deny from .evil.net, .otherevil.net
Allow from all
</Limit>
# We want all uploaded files to be owned by 'engdept' group and
# group writable.
GroupOwner engdept
Umask 006
# Hide all files owned by user 'root'
HideUser root
<Limit WRITE>
DenyAll
</Limit>
# Disallow clients from any access to hidden files.
<Limit READ DIRS>
IgnoreHidden on
</Limit>
# Permit uploading and creation of new directories in
# submissions/public
<Directory submissions/public>
<Limit READ>
DenyAll
IgnoreHidden on
</Limit>
<Limit STOR MKD RMD XMKD XRMD>
AllowAll
IgnoreHidden on
</Limit>
</Directory>
</Anonymous>
# The last anonymous example creates a "guest" account, which clients
# can authenticate to only if they know the user's password.
<Anonymous ~guest>
User guest
Group nobody
AnonRequirePassword on
<Limit LOGIN>
AllowAll
</Limit>
# Deny write access from all except trusted hosts.
<Limit WRITE>
Order allow, deny
Allow from 10.0.0.
Deny from all
</Limit>
</Anonymous>
virtual host conf
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
# This sample configuration file illustrates creating two
# virtual servers, and associated anonymous logins.
ServerName "ProFTPD"
ServerType inetd
# Port 21 is the standard FTP port.
Port 21
# Global creates a "global" configuration that is shared by the
# main server and all virtualhosts.
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
</Global>
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Maximum seconds a data connection may "stall"
TimeoutStalled 300
# First virtual server
<VirtualHost ftp.virtual.com>
ServerName "Virtual.com's FTP Server"
MaxClients 10
MaxLoginAttempts 1
# DeferWelcome prevents proftpd from displaying the servername
# until a client has authenticated.
DeferWelcome on
# Limit normal user logins, because we only want to allow
# guest logins.
<Limit LOGIN>
DenyAll
</Limit>
# Next, create a "guest" account (which could be used
# by a customer to allow private access to their web site, etc)
<Anonymous ~cust1>
User cust1
Group cust1
AnonRequirePassword on
<Limit LOGIN>
AllowAll
</Limit>
HideUser root
HideGroup root
# A private directory that we don't want the user getting in to.
<Directory logs>
<Limit READ WRITE DIRS>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
# Another virtual server, this one running on our primary address,
# but on port 4000. The only access is to a single anonymous login.
<VirtualHost our.ip.address>
ServerName "Our private FTP server"
Port 4000
Umask 027
<Limit LOGIN>
DenyAll
</Limit>
<Anonymous /usr/local/ftp/virtual/a_customer>
User ftp
Group ftp
UserAlias anonymous ftp
<Limit LOGIN>
AllowAll
</Limit>
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming>
<Limit WRITE>
AllowAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
complex virtual conf
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
#
# Virtual Hosting Server Configuration
# by M.Lowes <markl@ftech.net>
# for Frontier Internet Services Limited
# (http://www.ftech.net/)
#
ServerName "Master Webserver"
#
# Spawn from inetd?
#
#ServerType inetd
#
# or maybe a standalone server...
#
ServerType standalone
#
# don't give the server banner until _after_ authentication
#
DeferWelcome off
#
# Some basic defaults
#
Port 21
Umask 002
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
#
# No, I don't think we'll run as root!
#
User ftp
Group ftp
#
# This is a non-customer usable name, (ie they should be connecting via www.{domain})
# not 'hostname'. Therefore let's dump them in a dummy account and wait for them to
# scream.
#
DefaultRoot /web/Legacy/
#
# Performance, let's do DNS resolution when we process the logs...
#
UseReverseDNS off
#
# Where do we put the pid files?
#
ScoreboardPath /var/run/proftpd
#
# Logging options
#
TransferLog /var/spool/syslog/proftpd/xferlog.legacy
#
# Some logging formats
#
LogFormat default "%h %l %u %t /"%r/" %s %b"
LogFormat auth "%v [%P] %h %t /"%r/" %s"
LogFormat write "%h %l %u %t /"%r/" %s %b"
#
# Global settings
#
<Global>
DisplayLogin welcome.msg
DisplayFirstChdir readme
#
# having to delete before uploading is a pain ;)
#
AllowOverwrite yes
#
# Turn off Ident lookups
#
IdentLookups off
#
# Logging
#
# file/dir access
#
ExtendedLog /var/spool/syslog/proftpd/access.log WRITE,READ write
#
#
# Record all logins
#
ExtendedLog /var/spool/syslog/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
##ExtendedLog /var/spool/syslog/proftpd/paranoid.log ALL default
</Global>
#
# Deny writing to the base server...
#
<Limit WRITE>
DenyAll
</Limit>
# --------------------------------------------
# Virtual Servers start here....
#
# (Note: this is normally auto generated by a
# script written in house).
# --------------------------------------------
#
# www.ftech.net.
# This is the default server
# Gets all the connections for www.{customer.domain},
# & www.ftech.net
#
<VirtualHost www.ftech.net>
ServerAdmin webmaster@Ftech.net
ServerName "Master Webserver"
MaxLoginAttempts 2
RequireValidShell no
TransferLog /var/spool/syslog/proftpd/xferlog.www
MaxClients 50
DefaultServer on
DefaultRoot ~ !staff
AllowOverwrite yes
#
# No quickly do we kick someone out
#
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
# --------------------------------------------
# Got a Frontpage customer who keeps breaking things????
# - stick 'em in group fpage
# --------------------------------------------
<Directory ~/public_html>
#
# Block them from doing anything other than reading...
#
<Limit STOR RNFR DELE>
DenyGroup fpage
</Limit>
</Directory>
#
# ditto for ftp_root if it's there...
#
<Directory ~/ftp_root>
<Limit STOR RNFR DELE>
DenyALL
</Limit>
</Directory>
#
# Limit by IP...
#
<Directory /web/zsl>
<Limit ALL>
Order Allow,Deny
Allow 195.200.31.220
Allow 212.32.17.0/26
Deny ALL
</Limit>
</Directory>
</VirtualHost>
# --------------------------------------------
#
# Legacy server, left in because some people
# haven't realised it's gone yet. Shove 'em into
# a dummy $home
#
<VirtualHost web-1.ftech.net>
ServerAdmin webmaster@Ftech.net
ServerName "Legacy Web Upload Server"
MaxLoginAttempts 2
RequireValidShell no
MaxClients 50
DefaultRoot ~ !staff
MaxClients 2
AllowOverwrite yes
TransferLog /var/spool/syslog/proftpd/xferlog.web-1
</VirtualHost>
# --------------------------------------------
#
# ftp.ftech.net
#
<VirtualHost ftp.ftech.net>
ServerAdmin ftpmaster@ftech.net
ServerName "Frontier Internet Public FTP Server"
TransferLog /ftp/xferlog/ftp.ftech.net
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.ftech.net
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp/authfiles/passwd.ftp.ftech.net
AuthGroupFile /var/conf/ftp/authfiles/group.ftp.ftech.net
# A basic anonymous configuration, no upload directories.
<Anonymous /ftp/ftp.ftech.net>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
RequireValidShell no
# Limit the maximum number of anonymous logins
MaxClients 50
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
<Directory pub/incoming>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory home>
<Limit ALL>
DenyAll
</Limit>
</Directory>
#
# Limit access to the mirrors to LINX
# only
#
<Directory mirrors>
<Limit RETR>
Order Allow,Deny
Allow .uk, .ftech.net
Allow .vom.tm
Deny ALL
</Limit>
</Directory>
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# Virtual ftp with anon access, but no incoming
#
<VirtualHost ftp.foo1.com>
ServerAdmin ftpmaster@foo1.com
ServerName "Foo1 FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo1.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo1.com
User foo1
Group foo1
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo1.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo1.com
<Anonymous /ftp/ftp.foo1.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo2.com
# Anon, no incoming, some private access areas
#
<VirtualHost ftp.foo2.com>
ServerAdmin ftpmaster@mcresearch.co.uk
ServerName "MC Research FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo2.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo2.com
User foo2
Group foo2
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo2.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo2.com
<Anonymous /ftp/ftp.foo2.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory download>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
<Directory /ftp/ftp.foo2.com/pub>
<Limit WRITE>
AllowUser mcres
DenyAll
</Limit>
</Directory>
<Directory /ftp/ftp.foo2.com/download>
<Limit ALL>
AllowUser mcres
AllowUser customer
DenyAll
</Limit>
</Directory>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo3.com
#
#
<VirtualHost ftp.foo3.com>
ServerAdmin ftpmaster@farrukh.co.uk
ServerName "Farrukh FTP Archive"
TransferLog /var/spool/syslog/xfer/ftp.foo3.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /web/farrukh2/ftp_root
User farrukh2
Group farrukh2
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo3.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo3.com
<Anonymous /web/farrukh2/ftp_root>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory pub/incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory pub/Incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
#
# block access to the secure areas by anon...
#
<Directory fpub>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Directory fgroup>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
#
# define user based access
#
<Directory /web/farrukh2/ftp_root/fpub>
<Limit ALL>
AllowUser farrukh
AllowUser fguest
DenyAll
</Limit>
</Directory>
<Directory /web/farrukh2/ftp_root/fgroup>
<Limit ALL>
AllowUser farrukh
AllowUser fgroup
DenyAll
</Limit>
</Directory>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo4.com
# anon, with incoming upload
#
<VirtualHost ftp.foo4.com>
ServerAdmin ftpmaster@teamwork.co.uk
ServerName "Teamwork FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo4.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo4.com
User foo4
Group foo4
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo4.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo4.com
<Anonymous /ftp/ftp.foo4.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory pub/incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory pub/Incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# The end....
# ----------------------------------------------------
Config with simple mysql authentication support
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
##
## Config with simple mysql authentication support
## Contributed by 'Stonki'
## Added to www.proftpd.org 18/Oct/2002
##
# This is a basic ProFTPD configuration file. It establishes a single
# server and a single anonymous login. It assumes that you have a
# user/group "nobody"/"nogroup" for normal operation and anon.
# !!! PLEASE read the documentation of proftpd !!!
#
# You can find the documentation in /usr/doc/packages/proftpd/,
# http://www.proftpd.org/ and don't forget to read carefully
# and _follow_ hints on http://www.proftpd.net/security.html.
#
# geaendert: 03.11.2001 f黵 ProFTP 1.2.4 und mod_sql 4.x
#
#
# Basic
#
ServerName "Stonki"
serverType inetd
ServerAdmin support@stonki.de
#
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
#SyslogLevel emerg
#SystemLog /var/log/proftpd.system.log
#
# uncomment, if you want to hide the servers name:
#
ServerIdent on "Stonki's Server"
DeferWelcome on
DefaultServer on
#
# Display
#
DisplayLogin /messages/ftp.motd
DisplayConnect /net/messages/ftp.pre
DisplayFirstChdir index.txt
HiddenStor off
DirFakeUser on stonki
DirFakeGroup on stonki
DirFakeMode 0000
# Enable PAM for authentication...
#
AuthPAM on
# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
# AuthPAMAuthoritative on
# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
#AuthPAMConfig <other_name>
# Port 21 is the standard FTP port.
Port 21
#------------------------mysql Modul: 4.x
#
# Zugangskontrolle
#
SQLAuthTypes Plaintext
SQLAuthenticate users*
SQLConnectInfo db@localhost username password
SQLDefaultGID 65534
SQLDefaultUID 65534
SQLMinUserGID 100
SQLMinUserUID 500
SQLUserInfo ftp username password uid gid homedir shell
#
# aktive SQL Kommandos, ab hier passiert etwas :-)
#
SQLLog PASS counter
SQLNamedQuery counter UPDATE "letzter_zugriff=now(), count=count+1 WHERE username='%u'" ftp
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
#------------------------mysql
# Port 21 is the standard FTP port.
Port 21
# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port 0
# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight on
#
# FXP Unterstuetzung
#
AllowForeignAddress on
# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask 022
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Maximal Werte setzen
MaxClientsPerHost 3 "Nicht mehr als %m Verbindungen"
MaxClients 5 "Leider sind schon %m Clients verbunden"
# RateReadBPS 5000
# RateReadFreeBytes 5000
# RateReadHardBPS on
Classes on
Class default limit 5
Class internet limit 2
Class local limit 3
Class internet ip 0.0.0.0/0
Class internet ip 192.168.99.99/24
Class local ip 127.0.0.1/24
Class local ip 192.168.0.0/24
#
# Restart erlauben
#
AllowStoreRestart on
AllowRetrieveRestart on
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite off
HideNoAccess on
<Limit READ>
AllowAll
</Limit>
<Limit Write>
DenyAll
</Limit>
</Directory>
<Directory /net/incoming/*>
AllowOverwrite on
<Limit STOR CMD MKD WRITE>
AllowALL
</Limit>
<Limit RETR DELE>
DenyALL
</Limit>
</Directory>
# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...)
#PathAllowFilter "^[a-zA-Z0-9_.-]()'+___FCKpd___3quot;
#PathAllowFilter "^[a-zA-Z0-9 _.-]()'+___FCKpd___3quot;
# We don't want .ftpaccess or .htaccess files to be uploaded
#PathDenyFilter "(/.ftp)|(/.ht)[a-z]+___FCKpd___3quot;
#PathDenyFilter "/.ftp[a-z]+___FCKpd___3quot;
# Do not allow to pass printf-Formats (security! see documentation!):
#AllowFilter "^[a-zA-Z0-9@~ /,_.-]*___FCKpd___3quot;
#DenyFilter "%"
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# such as xinetd)
MaxInstances 30
# Performance: skip DNS resolution when we process the logs...
UseReverseDNS on
# Turn off Ident lookups
IdentLookups on
# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300
# Where do we put the pid files?
ScoreboardPath /usr/local/var/proftpd
#
# Logging options
#
TransferLog /var/log/proftpd.xferlog
# Some logging formats
#
LogFormat default "%h %l %u %t /"%r/" %s %b"
LogFormat auth "%v [%P] %h %t /"%r/" %s"
LogFormat write "%h %l %u %t /"%r/" %s %b"
# Log file/dir access
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level....
ExtendedLog /var/log/proftpd.paranoid_log ALL default
#
# Do a chroot for web-users (i.e. public or www group), but
# do not change root if the user is also in the users group...
#
DefaultRoot ~ !users
#
# Limit login attempts
#
MaxLoginAttempts 3
#
# Users needs a valid shell
#
RequireValidShell off
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
