readme

功能强大的ftp服务器源代码

feature.

--without-humor: if you find what this option does without peeking at the
source code, you're a lucky guy!

--without-inetd: if you will always be running Pure-FTPd in standalone-mode,
enabling this flag can save a few code bytes. Don't enable --without-inetd
and --without-standalone, because it's impossible to run a server without
one of them. These options aren't enabled on binary distributions of
Pure-FTPd, so that both inetd-like and standalone mode are supported.

--without-iplogging: don't log any IP address to protect confidentiality,
especially for political servers.

--without-nonalnum: paranoid file name checking: only allow basic
alphanumeric characters. Never enable this switch blindly, or your customers
will complain.

--without-sendfile: on Linux and FreeBSD kernels, Pure-FTPd tries to reduce
the CPU/memory usage by using a special system call (sendfile) . It works
very well with most filesystems. However, this optimization is not
implemented for all filesystems in current kernels. Users reported that
downloading files with Pure-FTPd failed with SMBFS (Samba) on FreeBSD 4.3,
and TmpFS and NTFS on Linux (the error reported by the server is "broken
pipe" or "Error during write to data connection") . If you are planning to
serve files from these filesystems, you have to use the --without-sendfile
switch to enable a workaround. It was also reported that PA-Risc Linux
systems need this flag.

--without-shadow: ignore the shadow passwords, even though they are
auto-detected. Usually a bad idea, unless you use PAM, LDAP or SQL.
Pure-FTPd support expiration dates of shadow passwords (both for accounts
and passwords) .

--without-standalone: the FTP server can normally run in standalone-mode
(without any super-server) . If you don't need that feature and if you want
to save few code bytes, add this option. A super-server like g2s, xinetd
or tcpserver will be mandatory to run the service. But the standalone mode is
the recommended mode of operation.

--without-usernames: never outputs user and group names in directory
listings, only UIDs and GIDs. It improves security and performances, but
some people find this not user-friendly.



/--------------
 Other notes
 --------------/


Other traditional autoconf options are of course recognised, like
"--prefix=" to change the installation prefix, that defaults to "/usr/local/".

FYI, the binary RPM packages of Pure-FTPd are configured with the following
command line:

./configure --with-everything --with-paranoidmsg --without-capabilities \
            --with-virtualchroot

RPM packages are also compiled with --without-pam to enhance their
portability.


  ------------------------ STANDALONE INSTALLATION ------------------------


Unless you compiled the server with "--without-standalone", running the
server is as easy as typing:

/usr/local/sbin/pure-ftpd &

In the following examples, we will assume that the 'pure-ftpd' file is
located in /usr/local/sbin. This is the default if you compiled the server
from the source code tarball. But as I said earlier in this document, if
you installed a binary package (RPM, SLP, DEB, TGZ), the server maybe
installed in /usr/sbin/. So just replace '/usr/local/sbin/pure-ftpd' with
'/usr/sbin/pure-ftpd'.

When the previous command is run, the server will listen for incoming
connections on every interface, all IP addresses and the standard FTP port
(21) . If your system has IPv6 addresses, they should work as well.

Now, if you want to listen for an incoming connection on a non-standard port,
just append '-S' and the port number:

/usr/local/sbin/pure-ftpd -S 42

Service names are also allowed ('-S smtp' and the daemon will be accepting
connections on the SMTP port (25) . Very uncommon, but we should please
everybody anyway, even disturbed minds) .

Now, what if your system has many IP addresses and you want the FTP server
to be reachable on only one of these addresses, let's say 192.168.0.42?
Just use the following command line:

/usr/local/sbin/pure-ftpd -S 192.168.0.42,

The final comma is important, don't forget it. Actually, it's a shorthand for:

/usr/local/sbin/pure-ftpd -S 192.168.0.42,21

If you prefer host names over IP addresses, it's your choice:

/usr/local/sbin/pure-ftpd -S ftp.rtchat.com,21

IPv6 addresses are of course supported.

With previous command lines, the server will run in the default
configuration. Anonymous FTP logins will be allowed if there's a system
account called 'ftp' and every user of your system will be able to access
the FTP server using his regular login/password pair.

If you need to tweak that default configuration, other command-lines options
can be added. For instance:

/usr/local/sbin/pure-ftpd -c 50 &

or

/usr/local/sbin/pure-ftpd -S ftp.rtchat.com,21 -c 50 &

And only 50 simultanous connections will be allowed. To discover what
options are available please jump to the 'OPTIONS' chapter below. If the
server runs perfectly for you in standalone mode, you don't need to read the
following chapter about super-servers. But read the options. '-m' and '-C'
are recommended. '-D' is also a good choice if you (or your customers) use
broken clients. Please read on.

When you run 'ps auxw|grep pure-ftpd', the result looks like this:

root     15211  0.1  0.3  1276  452 ?        S    13:53   0:00 pure-ftpd [SERVER]
root     15212  0.1  0.5  1340  672 ?        S    13:54   0:00 pure-ftpd [IDLE]
root     15214  0.0  0.5  1340  672 ?        S    13:56   0:00 pure-ftpd [DOWNLOADING]

[SERVER] is the main server. If you kill this process, the server will exit
after the next connection.
[IDLE] shows a client with no transfer activity.
[DOWNLOADING] shows a client downloading a file.
[UPLOADING] show a client uploading a file.

For easy scripting, the file '/var/run/pure-ftpd.pid' is created and it
always contains the PID of the main server process.


 ------------------------ SUPER-SERVER INSTALLATION ------------------------
    
    
Pure-FTPd can also run with the help of a super-server, like telnet, wu-ftp, 
finger or Qmail. Using a super-server is usually slower than the standalone
mode. But if you love tcpwrappers or built-in filtering abilities of your
super-server, Pure-FTPd can cope with them.

Unix has tons of super-servers: Inetd (the most common one), TCPserver,
G2S, Xinetd, Rlinetd, ... Only the first three will be covered here, but
integration with other super-servers should be painless.


**** Usage with Inetd ****

Important: if security matters for you, forget inetd. In the default
configuration, inetd will stop a service after a high rate of connections to
the same port. This creates an easy denial-of-service. Also, inetd doesn't
have any concurrency limit. Bad guys can fill up your memory and your
descriptor tables even if you are restricting the number of connections in
pure-ftpd. Better use a modern replacement for inetd, or run pure-ftpd in
standalone mode.


1) Check that inetd is up:

ps auxw | grep inetd
root      3699  0.0  0.3  1072  492 ?        S    15:47   0:00 inetd

2) Edit /etc/inetd.conf and look for a line like:

ftp        stream        tcp        nowait        root        /usr/sbin/tcpd        in.ftpd

The line may also end with "proftpd" or "wuftpd", but it should start with
"ftp stream tcp".

3) Replace that line with the following one:

ftp        stream        tcp        nowait        root        /usr/sbin/tcpd        /usr/local/sbin/pure-ftpd

If /usr/sbin/tcpd is missing on your system, try the following line instead:

ftp        stream        tcp        nowait        root        /usr/local/sbin/pure-ftpd  pure-ftpd

4) Restart the inetd daemon:

killall -HUP inetd

If 'killall' is missing on your system, try this:

kill -HUP $(cat /var/run/inetd.pid)


**** Usage with Xinetd ****

Add the following entry to the /etc/xinetd.conf file:


service ftp 
{ 
    socket_type = stream 
    server = /usr/local/sbin/pure-ftpd 
    protocol = tcp 
    user = root 
    wait = no
    disable = no 
}


On Redhat systems, you can also put this in a /etc/xinetd.d/pure-ftpd file.

Then, restart the server:

killall -USR2 xinetd



**** Usage with TCPserver ****


TCPServer is part of the ucspi-tcp package by Dan Bernstein. It's less
bloated than inetd, less D.O.S.-prone and has interesting filtering
abilities. The simplest way of running Pure-FTPd with TCPserver is the
following command:

tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd &

You can add that line to your system local startup scripts
(usually /etc/rc.d/boot.local or /etc/rc.d/rc.local) . If it doesn't work,
replace 'tcpserver' with its full path (eg. '/usr/local/bin/tcpserver') .


**** Usage with G2S ****


Add the following lines to your /etc/jnetd.cf file (or whatever configuration
file you choose for G2S):

{  
    SERVICE ftp
    DESCRIPTION "Pure-FTPd"
    RUN /usr/local/sbin/pure-ftpd
}

Restart the 'jnetd' daemon and you're done.


          ------------------------ OPTIONS ------------------------
    
    
The previous steps should be enough to get a running FTP server. But you can
add some command-line arguments to change its behavior. These arguments have
to be added after the pure-ftpd path in your super-server configuration.
For instance, you want to add the '-s' and '-a 42' flags. Here are what the
configuration lines will look like in your super-server:

- Inetd:
ftp        stream        tcp        nowait        root        /usr/sbin/tcpd  /usr/local/sbin/pure-ftpd -s -a42
or
ftp        stream        tcp        nowait        root        /usr/local/sbin/pure-ftpd  pure-ftpd -s -a42

If you use Inetd, don't put space between options and arguments. e.g. use
-a42 instead of -a 42 . Inetd has trouble dealing with a lot of options and
with characters like ':' .

- Xinetd:

service ftp 
{ 
    socket_type = stream 
    server = /usr/local/sbin/pure-ftpd
    server_args = -s -a 42
    protocol = tcp 
    user = root 
    wait = no
    disable = no 
}

- TCPserver:
tcpserver -DHRl0 0 21 /usr/local/bin/pure-ftpd -s -a 42 &

- G2S:
{  
    SERVICE ftp
    DESCRIPTION "Pure-FTPd"
    RUN /usr/local/sbin/pure-ftpd -s -a 42
}

Users need a shell listed in /etc/shells to get restricted or unrestricted
FTP access. Alternatively, you can give them "ftp" as a shell. Users with a
"ftp" shell will be able to login through FTP only: no telnet, no SSH. And
there's no need (and you shouldn't do so) for an "ftp" entry in /etc/shells.

Here are the recognised switches:

- '-0': when a file is uploaded and there is already a previous version of the
file with the same name, the old file will neither get removed nor truncated.
Upload will take place in a temporary file and once the upload is complete,
the switch to the new version will be atomic. For instance, when a large PHP
script is being uploaded, the web server will still serve the old version and
immediatly switch to the new one as soon as the full file will have been
transfered. This option is incompatible with virtual quotas.

- '-1': log the PID of each session in syslog output.

- '-4': only listen to IPv4 connections. YOU HAVE TO ENABLE THIS ON OPENBSD,
ISOS, EKKOBSD AND MACOS X IF YOUR NETWORK IS NOT 100% IPV6! Even if you are
starting the server through a superserver like inetd.

- '-a <gid>': Authenticated users will be granted access to their home
directory and nothing else (chroot) . This is especially useful for users
without shell access, for instance, WWW-hosting services shared by several
customers. Only member of group number <gid> will have unrestricted access
to the whole filesystem. So add a "staff", "admin" or "ftpadmin" group and
put your trusted users in. <gid> is a NUMERIC group number, not a group name.
This feature is mainly designed for system users, not for virtual ones.