readme

功能强大的ftp服务器源代码

Note: 'root' (uid 0) always has full filesystem access.

If you want to chroot() everyone, but root, use the following flag:

- '-A': chroot() everyone, but root.

- '-b': Ignore parts of RFC standards in order to deal with some totally
broken FTP clients, or broken firewalls/NAT boxes.

- '-B': Have the standalone server start in background (daemonization).

- '-c <number of clients>': Allow a maximum of clients to be connected. For
instance '-c 42' will limit access to simultaneous 42 clients. There is a
50 client limit by default.

- '-C <max connection per ip>': Limit the number of simultanous connections
coming from the same IP address. This is yet another very effective way to
prevent stupid denial of services and bandwidth starvation by a single user.
It works only when the server is launched in standalone mode (if you use a
super-server, it is supposed to do that) . If the server is launched with
'-C 2', it doesn't mean that the total number of connections is limited to 2.
But the same client, coming from the same machine (or at least the same IP),
can't have more than two simultaneous connections. This feature needs some
memory to track IP addresses, but it's recommended to use it.

- '-d': Send various debugging messages to the syslog. Don't use this
unless you really want to debug Pure-FTPd. Passwords aren't logged.
Duplicate '-d' to log responses, too.

- '-D': List files beginning with a dot ('.') even when the client doesn't
append the '-a' option to the list command. A workaround for badly
configured FTP clients. If you are a purist, don't enable this. If you
provide hosting services and if you have lousy customers, enable this.

- '-e': Only allow anonymous users. Use this on a public FTP site with no
remote FTP access to real accounts.

- '-E': Only allow authenticated users. Anonymous logins are prohibited.

- '-f <facility>': Use that facility for syslog logging. It defaults to
'ftp' (or 'local2' if you got an obsolete libc without that facility).
Logging can be disabled with '-f none' .

- '-F <fortune file>': Display a fortune cookie on login. The sentence is
a random extract from the text file <fortune file>. This text file should be
formatted like standard "fortune" files (fortunes are separated by a '%'
sign on a single line) . Pure-FTPd has to be compiled with support for
cookies (--with-cookie). If you just want a simple banner displayed before
the login prompt, add the name of any text file here.

- '-g <pid file>': Change the location of the pid file when the server is
run in standalone mode. The default is /var/run/pure-ftpd.pid .

- '-G': Disallow renaming.

- '-H': By default, fully-qualified host names are logged. To achieve this,
DNS lookups are mandatory. The '-H' flag avoids host names resolution.
("213.41.14.252" will be logged instead of "www.toolinux.com") . It can
significantly speed up connections and reduce bandwidth usage on busy
servers. Use it especially on public FTP sites. Also, please note that
without -H, host names are informative but shouldn't be trusted: no reverse
mapping check is done to save DNS queries.

- '-i': Disallow upload for anonymous users, whatever directory permissions
are. This option is especially useful for virtual hosting, to avoid your
users creating warez sites in their account.

- '-I <timeout>': Change the maximum idle time. The timeout is in minutes
and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts
by sending fake commands at regular interval. We disconnect these clients
when they are idle for twice (because they are active anyway) the normal
timeout.

- '-j': If the home directory of a user doesn't exist, automatically create
it. The newly created home directory belongs to the user and permissions are
set according to the current directory mask. Only the home directory can be
created (so /home/john/./public_html won't work, but /home/john will) . To
avoid local attacks, the parent directory should never belong to an untrusted
user. Also note that you must trust whoever manages the users databases,
because with that feature, he'll be able to create/chown directories anywhere
on the server's filesystem.

- '-k <percentage>': Don't allow uploads if the partition is more than
<percentage>% full. For instance, "-k 95" will ensure your disks will never
get filled more than 95% by FTP. No need for the "percent" sign after the
number.

- '-K': Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (--autorename) .

- '-l <authentication>' or '-l <authentication>:<config file>': Adds a new
rule to the authentication chain. Please read the "Authentication" section,
later in this README file. It's an important section.

- '-L <max files>:<max depth>': To avoid stupid denial-of-service attacks
(or just CPU hogs), Pure-FTPd never displays more than 2000 files in response
to an 'ls' command. Also, a recursive 'ls' (-R) never goes further than 5
subdirectories. You can increase/decrease those limits with the '-L' option.

- '-m <cpu load>': Don't allow anonymous download if the load is above <cpu
load> . A very efficient way to prevent overloading your server. Upload is
still allowed, though.

- '-M': Allow anonymous users to create directories.

- '-n <max files>:<max size>': If the server has been compiled with support
for virtual quotas, enforce these quota settings for all users (except
members of the 'trusted' group) . <max size> is in Megabytes. See the
"virtual quotas" section later in this document.

- '-N': NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
that doesn't support applicative FTP proxying, or if you use port
redirection without a transparent FTP proxy, use this. Well... the previous
sentence isn't very clear. Okay: if your network looks like this:
(FTP server)-------(NAT/masquerading gateway/router)------(Internet)
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can
connect without any problem, your NAT gateway rulez. If Netscape doesn't
display directory listings, your NAT gateway sucks. Use '-N' as a workaround.

- '-o': Write all uploaded files to '/var/run/pure-ftpd.upload.pipe' so
that the 'pure-uploadscript' program can run. Don't enable that option if
you don't actually use 'pure-uploadscript'.

- '-O <format>:<log file>': Record all file transfers into a specific log
file, in an alternative format. Currently, three formats are supported: CLF
(Apache-like), Stats and W3C.

If you add '-O clf:/var/log/pureftpd.log' to your starting options,
Pure-FTPd will log transfers in /var/log/pureftpd.log in a format similar to
the Apache web server in default configuration. 

If you use '-O stats:/var/log/pureftpd.log' to your starting options,
Pure-FTPd will create log files in a special format, designed for statistical
reports. The Stats format is compact, more efficient and more accurate that
CLF and the old broken "xferlog" format.

The Stats format is:
<date> <session id> <user> <ip> <U or D> <size> <duration> <file>

<date> is a GMT timestamp (time()) and <session id> identifies the current
session. <file> is unquoted, but it's always the last element of a log line.
"U" means "Upload" and "D" means "Download".

Warning: the session id is only designed for statistics purposes. While it's
always an unique string in the real world, it's theoretically possible to have
it non unique in very rare conditions. So don't rely on it for critical
missions.

A command called "pure-statsdecode" can be used to convert timestamps into
human-readable dates.

The W3C format is enabled with '-O w3c:/var/log/pureftpd.log' .

For security purposes, the path must be absolute (eg. /var/log/pureftpd.log
, not ../log/pureftpd.log) . If this log file is stored on a NFS volume, don't
forget to start the lock manager (often called "lockd" or "rpc.lockd").

- '-p <first port>:<last port>': Use only ports in the range <first port>
to <last port> inclusive for passive-mode downloads. This is especially
useful if the server is behind a firewall without FTP connection tracking.
Use high ports (40000-50000 for instance), where no regular server should be
listening.

- '-P <ip address or host name>': Force the specified IP address in reply to
a PASV/EPSV/SPSV command. If the server is behind a masquerading (NAT) box
that doesn't properly handle stateful FTP masquerading, put the ip address
of that box here. If you have a dynamic IP address, you can put the public
host name of your gateway, that will be resolved every time a new client will
connect.

- '-q <upload ratio>:<download ratio>': Enable ratios for anonymous users.

- '-Q <upload ratio>:<download ratio>': Enable ratios for everybody
(anonymous and non-anonymous). Members of the root (0, something called
'wheel') have no ratio.

- '-r': Never overwrite existing files. Uploading a file whoose name
already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2,
xyz.3, etc.

Tip: if you compile with 'make AUTORENAME_REVERSE_ORDER=1' , the naming
convention will be reversed. Files will be called xyz, 1.xyz, 2.xyz, 3.xyz,
etc.

- '-R': Disallow users (even non-anonymous ones) usage of the CHMOD
command. On hosting services, it may prevent newbies from making mistakes,
like setting bad permissions on their home directory. Only root can use
CHMOD when -R is enabled.

- '-s': The "waReZ protection". Don't allow anonymous users to download
files owned by "ftp" (generally, files uploaded by other anonymous users) .
So that uploads have to be validated by a system administrator (chown to
another user) before being available for download.

- '-S [<ip address>,|<hostname>,] [<port>|<service name>]'. This option is
only effective when the server is launched as a standalone server.
Connections are accepted on the specified IP and port. IPv4 and IPv6 are
supported. Numeric and fully-qualified host names are accepted. A service
name (see /etc/services) can be used instead of a numeric port number.

- '-T <bandwidth>' and '-t <bandwidth>': Enable bandwidth limitation (see
below) . <bandwidth> is specified in kilobytes/seconds. To set up separate
upload/download bandwidth, the [<upload>]:[<download>] syntax is supported.

- '-u <uid>': Don't allow uids below <uid> to log in. '-u 1' denies access
to root (safe), '-u 100' denies access to virtual accounts on most Linux
distros.

- '-U <umask for files>:<umask for dirs>': Change the file creation mask.
The default is 133:022. If you want a new file uploaded by a user to only be
readable by that user, use '-U 177:077'. If you want uploaded files to be
executable, use 022:022 (files will be readable -but not writable- by other
users) or 077:077 (files will only be executable and readable by their
owner) . Please note that Pure-FTPd support the SITE CHMOD extension, so a
user can change the permissions of his own files.

- '-V <ip address>': Allow non-anonymous FTP access only on this specific
local IP address. All other IP addresses are only anonymous. With that
option, you can have routed IPs for public access and a local IP (like
10.x.x.x) for administration. You can also have a routable trusted IP
protected by firewall rules and only that IP can be used to login as a
non-anonymous user.

- '-w': Support the FXP protocol only for authenticated users. FXP works
with IPv4 and IPv6 addresses.

- '-W': Support the FXP protocol. FXP allows transfers between two remote
servers without any file data going to the client asking for the transfer.

However:

****************************************************************************

   *FXP IS AN INSECURE PROTOCOL* (third-party hosts can steal the current
connection) . In Pure-FTPd, specific precautions have been taken to reduce
FXP insertion attacks. But if your FTP server serves private data:
   NEVER ALLOW FXP ACCESS TO UNTRUSTED HOSTS. YOU CAN PLAY WITH IT ON AN
INTERNAL SERVER, BUT _DON'T_ GIVE FXP ACCESS TO ANONYMOUS INTERNET USERS.

****************************************************************************

        It's why FXP is disabled by default on Pure-FTPd unless you
explicitely enable it with '-W' or '-w'.

- '-x': In normal operation mode, authenticated users can read/write files
beginning with a dot ('.') . Anonymous users can't, for security reasons
(like changing banners or a forgotten .rhosts) . When '-x' is used,
authenticated users can download dot-files, but not overwrite/create them,
even if they own them. That way, you can prevent hosted users from messing
.qmail files. If you want to give user access to a special dot-file, create a
symbolic link to the dot-file with a file name that has no dot in it and the
client will be able to retrieve the file through that link.

- '-X': This flag is identical to the previous one (writing dot-files is
prohibited), but in addition, users can't even *read* files and directories
beginning with a dot (like "cd .ssh") .

****************************************************************************

When used in conjunction with "-a", members of the trusted group can bypass
'-x'/'-X' restrictions.

****************************************************************************

- '-y <max user logins>:<max anonymous logins>': This option only
works if the server has been compiled with --with-peruserlimits. It
restricts the number of concurrent sessions the same user can have.
  A null value ('0') means 'unlimited'.

Here's a concrete example:

/usr/local/sbin/pure-ftpd -y 3:20 -c 15 -C 5 -B

Here, we allow:
  * A max total of 15 sessions.
  * 5 connections max coming from the same IP address.
  * 3 connections max with the same user name.
  * 20 anonymous users max.
  
With such a setup, a single user can't easily fill all slots.  

- '-Y 0': Disable the SSL/TLS encryption layer (default).
  '-Y 1': Accept both standard and encrypted sessions.
  '-Y 2': Refuse connections that aren't using SSL/TLS security mechanisms,
including anonymous sessions. The server must have been compiled with
--with-tls and a valid certificate must be in place to get this feature.
See the README.TLS file for more info about SSL/TLS.

- '-z': Allow anonymous users to read files and directories starting with a
dot ('.') .

- '-Z': Try to protect customers against common mistakes to avoid your
technical support being busy with stupid issues. Right now, the '-Z' switch
prevents your users against making bad 'chmod' commands, that would deny
access to files/directories to themselves. The switch may turn on other
features in the future. If you are a hosting provider, turn this on.

If you prefer long options (GNU-style) over standard ones, the following
aliases are available. You can get this list at any time by typing
'pure-ftpd --help' .


--(switches sorted by ##standard switches## lexical order)--

-0  --notruncate
-1  --logpid                <file>
-4  --ipv4only
-a  --trustedgid            <gid>
-A  --chrooteveryone    
-b  --brokenclientscompatibility    
-B  --daemonize 
-c  --maxclientsnumber      <number>
-C  --maxclientsperip       <number>
-d  --verboselog    
-D  --displaydotfiles   
-e  --anonymousonly 
-E  --noanonymous