📄 readme
字号:
-f --syslogfacility <facility>-F --fortunesfile <file>-g --pidfile <path to pid file>-G --norename-h --help -H --dontresolve -i --anonymouscantupload-I --maxidletime <time (min)>-j --createhomedir-k --maxdiskusagepct <percentage>-K --keepallfiles-l --login <auth> or <auth>:<config file>-L --limitrecursion <number:number>-m --maxload <load>-M --anonymouscancreatedirs -N --natmode-o --uploadscript-O --altlog <format>:<log file>-p --passiveportrange <minport:maxport>-P --forcepassiveip <ip address>-q --anonymousratio <upload ratio>:<download ratio>-Q --userratio <upload ratio>:<download ratio>-r --autorename-R --nochmod-s --antiwarez -S --bind <ip address,port>-t --anonymousbandwidth <bandwidth (KB/s)>-T --userbandwidth <bandwidth (KB/s)> or [<up bw>]:[<down bw>]-u --minuid <uid>-U --umask <mask>-V --trustedip <ip address>-w --allowuserfxp -W --allowanonymousfxp-x --prohibitdotfileswrite -X --prohibitdotfilesread -y --peruserlimits <per user max>:<max anonymous sessions>-Y --tls <0:no TLS | 1:TLS+cleartext | 2:enforce TLS>-z --allowdotfiles-Z --customerproof--(switches sorted by ##GNU-style long switches## lexical order)---W --allowanonymousfxp-z --allowdotfiles-w --allowuserfxp -O --altlog <format>:<log file>-t --anonymousbandwidth <bandwidth (KB/s)>-M --anonymouscancreatedirs -i --anonymouscantupload-e --anonymousonly -q --anonymousratio <upload ratio>:<download ratio>-s --antiwarez -r --autorename-S --bind <ip address,port>-b --brokenclientscompatibility -A --chrooteveryone -j --createhomedir-Z --customerproof-B --daemonize -D --displaydotfiles -H --dontresolve -Y --tls <0:no TLS | 1:TLS+cleartext | 2:enforce TLS>-P --forcepassiveip <ip address>-F --fortunesfile <file>-h --help -4 --ipv4only-K --keepallfiles-l --login <auth> or <auth>:<config file>-1 --logpid <file>-L --limitrecursion <number:number>-c --maxclientsnumber <number>-C --maxclientsperip <number>-k --maxdiskusagepct <percentage>-I --maxidletime <time (min)>-m --maxload <load>-u --minuid <uid>-N --natmode-E --noanonymous -R --nochmod-G --norename-0 --notruncate-p --passiveportrange <minport:maxport>-y --peruserlimits <per user max>:<max anonymous sessions>-g --pidfile <path to pid file>-X --prohibitdotfilesread -x --prohibitdotfileswrite -f --syslogfacility <facility>-a --trustedgid <gid>-V --trustedip <ip address>-U --umask <mask>-o --uploadscript-T --userbandwidth <bandwidth (KB/s)> or [<up bw>]:[<down bw>]-Q --userratio <upload ratio>:<download ratio>-d --verboselog ------------------------ SETTING UP AN ANONYMOUS FTP ------------------------ If a 'ftp' user exists and its home directory is reachable, Pure-FTPd willaccept anonymous login, as 'ftp' or 'anonymous'. Files have to be located inthe home FTP directory. There's no need for 'bin', 'lib', 'etc' and 'dev'directories, nor any external program. Don't chown the public files to'ftp', just writable directories ('incoming') . ------------------------ DISPLAYING BANNERS ------------------------ If a '.banner' file is located in the 'ftp' user home directory (or in theroot directory of a virtual server, see below), it will be printed when theclient logs in. Put a nice ASCII-art logo with your name in that file.This file shouldn't be larger than 4000 bytes, or it won't be displayed.In each directory, you may also have a '.message' file. Its content will beprinted when a client enters the directory. Such a file can contain importantinformation ("Don't download version 1.7, it's broken!") . ------------------------ DISPLAYING A COOKIE ------------------------A funny random message can be displayed in the initial login banner. Therandom cookies are extracted from a text file, in the standard "fortune"format. If you installed the "fortune" package, you should have a directory(usually /usr/share/fortune) with binary files (xxxx.dat) and text files(without the .dat extension) . To use Pure-FTPd cookies, just add the nameof a text file to the '-F' option. For instance:/usr/local/sbin/pure-ftpd -F /usr/share/fortune/zippyIf you want to have your own fortune files, just create a text file with thefollowing structure.Hello... this is the first fortune...%Welcome to the real world.%Follow the white rabbit.%Have fun...Well... lotsa fun!%Yop is good for you.Goddit? Fortunes are delimited by a '%' sign on a single line. But afortune itself can be multi-line (see the fourth example) .For security paranoia, the text file has to be readable by everybody (chmod644 the file if necessary), or the server will ignore it.Of course, the fortune file can contain a single message. ------------------------ PER-USER CHROOT() RULES ------------------------Apart from the "-a" flag, Pure-FTPd has another way to fine-tune chroot()rules. Let's take an /etc/passwd entry:mimi:x:501:100:Mimi:/home/mimi:/bin/zshWithout any special rule, mimi will be able to log in and to retrieve anypublic-readable file in the filesystem. Now, let's change a bit of its homedirectory:mimi:x:501:100:Mimi:/home/mimi/./:/bin/zshSo what? Mimi's home directory is still the same and common applicationsshouldn't notice any difference. But Pure-FTPd understands "chroot() until/./". So when mimi next carries out a FTP log in, only the /home/mimidirectory will be reachable, not the whole filesystem. If you don't like the"-a" and its trusted gid thing, this is a good way to only chroot() someusers. Another trick is to add something after "/./":mimi:x:501:100:Mimi:/home/mimi/./public_html:/bin/zshWhen Mimi will log in, two things will happen:- chroot("/home/mimi") so that Mimi can't see anything but her home directory.- chdir("public_html") so the session will start in the public_htmldirectory. "cd .." is still allowed, though.That "url-style" handling is especially handy for FTP-only users (ie.without shell access) .If a user is chrooted with the /./ trick *and* belongs to the trusted group(-a) he *will* be chrooted, but he will have no ratio and will be allowed toaccess dot files. ------------------------ RATIOS ------------------------If you want to force people to upload new files before being able todownload other files, ratios are for you. It's a very good way to get lotsafresh stuff on a public FTP server and a must for warez traders. I don'tlike that kind of business, but well... Pure-FTPd has to be designed toplease everybody.To enable ratios, just use the '-q' option, followed by the upload:downloadratio: -q 2:5 ...means that an anonymous user has to upload at least 2 Mb of goodies to beable to download 5 Mb.If ratios should apply to everyone (anon and non-anon), use the '-Q' optionthe same way.Note: 'root' never has ratios. Neither have users of the trusted group when'-Q' in used with the '-a' or '-A' option. ------------------------ BANDWIDTH THROTTLING ------------------------Pure-FTPd has an interesting built-in feature: simple bandwidth throttling.* You want to limit FTP throughput so that uploading and downloading filesthrough that protocol can't fill up your network bandwidth.-> Compile Pure-FTPd with --with-throttling-> Run it with the '-T' flag, followed by a number. That number is themaximum bandwidth a user can use in a session, in kilobytes/seconds.* You want to allow less bandwidth to your anonymous users than yourauthenticated ones. So that during a bandwidth starvation, real users canstill upload/download properly.-> Compile Pure-FTPd with --with-throttling-> Run it with the '-t' flag, followed by a number.Example:/usr/local/sbin/pure-ftpd -t 64And uploading/downloading files can't take more than 64 KB/sec whatever realbandwidth you have.* It is possible to have different bandwidth limits for uploads and fordownloads. '-t' and '-T' can indeed be followed by two numbers delimited bya column (':') . The first number is the upload bandwidth and the next oneapplies only to downloads. One of them can be left blank which means infinity.Example 1: 256 KB/s for uploads, 64 KB/s for downloads/usr/local/sbin/pure-ftpd -t 256:64Example 2: 256 KB/s for uploads, no limit for downloads/usr/local/sbin/pure-ftpd -t 256:Example 3: no limit for uploads, 64 KB/s for downloads/usr/local/sbin/pure-ftpd -t:64With no column, the value applies to both, so '-t 64' is an alias for '-t 64:64' .* When Pure-FTPd serves a session with restricted bandwidth, it decreasesits process priority to 10. So, '-t 0' makes sense: during a CPUstarvation, authenticated sessions may be more responsible than anonymousones. '-T 0' is quite useless, but it also works and it will always be nice tothe server process.* If you need advanced bandwidth management, have a look at your kernelQ.O.S. abilities. ------------------------ VIRTUAL SERVERS ------------------------Using Virtual servers is a convenient way of hosting several FTP sites on the samecomputer. Let's say, you got two customers. The former owns the 'c9x.org'domain name, while the latter owns the 'rtchat.com' domain name. Both arehosted on the same computer, but they don't want to share the same files.ftp://ftp.c9x.org/ should show different content than ftp://ftp.rtchat.com/.The FTP protocol doesn't allow name-based selection. So, if you want to host<N> different virtual FTP servers on the same host and keep the standard port,you need <N> different IP addresses. Yes, Sir. Or use HTTP.Assign the needed IP adresses to your network adapter (with "ifconfig eth0:x..." or "ip addr add dev eth0 a.b.c.d").Now, create a /etc/pure-ftpd directory if it doesn't exist:mkdir /etc/pure-ftpdTo add a virtual FTP server, you only need to create a symbolic link in/etc/pure-ftpd/ from the virtual host IP to the directory that contains thefile for that virtual host.Example:ln -s /home/customers/rtchat.com/ftp /etc/pure-ftpd/216.226.17.77ln -s /home/customers/c9x.org/ftp /etc/pure-ftpd/212.73.209.252Done! Put the C9X files in /home/customers/c9x.org/ftp/ and the RTChatfiles in /home/customers/rtchat.com/ftp/ .⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -