virtual.ftp.support

wu-ftpd类unix下的ftp服务器,可用于嵌入式系统

    total 4
    -rw-------   1 root     sys         2046 Jun 26 15:01 ftpaccess
    
    /etc/ftpd/man:
    total 8
    drwxrwsr-x   2 root     sys          512 Jun 26 19:22 man1
    drwxrwsr-x   2 root     sys          512 Jun 26 19:22 man1m
    drwxrwsr-x   2 root     sys          512 Jun 26 19:22 man5
    drwxrwsr-x   2 root     sys          512 Jun 26 14:56 man8
    
    /etc/ftpd/man/man1:
    total 4
    -r--r--r--   1 bin      bin          374 Jun 26 19:22 ftpcount.1
    -r--r--r--   1 bin      bin          450 Jun 26 19:22 ftpwho.1
    
    /etc/ftpd/man/man1m:
    total 28
    -r--r--r--   1 bin      bin         2177 Jun 26 19:22 ftpshut.1m
    -r--r--r--   1 bin      bin         805  Jun 26 19:22 ftprestart.1m
    -r--r--r--   1 bin      bin        10813 Jun 26 19:22 in.ftpd.1m
     
    /etc/ftpd/man/man5:
    total 40
    -r--r--r--   1 bin      bin        15341 Jun 26 19:22 ftpaccess.5
    -r--r--r--   1 bin      bin         1004 Jun 26 19:22 ftpconversions.5
    -r--r--r--   1 bin      bin          683 Jun 26 19:22 ftphosts.5
    -r--r--r--   1 bin      bin         2531 Jun 26 19:22 xferlog.5


                                   [----]

7. Configuring to support Virtual FTP Server Support
----------------------------------------------------

   --------------
   7.1 Background
   --------------

    This version provides two different means for supporting virtual hosting.
    You can choose to use the limited virtual hosting support or you can
    use complete virtual support by having completely different ftpaccess 
    files. 

    In the limited support version, virtual servers are only partially 
    supported.  This implementation of virtual servers only supports 
    setting
 
        - the root ftp directory, 
        - the log file,
        - the banner,
        - the hostname, and
        - the email address to contact.
 
    All other directives in the ftpaccess file have to be shared globally 
    across all virtual servers.  Below is the original message that
    described how to setup limited virtual support.

    ---------------------------------------
    7.1.1. Limited Virtual Hosting Support:
    ---------------------------------------

    Date: Fri, 26 May 1995 21:33:23 -0400 (EDT)
    From: Brian Kramer <bjkramer@pluto.njcc.com>
    To: wu-ftpd@wugate.wustl.edu
    Subject: Virtual FTP Servers

    [Modifications to provide for discrete xferlogs for each server provided by
    Marc G. Fournier <scrappy@ki.net> -- sob.]
 
    I'm attaching a patch for wu-ftpd 2.4 to allow virtual ftp servers to be 
    setup.  Basically so a user ftping to ftp1.domain.com gets one ftp banner 
    and one ftp directory and a user ftping to ftp2.domain.com gets another 
    banner and directory even though they are on the same machine and port.

    I was the person who originally asked how to do it, and got enough answers 
    to write a patch that would allow it.  You have to be able to setup alias 
    IP addresses in order for this to work.  I know linux and bsdi support this.
    I do not warrant this code at all.  Use it AT YOUR OWN RISK.  If it causes 
    your computer to blow up, TOUGH! 

    Here's the steps.
 
    Compile the software with -DVIRTUAL added to the CFLAGS in the Makefile

    Add lines similar to the following for each virtual server to ftpaccess:

    # Virtual Server at 10.10.10.10
    virtual 10.10.10.10 root    /var/ftp/virtual/ftp-serv 
    virtual 10.10.10.10 banner  /var/ftp/virtual/ftp-serv/banner.msg
    virtual 10.10.10.10 logfile /var/log/ftp/virtual/ftp-serv/xferlog
    
    The first arg is the ip address of the virtual server.
    The second arg is either "root", "banner" or "logfile" (without the quotes)
    for that virtual server.
    The third arg is the file system location for the item specified in the 
    second arg.
    
    Note: all the other message files, etc, and permissions and other settings
    in the ftpaccess file apply to all virtual servers.

    ----------------------------------------
    7.1.2. Complete Virtual Hosting Support:
    ----------------------------------------
 
    Now you can use the previous method or you can create a separate ftpaccess
    to provide support for all ftpaccess directives.  The ftpaccess, ftpusers, 
    ftpgroups, ftphosts and ftpconversions files can all be specified on a 
    per-domain basis.  You now have the ability to override the Master WU-FTPD 
    config files with a local copy specific to that domain. If you do not wish 
    to place a copy of one or all files listed above in the virtual host 
    directory for that specific host then the master copy is used. 
 
    Supported on a virtual host basis:
    ----------------------------------
    _PATH_FTPACCESS  
    _PATH_FTPUSERS   
    _PATH_PRIVATE    
    _PATH_FTPHOSTS   
    _PATH_CVT        
     
    Set in a virtual site's ftpaccess file or master ftpaccess file
    ---------------------------------------------------------------
    _PATH_XFERLOG  
     
    Supported on a site-wide basis:
    -------------------------------
    _PATH_FTPSERVERS
    _PATH_EXECPATH
    _PATH_PIDNAMES
    _PATH_UTMP 
    _PATH_WTMP
    _PATH_LASTLOG
    _PATH_BSHELL 
    _PATH_DEVNULL
    
   ------------------------------
   7.2 Create an ftpservers file:
   ------------------------------

   If you wish to take advanage of the extended virtual support it is 
   necessary to create an ftpservers file.  A real simple sample is 
   shown below.

   #
   # ftpservers file
   #
   # Format:
   #   IP Address     Path to directory holding configuration 
   #   or hostname    files for this virtual domain
   #
   # ftpaccess file for the landfield.com domain
   #
   landfield.com      /etc/ftpd/config/landfield.com
   #
   # ftpaccess file for the some.domain 
   #
   some.domain       /etc/ftpd/config/some.domain
   #
   # ftpaccess file for the some.other.domain 
   #
   208.196.145.140 /etc/ftpd/some.other.domain
   #

   Make sure to create the directories you have listed. 

   ----------------------------
   7.3 Virtual ftpaccess files:
   ----------------------------

   For each virtual domain that you want to support, you have the option
   to create a ftpaccess file specific for that domain. This will override 
   completely what you have in the Master ftpaccess file.  This file must 
   contain all directives. If you do not create an ftpaccess file for a 
   specific domain, the domain will use the Master ftpaccess file settings. 

   The only additions to the ftpaccess file that you need to make over a
   non-virtual version is the "root" and "logfile" directives.  These act
   to assure the proper ftpd root directory is used for each of the supported
   virtual domains.  The logfile directive is used to specify where you want
   the transfer logs recorded for that specific virtual domain.  A sample is
   specfied below.

        root     /ftp
        logfile  /var/log/xferlog

   -----------------------------------------
   7.4. Master ftpaccess file Modifications:
   -----------------------------------------

     If you do not want to setup a completely different ftpaccess file
     for a virtual domain, you can specify five separate things for the 
     virtual server you want to setup in the master ftpaccess file.

       1. root     - This it the path to the ftp directory that you
                     previously setup for this virtual server.
       2. banner   - This it the path to banner you wish displayed when a
                     user connects to the virtual server.
       3. logfile  - This is the path to the logfile that is setup
                     specifically for this virtual server.
       4. hostname - This is the hostname of the virtual server.
                     specifically for this virtual server.
       5. email    - This is the email address to direct comments to
                     specifically for this virtual server.

     The format of a virtual server entry is

          virtual <address> <root | banner | logfile> <path>

     <address> is the IP address of the virtual server. The second
     argument specifies the <path> is either the path to the root of
     the filesystem for this virtual server, the banner presented to
     the user when connecting to this virtual server, or the logfile
     where transfers are recorded for this virtual server. If the
     logfile is not specified the default logfile will be used.

     For example, add lines similar to the following for each virtual
     server you are trying to set up.

          # Virtual Server at 10.10.10.10
          virtual 10.10.10.10 root     /var/ftp/virtual/ftp-serv
          virtual 10.10.10.10 banner   /var/ftp/virtual/ftp-serv/banner.msg
          virtual 10.10.10.10 logfile  /var/log/ftp/virtual/ftp-serv/xferlog
          virtual 10.10.10.10 hostname froggy 
          virtual 10.10.10.10 email    ftp-admin@froggy.some.domain

     Done this way, all other message files and permissions as well as any 
     other settings in the Master ftpaccess file apply to all listed virtual 
     servers.

   ---------------------------------------
   7.5. Adding other virtual domain files:
   ---------------------------------------

    With this release you have the ability to create other configuration
    files on a per-virtual-domain basis.  Currently, the files you put into 
    the virtual domain directory you have listed in the ftpservers file 
    MUST be named:

    ftpaccess - virtual domain's access file
    ftpusers  - restrict the accounts that can use the web server,
    ftpgroups - SITE GROUP and SITE GPASS support,
    ftphosts  - allow or deny usernames access to that virtual server,
    ftpconversions - customize conversions available in the virtual domain.

    NOTE!!!: If you misspell any of them or name them something else, the 
             server WILL NOT find them and the master copy of them will be
             used instead.

                                   [----]

8. Setting up other support files
---------------------------------

     You will need to make sure that any file referenced after the
     chroot(~ftp) are in the virtual server directories. Those files
     are

        * all messages (deny, welcome, etc.)
        * _PATH_EXECPATH files

     You will need to customize the banner, welcome and other message
     files for each virtual server directory.

                                   [----]

9. Supporting virtual logging
-----------------------------

     There are two different types of logging, the standard syslog
     logging and transfer logging. In order to separate transfer (or
     xferlog) logging it is necessary to use the "logfile" entry as 
     described above.

     To enable logging via syslog, follow the standard syslog
     configuration instructions found in your system's documentation.
     Make sure you are using the same syslog 'facility' as is compiled
     into your wu-ftpd software. By default, 'daemon' is used. If you
     would like to change this, change the 'FACILITY' define in
     config.h.

     If you have syslog logging enabled you will see entries such as

     Mar 3 15:26:30 rkive ftpd[27207]: VirtualFTP Connect to: xxx.xxx.xxx.xxx

     This enables you to determine which virtual server the log records
     pertain to.

                                   [----]


10. Shutting down your virtual FTP servers
-------------------------------------------

     In order to support the proper shutting down of your server, you
     need to assure the shutdown message file is created in both the
     real user and anonymous user ftp areas. The location of the
     shutdown message file is specified in the ftpaccess file
     "shutdown" directive.

     In previous versions of wu-ftpd it was recommended to create a 
     link to where the shutdown message file would be in order for
     shutdown to work properly for real and anonymous user. The problem
     was the supplied utility, 'ftpshut', only created the shutdown
     message file in the actual location as indicated in the shutdown
     directive and not in the anonymous FTP area. It also did not have
     support for virtual server shutdown. And when you were ready to
     restart your servers, you need to remove the shutdown message
     file manually.

     In order to overcome this, wu-ftpd has been modified to support
     shutting down the server for real users and guest/anonymous 
     accounts and also for virtual FTP servers. It creates shutdown
     message files in all appropriate locations.

                                   [----]

11. Restarting your shutdown virtual FTP servers
-------------------------------------------------

     When you are ready to restart your ftp servers you will need to
     remove the shutdown message files. ftprestart is used when you 
     are ready to re-enable your FTP server. It does the opposite of 
     ftpshut and removes shutdown message files that were created by 
     ftpshut. It will remove the system-wide shutdown message file as 
     well as the shutdown message files in the anonymous ftp areas and 
     any virtual ftp server areas.

     NOTE: At present it is either all-or-nothing when it comes to
           ftpshut and ftprestart. You cannot shutdown just a single
           server.  If you need to do that you will have to do it
           manually at present.

                                   [----]

12. Testing Your New Shiny Virtual Server Setup
-----------------------------------------------

     A good test strategy is to create an entire runtime directory dedicated 
     to wu-ftpd such as /usr/local/wu-ftpd-test/ or /etc/ftpd/ and make 
     sure all the files and executables go there.  In that manner you will be 
     able to do a hot swap if you ever want to/need to (shouldn't be necessary
     but please CYA... ;))

     You will need to test each and every new virtual server you
     install. Make sure that you have the appropriate permissions and
     are getting the right results. Only you will know what is right
     for you.

     Also, if you have existing FTP server areas on your system, test
     and make sure that something you did to the ftpaccess file did not
     break what use to work.

     If you want to see what set of configuration files are being used you
     can set '-DVIRTUAL_DEBUG' in the makefile.  Build and install the new
     version and see what prints out.  Please don't run with this debug
     option enabled as it give much to much information out to those that
     have no 'need to know'.


                                   [----]