Pureftpd-安装文档(基于puredb认证)

wget -c --no-check-certificate https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.42.tar.gz

# 依赖包
yum -y install openssl-devel.x86_64
 
useradd -M -s /bin/false ftp
tar xzf pure-ftpd-1.0.42.tar.gz && cd pure-ftpd-1.0.42
./configure --prefix=/usr/local/pureftpd --with-puredb --with-altlog --without-shadow --with-quotas \
--with-cookie --with-virtualchroot --with-language=english --with-rfc2640 --with-peruserlimits --with-tls
make install-strip

# 配置文件
install -o root -g root -m 500 -d /usr/local/pureftpd/etc
install -o root -g root -m 400 configuration-file/pure-ftpd.conf /usr/local/pureftpd/etc/pure-ftpd.conf
install -o root -g root -m 500 configuration-file/pure-config.pl /usr/local/pureftpd/sbin/pure-config.pl
# 管理脚本：
install -o root -g root -m 500 contrib/redhat.init /etc/init.d/pureftpd
sed -i.bak 's#/usr/local#/usr/local/pureftpd#g' /etc/init.d/pureftpd
sed -i 's#/etc/pure-ftpd.conf#/usr/local/pureftpd/etc/pure-ftpd.conf#g' /etc/init.d/pureftpd
# 创建、授权日志文件
touch /var/log/pureftpd.log && chown ftp: /var/log/pureftpd.log && chmod 600 /var/log/pureftpd.log
# 自定义欢迎信息
# 启动参数添加：-F /usr/local/pureftpd/etc/welcome.msg
# 示例：$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize -F /usr/local/pureftpd/etc/welcome.msg
# vim /etc/init.d/pureftpd +23
# vim /usr/local/pureftpd/etc/welcome.msg

[root@zaza-test pure-ftpd-1.0.36]# egrep -v '^#|^$' /usr/local/pureftpd/etc/pure-ftpd.conf
ChrootEveryone              yes
BrokenClientsCompatibility  yes
MaxClientsNumber            50
Daemonize                   yes
MaxClientsPerIP             8
VerboseLog                  no
DisplayDotFiles             yes
AnonymousOnly               no
NoAnonymous                 yes
SyslogFacility              ftp
DontResolve                 yes
MaxIdleTime                 15
PureDB                      /usr/local/pureftpd/etc/pureftpd.pdb
LimitRecursion              10000 8
AnonymousCanCreateDirs      no
MaxLoad                     4
PassivePortRange            30000 30100
AntiWarez                   yes
Bind                        0.0.0.0,2121
# ForcePassiveIP             1.1.1.1  #声明nat主机的外网IP
Umask                       333:277
MinUID                      14
AllowUserFXP                no
AllowAnonymousFXP           no
ProhibitDotFilesWrite       no
ProhibitDotFilesRead        no
AutoRename                  no
AnonymousCantUpload         no
KeepAllFiles                yes  # 禁止用户删除文件
MaxDiskUsage                99
CustomerProof               yes

# 添加ftp目录,及权限设置
mkdir -pv /data/ftp
chown -R ftp:root /data/ftp
chmod 700 /data/ftp

# 添加用户(参考文档README.Virtual-Users)
# 生成的默认配置文件路径：/usr/local/pureftpd/etc/pureftpd.passwd
# -m自动更新配置文件：/usr/local/pureftpd/etc/pureftpd.pdb，此文件由pureftpd进程读取
/usr/local/pureftpd/bin/pure-pw useradd zaza -u ftp -g ftp -d /data/ftp -m

# 修改账户属性
# /usr/local/pureftpd/bin/pure-pw usermod zaza -u ftp -g ftp -d /data/ftp/zaza/server -m

# 修改目录
# /usr/local/pureftpd/bin/pure-pw usermod zaza -d /data/ftp/zaza -m 

# 创建新db文件
/usr/local/pureftpd/bin/pure-pw mkdb

# 读写权限控制用linux系统用户权限控制即可(-u readuser -g readuser)

# 防火墙设置
-A INPUT -s 119.6.66.227 -p tcp -m multiport --dports 2121,30000:30100 -j ACCEPT

chkconfig pureftpd on
/etc/init.d/pureftpd start
tail /var/log/pureftpd.log

# 参考
https://stackoverflow.com/questions/9966993/how-to-get-port-in-ftp-protocol-from-passive-mode
http://www.faqs.org/rfcs/rfc959.html

# 连接日志
*get* '227 Entering Passive Mode (192,168,1,10,117,145)\n'
*resp* '227 Entering Passive Mode (192,168,1,10,117,145)'

# 端口计算
p1 * 256 + p2, then connect to this port

>>> 117*256+145
30097