云主机上编译安装pureftpd
一、环境说明
腾讯 云主机或者Ucloud云云主机,系统为Centos6 X86_64位,云主机本地不需要开启防火墙,只需要控制台安全组做防火墙策略就行,如下截图放开pureftpd的登录端口
二、pureftpd源码编译安装
yum -y install make gcc gcc-c++ gcc-g77 openssl openssl-develwget https://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.49.tar.gztar xf pure-ftpd-1.0.49.tar.gzcd pure-ftpd-1.0.49./configure --prefix=/usr/local/pureftpd CFLAGS=-O2 --with-puredb --with-quotas --with-cookie --with-virtualhosts --with-diraliases --with-sysquotas --with-ratios --with-altlog --with-paranoidmsg --with-shadow --with-welcomemsg --with-throttling --with-uploadscript --with-language=english --with-rfc2640 --with-ftpwho --with-tlsmake &&make installchmod +x /etc/init.d/pureftpd chkconfig pureftpd ontouch /usr/local/pureftpd/etc/pureftpd.passwdtouch /usr/local/pureftpd/etc/pureftpd.pdbecho "export PATH=$PATH:/usr/local/pureftpd/sbin:/usr/local/pureftpd/bin" > /etc/profile.d/pureftpd.shsource /etc/profile
三、pureftpd配置文件介绍
下面是生成环境pure-ftpd.conf的配置文件参数,pureftpd的配置文件中参数后面是不支持#号注释的,所以生产上要去掉参数后面的#注释,否则启动pureftpd会报错
[root@10-9-156-50 ~]# cat /usr/local/pureftpd/etc/pure-ftpd.confchrootEveryone yesBrokenClientsCompatibility noMaxClientsNumber 50Daemonize yesMaxClientsPerIP 10VerboseLog noDisplayDotFiles yesAnonymousOnly noNoAnonymous yesSyslogFacility ftpDontResolve yesMaxIdleTime 15PureDB /usr/local/pureftpd/etc/pureftpd.pdbLimitRecursion 10000 8AnonymousCanCreateDirs noMaxLoad 4PassivePortRange 2037 2045 ###端口范围默认是20000到30000之间,安全起见可以给定的小一点ForcePassiveIP 117.50.12.93 ##云主机默认的网卡为内网卡,所以此处必须绑定VPS的外网ipAntiWarez yesBind ,2038Umask 133:022MinUID 100AllowUserFXP noAllowAnonymousFXP noProhibitDotFilesWrite noProhibitDotFilesRead noAutoRename noAnonymousCantUpload yesPIDFile /var/run/pure-ftpd.pidMaxDiskUsage 99UserBandwidth 80 ##默认允许上传才8KB
问题的原因:服务器存在内网IP,而pureftp没有设置被动模式返回的IP地址,默认返回了内网的IP导致客户端无法链接。
参考链接:http://blog.hanlei.org/pureftpd%E7%99%BB%E5%BD%95%E5%90%8E%E8%8E%B7%E5%8F%96%E7%9B%AE%E5%BD%95%E5%A4%B1%E8%B4%A5%E7%9A%84%E9%97%AE%E9%A2%98/
四、pure-ftpd日常操作应用
说明:为了安全起见purevtpd一般是禁止匿名用户登录ftp的,pureftpd服务主要是通过服务器本地的系统虚拟用户来创建ftp的登录账户的。然而在选用服务器系统本地的虚拟用户是有要求的,要求虚拟用户的uid不能小于100,要是uid小于100的话,通过此虚拟用户创建的ftp登录账户是登录不了ftp的,会提示密码不正确(这个是经过本人多次验证测试过的)
对于web服务的站点工程目录一般给的权限是www或者apache的系统虚拟用户的权限
4.1采用系统默认的虚拟apache的用户
如果采用的是系统默认存在的apache用户的话,此用户默认的uid和gid都是48,小于100,必须直接修改成大于等于100的数值
默认值如下:
[root@localhost ~]# grep apache /etc/passwdapache:x:48:48::/home/apache:/sbin/nologin[root@localhost ~]# grep apache /etc/groupapache:x:48:[root@localhost www]# id apacheuid=48(apache) gid=48(apache) groups=48(apache)
直接编辑配置文件修改后的值如下:
[root@localhost ~]# grep apache /etc/passwdapache:x:100:100::/home/apache:/sbin/nologin[root@localhost ~]# grep apache /etc/groupapache:x:100:[root@localhost www]# id apacheuid=100(apache) gid=100(apache) groups=100(apache)
给工程站点目录授权apache的权限:
chown -R apache.apache /data/www/test/
指定apache系统虚拟用户创建ftp登录账户:sansan
[root@localhost www]# pure-pw list[root@localhost www]# pure-pw useradd sansan -u apache -d /data/www/testPassword: Enter it again: [root@localhost www]# pure-pw mkdb[root@localhost www]# cat /usr/local/pureftpd/etc/pureftpd.passwd sansan:$6$92arGKjDIi/aODb0$SmyMeKUpsIYXVAqarsPH9xWqO4bdOqYKUXmP8TyUFlwTbTcvGhfJiW2pNMP56J3rHzSYp.mwCP8UB30MttMK01:100:100::/data/www/test/./::::::::::::
通过Xftp客户端登录ftp账户sansan
到此处演示完成
4.2登录系统新建虚拟用户www来创建ftp登录账户
[root@localhost home]# useradd www -s /sbin/nologin -M[root@localhost home]# id wwwuid=1003(www) gid=1003(www) groups=1003(www)[root@localhost home]# chown -R www.www /data/www/test[root@localhost home]# pure-pw listsansan /data/www/test/./ [root@localhost home]# pure-pw useradd huahua -u www -d /data/www/testPassword: Enter it again: [root@localhost home]# [root@localhost home]# pure-pw mkdb[root@localhost home]# pure-pw listsansan /data/www/test/./ huahua /data/www/test/./ [root@localhost home]# cat /usr/local/pureftpd/etc/pureftpd.passwd sansan:$6$92arGKjDIi/aODb0$SmyMeKUpsIYXVAqarsPH9xWqO4bdOqYKUXmP8TyUFlwTbTcvGhfJiW2pNMP56J3rHzSYp.mwCP8UB30MttMK01:100:100::/data/www/test/./::::::::::::huahua:$6$oUXu6U/V/UNM7K50$ztuftPKh7ZuzkHkY.XdNlQOmr6i6krlVQ0Mhsv7kuK5Qppvz440T55fRlssB5GrKkmMrSR220I5lU3yEA5Zsu/:1003:1003::/data/www/test/./::::::::::::[root@localhost home]#
通过filezilla ftp工具登录ftp账户huahua
上传文件成功
五、centos6系统上的pureftpd的启动脚本:
pureftpd服务启动脚本:
[root@localhost ~]# cat /etc/init.d/pureftpd #!/bin/bash## chkconfig: 2345 85 15# description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd# processname: pure-ftpd### BEGIN INIT INFO# Provides: pureftpd# Required-Start: $all# Required-Stop: $all# Default-Start: 2 3 4 5# Default-Stop: 0 1 6# Short-Description: starts pureftpd server# Description: starts pureftpd server### END INIT INFO# Author: licess# website: https://lnmp.org# Pure-FTPd SettingsPURE_FTPD="/usr/local/pureftpd/sbin/pure-ftpd"PURE_CONF="/usr/local/pureftpd/etc/pure-ftpd.conf"PURE_PID="/var/run/pure-ftpd.pid"RETVAL=0prog="Pure-FTPd"start() { echo -n $"Starting $prog... " $PURE_FTPD $PURE_CONF if [ "$?" = 0 ] ; then echo " done" else echo " failed" fi}stop() { echo -n $"Stopping $prog... " if [ ! -f "$PURE_PID" ]; then echo -n $"$prog is not running." exit 1 fi kill `cat $PURE_PID` if [ "$?" = 0 ] ; then echo " done" else echo " failed" fi}restart(){ echo $"Restarting $prog..." $0 stop sleep 2 $0 start}status(){ if [ -f "$PURE_PID" ]; then echo $"$prog is running." else echo $"$prog is not running." fi}case "$1" in start) start ;; stop) stop ;; restart) restart ;; status) status ;; *) echo $"Usage: $0 {start|stop|restart}"esac
官方文档:https://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users
到此处演示完成了。欢迎感兴趣的网友一起交流学习