|
<<Proftpdの設定>> # vi /etc/proftpd/proftpd.conf |
 |
| # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType inetd << 起動をstandaloneからinetdからにする DefaultServer on Defaultroot /home/homepage homepage << アクセスできるディレクトリと所有者を限定する TimesGMT off # By default, "ProFTPD [version] Server (server name) [hostname]" will be sent #ServerIdent on "FTP Server Ready" #ShowSymlinks off #ShowDotFiles off #DefaultRoot DIRECTORY GROUP #DefaultRoot ~ #MaxLoginAttempts 3 #TimeoutIdle 300 #TimeoutLogin 300 #TimeoutNoTransfer 300 #TimeoutStalled 0 #DeferWelcome on #DirFakeGroup on #DirFakeUser on #DirFakeMode 0640 #UseReverseDNS off #IdentLookups off # Port 21 is the standard FTP port. Port 21 # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 # If you don't want normal users logging in at all, uncomment this # next section #<Limit LOGIN> << コメントアウト DenyAll #</Limit> << コメントアウト # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the maximum number of seconds a data connection is allowed # to "stall" before being aborted. TimeoutStalled 300 # Set the user and group that the server normally runs at. User nobody Group nobody # The PersistentPasswd directive controls how proftpd handles authentication # Note: NIS or NIS+ users will most likely want to disable this feature, # regardless of proftpd's detected configuration defaults. # Failure to disable this will make your NIS/NIS+ maps not work! PersistentPasswd off # The ExtendedLog directive allows customizable logfiles to be generated, # either globally or per VirtualHost. The filename argument must contain # an absolute pathname to a logfile which will be appended to when proftpd starts. # Multiple logfiles (potentially with different command classes and formats) can be # created. ExtendedLog /var/log/proftpd.log # Normally, we want files to be overwriteable. #<Directory /*> AllowOverwrite on #</Directory> # A basic anonymous configuration, no upload directories. #<Anonymous ~ftp> << この行から</Anonymous>までを全てコメントアウトする。 anonymousでのFTPアクセスを禁止するもの # User ftp # Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # If you want to provide anonymous ftp service, please # uncomment following line - "RequireValidShell off". #RequireValidShell off # Limit the maximum number of anonymous logins # MaxClients 10 "Sorry, max %m users -- try again later" #MaxClientsPerHost 2 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message #LsDefaultOptions "-l" # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE> # DenyAll # </Limit> # Uncomment this next section for enable upload directory that allows - # storing files but not retrieving or creating directories. #<Directory incoming/*> # <Limit READ> # DenyAll # </Limit> # # <Limit DIRS> # DenyAll # </Limit> # Deny file get from incoming (get , mget , etc) # <Limit RETR> # DenyAll # </Limit> # # <Limit STOR> # AllowAll # </Limit> #</Directory> #</Anonymous> |
|
| 次にxinetdの設定ファイルを編集します。 /etc/xinetd.d/ftp なお、このファイルは存在しないため、新規作成になります。 # vi /etc/xinetd.d/ftp 記述内容は下記のとおりです。 |
|
service ftp |
|
|
次にホスト制御するために/etc/hosts.allowを編集します。 # vi /etc/hosts.allow 変更箇所を抜粋して下記に示します。 |
| ################################################################################ # ProFTP (standard TurboLinux ftp server) # Allow proftpd (TurboLinux default ftp daemon) logins from sample.foobar.edu # Warning: the authentication information for ftp goes as clear text over # the net. This is especially dangerous if the same login/password combination # can be used for any shell logins (telnet, ssh). Make sure remote ftp users # don't have a shell login. #in.proftpd: sample.foobar.edu in.proftpd: 192.168.1.7 ################################################################################ |
|
|
最後にxinetdを再起動して完了です。 # /etc/init.d/xinetd restart |