• 为/ var / www / in centos配置proftpd用户访问权限（linux 配置用户为root权限）
• asp.net – Microsoft重写模块 – 强制www url或从url删除www
• CentOS 6.3 下 vsftpd 匿名用户访问配置
• CentOS 6.x 下安? Proftpd
• CentOS 7下安装配置proftpd搭建ftp服务器的详细教程

为/ var / www / in centos配置proftpd用户访问权限（linux 配置用户为root权限）

ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
ServerType                      standalone
DefaultServer                   on
VRootEngine                     on
#DefaultRoot                    ~ !adm
DefaultRoot                     /var/www/
VRootAlias                      /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig                   proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c
#PersistentPasswd               off
UseReversednS                   off
User                            nobody
Group                           nobody
MaxInstances                    20
UseSendfile                     off
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

<Global>
  Umask                         022
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

<Limit LOGIN>
AllowUser ftpuser
DenyALL
</Limit>

Status: Connecting to 10.0.10.10:21...
Status: Connection established,waiting for welcome message...
Response:   220 FTP Server ready.
Command:    USER ftpuser
Response:   331 Password required for ftpuser
Command:    PASS *******
Response:   230 User ftpuser logged in
Command:    OPTS UTF8 ON
Response:   200 UTF8 set to on
Status: Connected
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Type set to I
Command:    PASV
Response:   227 Entering Passive Mode (10,10,184,18).
Command:    MLSD
Response:   550 /: Invalid argument
Error:  Failed to retrieve directory listing

telnet localhost 21
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 FTP Server ready.
user ftpuser
331 Password required for ftpuser
pass PASSWD
230 User ftpuser logged in
LIST
425 Unable to build data connection: Invalid argument
MLSD
550 /: Invalid argument

setenforce 0

setsebool -P ftp_home_dir on

asp.net – Microsoft重写模块 – 强制www url或从url删除www

<rewrite>
    <rules>
        <rule name="myRule" patternSyntax="Wildcard">
            <!--rewriting code-->
        </rule>
    </rules>
</rewrite>

<rewrite>
  <rules>
    <rule name="Remove WWW prefix" stopProcessing="true">
      <match url="(.*)" ignoreCase="true" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="^www\.yourdomain\.com$" />
      </conditions>
      <action type="Redirect" url="http://yourdomain.com/{R:1}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

<rewrite>
  <rules>
    <rule name="Add WWW prefix" stopProcessing="true">
      <match url="(.*)" ignoreCase="true" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="^yourdomain\.com$" />
      </conditions>
      <action type="Redirect" url="http://www.yourdomain.com/{R:0}" redirectType="Permanent" />
    </rule>
  </rules>
</rewrite>

CentOS 6.3 下 vsftpd 匿名用户访问配置

http://www.jianshu.com/p/f90e0f81134b#

背景:
CentOS 6.3
vsftpd.x86_64 0:2.2.2-13.el6_6.1
从墙角找了一台能用的旧机器,Pentium D & 1G RAM & 160G HDD,费了一番功夫终于装上了 CentOS 6.3,才发现物理机安装跟虚拟机安装的过程还是有点差别滴,之前在虚拟机上配置过 vsftpd,今天在这台机器上也装一个试试看.

安装 vsftpd

yum install vsftpd

/etc/vsftpd/vsftpd.conf 默认设置

[root@DX3906c ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES    //匿名访问 开启
local_enable=YES    //本地实体用户访问 开启
write_enable=YES    //允许用户上传数据
local_umask=022    //建立新目录和文件的权限
dirmessage_enable=YES    //目录下有 .message 文件则显示该文件的内容 ???
xferlog_enable=YES    //日志文件记录 记录于 /var/log/vferlog
connect_from_port_20=YES  //支持主动式连接功能
xferlog_std_format=YES    //支持 WuFTP 的日志文件格式
listen=YES    //使用 stand along 方式启动 vsftpd
pam_service_name=vsftpd    //支持 PAM 模块的管理
userlist_enable=YES    //支持 /etc/vsftpd/user_list 文件内的登陆账号控制
tcp_wrappers=YES    //支持 TCP Wrappers 的防火墙机制

serIoUsly,有一些选项的意义和作用我也不是很懂,注释是对着鸟哥服务器篇敲下来的,OK,下面添加一个选项:

use_localtime=YES    //使用本地时间,vsftpd默认使用GMT格林尼治时间

匿名登录与下载

匿名登录的配置比较简单,so先搞下这个吧miao~
vsftpd默认的匿名用户的主目录是 ftp 用户的主目录,试试用 finger ftp 看一下在哪里咧

[root@DX3906c ~]# finger ftp
-bash: finger: command not found

啊咧,没装...好吧,yum install finger之后再看一下

[root@DX3906c ~]# finger ftp
Login: ftp                              Name: FTP User
Directory: /var/ftp //ftp用户的主目录 Shell: /sbin/nologin //账户不能用于登录系统
Never logged in.
No mail.
No Plan.

可以看到ftp用户的主目录在 /var/ftp,那也就是说匿名用户登陆之后的看到的就是这个啦,想让人家去你的ftp下载东西的话,文件要放到这里.那么我有一个问题,这个目录可以随便改吗?待会配置好了匿名用户登录再改改试试看

现在开始配置匿名用户的登录

[root@DX3906c ~]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=YES    //匿名访问 开启
local_enable=YES    //本地实体用户访问 开启
write_enable=YES    //允许用户上传数据
local_umask=022    //建立新目录和文件的权限
dirmessage_enable=YES    //目录下有 .message 文件则显示该文件的内容 ??? xferlog_enable=YES //日志文件记录 记录于 /var/log/vferlog
connect_from_port_20=YES  //支持主动式连接功能
xferlog_std_format=YES    //支持 WuFTP 的日志文件格式

在后面添加:

no_anon_password=YES    //匿名登录时,不检验密码
idle_session_timeout=600    //匿名用户10分钟无操作则掉线
banner_file=/etc/vsftpd/anon_welcome.txt    //匿名用户登录后看到的欢迎信息

然后需要编辑一下 anon_welcome.txt 文件,不然 ftp 会无法正常连接
配置完之后重启一下 vsftpd 服务 service vsftpd restart
在本机先测试一下能不能连接成功吧 使用 ftp localhost

[root@DX3906c ftp]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1). 220-Welcome to Zion's FTP 220-My E-mail:70ka42@gmail.com 220 Name (localhost:root): anonymous 500 OOPS: cannot change directory:/home/ftp Login Failed.

可以看到欢迎信息已经显示出来了,但是匿名用户登录失败了,这是为什么呢?百度了一下,发现是 selinux 引起的,查看一下当前系统的 selinux 状态: /usr/sbin/sestatus -v

[root@DX3906c ftp]# /usr/sbin/sestatus -v
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted

临时关闭 selinux setenforce 0
再看一下 selinux 状态 getenforce,已经是 Permissive 了,再登录下 ftp 试试

[root@DX3906c ftp]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1). 220-Welcome to Zion's FTP 220-My E-mail:70ka42@gmail.com 220 Name (localhost:root): anonymous 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files.

OK,登陆成功了,听说不关闭 selinux 的话,也可以修改 selinux 的一些配置来处理这个问题,这个就容后再议吧,现在selinux只是临时关闭,永久关闭需要修改 /etc/selinux/config 文件,将SELINUX=enforcing改为SELINUX=disabled,然后重启即可.

然后来试试在远程计算机上能不能登录,之前在虚拟机上安装的时候发现本机能登,但是远程登不上,后来发现是防火墙的问题,iptables的配置我还不太清楚,所以就抄近路直接在GUI下打开了FTP的21端口,现在也如法炮制好了.我使用Chrome登录然后Chrome直接崩溃了miao~,但是Windows资源管理器可以成功匿名登录,并且可以下载文件,那说明还是比较成功滴.

番外篇

下面研究一下刚才的问题,ftp 的默认目录可以改吗?来试试看.

[root@DX3906c ~]# vim /etc/passwd
......
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
......

改成

ftp:x:14:50:FTP User:/home/ftp:/sbin/nologin

再 finger一下看看已经改了,

[root@DX3906c ~]# finger ftp
Login: ftp                              Name: FTP User    
Directory: /home/ftp                    Shell: /sbin/nologin

再重启一下 vsftd 服务 service vsftpd restart
现在在 /home/ftp 下建一个文件看看

[root@DX3906c ~]# touch /home/ftp/ Hello_FTP.txt

登录ftp

[root@DX3906c ftp]# ftp localhost
Trying ::1...
ftp: connect to address ::1Connection refused
Trying 127.0.0.1...
Connected to localhost (127.0.0.1). 220-Welcome to Zion's FTP 220-My E-mail:70ka42@gmail.com 220 Name (localhost:root): anonymous 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir //列出当前目录下的文件,ls也可以 227 Entering Passive Mode (127,0,1,145,180). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 0 Dec 09 19:09 Hello_FTP.txt 226 Directory send OK.

列出了 Hello_FTP.txt,说明目录修改成功啦.

匿名用户上传权限的配置

在 /etc/vsftpd/vsftpd.conf 中添加以下内容:

anon_mkdir_write_enable=YES    //匿名用户建立目录的权限
anon_upload_enable=YES    //匿名用户上传文件的权限
#anon_other_write_enable=YES //匿名用户删除和重命名文件的权限,还是关掉比较好miao~

老规矩,重启一下 vsftpd 服务 /etc/init.d/vsftpd restart
登陆看看能不能上传文件咧

touch upload_test.txt

登录到 ftp 之后使用 put命令上传文件

ftp> put upload_test.txt
local: upload_test.txt remote: upload_test.txt
227 Entering Passive Mode (127,93,233). 553 Could not create file.

提示 553 Could not create file.似乎是权限问题 查查 vsftpd.conf 的 manual

anon_upload_enable
If set to YES,anonymous users will be permitted to upload files under certain conditions. For this to work,the option
write_enable must be activated,and the anonymous ftp user must have write permission on desired upload locations.

anon_mkdir_write_enable
If set to YES,anonymous users will be permitted to create new directories under certain conditions. For this to work,the
option write_enable must be activated,and the anonymous ftp user must have write permission on the parent directory.

看一下ftp目录的权限:

[root@DX3906c ~]# ll /home/
total 24
drwxr-xr-x.  3 root root  4096 Dec  9 20:26 ftp

属主是root,ftp没有写权限,怪不得不能上传,改一下属主再上传下试试:

[root@DX3906c ~]# chown ftp /home/ftp
......
Name (localhost:root): anonymous
500 OOPS: vsftpd: refusing to run with writable anonymous root
Login Failed.

这下登都不上去了...错误提示似乎是说匿名用户的根目录不能是可写的,那再改下权限试试:

[root@DX3906c home]# mkdir ./ftp/uploads/
[root@DX3906c home]# chown ftp ./ftp/uploads
[root@DX3906c home]# chown root ./ftp
[root@DX3906c home]# /etc/init.d/vsftpd restart
......
ftp> cd uploads
250 Directory successfully changed.
ftp> put upload_test.txt
local: upload_test.txt remote: upload_test.txt
227 Entering Passive Mode (127,193,252). 150 Ok to send data. 226 Transfer complete.

可以上传了,试试远程也同样可以上传文件,不错不错.

匿名用户不可下载匿名用户上传的文件

这个功能的描述比较绕口啊,其实就是用在比如:[学生交作业(只可以上交不可以看别人的作业)/上传资源需要审核]等场景,具体的实现原理就是匿名用户上传文件之后将文件的属主改为其他用户,那么以匿名用户继承的ftp用户的权限就不能下载这些文件了.这个地方我还不是很理解,先放一下吧,等到搞定了实体账号的配置之后再回过头来搞这个吧乜乜达...

CentOS 6.x 下安? Proftpd

在 CentOS 6.x 安? proftpd:

yum -y remove vsftpd yum -y install proftpd chkconfig proftpd on

在改好?定?n，重新?? proftpd 之後，?s?? ftp 用??o法正常登入!!也跟防火??的?定?o?，我? redhat linux 7.3 使用 proftpd 到?在，??情形?是一次遇到。

查看一下 /var/log/secure，主要的???息是:

proftpd: PAM unable to dlopen(/lib/security/pam_stack.so): /lib/security/pam_stack.so: cannot open shared object file: No such file or directory proftpd: PAM adding faulty module: /lib/security/pam_stack.so

PAM 是 Linux 用?碇付ǜ鞣N服?盏?ぬ???方式，所有 PAM 的?定?n是放在 /etc/pam.d，?φ找幌 vsftpd ??路上找到的??，解?Q方法如下:

?是原本 /etc/pam.d/proftpd 的?热?

#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_stack.so service=system-auth auth required pam_shells.so account required pam_stack.so service=system-auth session required pam_stack.so service=system-auth

改成??蛹纯?

#%PAM-1.0 auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required pam_shells.so account include password-auth session required pam_loginuid.so

CentOS 7下安装配置proftpd搭建ftp服务器的详细教程

proftpd全称：Professional FTP daemon，是针对Wu-FTP的弱项而开发的，除了改进的安全性，还具备许多Wu-FTP没有的特点，能以Stand-alone、xinetd模式运行等。ProFTP已经成为继Wu-FTP之后最为流行的FTP服务器软件，越来越多的站点选用它构筑安全高效的FTP站点，ProFTP配置方便，并有MySQL和Quota模块可供选择，利用它们的完美结合可以实现非系统账号的管理和用户磁盘的限制。<摘抄百度百科>

本章通过下载源码的方式安装，可以到官网下载最新版本：http://www.proftpd.org/

1、首先安装lrzsz方便拷贝文件到要搭建服务器的linux路径下

yum install lrzsz

2、上传文件解压

将下载完成的proftpd-1.3.6.tar.gz文件上传到指定路径，使用tar zxvf proftpd-1.3.6.tar.gz解压

3、由于使用源码安装，所以需要安装gcc编译环境

yum install gcc gcc-c++ autoconf automake

3、配置并制定安装和配置文件路径

./configure --prefix=/usr/local/proftpd --sysconfdir=/usr/local/proftpd

4、安装

make&make install

5、修改配置文件，限制匿名用户可以上传下载，但是不能删除(本章暂不详细描述权限控制部分内容)

vi /usr/local/proftpd/proftpd.conf

# This is a basic ProFTPD configuration file (rename it to 
# ''proftpd.conf'' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName           "Welcome to FTP Server"
ServerType           standalone
DefaultServer          on
# Port 21 is the standard FTP port.
Port              21
# Don''t use IPv6 support by default.
UseIPv6             off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask              022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances          30
# Set the user and group under which the server will run.
User              nobody
Group              nobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite     on
IdentLookups      off
UseReverseDNS      off
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
 AllowAll
</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /home>
 User             ftp
 Group             ftp
 # We want clients to be able to login with "anonymous" as well as "ftp"
 UserAlias           anonymous ftp
 # Limit the maximum number of anonymous logins
 MaxClients          50
 # We want ''welcome.msg'' displayed at login, and ''.message'' displayed
 # in each newly chdired directory.
 DisplayLogin         welcome.msg
 DisplayChdir         .message
 # Limit WRITE everywhere in the anonymous chroot
 <Limit DELE RMD>
  DenyAll
 </Limit>
</Anonymous>

6、关闭防火墙

systemctl stop firewalld.service
systemctl disable firewalld.service

7、启动服务器

/usr/local/proftpd/sbin/proftpd

查看进程是否已经启动

[root@localhost ~]# ps -ef |grep proftpd
nobody  1140   1 0 12:13 ?    00:00:00 proftpd: (accepting connections)
root   3182 2270 0 12:50 pts/0  00:00:00 grep --color=auto proftpd　

8、添加到启动项避免每次重启后都需要手动启动

vi /etc/rc.d/rc.local
#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run ''chmod +x /etc/rc.d/rc.local'' to ensure
# that this script will be executed during boot.
touch /var/lock/subsys/local
/usr/local/proftpd/sbin/proftpd

由于在centos7中/etc/rc.d/rc.local的权限被降低了，所以需要加上可执行的权限：

chmod +x /etc/rc.d/rc.local

总结

以上所述是小编给大家介绍的CentOS 7下安装配置proftpd搭建ftp服务器的详细教程，希望对大家有所帮助，如果大家有任何疑问请给我留言，小编会及时回复大家的。在此也非常感谢大家对网站的支持！

今天关于为/ var / www / in centos配置proftpd用户访问权限和linux 配置用户为root权限的分享就到这里，希望大家有所收获，若想了解更多关于asp.net – Microsoft重写模块 – 强制www url或从url删除www、CentOS 6.3 下 vsftpd 匿名用户访问配置、CentOS 6.x 下安? Proftpd、CentOS 7下安装配置proftpd搭建ftp服务器的详细教程等相关知识，可以在本站进行查询。