由 sudy 在 05-03-2003 22:25 发表:
一个关于proftpd的问题,大家帮我看看,多谢啦!!!
看了不少关于这方面的文章,可是里面涉及到的基本上都是匿名用户的配置,我遇到一个问题,请大家帮帮忙:在serv-u中可以开vip帐号,也就是vip帐号允许10人,anonymous20人,可是在proftpd中假设我想为dbfuns用户开通连接,是否也使通过
1<anonymous ~="">
2
3User dbfuns
4
5Group dbfuns
6
7来建的?
8
9
10
11我自己实验发现这样建好后,dbfuns用户受到了anonymous的限制,假设anonymous已经有11名(即超过dbfuns允许的连接数)时,即使此时没有一名dbfuns用户在线,用dbfuns用户登录却提示"the maximum number of the allowed clients (10) are ready connect",也就是说它将dbfuns用户也作为匿名用户了,不知道怎么解决,急盼高手解答!!!
12
13
14
15
16* * *
17
18
19_由 BTworm 在 05-04-2003 11:36 发表:_
20
21
22
23****
24
25
26
27
28
29只要你在Anonymous块里再放一个MaxClients就行了。
30
31
32
33
34* * *
35
36
37_由 sudy 在 05-04-2003 11:40 发表:_
38
39
40
41****
42
43
44
45
46
47anonymous里有限制用户数量20,但是大于dbfuns用户的数量限制,当anonymous登录数超过dbfuns的限制数10时dbfuns用户将无法登录,只有当dbfuns用户的MaximumClient设置为大于20(即大于anonymous的限制数),此时即使anonymous用户达到20的上限,dbfuns用户才依然能登录,但是若dbfuns用户的登录数超过20又将导致anonymous用户未到上限人数却无法登录.
48
49显然这二者之间互相制约,我的问题是如何将这两个用户上限人数剥离?望有经验的高手指教.
50
51
52
53
54* * *
55
56
57_由 sudy 在 05-04-2003 16:19 发表:_
58
59
60
61****
62
63
64
65
66
67不好意思问了一个由于概念理解错误的问题,我用linux才3天,受serv-u的影响现在才明白,用proftpd建的ftp登录用户都为系统里的用户,大家帮我看看这个.conf
68
69this is a basic ProFTPD configuration file (rename it to
70
71# 'proftpd.conf' for actual use. It establishes a single server
72
73# and a single anonymous login. It assumes that you have a user/group
74
75# "nobody" and "ftp" for normal operation and anon.
76
77
78
79ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
80
81ServerType standalone
82
83DefaultServer on
84
85
86
87# Some basic defaults
88
89# Port 21 is the standard FTP port.
90
91Port 21
92
93TimeoutLogin 120
94
95TimeoutIdle 180
96
97TimeoutNoTransfer 180
98
99TimeoutStalled 240
100
101PassivePorts 49152 65534
102
103MaxLoginAttempts 3
104
105
106
107
108
109Umask 022
110
111MaxInstances 30
112
113
114
115# Set the user and group under which the server will run.
116
117User nobody
118
119Group nobody
120
121
122
123RootLogin on
124
125
126
127RequireValidShell off
128
129DefaultRoot /home/ftp ftp
130
131
132
133# Normally, we want files to be overwriteable.
134
135<directory></directory>
136
137AllowOverwrite on
138
139
140
141
142
143AllowRetrieveRestart on
144
145AllowOverwrite on
146
147AllowStoreRestart on
148
149
150
151User dbfuns
152
153Group ftp
154
155MaxClients 10
156
157MaxClientsPerHost 2
158
159<limit login="">
160
161Order allow,deny
162
163# 202.112.14.0-202.112.14.255
164
165# 211.83.105.*-211.83.111.*
166
167Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106. Allow from 211.83.107.
168
169Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
170
171Deny from all
172
173</limit>
174
175
176
177DisplayLogin welcome.msg
178
179DisplayFirstChdir . message
180
181
182
183# A basic anonymous configuration, no upload directories. If you do not
184
185# want anonymous users, simply delete this entire <anonymous> section.
186
187<anonymous ftp="" home="">
188
189User ftp
190
191Group ftp
192
193
194
195# We want clients to be able to login with "anonymous" as well as "ftp"
196
197UserAlias anonymous ftp
198
199
200
201# Some Limit for anonymous
202
203# Limit the maximum number of anonymous and connections logins
204
205MaxClients 20
206
207MaxClientsPerHost 1 "Sorry ,Only allow one connect per IP"
208
209TransferRate RETR 100:1000000
210
211
212
213# Limit WRITE everywhere in the anonymous chroot
214
215<limit write="">
216
217DenyAll
218
219</limit>
220</anonymous>
221
222
223
224中间有一段关于ip限制的语句,我希望它用来限制dbfuns用户,但是却不知道他应该放在什么位置,如果放在上面的位置就成了全局设置,将限制到anonymous的登录,请大家看看.
225
226
227
228
229* * *
230
231
232_由 pupilzeng 在 05-04-2003 17:15 发表:_
233
234
235
236****
237
238
239
240
241
242这样试试:
243
244this is a basic ProFTPD configuration file (rename it to
245
246# 'proftpd.conf' for actual use. It establishes a single server
247
248# and a single anonymous login. It assumes that you have a user/group
249
250# "nobody" and "ftp" for normal operation and anon.
251
252
253
254ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
255
256ServerType standalone
257
258DefaultServer on
259
260
261
262# Some basic defaults
263
264# Port 21 is the standard FTP port.
265
266Port 21
267
268TimeoutLogin 120
269
270TimeoutIdle 180
271
272TimeoutNoTransfer 180
273
274TimeoutStalled 240
275
276PassivePorts 49152 65534
277
278MaxLoginAttempts 3
279
280
281
282
283
284Umask 022
285
286MaxInstances 30
287
288
289
290# Set the user and group under which the server will run.
291
292User nobody
293
294Group nobody
295
296
297
298RootLogin on
299
300
301
302RequireValidShell off
303
304DefaultRoot /home/ftp ftp
305
306
307
308# Normally, we want files to be overwriteable.
309
310<directory></directory>
311
312AllowOverwrite on
313
314
315
316
317
318AllowRetrieveRestart on
319
320AllowOverwrite on
321
322AllowStoreRestart on
323
324
325
326User dbfuns
327
328Group ftp
329
330MaxClients 10
331
332MaxClientsPerHost 2
333
334DisplayLogin welcome.msg
335
336DisplayFirstChdir . message
337
338
339
340# A basic anonymous configuration, no upload directories. If you do not
341
342# want anonymous users, simply delete this entire <anonymous> section.
343
344<anonymous ftp="" home="">
345
346User ftp
347
348Group ftp
349
350
351
352# We want clients to be able to login with "anonymous" as well as "ftp"
353
354UserAlias anonymous ftp
355
356
357
358# Some Limit for anonymous
359
360# Limit the maximum number of anonymous and connections logins
361
362MaxClients 20
363
364MaxClientsPerHost 1 "Sorry ,Only allow one connect per IP"
365
366TransferRate RETR 100:1000000
367
368
369
370# Limit WRITE everywhere in the anonymous chroot
371
372<limit write="">
373
374DenyAll
375
376</limit>
377</anonymous>
378<anonymous ftp="" home="">
379
380User dbfuns
381
382Group dbfuns
383
384
385
386# Some Limit for anonymous
387
388# Limit the maximum number of anonymous and connections logins
389
390MaxClients 20
391
392MaxClientsPerHost 1 "Sorry ,Only allow one connect per IP"
393
394TransferRate RETR 100:1000000
395
396
397
398<limit login="">
399
400Order allow,deny
401
402# 202.112.14.0-202.112.14.255
403
404# 211.83.105.*-211.83.111.*
405
406Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106. Allow from 211.83.107.
407
408Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
409
410Deny from all
411
412</limit>
413
414
415
416# Limit WRITE everywhere in the anonymous chroot
417
418<limit write="">
419
420DenyAll
421
422</limit>
423</anonymous>
424
425
426
427
428
429就是再新建一个anonymous环境,在这里边限制。
430
431
432
433
434* * *
435
436
437_由 sudy 在 05-04-2003 17:32 发表:_
438
439
440
441****
442
443
444
445
446
447但是就像我在第三贴上所提到的,将dbfuns用户作为匿名等录的话,dbfuns用户和anonymous之间的登录人数上的限制会出现制约问题.
448
449
450
451
452* * *
453
454
455_由 BTworm 在 05-04-2003 20:56 发表:_
456
457
458
459****
460
461
462
463
464
465sudy兄弟,我上面的贴子没说清楚。你的proftpd.conf不能实现你想要的功能。上面那个兄弟说得对,要再加个Anonymous块。我下面给出的配置文件是在你的配置文件的基础上改的,“========”内的内容就是我添加的。
466
467
468
469#this is a basic ProFTPD configuration file (rename it to
470
471# 'proftpd.conf' for actual use. It establishes a single server
472
473# and a single anonymous login. It assumes that you have a user/group
474
475# "nobody" and "ftp" for normal operation and anon.
476
477
478
479ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
480
481ServerType standalone
482
483DefaultServer on
484
485
486
487# Some basic defaults
488
489# Port 21 is the standard FTP port.
490
491Port 21
492
493TimeoutLogin 120
494
495TimeoutIdle 180
496
497TimeoutNoTransfer 180
498
499TimeoutStalled 240
500
501PassivePorts 49152 65534
502
503MaxLoginAttempts 3
504
505
506
507
508
509Umask 022
510
511MaxInstances 30
512
513
514
515# Set the user and group under which the server will run.
516
517User nobody
518
519Group nobody
520
521
522
523RootLogin on
524
525
526
527RequireValidShell off
528
529DefaultRoot /home/ftp ftp
530
531
532
533# Normally, we want files to be overwriteable.
534
535<directory></directory>
536
537AllowOverwrite on
538
539
540
541
542
543AllowRetrieveRestart on
544
545AllowOverwrite on
546
547AllowStoreRestart on
548
549
550
551User dbfuns
552
553Group ftp
554
555#MaxClients 10 #这行要注释掉,因为下面每个Anonymous块都有自己的MaxClients设置
556
557MaxClientsPerHost 2
558
559<limit login="">
560
561Order allow,deny
562
563# 202.112.14.0-202.112.14.255
564
565# 211.83.105.*-211.83.111.*
566
567Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106. Allow from 211.83.107.
568
569Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
570
571Deny from all
572
573</limit>
574
575
576
577DisplayLogin welcome.msg
578
579DisplayFirstChdir . message
580
581
582
583# A basic anonymous configuration, no upload directories. If you do not
584
585# want anonymous users, simply delete this entire <anonymous> section.
586
587<anonymous ftp="" home="">
588
589User ftp
590
591Group ftp
592
593
594
595# We want clients to be able to login with "anonymous" as well as "ftp"
596
597UserAlias anonymous ftp
598
599
600
601# Some Limit for anonymous
602
603# Limit the maximum number of anonymous and connections logins
604
605MaxClients 20
606
607MaxClientsPerHost 1 "Sorry ,Only allow one connect per IP"
608
609TransferRate RETR 100:1000000
610
611
612
613# Limit WRITE everywhere in the anonymous chroot
614
615<limit write="">
616
617DenyAll
618
619</limit>
620</anonymous>
621
622==========================================
623
624<anonymous ftp="" home="">
625
626User dbfuns
627
628Group dbfuns
629
630
631
632UserAlias vip dbfuns
633
634AnonRequirePassword on
635
636AuthUsingAlias on
637
638AuthAliasOnly on
639
640
641
642GroupOwner ftp # 如果你不想vip用户上载,
643
644Umask 022 # 这两行也可以不要。
645
646
647
648MaxClients 10 # 你要的联接限制
649
650<limit all="">
651
652AllowAll
653
654
655</limit></anonymous>
656
657==========================================
658
659说明:
660
6611\. 我加的第二个Anonymous块是给VIP用户的。
662
6632\. 上面的设置只允许用户vip登录。vip只是一伪用户名,是系统实用户名dbfuns的Alias。用户vip登录时,需要提交dbfuns的系统密码。所以,要保证/etc/passwd和/etc/shadow里有关于dbfuns的行。用户dbfuns是不能以VIP身份登录匿名服务器的。
664
6653\. 上面的设置允许一切操作,恐怕你并不想要这样。你可以根据自己的需要在加如更多的Limit块,加以限制。
666
6674\. 上面的设置保证给vip用户10个联接,不受普通的匿名服务联结数的影响。
668
6695\. 改完了后,别忘了proftpd -t检查一下有没有语法错误。:-)
670
671__________________
672
673如果我说得不对,可一定告诉我呀。
674
675
676
677
678* * *
679
680
681_由 sudy 在 05-05-2003 17:10 发表:_
682
683
684
685****
686
687
688
689
690
691多谢BTworm兄的热心帮助,我还是有几点疑问,
692
693首先,我按照上面设置了一个VIP帐号,我查了Configuration.html里面关于AuthAliasOnly on的解释: Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context.
694
695意思应该是使用这条语句后proftpd将只允许aliased后的用户登录;
696
697AuthUsingAlias on的解释:AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp". 我的理解是设置为on时,用户登录时应该使用vip,而密码应该使用aliase的用户dbfuns的密码.可是我试验后却发现用dbfuns帐号密码可以登录,而使用vip+密码却提示incorrcet password,不知道我对上面两个语句的理解是否有误.
698
699
700
701
702* * *
703
704
705_由 pupilzeng 在 05-05-2003 21:51 发表:_
706
707
708
709****
710
711
712
713
714
715> quote:
716>
717> * * *
718>
719> _最初由 sudy 发表_
720>
721> **多谢BTworm兄的热心帮助,我还是有几点疑问,
722>
723> 首先,我按照上面设置了一个VIP帐号,我查了Configuration.html里面关于AuthAliasOnly on的解释: Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context.
724>
725> 意思应该是使用这条语句后proftpd将只允许aliased后的用户登录;
726>
727> AuthUsingAlias on的解释:AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp". 我的理解是设置为on时,用户登录时应该使用vip,而 **</anonymous></anonymous></anonymous></anonymous>