Collation of common configuration items in configuration files of pureptp under CentOS

Time:2020-11-21

RPM uses another configuration file by default:

/etc/sysconfig/pure-ftpd

Please don’t forget to browse http://www.pureftpd.org/documentation.html To view the full list of options.

Restrict all users to their home directory

Copy code

The code is as follows:

ChrootEveryone yes

If the previous instruction is set to “no”, the members of the following group (GID) are not restricted by the home directory. And other users are still

Will be limited to their own home directory. If you don’t want to restrict any users to their home directory, just comment out chroot everyone

And trusted GID.

Copy code

The code is as follows:

TrustedGID 100

Compatible with IE and other informal FTP clients

Copy code

The code is as follows:

BrokenClientsCompatibility no

The total number of simultaneous connections allowed by the server

Copy code

The code is as follows:

MaxClientsNumber 50

As a doemon process (fork in background)

Copy code

The code is as follows:

Daemonize yes

Maximum number of SIM clients with the same IP address

Copy code

The code is as follows:

MaxClientsPerIP 8

If you want to record all customer commands, set this command to “yes.”.

Copy code

The code is as follows:

This directive can be duplicated to also log server responses.</p>
<p>VerboseLog no

Even if the client does not send the ‘- a’ option, the hidden files (dot files) are listed.

Copy code

The code is as follows:

DisplayDotFiles yes

not allowAuthenticated user – only as a public anonymous FTP.

Copy code

The code is as follows:

AnonymousOnly no

not allowAnonymous connection, which can only be used by authenticated users.
NoAnonymous no

Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)

#The default function (facility is “FTP”). “None” will disable logging.

SyslogFacility ftp
Customize display fortune cookies after login

Copy code

The code is as follows:

FortunesFile /usr/share/fortune/zippy

The host name is not resolved in the log file. If the log is not so detailed, less bandwidth is used. In a large number of visits

Set this command to “yes” if you don’t have a working DNS.

Copy code

The code is as follows:

DontResolve yes

Maximum idle time allowed by client (minutes, default 15 minutes)

Copy code

The code is as follows:

Max

IdleTime 15
[/code]

Note that ldapconfile, mysqlconfigfile, pamauthentication, and

UNIX authentication these instructions can only be used once, but they can be mixed together. For example: if you use

MySQL configFile and unixauthentication, then the SQL server will be accessed. If the user name is not found

If SQL authentication fails, another authentication will be tried in / etc / passwd and / etc / shadow

If SQL authentication fails due to a wrong password, the authentication will end here. Authentication methods are chained by the order in which they are given

He picked it up.

Recursive restriction of the ‘ls’ command. The first parameter gives the maximum number of file displays. The second parameter gives the maximum subdirectory depth.

Copy code

The code is as follows:

LimitRecursion 2000 8

Allow anonymous users to create new directories?

Copy code

The code is as follows:

AnonymousCanCreateDirs no

If the system is loaded more than the following value, anonymous users will be prohibited from downloading.

Copy code

The code is as follows:

MaxLoad 4

The port range of the passive connection response.
– for firewalling.

PassivePortRange 30000 50000
Force an IP address to use passive response (PASV / epsv / spsv replies). – for NAT.
Symbolic host names are also accepted for gateways with dynamic IP
addresses.
Forcepassiveip 192.168.0.1 anonymous user upload / download ratio.

Copy code

The code is as follows:

AnonymousRatio 1 10

Upload / download ratio for all users.

Copy code

The code is as follows:

This directive superscedes the previous one.</p>
<p>UserRatio 1 10

Downloads of files owned by “FTP” are not accepted. For example, files uploaded by anonymous users are not authenticated by local administrators.

Copy code

The code is as follows:

AntiWarez yes

The IP address and port that the service listens on. (the default is all IP addresses and 21 ports)

Copy code

The code is as follows:

Bind 127.0.0.1,21

The maximum bandwidth of anonymous users (KB / s).

Copy code

The code is as follows:

AnonymousBandwidth 8

Maximum bandwidth (KB / s) for all users, including anonymous users.
Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

UserBandwidth 8
New directory and file attribute mask values. < file mask >: < directory mask >
177:077 if you feel paranoid.

Umask 133:022
The minimum group ID (uid) that the authenticated user is allowed to log in to.

Copy code

The code is as follows:

MinUID 100

Only authenticated users are allowed to transfer FXP.

Copy code

The code is as follows:

AllowUserFXP yes

Anonymous FXP transmission is allowed for anonymous and non anonymous users.

Copy code

The code is as follows:

AllowAnonymousFXP no

Users cannot delete and write point files (files with file names beginning with “.”), even if the user is the owner of the file.

If the trustedgid directive is enabled, users of the group to which the file belongs can access dot files.

Copy code

The code is as follows:

ProhibitDotFilesWrite no

Disable reading point files (files with file names beginning with “.”) (. History,. SSH…)

Copy code

The code is as follows:

ProhibitDotFilesRead no

Never overlay files. When the file name of the uploaded file already exists, it will be automatically renamed, such as: file. 1, file. 2, file. 3

Copy code

The code is as follows:

AutoRename no

Anonymous users are not allowed to upload new files (no = allow uploading)

Copy code

The code is as follows:

AnonymousCantUpload no

Only non anonymous users from the following IP addresses are allowed to connect. You can use this command to open several public IP addresses to provide anonymous FTP,

And keep a private firewall protected IP for remote management. In addition, you can only authenticate on the intranet

A pure anonymous FTP service is provided on an IP.

Copy code

The code is as follows:

TrustedIP 10.1.1.1

If you want to add PID to each line of the log, remove the comments in the following lines.

Copy code

The code is as follows:

LogPID yes

Create an additional log file in a format similar to Apache, such as:

Copy code

The code is as follows:

fw.c9x.org – jedi [13/Dec/1975:19:36:39] “GET /ftp/linux.tar.bz2” 200 21809338

This log file can be processed by www traffic analyzer.

Copy code

The code is as follows:

AltLog clf:/var/log/pureftpd.log

Create an additional log file for the statistical report using the optimized format.

Copy code

The code is as follows:

AltLog stats:/var/log/pureftpd.log

Create an additional log file using the standard W3C format. (compatible with most business Log analyzers)

Copy code

The code is as follows:

AltLog w3c:/var/log/pureftpd.log

Chmod command is not accepted. Users cannot change the properties of their files.

Copy code

The code is as follows:

NoChmod yes

Allows users to recover and upload files, butnot allowDelete them.

Copy code

The code is as follows:

KeepAllFiles yes

If the user home directory does not exist, it will be created automatically.

Copy code

The code is as follows:

CreateHomeDir yes

Enable virtual disk quotas. The first number is the maximum number of files.

The second number is the maximum total file size in MB.

Therefore, 1000:10 limits each user to 1000 files, a total of 10MB.

Copy code

The code is as follows:

Quota 1000:10

If your pure ftpd is compiled with stand-alone support, you can change the PID file

The location of. The default location is / var / run / pure- ftpd.pid 。

Copy code

The code is as follows:

PIDFile /var/run/pure-ftpd.pid

If your pure ftpd is compiled with pure uploadscript support, this command will enable pure ftpd

Send information about the new upload to / var / run / pure- ftpd.upload.pipe So pure uploadscript

You can read and then call a script to process new uploads.

Copy code

The code is as follows:

CallUploadScript yes

This option is useful for servers that allow anonymous uploads. When / var / FTP is in / VAR, a certain amount of disk space needs to be reserved

To protect log files. New uploads will no longer be accepted when the partition is using more than x percent.

Copy code

The code is as follows:

MaxDiskUsage 99

If you don’t want your users to rename files, set it to ‘yes’.

Copy code

The code is as follows:

NoRename yes

It’s’ customer proof ‘: the workspace objects to common customer errors, similar to:’ Chmod 0 public ‘_ HTML ‘.

That’s a valid command, however, will cause ignorant customers to order their own files, and will keep your technical support busy with stupid questions.

This feature won’t work if you’re sure all your users have a basic knowledge of UNIX. However, if you are a hosting provider

Turn it on.

Copy code

The code is as follows:

CustomerProof yes

The concurrency limit for each user. This command only starts when the — with peruselimits compilation option is added for compilation

effect. (most binary releases are examples)

The format is: < maximum allowed processes for each user >: < maximum anonymous user processes >

For example: 3:20 means that the same authenticated user can have up to three concurrent processes. And there can only be up to 20 anonymous user processes at the same time.

Copy code

The code is as follows:

PerUserLimits 3:20