一个关于proftpd的问题,大家帮我看看,多谢啦!!!

sudy · 发表于 2003-5-3 22:25:25

看了不少关于这方面的文章,可是里面涉及到的基本上都是匿名用户的配置,我遇到一个问题,请大家帮帮忙:在serv-u中可以开vip帐号,也就是vip帐号允许10人,anonymous20人,可是在proftpd中假设我想为dbfuns用户开通连接,是否也使通过
<anonymous ~>
User dbfuns
Group dbfuns
来建的?

我自己实验发现这样建好后,dbfuns用户受到了anonymous的限制,假设anonymous已经有11名(即超过dbfuns允许的连接数)时,即使此时没有一名dbfuns用户在线,用dbfuns用户登录却提示"the maximum number of the allowed clients (10) are ready connect",也就是说它将dbfuns用户也作为匿名用户了,不知道怎么解决,急盼高手解答!!!

BTworm · 发表于 2003-5-4 11:36:48

只要你在Anonymous块里再放一个MaxClients就行了。

sudy · 发表于 2003-5-4 11:40:43

anonymous里有限制用户数量20,但是大于dbfuns用户的数量限制,当anonymous登录数超过dbfuns的限制数10时dbfuns用户将无法登录,只有当dbfuns用户的MaximumClient设置为大于20(即大于anonymous的限制数),此时即使anonymous用户达到20的上限,dbfuns用户才依然能登录,但是若dbfuns用户的登录数超过20又将导致anonymous用户未到上限人数却无法登录.
显然这二者之间互相制约,我的问题是如何将这两个用户上限人数剥离?望有经验的高手指教.

sudy · 发表于 2003-5-4 16:19:53

不好意思问了一个由于概念理解错误的问题,我用linux才3天,受serv-u的影响现在才明白,用proftpd建的ftp登录用户都为系统里的用户,大家帮我看看这个.conf
this is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
ServerType standalone
DefaultServer on

# Some basic defaults
# Port 21 is the standard FTP port.
Port 21
TimeoutLogin                   120
TimeoutIdle                      180
TimeoutNoTransfer                180
TimeoutStalled                   240
PassivePorts                      49152 65534
MaxLoginAttempts                3

Umask 022
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nobody

RootLogin on

RequireValidShell off
DefaultRoot /home/ftp ftp

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite on
</Directory>

AllowRetrieveRestart on
AllowOverwrite on
AllowStoreRestart on

User             dbfuns
Group             ftp
MaxClients          10
MaxClientsPerHost    2
<Limit LOGIN>
Order allow,deny
  #  202.112.14.0-202.112.14.255
  #  211.83.105.*-211.83.111.*
Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106.       Allow from 211.83.107.
Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
Deny from all
</Limit>

  DisplayLogin welcome.msg
  DisplayFirstChdir .       message

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /home/ftp>
  User ftp
  Group ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias anonymous ftp

  # Some Limit for anonymous
  # Limit the maximum number of anonymous and connections logins
  MaxClients 20
  MaxClientsPerHost             1 "Sorry ,Only allow one connect per IP"
  TransferRate RETR             100:1000000

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
DenyAll
  </Limit>

</Anonymous>

中间有一段关于ip限制的语句,我希望它用来限制dbfuns用户,但是却不知道他应该放在什么位置,如果放在上面的位置就成了全局设置,将限制到anonymous的登录,请大家看看.

pupilzeng · 发表于 2003-5-4 17:15:23

这样试试：
this is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
ServerType standalone
DefaultServer on

# Some basic defaults
# Port 21 is the standard FTP port.
Port 21
TimeoutLogin                   120
TimeoutIdle                      180
TimeoutNoTransfer                180
TimeoutStalled                   240
PassivePorts                      49152 65534
MaxLoginAttempts                3

Umask 022
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nobody

RootLogin on

RequireValidShell off
DefaultRoot /home/ftp ftp

# Normally, we want files to be overwriteable.
<Directory />
  AllowOverwrite on
</Directory>

AllowRetrieveRestart on
AllowOverwrite on
AllowStoreRestart on

User             dbfuns
Group             ftp
MaxClients          10
MaxClientsPerHost    2
  DisplayLogin welcome.msg
  DisplayFirstChdir .       message

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /home/ftp>
  User ftp
  Group ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias anonymous ftp

  # Some Limit for anonymous
  # Limit the maximum number of anonymous and connections logins
  MaxClients 20
  MaxClientsPerHost             1 "Sorry ,Only allow one connect per IP"
  TransferRate RETR             100:1000000

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
DenyAll
  </Limit>

</Anonymous>

<Anonymous /home/ftp>
  User dbfuns
  Group          dbfuns

  # Some Limit for anonymous
  # Limit the maximum number of anonymous and connections logins
  MaxClients 20
  MaxClientsPerHost             1 "Sorry ,Only allow one connect per IP"
  TransferRate RETR             100:1000000

<Limit LOGIN>
Order allow,deny
  #  202.112.14.0-202.112.14.255
  #  211.83.105.*-211.83.111.*
Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106.       Allow from 211.83.107.
Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
Deny from all
</Limit>

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
DenyAll
  </Limit>

</Anonymous>

就是再新建一个anonymous环境，在这里边限制。

sudy · 发表于 2003-5-4 17:32:48

但是就像我在第三贴上所提到的,将dbfuns用户作为匿名等录的话,dbfuns用户和anonymous之间的登录人数上的限制会出现制约问题.

BTworm · 发表于 2003-5-4 20:56:08

sudy兄弟，我上面的贴子没说清楚。你的proftpd.conf不能实现你想要的功能。上面那个兄弟说得对，要再加个Anonymous块。我下面给出的配置文件是在你的配置文件的基础上改的，“========”内的内容就是我添加的。

#this is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "DBfuns private FTP [DBfuns.bingle.org.cn]"
ServerType standalone
DefaultServer on

# Some basic defaults
# Port 21 is the standard FTP port.
Port 21
TimeoutLogin 120
TimeoutIdle 180
TimeoutNoTransfer 180
TimeoutStalled 240
PassivePorts 49152 65534
MaxLoginAttempts 3

Umask 022
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nobody

RootLogin on

RequireValidShell off
DefaultRoot /home/ftp ftp

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>

AllowRetrieveRestart on
AllowOverwrite on
AllowStoreRestart on

User dbfuns
Group ftp
#MaxClients 10 #这行要注释掉，因为下面每个Anonymous块都有自己的MaxClients设置
MaxClientsPerHost 2
<Limit LOGIN>
Order allow,deny
# 202.112.14.0-202.112.14.255
# 211.83.105.*-211.83.111.*
Allow from 202.112.14. Allow from 211.83.105. Allow from 211.83.106. Allow from 211.83.107.
Allow from 211.83.108. Allow from 211.83.109. Allow from 211.83.110. Allow from 211.83.111.
Deny from all
</Limit>

DisplayLogin welcome.msg
DisplayFirstChdir . message

# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /home/ftp>
User ftp
Group ftp

# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Some Limit for anonymous
# Limit the maximum number of anonymous and connections logins
MaxClients 20
MaxClientsPerHost 1 "Sorry ,Only allow one connect per IP"
TransferRate RETR 100:1000000

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

</Anonymous>
==========================================
<Anonymous /home/ftp>
User dbfuns
Group dbfuns

UserAlias vip dbfuns
AnonRequirePassword on
AuthUsingAlias on
AuthAliasOnly on

GroupOwner ftp # 如果你不想vip用户上载，
Umask  022       # 这两行也可以不要。

MaxClients 10    # 你要的联接限制
<Limit ALL>
   AllowAll
</Limint>
</Anonymous>
==========================================
说明：
1. 我加的第二个Anonymous块是给VIP用户的。
2. 上面的设置只允许用户vip登录。vip只是一伪用户名，是系统实用户名dbfuns的Alias。用户vip登录时，需要提交dbfuns的系统密码。所以，要保证/etc/passwd和/etc/shadow里有关于dbfuns的行。用户dbfuns是不能以VIP身份登录匿名服务器的。
3. 上面的设置允许一切操作，恐怕你并不想要这样。你可以根据自己的需要在加如更多的Limit块，加以限制。
4. 上面的设置保证给vip用户10个联接，不受普通的匿名服务联结数的影响。
5. 改完了后，别忘了proftpd -t检查一下有没有语法错误。:-)

sudy · 发表于 2003-5-5 17:10:43

多谢BTworm兄的热心帮助,我还是有几点疑问,
首先,我按照上面设置了一个VIP帐号,我查了Configuration.html里面关于AuthAliasOnly on的解释: Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context.
意思应该是使用这条语句后proftpd将只允许aliased后的用户登录;
AuthUsingAlias on的解释:AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp". 我的理解是设置为on时,用户登录时应该使用vip,而密码应该使用aliase的用户dbfuns的密码.可是我试验后却发现用dbfuns帐号密码可以登录,而使用vip+密码却提示incorrcet password,不知道我对上面两个语句的理解是否有误.

pupilzeng · 发表于 2003-5-5 21:51:04

最初由 sudy 发表
多谢BTworm兄的热心帮助,我还是有几点疑问,
首先,我按照上面设置了一个VIP帐号,我查了Configuration.html里面关于AuthAliasOnly on的解释: Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context.
意思应该是使用这条语句后proftpd将只允许aliased后的用户登录;
AuthUsingAlias on的解释:AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp". 我的理解是设置为on时,用户登录时应该使用vip,而密码应该使用aliase的用户dbfuns的密码.可是我试验后却发现用dbfuns帐号密码可以登录,而使用vip+密码却提示incorrcet password,不知道我对上面两个语句的理解是否有误.

AuthUsingAlias on应该是说要用Alias单独的密码，而不是真正用户的密码.
在你这里就是要用vip的，而不是dbfuns的。
至于vip的密码，UserPassword passwd,其中passwd是用ftpasswd --hash生成的，而不是cleantext.

sudy · 发表于 2003-5-5 22:31:31

我是个新手,你能详细解释一下ftpasswd --hash这个语句的意思,并且用在什么地方?还有我还想请教一下,是不是可以有多个系统用户Alias到vip从而实现多个vip帐号?

		自动登录	找回密码
密码			注册