https://ru.opensuse.org/Установка_и_настройка_FTP-сервера
OpenNET: статья - Настройка vsftpd. (ftp limit)
настраивал по этим материалам, вначале использовал vsftpd но у него проблематично с виртуальными пользователями, сейчас пользуюсь proftpd и мордой к нему gadmin-proftpd.
Пытаюсь запустить сервер PROFTPD, но ничего не получается :(. Система сообщает о какой-то ошибке. Помогите пожалуйста разобраться. Я в этом деле новичок. Использую Suse 11.4
suse-linux:/home/sasha # /etc/rc.d/proftpd start
Starting proftpd - warning: handling possibly truncated configuration data at line 9 of '/etc/proftpd/tls.conf'
done
suse-linux:/home/sasha # cat /etc/proftpd/tls.conf
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest AllowClientRenegotiations
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient off
TLSRequired off
</IfModule>
suse-linux:/home/sasha #
Зарегистрироваться также не удается. Вот на всякий случай файл конфига:
suse-linux:/etc/proftpd # cat proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD on suse-linux"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# FireWall PortRange for PASV
PassivePorts 40000 40999
# Set DebugLevel to values between 0 and 9
# default is 0
DebugLevel 0
# SystemLog -- Redirect syslogging to a file
SystemLog /var/log/proftpd/proftpd.log
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User ftp
Group ftp
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v %P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# ------------------------------
# Global Settings
# ------------------------------
<Global>
# ------------------------------
# Login
# ------------------------------
ServerIdent on "FTP server ready"
DeferWelcome on
#DisplayConnect /etc/proftpd/msg
IdentLookups off
UseFtpUsers off
RequireValidShell off
TimeoutLogin 60
MaxLoginAttempts 5
#MaxClientsPerHost 2
#MaxClientsPerUser 1 "Only one connection at a time."
# ------------------------------
# Authentication
# ------------------------------
### PAM Authentication
# AuthPAM: default: on
AuthPAM off
# changed AuthPAMConfig file
AuthPAMConfig proftpd
### PAM Authentication
AuthUserFile /etc/proftpd/auth/passwd
AuthUserFile /etc/proftpd/ftpd.passwd
AuthGroupFile /etc/group
### order of auth modules
#AuthOrder mod_auth_unix.c mod_auth_file.c
AuthOrder mod_auth_file.c
# ------------------------------
# Post-Login
# ------------------------------
DisplayLogin welcome.msg
DisplayChdir .message
AllowOverride off
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 300
TimeoutSession 3600
# ------------------------------
# Session
# ------------------------------
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~ web,!users
DenyFilter \*.*/
ListOptions "-A +R" strict
UseGlobbing off
ShowSymlinks on
TimesGMT on
# ------------------------------
# Up- & Download
# ------------------------------
# having to delete before uploading is a pain ;)
AllowOverwrite on
AllowRetrieveRestart on
HiddenStores on
DeleteAbortedStores on
AllowStoreRestart on # is contrary to "DeleteAbortedStores"
# ------------------------------
# Logging
# ------------------------------
WtmpLog off
TransferLog /var/log/proftpd/xferlog
# Record all logins
ExtendedLog /var/log/proftpd/auth.log AUTH auth
# Logging file/dir access
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
# Paranoia logging level....
ExtendedLog /var/log/proftpd/paranoid.log ALL default
# SQLLogFile
#SQLLogFile /var/log/proftpd/SQL.log
</Global>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
#####
# Include other confs
#Include /etc/proftpd/conf.d/*.conf
Include /etc/proftpd/tls.conf
#####
# ------------------------------
# Anonymous Settings
# ------------------------------
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
# Limit LOGIN
#<Limit LOGIN>
# Order Allow,Deny
# Allow from .examples.net,113.141.114.1
# Deny from All
#</Limit>
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
# LoginPasswordPrompt -- Configure to display the passwort prompt or not
LoginPasswordPrompt off
# DirFakeMode -- Hide real file/directory permissions
DirFakeMode 0640
# DirFakeUser -- Hide real file/directory owner
DirFakeUser On
# DirFakeGroup -- Hide real file/directory group
DirFakeGroup On
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
MaxRetrieveFileSize 10 Mb
# Limit Up/Downloads to 500 K/sec
#TransferRate APPE,RETR,STOR,STOU 255
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
#<Directory pub>
# <Limit ALL>
# Order Allow,Deny
# Allow from .examples.net,113.141.114.1
# Deny from All
# </Limit>
#</Directory>
# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
<Limit READ>
AllowAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>
tls.conf не из Windows редактировали?
Вы, для начала, пробуйте без всяких заморочек… Без SSL, TLS и т.д.
Нет конечно! Во первых Windows не увидит ф.с. ext 3, а потом какой смысл если я в Сусе работаю. Редактировал proftpd.conf может в tls.conf что-то нужно поменять?
TLS, SSL шифрование пока не включал.
C этим разобрался. Надо было исправить файл tls.conf Но вот теперь не получается подключиться к самому серверу. Что-то либо я в конфигах напутал либо… Не знаю даже.
Вывод команды:
sasha@suse-linux:~> ftp localhost
Trying 127.0.0.1…
Connected to localhost.
220 FTP server ready
Name (localhost:sasha): alex1
331 Password required for alex1
Password:
530 Login incorrect.
ftp: Login failed.
ftp>
Вот мой конфиг с рабочего сервака, настроенного на два внешних IP (два канала в инет). Имя хоста и IP надо ставить свои. К домашним каталогам через ftp имеют пользователи, находящиеся в группе ftp.
На внешних интерфейсах сервер доступен на 15021 порту, на внутреннем - на обычном 21. Анонимного доступа нет.
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD on Firm-Gate"
ServerType standalone
DefaultServer on
# External IP, если фтп за роутером
# MasqueradeAddress 111.222.111.222
# MasqueradeAddress 222.111.222.111
MasqueradeAddress mail.my-firm.com.ua
# Port 21 is the standard FTP port.
# Port 15021
# FireWall PortRange for PASV
PassivePorts 40000 40060
# Set DebugLevel to values between 0 and 9
# default is 0
DebugLevel 0
# SystemLog -- Redirect syslogging to a file
SystemLog /var/log/proftpd/proftpd.log
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User ftp
Group ftp
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v %P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
UseReverseDNS on
IdentLookups off
# ------------------------------
# Global Settings
# ------------------------------
<Global>
# ------------------------------
# Login
# ------------------------------
ServerIdent on "FTP server ready"
DeferWelcome on
#DisplayConnect /etc/proftpd/msg
UseFtpUsers on
RequireValidShell off
TimeoutLogin 60
MaxLoginAttempts 1
RootLogin off
MaxClients 10 "Sorry, max %m users - try again later"
MaxClientsPerHost 5 "The maximal amount of connections is attained from one IP"
#MaxClientsPerUser 1 "Only one connection at a time."
# ------------------------------
# Authentication
# ------------------------------
### PAM Authentication
# AuthPAM: default: on
AuthPAM off
# changed AuthPAMConfig file
AuthPAMConfig proftpd
### PAM Authentication
AuthUserFile /etc/proftpd/auth/passwd
AuthGroupFile /etc/group
### order of auth modules
AuthOrder mod_auth_unix.c mod_auth_file.c
#AuthOrder mod_auth_file.c
# ------------------------------
# Post-Login
# ------------------------------
DisplayLogin welcome.msg
DisplayChdir .message
AllowOverride off
TimeoutIdle 180
TimeoutNoTransfer 360
TimeoutStalled 300
TimeoutSession 3600
# ------------------------------
# Session
# ------------------------------
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~ web,!users
DefaultRoot ~
DenyFilter \*.*/
ListOptions "-A +R" strict
UseGlobbing off
ShowSymlinks on
TimesGMT on
# ------------------------------
# Up- & Download
# ------------------------------
# having to delete before uploading is a pain ;)
AllowOverwrite on
AllowRetrieveRestart on
HiddenStores on
DeleteAbortedStores on
#AllowStoreRestart off # is contrary to "DeleteAbortedStores"
# ------------------------------
# Logging
# ------------------------------
WtmpLog off
TransferLog /var/log/proftpd/xferlog.log
# Record all logins
ExtendedLog /var/log/proftpd/auth.log AUTH auth
# Logging file/dir access
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
# Paranoia logging level....
ExtendedLog /var/log/proftpd/paranoid.log ALL default
SyslogLevel debug
# SQLLogFile
#SQLLogFile /var/log/proftpd/SQL.log
</Global>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
#####
# Include other confs
Include /etc/proftpd/conf.d/*.conf
#####
<VirtualHost 111.222.111.222>
Port 15021
ServerName "My-Firm FTP Server 2"
MasqueradeAddress 111.222.111.222
PassivePorts 40000 40030
</VirtualHost>
<VirtualHost 222.111.222.111>
Port 15021
ServerName "My-Firm FTP Server 1"
MasqueradeAddress 222.111.222.111
PassivePorts 40031 40060
</VirtualHost>
Доброго времени суток! Установил OpenSuse 12.3, не могу запустить ftp server. устанавливаю через yast vsftp, после установки захожу в конфигурацию фтп сервера в yast и нажимаю запуск, фтп как-будто бы запускается, но на самом деле нет, при попытке запустить службу vsftp получаю ошибку - “требуется запуск зависимой службы network-remotefs”. Данная служба является базовой и почему отсутствует непонятно, в 12.2 такая служба имеется и там все работает нормально.
Это ошибка в модуле YaST. Используйте вместо него systemctl
Bug 810661 - VSFTPD does not start due to missing another service which depends](Access Denied)