ProFTPD

(2001年5月15日更新)

ProFTPDを選択した理由はVine Linux 2.1.5に含まれていたからです。wu-ftpdなど他のプログラムの話も聞きますが、あまり違いがわかりません。(当然ですが)ProFTPDのサイトにはwu-ftpdよりもProFTPDが良いと書いてありました。Project Vineがこれを選択したのですから、これで間違いないでしょう。

RPMからインストールして/etc/proftpd.confを編集しました。書き換えたのはServerNameだけです。加えたのは最後のUseReverseDNSとDefaultRootだけです。この設定でAnonymous FTPはできないはずです。逆引きはしません。またユーザーは自分のホームディレクトリ以下を見れないはずです。


# This is a basic ProFTPD configuration file
#
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal operation and anon.

ServerName      "Multimedia and Internet Development Organization"
ServerType      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Use localtime
TimesGMT                        FALSE

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nobody

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite                on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>

  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # do not require shells listed in /etc/shells (user ftp do not have shell...)
  RequireValidShell       no

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

</Anonymous>

UseReverseDNS                   off
DefaultRoot                     ~

戻る