{"id":29428,"date":"2025-04-20T08:36:06","date_gmt":"2025-04-20T00:36:06","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/29428.html"},"modified":"2025-04-20T08:36:06","modified_gmt":"2025-04-20T00:36:06","slug":"pure-ftpd-%e8%bf%9e%e6%8e%a5%e6%8f%90%e7%a4%ba%e6%9c%8d%e5%8a%a1%e5%99%a8%e5%9b%9e%e5%ba%94%e4%b8%8d%e5%8f%af%e8%b7%af%e7%94%b1%e7%9a%84%e5%9c%b0%e5%9d%80%e3%80%82%e4%bd%bf%e7%94%a8%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/29428.html","title":{"rendered":"Pure-Ftpd \u8fde\u63a5\u63d0\u793a:\u670d\u52a1\u5668\u56de\u5e94\u4e0d\u53ef\u8def\u7531\u7684\u5730\u5740\u3002\u4f7f\u7528\u670d\u52a1\u5668\u5730\u5740\u4ee3\u66ff\u3002"},"content":{"rendered":"

Pure-Ftpd \u8fde\u63a5\u63d0\u793a:\u670d\u52a1\u5668\u56de\u5e94\u4e0d\u53ef\u8def\u7531\u7684\u5730\u5740\u3002\u4f7f\u7528\u670d\u52a1\u5668\u5730\u5740\u4ee3\u66ff\u3002<\/p>\n

\"\u5728\u8fd9\u91cc\u63d2\u5165\u56fe\u7247\u63cf\u8ff0\"<\/p>\n

\u8fde\u63a5\u63d0\u793a<\/h2>\n

\u72b6\u6001: \u6b63\u5728\u8fde\u63a5 0.0.0.0:21\u2026 \u72b6\u6001: \u8fde\u63a5\u5efa\u7acb,\u7b49\u5f85\u6b22\u8fce\u6d88\u606f\u2026 \u72b6\u6001: \u521d\u59cb\u5316 TLS \u4e2d\u2026 \u72b6\u6001: TLS \u8fde\u63a5\u5df2\u5efa\u7acb\u3002 \u72b6\u6001: \u5df2\u767b\u5f55 \u72b6\u6001: \u8bfb\u53d6\u76ee\u5f55\u5217\u8868\u2026 \u72b6\u6001: \u670d\u52a1\u5668\u56de\u5e94\u4e0d\u53ef\u8def\u7531\u7684\u5730\u5740\u3002\u4f7f\u7528\u670d\u52a1\u5668\u5730\u5740\u4ee3\u66ff\u3002<\/p>\n

Pure-Ftpd \u914d\u7f6e<\/h2>\n

Pure-FTPd \u7684\u4e3b\u8981\u914d\u7f6e\u9009\u9879\u901a\u5e38\u4f4d\u4e8e \/etc\/pure-ftpd\/conf\/ \u76ee\u5f55\u4e0b\u7684\u5404\u4e2a\u914d\u7f6e\u6587\u4ef6\u4e2d \u5b9d\u5854\u4e00\u822c\u90fd\u628a\u6587\u4ef6\u5b89\u88c5\u5230\/www\/server\/\u7684\u4f4d\u7f6e \u4f60\u4e5f\u53ef\u4ee5\u901a\u8fc7\u4e0b\u9762\u547d\u4ee4\u67e5\u627e<\/p>\n

find<\/span> .<\/span> -name<\/span> "*pure*"<\/span><\/p>\n

\u6a21\u7cca\u641c\u7d22\u540d\u5b57\u5305\u542bpure\u7684\u6587\u4ef6\u6216\u6587\u4ef6\u5939<\/p>\n

############################################################
\n# #
\n# Configuration file for pure-ftpd wrappers #
\n# #
\n############################################################<\/p>\n

# If you want to run Pure-FTPd with this configuration
\n# instead of command-line options, please run the
\n# following command :
\n#
\n# \/www\/server\/pure-ftpd\/sbin\/pure-config.pl \/www\/server\/pure-ftpd\/etc\/pure-ftpd.conf
\n#
\n# Please don't forget to have a look at documentation at
\n# http:\/\/www.pureftpd.org\/documentation.shtml for a complete list of
\n# options.<\/p>\n

# Cage in every user in his home directory<\/p>\n

ChrootEveryone yes<\/p>\n

# If the previous option is set to "no", members of the following group
\n# won't be caged. Others will be. If you don't want chroot()ing anyone,
\n# just comment out ChrootEveryone and TrustedGID.<\/p>\n

# TrustedGID 100<\/p>\n

# Turn on compatibility hacks for broken clients<\/p>\n

BrokenClientsCompatibility no<\/p>\n

# Maximum number of simultaneous users<\/p>\n

MaxClientsNumber 50<\/p>\n

# Fork in background<\/p>\n

Daemonize yes<\/p>\n

# Maximum number of sim clients with the same IP address<\/p>\n

MaxClientsPerIP 10<\/p>\n

# If you want to log all client commands, set this to "yes".
\n# This directive can be duplicated to also log server responses.<\/p>\n

VerboseLog no<\/p>\n

# List dot-files even when the client doesn't send "-a".<\/p>\n

DisplayDotFiles yes<\/p>\n

# Don't allow authenticated users – have a public anonymous FTP only.<\/p>\n

AnonymousOnly no<\/p>\n

# Disallow anonymous connections. Only allow authenticated users.<\/p>\n

NoAnonymous yes<\/p>\n

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
\n# The default facility is "ftp". "none" disables logging.<\/p>\n

SyslogFacility ftp<\/p>\n

# Display fortune cookies<\/p>\n

# FortunesFile \/usr\/share\/fortune\/zippy<\/p>\n

# Don't resolve host names in log files. Logs are less verbose, but
\n# it uses less bandwidth. Set this to "yes" on very busy servers or
\n# if you don't have a working DNS.<\/p>\n

DontResolve yes<\/p>\n

# Maximum idle time in minutes (default = 15 minutes)<\/p>\n

MaxIdleTime 15<\/p>\n

# LDAP configuration file (see README.LDAP)<\/p>\n

# LDAPConfigFile \/etc\/pureftpd-ldap.conf<\/p>\n

# MySQL configuration file (see README.MySQL)<\/p>\n

#MySQLConfigFile \/www\/server\/pure-ftpd\/etc\/pureftpd-mysql.conf<\/p>\n

# Postgres configuration file (see README.PGSQL)<\/p>\n

# PGSQLConfigFile \/etc\/pureftpd-pgsql.conf<\/p>\n

# PureDB user database (see README.Virtual-Users)<\/p>\n

PureDB \/www\/server\/pure-ftpd\/etc\/pureftpd.pdb<\/p>\n

# Path to pure-authd socket (see README.Authentication-Modules)<\/p>\n

# ExtAuth \/var\/run\/ftpd.sock<\/p>\n

# If you want to enable PAM authentication, uncomment the following line<\/p>\n

# PAMAuthentication yes<\/p>\n

# If you want simple Unix (\/etc\/passwd) authentication, uncomment this<\/p>\n

UnixAuthentication no<\/p>\n

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
\n# UnixAuthentication can be used only once, but they can be combined
\n# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
\n# the SQL server will be asked. If the SQL authentication fails because the
\n# user wasn't found, another try # will be done with \/etc\/passwd and
\n# \/etc\/shadow. If the SQL authentication fails because the password was wrong,
\n# the authentication chain stops here. Authentication methods are chained in
\n# the order they are given. <\/p>\n

# 'ls' recursion limits. The first argument is the maximum number of
\n# files to be displayed. The second one is the max subdirectories depth<\/p>\n

LimitRecursion 20000 8<\/p>\n

# Are anonymous users allowed to create new directories ?<\/p>\n

AnonymousCanCreateDirs no<\/p>\n

# If the system is more loaded than the following value,
\n# anonymous users aren't allowed to download.<\/p>\n

MaxLoad 4<\/p>\n

# Port range for passive connections replies. – for firewalling.<\/p>\n

PassivePortRange 39000 40000<\/p>\n

# Force an IP address in PASV\/EPSV\/SPSV replies. – for NAT.
\n# Symbolic host names are also accepted for gateways with dynamic IP
\n# addresses.<\/p>\n

# ForcePassiveIP 192.168.0.1<\/p>\n

# Upload\/download ratio for anonymous users.<\/p>\n

# AnonymousRatio 1 10<\/p>\n

# Upload\/download ratio for all users.
\n# This directive superscedes the previous one.<\/p>\n

# UserRatio 1 10<\/p>\n

# Disallow downloading of files owned by "ftp", ie.
\n# files that were uploaded but not validated by a local admin.<\/p>\n

AntiWarez yes<\/p>\n

# IP address\/port to listen to (default=all IP and port 21).<\/p>\n

# Bind 0.0.0.0,21<\/p>\n

# Maximum bandwidth for anonymous users in KB\/s<\/p>\n

# AnonymousBandwidth 8<\/p>\n

# Maximum bandwidth for *all* users (including anonymous) in KB\/s
\n# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.<\/p>\n

# UserBandwidth 8<\/p>\n

# File creation mask. <umask for files>:<umask for dirs> .
\n# 177:077 if you feel paranoid.<\/p>\n

Umask 133:022<\/p>\n

# Minimum UID for an authenticated user to log in.<\/p>\n

MinUID 100<\/p>\n

# Allow FXP transfers for authenticated users.<\/p>\n

AllowUserFXP no<\/p>\n

# Allow anonymous FXP for anonymous and non-anonymous users.<\/p>\n

AllowAnonymousFXP no<\/p>\n

# Users can't delete\/write files beginning with a dot ('.')
\n# even if they own them. If TrustedGID is enabled, this group
\n# will have access to dot-files, though.<\/p>\n

ProhibitDotFilesWrite no<\/p>\n

# Prohibit *reading* of files beginning with a dot (.history, .ssh…)<\/p>\n

ProhibitDotFilesRead no<\/p>\n

# Never overwrite files. When a file whoose name already exist is uploaded,
\n# it get automatically renamed to file.1, file.2, file.3, …<\/p>\n

AutoRename no<\/p>\n

# Disallow anonymous users to upload new files (no = upload is allowed)<\/p>\n

AnonymousCantUpload no<\/p>\n

# Only connections to this specific IP address are allowed to be
\n# non-anonymous. You can use this directive to open several public IPs for
\n# anonymous FTP, and keep a private firewalled IP for remote administration.
\n# You can also only allow a non-routable local IP (like 10.x.x.x) to
\n# authenticate, and keep a public anon-only FTP server on another IP.<\/p>\n

#TrustedIP 10.1.1.1<\/p>\n

# If you want to add the PID to every logged line, uncomment the following
\n# line.<\/p>\n

#LogPID yes<\/p>\n

# Create an additional log file with transfers logged in a Apache-like format :
\n# fw.c9x.org – jedi [13\/Dec\/1975:19:36:39] "GET \/ftp\/linux.tar.bz2" 200 21809338
\n# This log file can then be processed by www traffic analyzers.<\/p>\n

# AltLog clf:\/var\/log\/pureftpd.log<\/p>\n

# Create an additional log file with transfers logged in a format optimized
\n# for statistic reports.<\/p>\n

# AltLog stats:\/var\/log\/pureftpd.log<\/p>\n

# Create an additional log file with transfers logged in the standard W3C
\n# format (compatible with most commercial log analyzers)<\/p>\n

# AltLog w3c:\/var\/log\/pureftpd.log<\/p>\n

# Disallow the CHMOD command. Users can't change perms of their files.<\/p>\n

#NoChmod yes<\/p>\n

# Allow users to resume and upload files, but *NOT* to delete them.<\/p>\n

#KeepAllFiles yes<\/p>\n

# Automatically create home directories if they are missing<\/p>\n

CreateHomeDir no<\/p>\n

# Enable virtual quotas. The first number is the max number of files.
\n# The second number is the max size of megabytes.
\n# So 1000:10 limits every user to 1000 files and 10 Mb.<\/p>\n

#Quota 1000:10<\/p>\n

# If your pure-ftpd has been compiled with standalone support, you can change
\n# the location of the pid file. The default is \/var\/run\/pure-ftpd.pid<\/p>\n

PIDFile \/var\/run\/pure-ftpd.pid<\/p>\n

# If your pure-ftpd has been compiled with pure-uploadscript support,
\n# this will make pure-ftpd write info about new uploads to
\n# \/var\/run\/pure-ftpd.upload.pipe so pure-uploadscript can read it and
\n# spawn a script to handle the upload.<\/p>\n

#CallUploadScript yes<\/p>\n

# This option is useful with servers where anonymous upload is
\n# allowed. As \/var\/ftp is in \/var, it save some space and protect
\n# the log files. When the partition is more that X percent full,
\n# new uploads are disallowed.<\/p>\n

MaxDiskUsage 99<\/p>\n

# Set to 'yes' if you don't want your users to rename files.<\/p>\n

#NoRename yes<\/p>\n

# Be 'customer proof' : workaround against common customer mistakes like
\n# 'chmod 0 public_html', that are valid, but that could cause ignorant
\n# customers to lock their files, and then keep your technical support busy
\n# with silly issues. If you're sure all your users have some basic Unix
\n# knowledge, this feature is useless. If you're a hosting service, enable it.<\/p>\n

CustomerProof yes<\/p>\n

# Per-user concurrency limits. It will only work if the FTP server has
\n# been compiled with –with-peruserlimits (and this is the case on
\n# most binary distributions) .
\n# The format is : <max sessions per user>:<max anonymous sessions>
\n# For instance, 3:20 means that the same authenticated user can have 3 active
\n# sessions max. And there are 20 anonymous sessions max.<\/p>\n

# PerUserLimits 3:20<\/p>\n

# When a file is uploaded and there is already a previous version of the file
\n# with the same name, the old file will neither get removed nor truncated.
\n# Upload will take place in a temporary file and once the upload is complete,
\n# the switch to the new version will be atomic. For instance, when a large PHP
\n# script is being uploaded, the web server will still serve the old version and
\n# immediatly switch to the new one as soon as the full file will have been
\n# transfered. This option is incompatible with virtual quotas.<\/p>\n

# NoTruncate yes<\/p>\n

# This option can accept three values :
\n# 0 : disable SSL\/TLS encryption layer (default).
\n# 1 : accept both traditional and encrypted sessions.
\n# 2 : refuse connections that don't use SSL\/TLS security mechanisms,
\n# including anonymous sessions.
\n# Do _not_ uncomment this blindly. Be sure that :
\n# 1) Your server has been compiled with SSL\/TLS support (–with-tls),
\n# 2) A valid certificate is in place,
\n# 3) Only compatible clients will log in.<\/p>\n

TLS 1<\/p>\n

# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
\n# By default, both IPv4 and IPv6 are enabled.<\/p>\n

# IPV4Only yes<\/p>\n

# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
\n# By default, both IPv4 and IPv6 are enabled.<\/p>\n

# IPV6Only yes<\/p>\n

# UTF-8 support for file names (RFC 2640)
\n# Define charset of the server filesystem and optionnally the default charset
\n# for remote clients if they don't use UTF-8.
\n# Works only if pure-ftpd has been compiled with –with-rfc2640<\/p>\n

# FileSystemCharsetbig5
\n# ClientCharsetbig5
\nAllowOverwrite on
\nAllowStoreRestart on<\/p>\n

\u91cd\u70b9\u7aef\u53e3\u76d1\u542c<\/h2>\n

PassivePortRange 39000 40000<\/p>\n

\u4ed6\u662f\u610f\u601d\u662f: Pure-Ftpd \u914d\u7f6e\u6587\u4ef6PassivePortRange(\u88ab\u52a8\u6a21\u5f0f\u7aef\u53e3\u8303\u56f4 39000-40000)\u6d89\u53ca\u7684\u7aef\u53e3\u8303\u56f4,<\/p>\n

\u5b89\u5168\u7ec4\u8bbe\u7f6e\u7aef\u53e3\u76d1\u542c<\/h2>\n