Centos 7 上的 ProFTP - 200 保护设置为私有

Centos 7 上的 ProFTP - 200 保护设置为私有

Centos 7 上的 ProFTP。我使用相同的服务器模板创建了 2 个 virtualmin 虚拟服务器。假设 A.com 和 B.com。他们的用户可以使用 TLS 连接到他们的 ftp 帐户

这是我的全局配置

ServerName          "ProFTPD server"
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
DefaultServer           on

# Cause every FTP user except adm to be chrooted into their home directory
DefaultRoot         ~ !adm

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig           proftpd
AuthOrder           mod_auth_pam.c* mod_auth_unix.c

# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off

# Set the user and group that the server runs as
User                nobody
Group               nobody

MaxInstances 50

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         off

# Force to use Ascii transfer
DefaultTransferMode ascii

# Define the log formats
LogFormat           default "%h %l %u %t \"%r\" %s %b"
LogFormat           auth    "%v [%P] %h %t \"%r\" %s"

LoadModule mod_ctrls_admin.c
LoadModule mod_deflate.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
LoadModule mod_vroot.c


# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
# (http://www.proftpd.org/docs/modules/mod_dso.html#ModuleControlsACLs)
ModuleControlsACLs      insmod,rmmod allow user root
ModuleControlsACLs      lsmod allow user *

# Enable basic controls via ftpdctl
# (http://www.proftpd.org/docs/modules/mod_ctrls.html)
ControlsEngine          on
ControlsACLs            all allow user root
ControlsSocketACL       allow user *
ControlsLog         /var/log/proftpd/controls.log

# Enable admin controls via ftpdctl
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)
<IfModule mod_ctrls_admin.c>
  AdminControlsEngine       on
  AdminControlsACLs     all allow user root
</IfModule>

# Enable mod_vroot by default for better compatibility with PAM
# (http://bugzilla.redhat.com/506735)
<IfModule mod_vroot.c>
  VRootEngine           on
</IfModule>

# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
  LoadModule            mod_ban.c
  BanEngine         on
  BanLog            /var/log/proftpd/ban.log
  BanTable          /var/run/proftpd/ban.tab

  # If the same client reaches the MaxLoginAttempts limit 2 times
  # within 10 minutes, automatically add a ban for that client that
  # will expire after one hour.
  BanOnEvent            MaxLoginAttempts 2/00:10:00 01:00:00

  # Inform the user that it's not worth persisting
  BanMessage            "Host %a has been banned"

  # Allow the FTP admin to manually add/remove bans
  BanControlsACLs       all allow user ftpadm
</IfDefine>

# Set networking-specific "Quality of Service" (QoS) bits on the packets used
# by the server (contrib/mod_qos.html)
<IfDefine QOS>
  LoadModule            mod_qos.c
  # RFC791 TOS parameter compatibility
  QoSOptions            dataqos throughput ctrlqos lowdelay
  # For a DSCP environment (may require tweaking)
  #QoSOptions           dataqos CS2 ctrlqos AF41
</IfDefine>

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>

  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable
  Umask             022

  # Allow users to overwrite files and change permissions
  AllowOverwrite        yes

  <IfModule mod_tls.c>
    TLSEngine                               on
    TLSLog                                  /var/log/proftpd/tls.log
    TLSProtocol                             SSLv23

    TLSRSACertificateFile                   /etc/ssl/let_proFTPD.crt
    TLSRSACertificateKeyFile                /etc/ssl/let_proFTPD.key

    #TLSCACertificateFile                   /etc/ssl/certs/CA.pem
    TLSOptions                              NoCertRequest EnableDiags NoSessionReuseRequired
    TLSVerifyClient                         off
    TLSRequired                             off
    TLSRenegotiate                          required on
  </IfModule>

  <Limit ALL SITE_CHMOD>
        AllowAll 
  </Limit>
    
  RootLogin off
  PassivePorts 20000 20100

</Global>

现在发生的情况是,每次我尝试 ftp 时,A.com 用户都可以毫无问题地连接,但 B.com 用户有时可以连接,有时需要使用 PWD 命令

Command: PWD
Response: 200 Protection set to Private
Error:  Failed to parse returned path.
Error:  Failed to retrieve directory listing

然后它就停止了。不知道是不是因为 TransferMode,我尝试将 DefaultTransferMode 强制为 ascii 或二进制,但没有成功。有什么想法吗?

相关内容