我安装了 Proftpd Administrator GUI,以便更轻松地管理我的 FTP 用户。我遇到的问题是,我必须将目录权限设置为 777,以允许保存在 mysql 数据库中的虚拟用户编辑和保存文件。如果我将其更改为 775,则用户将被拒绝权限。
这是我的 proftpd.conf 文件
Include /etc/proftpd/modules.conf
ServerName "ServerName"
ServerType standalone
ServerIdent on "Servers identifying string"
DeferWelcome on
DefaultServer on
DisplayLogin .welcome # Textfile to display on login
DisplayConnect .connect # Textfile to display on connec$
#DisplayFirstChdir .firstchdir # Textfile to display on first $
UseReverseDNS off
IdentLookups off
Port 21
Umask 022
MaxInstances 15
MaxClientsPerHost 3 "Only %m connections per host a$
MaxClients 10 "Only %m total simultanious log$
MaxHostsPerUser 1
User proftpd
Group www-data
ScoreboardFile /var/log/scoreboard
# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Define log-files to use
TransferLog /var/log/proftpd.xferlog
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
ExtendedLog /var/log/proftpd.auth_log AUTH auth
ExtendedLog /var/log/proftpd.paranoid_log ALL default
SQLLogFile /var/log/proftpd.mysql
# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin username password
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiratio$
# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'"$
# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"
# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now($
AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
#PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
<Directory /path/to/dir>
AllowOverwrite on
HideNoAccess off
<Limit READ>
AllowAll
</Limit>
<Limit WRITE>
AllowAll
</Limit>
</Directory>
<Directory /path/to/dir>
AllowOverwrite on
HideNoAccess on
<Limit READ>
AllowAll
</Limit>
<Limit STOR MKD>
AllowAll
</Limit>
</Directory>
我将proftpd
运行 proftpd 服务的用户放在 www-data 中(设置为该目录的组)。我更改了虚拟用户 GID,使其与系统的 www-data GID 匹配(即33
)。当我使用虚拟用户创建新文件时,该文件 GID 设置为65533
,权限设置为644
。我的系统文件中不存在此 GID /etc/group
。
我如何保留文件夹和文件的权限755
并允许用户编辑和保存这些文件?
答案1
我怀疑 mod_sql 可能会过滤您在 SQL 数据库中分配给用户的 UID/GID 值。默认情况下,mod_sql(出于历史原因)对数字 ID 施加最小值;任何低于此最小值的值都将映射到默认值。请参阅:
http://www.proftpd.org/docs/contrib/mod_sql.html#SQLMinID
并且该值 65533 来自默认值,例如:
http://www.proftpd.org/docs/contrib/mod_sql.html#SQLDefaultUID
因此,考虑到这一点,您可以尝试添加:
SQLMinID 1
到您的 proftpd.conf。