问题
我遇到一个问题,当用户尝试从服务器删除 1000 个文件并断开它们与服务器的连接时,我的 ProFTPD 服务器会取消 FTP 用户的请求。
Filezilla 在消息日志中显示如下内容:
Deleting file 1 - Successful
Deleting file 2 - Successful
...
Connection closed by server
Connecting to server again
...
Deleting file 1 again - file not found
Deleteing file 2 again - file not found
...
大约 500 次删除操作失败后,服务器将关闭连接。
我已经在公司内部使用连接到本地服务器 IP 的 filezilla 进行了测试,因此服务器和客户端之间没有防火墙。
ProFTPD 是否有一个设置可以限制所有 FTP 用户的删除操作?
唯一一次不会发生这种情况的是当我以用户身份执行此操作时root。
服务器配置
Ubuntu Linux 16.04.1
ProFTPd v 1.35
Virtualmin GPL 最新
我检查了 ProFTPD 配置文件中是否有任何相关设置,但没有找到任何设置。
知道是什么原因造成的吗?
更新
该xferlog文件除了传输之外没有显示任何内容(没有显示错误),因此没有任何实际用处。典型的消息如下:
Wed Aug 08 11:53:31 2018 0 192.168.144.166 164276 /home/virtual_server_name/public_html/wp-content/uploads/2018/test/image_330746-1024x768.jpg b _ d r virtual_server_name ftps 0 * c
仅显示proftpd.log连接:
2018-08-08 11:53:31,286 domain.com proftpd[12636] localhost (192.168.144.166[192.168.144.166]): FTP session opened.
2018-08-08 11:53:31,345 domain.com proftpd[12636] localhost (192.168.144.166[192.168.144.166]): USER virtual_server_user: Login successful.
2018-08-08 11:53:32,824 domain.com proftpd[12636] localhost (192.168.144.166[192.168.144.166]): FTP session closed.
更新2 经过进一步检查,似乎这与 TLS 有某种联系,因为当通过普通 FTP 连接时,相同的用户不会遇到相同的问题。也就是说,他们在删除许多文件时不会突然断开连接。
更新 3 启用调试后,详细日志显示以下内容:
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_exec
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_rewrite
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_tls
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_core
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_core
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_quotatab
dispatching PRE_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_log
dispatching CMD command 'DELE image_344312_9-1024x576.jpg' to mod_core
in dir_check_full(): path = '/public_html/wp-content/uploads/2018/bla/image_344312_9-1024x576.jpg', fullpath = '/home/domain.com/public_html/wp-content/uploads/2018/bla/image_344312_9-1024x576.jpg'.
in dir_check_full(): setting umask to 0022 (was 0022)
dispatching POST_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_exec
dispatching POST_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_quotatab
dispatching LOG_CMD command 'DELE image_344312_9-1024x576.jpg' to mod_log
基本上我得到了 500-1000 个这样的日志部分(每个被删除的文件 1 个)
接下来是有趣的部分:
ROOT PRIVS at mod_auth_pam.c:201
RELINQUISH PRIVS at mod_auth_pam.c:228
mod_tls/2.6: scrubbing 1 passphrase from memory
FTP session closed.
ROOT PRIVS at main.c:1227
RELINQUISH PRIVS at main.c:1231
no matching vhost found for ::ffff:192.168.144.12#21, using 'Debian' listening on wildcard address
ROOT PRIVS at main.c:1034
SETUP PRIVS at main.c:1039
session requested from client in unknown class
performing module session initializations
mod_unique_id/0.2: generating unique session ID
mod_unique_id/0.2: unique session ID is 'W2vyzn8AAAHAqJCmAAB+Gt0I'
ROOT PRIVS at mod_tls.c:2199
RELINQUISH PRIVS at mod_tls.c:2225
mod_tls/2.6: supporting TLSv1, TLSv1.1, TLSv1.2 protocols
ROOT PRIVS at mod_tls.c:2865
RELINQUISH PRIVS at mod_tls.c:2874
ROOT PRIVS at mod_tls.c:2930
RELINQUISH PRIVS at mod_tls.c:2932
ROOT PRIVS at mod_tls.c:3015
RELINQUISH PRIVS at mod_tls.c:3537
mod_cap/1.1: adding CAP_AUDIT_WRITE capability
mod_ident/1.0: ident lookup disabled
ROOT PRIVS at mod_delay.c:1756
RELINQUISH PRIVS at mod_delay.c:1759
ROOT PRIVS at mod_log.c:2105
RELINQUISH PRIVS at mod_log.c:2108
ROOT PRIVS at mod_auth.c:142
opening scoreboard '/run/proftpd.scoreboard'
RELINQUISH PRIVS at mod_auth.c:144
connected - local : ::ffff:192.168.144.12:21
connected - remote : 192.168.144.166:61300
FTP session opened.
dispatching PRE_CMD command 'AUTH TLS' to mod_exec
dispatching PRE_CMD command 'AUTH TLS' to mod_rewrite
dispatching PRE_CMD command 'AUTH TLS' to mod_tls
dispatching PRE_CMD command 'AUTH TLS' to mod_core
dispatching PRE_CMD command 'AUTH TLS' to mod_core
dispatching CMD command 'AUTH TLS' to mod_tls
dispatching POST_CMD command 'AUTH TLS' to mod_exec
dispatching LOG_CMD command 'AUTH TLS' to mod_log
dispatching PRE_CMD command 'USER domain.com' to mod_exec
dispatching PRE_CMD command 'USER domain.com' to mod_rewrite
dispatching PRE_CMD command 'USER domain.com' to mod_tls
dispatching PRE_CMD command 'USER domain.com' to mod_core
dispatching PRE_CMD command 'USER domain.com' to mod_core
dispatching PRE_CMD command 'USER domain.com' to mod_delay
dispatching PRE_CMD command 'USER domain.com' to mod_auth
dispatching CMD command 'USER domain.com' to mod_ratio
dispatching CMD command 'USER domain.com' to mod_auth
dispatching POST_CMD command 'USER domain.com' to mod_exec
dispatching POST_CMD command 'USER domain.com' to mod_delay
dispatching LOG_CMD command 'USER domain.com' to mod_log
dispatching PRE_CMD command 'PASS (hidden)' to mod_exec
dispatching PRE_CMD command 'PASS (hidden)' to mod_rewrite
dispatching PRE_CMD command 'PASS (hidden)' to mod_tls
dispatching PRE_CMD command 'PASS (hidden)' to mod_core
dispatching PRE_CMD command 'PASS (hidden)' to mod_core
dispatching PRE_CMD command 'PASS (hidden)' to mod_ifsession
retrieved UID 1058 for user 'domain.com'
retrieved group 'domain.com' for GID 1015
retrieved group ID: 1015
retrieved group name: domain.com
dispatching PRE_CMD command 'PASS (hidden)' to mod_shaper
ROOT PRIVS at mod_shaper.c:2026
RELINQUISH PRIVS at mod_shaper.c:2028
dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap2
dispatching PRE_CMD command 'PASS (hidden)' to mod_ban
dispatching PRE_CMD command 'PASS (hidden)' to mod_wrap
dispatching PRE_CMD command 'PASS (hidden)' to mod_radius
dispatching PRE_CMD command 'PASS (hidden)' to mod_delay
dispatching PRE_CMD command 'PASS (hidden)' to mod_auth
dispatching CMD command 'PASS (hidden)' to mod_auth
retrieved UID 1058 for user 'domain.com'
retrieved group ID: 1015
retrieved group name: domain.com
ROOT PRIVS at mod_auth_pam.c:344
RELINQUISH PRIVS at mod_auth_pam.c:514
user 'domain.com' authenticated by mod_auth_pam.c
ROOT PRIVS at auth.c:1310
RELINQUISH PRIVS at auth.c:1312
USER PRIVS 1058 at mod_auth.c:1363
RELINQUISH PRIVS at mod_auth.c:1365
Config for Debian:
IdentLookups
DeferWelcome
MultilineRFC2228
DefaultServer
ShowSymlinks
DisplayLogin
DisplayChdir
ListOptions
DenyFilter
PassivePorts
UserID
UserName
GroupID
GroupName
Umask
DirUmask
AllowOverwrite
TransferLog
SystemLog
QuotaEngine
Ratios
DelayEngine
TLSRSACertificateFile
TLSRSACertificateKeyFile
TLSEngine
TLSCACertificateFile
DefaultRoot
RootLogin
IdentLookups
ServerIdent
UseFtpUsers
RequireValidShell
AllowOverwrite
ROOT PRIVS at mod_auth.c:1453
opening TransferLog '/var/log/proftpd/xferlog'
setting group ID: 1015
RELINQUISH PRIVS at mod_auth.c:1493
USER PRIVS 1058 at mod_auth.c:796
retrieved UID 1058 for user 'domain.com'
RELINQUISH PRIVS at mod_auth.c:799
set TZ environment variable to 'CET'
Preparing to chroot to directory '/home/domain.com'
ROOT PRIVS at auth.c:1424
RELINQUISH PRIVS at auth.c:1427
Environment successfully chroot()ed
ROOT PRIVS at mod_auth.c:1542
SETUP PRIVS at mod_auth.c:1564
in dir_check_full(): path = '/', fullpath = '/home/domain.com/'.
dispatching POST_CMD command 'PASS (hidden)' to mod_exec
dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession
dispatching POST_CMD command 'PASS (hidden)' to mod_ratio
dispatching POST_CMD command 'PASS (hidden)' to mod_shaper
dispatching POST_CMD command 'PASS (hidden)' to mod_wrap2
dispatching POST_CMD command 'PASS (hidden)' to mod_ban
dispatching POST_CMD command 'PASS (hidden)' to mod_quotatab
dispatching POST_CMD command 'PASS (hidden)' to mod_radius
dispatching POST_CMD command 'PASS (hidden)' to mod_tls
dispatching POST_CMD command 'PASS (hidden)' to mod_cap
mod_cap/1.1: uid = 1058, euid = 1058, gid = 1015, egid = 1015
mod_cap/1.1: capabilities '= cap_chown,cap_setgid,cap_setuid,cap_net_bind_service,cap_audit_write+ep'
dispatching POST_CMD command 'PASS (hidden)' to mod_delay
dispatching POST_CMD command 'PASS (hidden)' to mod_log
dispatching POST_CMD command 'PASS (hidden)' to mod_ls
dispatching POST_CMD command 'PASS (hidden)' to mod_auth
unable to display DisplayLogin file 'welcome.msg': No such file or directory
dispatching POST_CMD command 'PASS (hidden)' to mod_rlimit
dispatching POST_CMD command 'PASS (hidden)' to mod_xfer
dispatching POST_CMD command 'PASS (hidden)' to mod_core
dispatching LOG_CMD command 'PASS (hidden)' to mod_log
dispatching LOG_CMD command 'PASS (hidden)' to mod_ratio
dispatching LOG_CMD command 'PASS (hidden)' to mod_readme
dispatching LOG_CMD command 'PASS (hidden)' to mod_auth
USER domain.com: Login successful.
dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_exec
dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_rewrite
dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_tls
dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core
dispatching PRE_CMD command 'OPTS UTF8 ON' to mod_core
dispatching CMD command 'OPTS UTF8 ON' to mod_core
in dir_check_full(): path = '/', fullpath = '/home/domain.com/'.
dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_exec
dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_rewrite
dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_tls
dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core
dispatching PRE_CMD command 'OPTS_UTF8 ON' to mod_core
dispatching CMD command 'OPTS_UTF8 ON' to mod_lang
mod_lang/1.0: Handling OPTS UTF8 ON (current encoding is 'UTF-8')
dispatching POST_CMD command 'OPTS_UTF8 ON' to mod_exec
dispatching LOG_CMD command 'OPTS_UTF8 ON' to mod_log
dispatching POST_CMD command 'OPTS UTF8 ON' to mod_exec
dispatching LOG_CMD command 'OPTS UTF8 ON' to mod_log
dispatching PRE_CMD command 'PBSZ 0' to mod_exec
dispatching PRE_CMD command 'PBSZ 0' to mod_rewrite
dispatching PRE_CMD command 'PBSZ 0' to mod_tls
dispatching PRE_CMD command 'PBSZ 0' to mod_core
dispatching PRE_CMD command 'PBSZ 0' to mod_core
dispatching CMD command 'PBSZ 0' to mod_tls
dispatching POST_CMD command 'PBSZ 0' to mod_exec
dispatching LOG_CMD command 'PBSZ 0' to mod_log
dispatching PRE_CMD command 'PROT P' to mod_exec
dispatching PRE_CMD command 'PROT P' to mod_rewrite
dispatching PRE_CMD command 'PROT P' to mod_tls
dispatching PRE_CMD command 'PROT P' to mod_core
dispatching PRE_CMD command 'PROT P' to mod_core
dispatching CMD command 'PROT P' to mod_tls
in dir_check_full(): path = '/', fullpath = '/home/domain.com/'.
dispatching POST_CMD command 'PROT P' to mod_exec
dispatching POST_CMD command 'PROT P' to mod_xfer
dispatching LOG_CMD command 'PROT P' to mod_log
之后,它继续执行与日志第一部分(删除文件)相同的操作,只是添加了一条消息unable to lstat /path/to/file No such file or directory