proftpd 配置可以上传,但无法删除的特殊权限
- font size decrease font size increase font size
常见的特殊的需求:
对于FTP服务器上的某个部门的目录,要求:
部门所有人员可以上传下载但无法删除(包括文件和目录)
部门领导全部权限(包括删除)
用redhat自带的vsftp实现起来比较困难,google了以后发现proftpd实现起来比较简单
例如:
客服部
部门成员member,可以上传下载,但是无法删
部门主管manager,有全部权限
下载安装:
因为是CENTOS,直接下载rpm安装
wget http://packages.sw.be/proftpd/proftpd-1.3.2-1.el5.rf.i386.rpm
安装之后
主目录在/var/ftp
配置文件为 /etc/proftpd.conf
服务名为 proftpd
直接启动服务的情况是:
系统用户直接登录,且被chroot在"家目录"下
匿名用户无法登陆
设计实施:
部门的目录放在/var/ftp/kefu(客服部),部门人员登录后被chroot在此目录下
目录的所有者是主管manager
目录的所有组是kefu
目录权限为770(只有此部门的人员才可以进此目录)
设置如下:
/var/ftp下的kefu目录
drwxrwx--- 2 manager kefu 4096 Mar 3 13:11 kefu
/etc/passwd文件的设置(将他们的主目录设为/var/ftp/kefu,shell改为/sbin/nologin不允许ssh)
manager:x:501:502::/var/ftp/kefu:/sbin/nologin
member:x:502:503::/var/ftp/kefu:/sbin/nologin
新建kefu组,member是组员
配置文件proftpd.conf
- <Directory /var/ftp/kefu> 对这个目录进行限制
- umask 000
- <Limit DELE RMD>
- DenyGroup kefu
- </Limit>
- </Directory>
解释:
- umask 000
- 此目录下所有用户上传的掩码都是000,这样新文件权限是666,新文件夹是777,这样做是为了保证member传的文件,其他人也可以删,默认掩码是022
- <Limit DELE RMD>
- DenyGroup kefu
- 此目录下对于DELE(删除文件)RMD(删除目录)操作加以限制,对kefu组是拒绝,也就保证了kefu组成员无法执行删除操作.如果需要对单个用户(例如member)限制就用 DenyUser member
- 其实就是无法执行(DELE ,RMD)这两个ftp指令
整个思路:
通过系统权限来允许所有的文件都可以对任何人读写(就是非创建者也可以删)
通过限制FTP指令的执行来限制特定的用户(组)无法执行删除
总的来说就是利用两个层面的限制实现对权限”先放,后收”
( ! ) Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/vhosts/shan.info/httpdocs/templates/gk_publisher/html/com_k2/templates/default/item.php on line 169 | ||||
---|---|---|---|---|
Call Stack | ||||
# | Time | Memory | Function | Location |
1 | 0.0005 | 416160 | {main}( ) | .../index.php:0 |
2 | 0.0851 | 4721784 | Joomla\CMS\Application\SiteApplication->execute( ) | .../index.php:49 |
3 | 0.0851 | 4721784 | Joomla\CMS\Application\SiteApplication->doExecute( ) | .../CMSApplication.php:196 |
4 | 0.2909 | 12450256 | Joomla\CMS\Application\SiteApplication->dispatch( ) | .../SiteApplication.php:233 |
5 | 0.2922 | 12475032 | Joomla\CMS\Component\ComponentHelper::renderComponent( ) | .../SiteApplication.php:194 |
6 | 0.2932 | 12530360 | Joomla\CMS\Component\ComponentHelper::executeComponent( ) | .../ComponentHelper.php:377 |
7 | 0.2936 | 12559184 | require_once( '/var/www/vhosts/shan.info/httpdocs/components/com_k2/k2.php' ) | .../ComponentHelper.php:402 |
8 | 0.3049 | 12994592 | K2ControllerItem->execute( ) | .../k2.php:64 |
9 | 0.3049 | 12994592 | K2ControllerItem->display( ) | .../BaseController.php:710 |
10 | 0.3167 | 13719792 | K2ControllerItem->display( ) | .../item.php:78 |
11 | 0.3167 | 13719792 | K2ControllerItem->display( ) | .../controller.php:19 |
12 | 0.3211 | 14116160 | Joomla\CMS\Cache\Controller\ViewController->get( ) | .../BaseController.php:663 |
13 | 0.3220 | 14136528 | K2ViewItem->display( ) | .../ViewController.php:102 |
14 | 0.3910 | 17108576 | K2ViewItem->display( ) | .../view.html.php:742 |
15 | 0.3910 | 17108576 | K2ViewItem->loadTemplate( ) | .../HtmlView.php:230 |
16 | 0.3924 | 17288776 | include( '/var/www/vhosts/shan.info/httpdocs/templates/gk_publisher/html/com_k2/templates/default/item.php' ) | .../HtmlView.php:701 |
- Published in CentOS 6
- Read 3935 times
( ! ) Notice: Only variables should be assigned by reference in /var/www/vhosts/shan.info/httpdocs/templates/gk_publisher/html/com_k2/templates/default/item.php on line 478 | ||||
---|---|---|---|---|
Call Stack | ||||
# | Time | Memory | Function | Location |
1 | 0.0005 | 416160 | {main}( ) | .../index.php:0 |
2 | 0.0851 | 4721784 | Joomla\CMS\Application\SiteApplication->execute( ) | .../index.php:49 |
3 | 0.0851 | 4721784 | Joomla\CMS\Application\SiteApplication->doExecute( ) | .../CMSApplication.php:196 |
4 | 0.2909 | 12450256 | Joomla\CMS\Application\SiteApplication->dispatch( ) | .../SiteApplication.php:233 |
5 | 0.2922 | 12475032 | Joomla\CMS\Component\ComponentHelper::renderComponent( ) | .../SiteApplication.php:194 |
6 | 0.2932 | 12530360 | Joomla\CMS\Component\ComponentHelper::executeComponent( ) | .../ComponentHelper.php:377 |
7 | 0.2936 | 12559184 | require_once( '/var/www/vhosts/shan.info/httpdocs/components/com_k2/k2.php' ) | .../ComponentHelper.php:402 |
8 | 0.3049 | 12994592 | K2ControllerItem->execute( ) | .../k2.php:64 |
9 | 0.3049 | 12994592 | K2ControllerItem->display( ) | .../BaseController.php:710 |
10 | 0.3167 | 13719792 | K2ControllerItem->display( ) | .../item.php:78 |
11 | 0.3167 | 13719792 | K2ControllerItem->display( ) | .../controller.php:19 |
12 | 0.3211 | 14116160 | Joomla\CMS\Cache\Controller\ViewController->get( ) | .../BaseController.php:663 |
13 | 0.3220 | 14136528 | K2ViewItem->display( ) | .../ViewController.php:102 |
14 | 0.3910 | 17108576 | K2ViewItem->display( ) | .../view.html.php:742 |
15 | 0.3910 | 17108576 | K2ViewItem->loadTemplate( ) | .../HtmlView.php:230 |
16 | 0.3924 | 17288776 | include( '/var/www/vhosts/shan.info/httpdocs/templates/gk_publisher/html/com_k2/templates/default/item.php' ) | .../HtmlView.php:701 |