pure-ftpd manual 中文翻译

memory · 发表于 2006-10-16 09:05:47

这几天一直在研究pure-ftpd。为了方便查阅，花了些时间把手册翻译了。自己英文水平很差，有错误的地方还请大家多批评指正！

pure-ftpd(8) Pure-FTPd pure-ftpd(8)
NAME
pure-ftpd - simple File Transfer Protocol server
SYNOPSIS
pure-ftpd [-0] [-1] [-4] [-6] [-a gid] [-A] [-b] [-B] [-c clients] [-C
cnx/ip] [-d [-d]] [-D] [-e] [-E] [-f facility] [-F fortunes file] [-g
pidfile] [-G] [-H] [-i] [-I] [-j] [-k percentage] [-K] [-l authentica
tion[:config file]] [-L max files:max depth] [-m maxload] [-M] [-n max
files:maxsize] [-N] [-o] [-O format:log file] [-p first:last] [-P ip
address or host name] [-q upload:download ratio] [-Q upload:download
ratio] [-r] [-R] [-s] [-S [address,][port]] [-t upload bandwidth:down
load bandwidth] [-T upload bandwidth:download bandwidth] [-u uid] [-U
umask files:umask dirs] [-v bonjour name] [-V ip address] [-w] [-W]
[-x] [-X] [-y max user sessions:max anon sessions] [-Y tls behavior]
[-z] [-Z]
Alternative style :
-0 --notruncate
-1 --logpid
-4 --ipv4only
-6 --ipv6only
-a --trustedgid
-A --chrooteveryone
-b --brokenclientscompatibility
-B --daemonize
-c --maxclientsnumber
-C --maxclientsperip
-d --verboselog
-D --displaydotfiles
-e --anonymousonly
-E --noanonymous
-f --syslogfacility
-F --fortunesfile
-g --pidfile
-G --norename
-h --help
-H --dontresolve
-i --anonymouscantupload
-I --maxidletime
-j --createhomedir
-k --maxdiskusagepct
-K --keepallfiles
-l --login
-L --limitrecursion
-m --maxload
-M --anonymouscancreatedirs
-n --quota
-N --natmode
-o --uploadscript
-O --altlog
-p --passiveportrange
-P --forcepassiveip
-q --anonymousratio
-Q --userratio
-r --autorename
-R --nochmod
-s --antiwarez
-S --bind
-t --anonymousbandwidth
-T --userbandwidth
-u --minuid
-U --umask
-v --bonjour
-V --trustedip
-w --allowuserfxp
-W --allowanonymousfxp
-x --prohibitdotfileswrite
-X --prohibitdotfilesread
-y --peruserlimits
-Y --tls
-z --allowdotfiles
-Z --customerproof
DESCRIPTION
Pure-FTPd is a small, simple server for the old and hairy File Transfer
Protocol, designed to use less resources than older servers, be smaller
and very secure, and to never execute any external program.
Pure-FTPd 是为老的危险的ftp协议设计的一个小的、简单的服务器，他将比老版本的
服务器更少的占用资源，更小更安全，并且决不执行其他外部程序。
It support most-used features and commands of FTP (including many mod
ern extensions), and leaves out everything which is deprecated, mean
ingless, insecure, or correlates with trouble.
它支持绝大部分ftp命令和特性（包括很多时髦的扩展），去除了遭非议的、无意义的、
不安全的和容易出问题的部分。
IPv6 is fully supported.
对IPv6完全的支持。
OPTIONS
-0 When a file is uploaded and there is already a previous version
of the file with the same name, the old file will neither get
removed nor truncated. Upload will take place in a temporary
file and once the upload is complete, the switch to the new ver
sion will be atomic. This option should not be used together
with virtual quotas.
“NoTruncate” Yes | No
当有与你上传的同名文件时，原文件既不删除也不截断。上传将被放到临时文件中，
一次完成上传后将以原子操作方式将文件切换到新版本上。
注意：此选项不能同 -n 一起使用。
-1 Add the PID to the syslog output. Ignored if -f none is set.
“LogPID” Yes | No
将PID添加到日志文件中。如果 -f 设置为 none，此参数将被忽略。
-4 Listen only to IPv4 connections.
“IPV4Only” Yes | No
仅绑定ipv4地址。
-6 Listen only to IPv6 connections.
“IPV6Only” Yes | No
仅绑定ipv6地址。
-a gid Regular users will be chrooted to their home directories, unless
they belong to the specified gid. Note that root is always
trusted, and that chroot() occurs only for anonymous ftp without
this option.
“TrustedGID” gid
除了属于指定组的用户和root用户，所有用户将被chroot到自己的home目录。
匿名用户将一直被chroot，不需指定此选项。
-A Chroot() everyone, but root.
“ChrootEveryone” Yes | No
除root用户，所有用户将被chroot。
-b Be broken. Turns on some compatibility hacks for shoddy clients,
and for broken Netfilter gateways.
“BrokenClientsCompatibility” Yes | No
兼容ie等比较非正规化的ftp客户端。
-B Start the standalone server in background (daemonize).
“Daemonize” Yes | No
以守护程序方式启动。
-c clients
Allow a maximum of clients to be connected. clients must be at
least 1, and if you combine it with -p it will be forced down to
half the number of ports specified by -p. If more than clients
are connected, new clients are rejected at once, even clients
wishing to upload, or to log in as normal users. Therefore, it
is advisable to use -m as primary overload protection. The
default value is 50.
“MaxClientsNumber” clients
允许最大的并发连接数。此值至少是1，如指定了 -p 参数，此值被强制降至端口数
一半一下。如果客户连接数超过此值，新的连接将被立刻拒绝，即使想上传或标准
用户登录。因此，使用 -m 作为首要的过载保护是明智的。此值默认为50。
-C max connection per ip
Limit the number of simultanous connections coming from the same
IP address. This is yet another very effective way to prevent
stupid denial of services and bandwidth starvation by a single
user. It works only when the server is launched in standalone
mode (if you use a super-server, it is supposed to do that). If
the server is launched with -C 2 , it doesnt mean that the
total number of connection is limited to 2. But the same
client, coming from the same machine (or at least the same IP),
cant have more than two simultaneous connections. This features
needs some memory to track IP addresses, but its recommended to
use it.
“MaxClientsPerIP” maxconnects
每ip最大并非连接数。限制来自同一ip的并发连接数。这也是防止单个用户引发
DOS攻击和带宽耗尽的非常有效的方法。此选项仅当服务以守护程序方式启动时才
有效（如你使用super-server启动服务，它应该有效）。如此值为2，它不意味着
总的连接数被限制为2。但同一用户，来自同一台机器（或至少同一IP），不能多
于两个并发数。此特性需要消耗一些内存来跟踪IP地址，但建议使用它。
-d turns on debug logging. Every command is logged, except that the
argument to PASS is changed to "<password>". If you repeat -d ,
responses too are logged.
“VerboseLog” Yes | No
打开调试日志。每个命令将被日志，除了PASS被日志为“<password>”。如重复 -d，
服务器回应也将被日志。
-D Display dot-files.
“DisplayDotFiles” Yes | No
允许显示'.'文件或目录。
-e Only allow anonymous users to log in.
“AnonymousOnly” Yes | No
仅允许匿名服务。
-E Only allow authenticated login. Anonymous users are prohibited.
“NoAnonymous” Yes | No
仅允许非匿名服务。
-f facility
makes ftpd use facility for all syslog(3) messages. facility
defaults to ftp. The facility names are normally listed in
/usr/include/sys/syslog.h. Note that if -f is not the first
option on the command line, a couple of messages may be logged
to local2 before the -f option is parsed. Use -f none to dis
able logging.
“SyslogFacility” facility
缺省的功能( facility )是 "ftp"。 "none" 将禁止日志。
-F fortunes file
Display a funny random message in the initial login banner. The
random cookies are extracted from a text file, in the standard
fortune format. If you installed the fortune package, you should
have a directory (usually /usr/share/fortune ) with binary files
( xxxx.dat ) and text files (without the .dat extension).
“FortunesFile” filename
显示随机有趣的登录信息。信息从文本文件中读取，以标准的fortune格式。如你
已经安装fortune软件包，你将有个目录（通常是/usr/share/fortune）中包括二
进制文件（xxxx.dat）和文本文件（没有.dat扩展名的）。
-g pidfile
In standalone mode, write the pid to that file in instead of
/var/run/pure-ftpd.pid .
在standalone（守护方式）下，写PID到指定文件中替代/var/run/pure-ftpd.pid。
-G When this option is enabled, people can no more change the name
of already uploaded files, even if they own those files or their
directory.
“NoRename” Yes | No
指定此选项后，不允许用户对文件改名，即使他是文件或目录的拥有者。
-H Dont resolve host names ("192.0.34.166" will be logged instead
of "www.example.com"). It can significantly speed up connections
and reduce bandwidth usage on busy servers. Use it especially on
public FTP sites.
“DontResolve” Yes | No
不解析主机名（“192.0.34.166”将被日志代替“www.example.com”）。在繁忙的服务器上
将明显提高连接速度、减少带宽使用。应该在公共ftp上使用此选项。
-i Disallow upload for anonymous users, whatever directory permis
sions are. This option is especially useful for virtual hosting,
to avoid your users create warez sites in their account.
“AnonymousCantUpload” Yes | No
不允许匿名用户上传，无论目录权限如何。此选项对虚拟主机特别有用，避免用户使用
他们的帐号建立warez网站（盗版软件站）。
-I timeout
Change the maximum idle time. The timeout is in minutes, and
defaults to 15.
“MaxIdleTime” timeout
修改最大空闲时间。超时时间以分钟计，缺省为15分钟。
-j If the home directory of an user doesnt exist, automatically
create it. The newly created home directory belongs to the user,
and permissions are set according to the current directory mask.
To avoid local attacks, the parent directory should never belong
to an untrusted user.
“CreateHomeDir” Yes | No
如果用户home目录不存在，自动建立它。新建的home目录属于用户，权限按当前目录掩码
设置。为避免本地攻击，上级目录绝不能属于不可信用户。
-k percentage
Disallow upload if the partition is more than percentage full.
Example: -k 95 will ensure that your disk will never get filled
more than 95% by FTP users.
“MaxDiskUsage” percentage
当所在磁盘分区使用超过百分之 X 时，将不在接受新的上传。
例如： -k 95 将确保ftp用户空间占用决不会超过磁盘的95％。
-K Allow users to resume and upload files, but NOT to delete them.
Directories can be removed, but only if they are empty.
“KeepAllFiles” Yes | No
允许用户恢复和上传文件，却不允许删除他们。目录可以删除，但必须是空目录。
-l authentication:file
Enable a new authentication method. It can be one of : -l unix
For standard (/etc/passwd) authentication. -l pam For PAM
authentication. -l ldap:LDAP config file For LDAP directories.
-l mysql:MySQL config file For MySQL databases. -l pgsql:Post
gres config file For Postgres databases. -l puredb:PureDB
database file For PureDB databases. -l extauth:path to pure-
authd socket For external authentication handlers.
Different authentication methods can be mixed together. For
instance if you run the server with -lpuredb:/etc/pwd.pdb
-lmysql:/etc/my.cf -lunix Accounts will first be authenticated
from a PureDB database. If it fails, a MySQL server will be
asked. If the account is still not found is the database, stan
dard unix accounts will be scanned. Authentication methods are
tried in the order you give the -l options.
See the README.LDAP and README.MySQL files for info about the
built-in LDAP and SQL directory support.
使新的认证方法生效。它可以是下列之一：
“UnixAuthentication” Yes | No
-l unix，标准的认证（/etc/passwd）；
“PAMAuthentication” Yes | No
-l pam， PAM 认证；
“LDAPConfigFile” LDAP config filename
-l ldap:LDAP配置文件，LDAP目录认证；
“MySQLConfigFile” MySQL config filename
-l mysql:MySQL配置文件，MySQL数据库认证；
“PGSQLConfigFile” Postgres config filename
-l pgsql:Postgres配置文件，Postgres数据库认证；
“PureDB” PureDB database filename
-l puredb:PureDB数据库文件，PureDB数据库认证；
“ExtAuth” ExtAuth filename
-l extauth:pure-authd套接字路径，外部认证处理程序。
不同的认证方法可以混合在一起。例如，如果你指定了-lpuredb:/etc/pwd.pdb
-lmysql:/etc/my.cf -lunix参数运行服务器，用户帐号首先使用PureDB数据库认证。
如果失败了，MySQL服务器将被查询。如果数据库中不能发现帐号，将在unix标准中
搜索。认证方法按照你给定-l选项顺序进行尝试。
有关内建的LDAP目录和SQL数据库支持请查看README.LDAP和README.MySQL文件。
-L max files:max depth
Avoid denial-of-service attacks by limiting the number of dis
played files in a ls and the maximum depth of a recursive
ls. Defaults are 2000:5 (2000 files displayed for a single
ls and walk through 5 subdirectories max).
“LimitRecursion” maxfiles:maxdepth
为避免DOS攻击限制ls命令的目录列表文件数和最大的子目录深度。缺省为2000:5
（2000是ls命令显示文件数，5是子目录级数）。
-m load
Do not allow anonymous users to download files if the load is
above load when the user connects. Uploads and file listings are
still allowed, as are downloads by real users. The user is not
told about this until he/she tries to download a file.
“MaxLoad” load
如用户连接数量超过load，则不允许匿名用户下载文件。但一直允许上传文件和目录
列表，实际的用户可以下载。用户只有在尝试着去下载文件时才会得到不允许下载的
通知。
-M Allow anonymous users to create directories.
“AnonymousCanCreateDirs” Yes | No
允许匿名用户新建目录。
-n maxfiles:maxsize
Enable virtual quotas When virtual quotas are enabled, .ftpquota
files are created, and the number of files for an user is
restricted to maxfiles. The max total size of his directory is
also restricted to maxsize Megabytes. Members of the trusted
group arent subject to quotas.
“Quota” maxfiles:maxsize
使虚拟配额生效，.ftpquota文件被建立，用户的文件数被限定为maxfiles。他的目录
大小被限定在maxsizeM字节。受信任组成员不受此限制。
-N NAT mode. Force active mode. If your FTP server is behind a NAT
box that doesnt support applicative FTP proxying, or if you use
port redirection without a transparent FTP proxy, use this.
Well... the previous sentence isnt very clear. Okay: if your
network looks like this:
FTP--NAT.gateway/router--Internet
and if you want people coming from the internet to have access
to your FTP server, please try without this option first. If
Netscape clients can connect without any problem, your NAT gate
way rulez. If Netscape doesnt display directory listings, your
NAT gateway sucks. Use -N as a workaround.
“NATmode” Yes | No
强制主动模式。如果你的ftp服务器在不支持FTP代理的NAT主机后边，或如你使用端口
重定向而没有透明ftp代理，就使用此选项。好，前面的表达不是很清楚。如果你的网
络象下面这个：
ftp -- NAT gateway/router -- Internet
并且如果你想让别人能从Internet访问你的ftp服务器，请先不要尝试设置此选项。如
果Netscape客户端能够连接且没有任何问题，你的NAT网关规则不错。如果netscape不
能显示目录列表，你的NAT网关够衰。使用此选项试一试。
-o Enable pure-uploadscript.
“CallUploadScript” Yes | No
使pure-uploadscript生效。也就是上传完文件后调用指定脚本做处理。
-O format:log file
Record all file transfers into a specific log file, in an alter
native format. Currently, three formats are supported : CLF,
Stats, W3C and xferlog.
If you add
-O clf:/var/log/pureftpd.log
to your starting options, Pure-FTPd will log transfers in
/var/log/pureftpd.log in a format similar to the Apache web
server in default configuration.
If you add
-O stats:/var/log/pureftpd.log
to your starting options, Pure-FTPd will create accurate log
files designed for traffic analys software like ftpStats.
If you add
-O w3c:/var/log/pureftpd.log
to your starting options, Pure-FTPd will create W3C-conformant
log files.
For security purposes, the path must be absolute (eg.
/var/log/pureftpd.log, not ../log/pureftpd.log).
“AltLog” format:log file
记录所有的文件传输到一指定的日志文件，以另外一种格式。当前，支持3种格式：
CLF，Stats，W3C和xferlog。
-p first:last
Use only ports in the range first to last inclusive for pas
sive-mode downloads. This means that clients will not try to
open connections to TCP ports outside the range first - last,
which makes pure-ftpd more compatible with packet filters. Note
that the maximum number of clients (specified with -c) is forced
down to (last + 1 - first)/2 if it is greater, as the default
is. (The syntax for the port range is, conveniently, the same as
that of iptables).
“PassivePortRange” first:last
被动模式下下载使用first到last范围内的端口。这意味着客户端将不会尝试打开tcp
连接到服务器first到last之外的端口，这使得pure-ftpd与包过滤软件更兼容。注意
如果最大连接数（-c 指定）大于(last + 1 - first)/2的话将被被强制降到此值。
（端口范围的语法与IPTABLES相同，方便双方的设置）。
-P ip address or host name
Force the specified IP address in reply to a PASV/EPSV/SPSV com
mand. If the server is behind a masquerading (NAT) box that
doesnt properly handle stateful FTP masquerading, put the ip
address of that box here. If you have a dynamic IP address, you
can use a symbolic host name (probably the one of your gateway),
that will be resolved every time a new client will connect.
“ForcePassiveIP” IP | hostname
强制指定的IP答复 PASV/EPSV/SPSV 命令。如你的服务器在一台不能适当处理ftp
状态的NAT机器后面，把NAT主机地址写在这儿。如你使用的是动态ip地址，你可以
使用符合主机名（或许是你的网关），每次有新的客户端连接，它的地址被解析。
-q upload:download
Enable an upload/download ratio for anonymous users (ex: -q 1:5
means that 1 Mb of goodies have to be uploaded to leech 5 Mb).
“AnonymousRatio” upload:download
使匿名用户上传/下载比率生效（例如：-q 1:5意味着每上传1M可以下载5M的数据）。
-Q upload:download
Enable ratios for anonymous and non-anonymous users. If the -a
option is also used, users from the trusted group have no ratio.
“UserRatio” upload:download
使匿名和非匿名用户的上传下载比率生效。如 -a 选项也一起使用，受信任组用户
没有比率限制。
-r Never overwrite existing files. Uploading a file whoose name
already exists cause an automatic rename. Files are called
xyz.1, xyz.2, xyz.3, etc.
“AutoRename” Yes | No
决不覆盖存在的文件。上传一个文件已经存在的文件引起自动改名。文件被叫做xyz.1,
xyz.2, xyz.3等。
-R Disallow users (even non-anonymous ones) usage of the CHMOD com
mand. On hosting services, it may prevent newbies from doing
mistakes, like setting bad permissions on their home directory.
Only root can use CHMOD when this switch is enabled.
“NoChmod” Yes | no
不允许用户（即使是非匿名用户）使用CHMOD命令。在开放服务的主机上，这可以避免新
手犯错误，象对他们的home目录设置错误的权限。若此选项有效，仅root允许使用CHMOD。
-s Dont allow anonymous users to retrieve files owned by "ftp"
(generally, files uploaded by other anonymous users).
“AntiWarez” Yes | No
不允许匿名用户下载所有者是“ftp”的文件（通常，文件是其它匿名用户上传的）。
-S [{ip address|hostname}] [,{port|service name}]
This option is only effective when the server is launched as a
standalone server. Connections are accepted on the specified IP
and port. IPv4 and IPv6 are supported. Numeric and fully-quali
fied host names are accepted. A service name (see /etc/services)
can be used instead of a numeric port number.
“Bind” [{ip address|hostname}] [,{port|service name}]
这个选项只有当服务器以守护程序方式启动时才有效。到指定的ip和端口的连接被
接受。支持ipv4和ipv6。可以接受数字或全称主机名。服务名（看/etc/services）
可以用来代替数字端口号。
-t bandwidth
or -t upload bandwidth:download bandwidth Enable process prior
ity lowering and bandwidth throttling for anonymous users. Delay
should be in kilobytes/seconds.
“AnonymousBandwidth” bandwidth | upload-bandwidth:download-bandwidth
限制匿名用户带宽，带宽单位是k字节/秒。用法参见 -T。
-T bandwidth
or -T upload bandwidth:download bandwidth Enable process prior
ity lowering and bandwidth throttling for *ALL* users.
Pure-FTPd should have been explicitely compiled with throttling
support to have these flags work. It is possible to have dif
ferent bandwidth limits for uploads and for downloads. -t and
-T can indeed be followed by two numbers delimited by a column
(:). The first number is the upload bandwidth and the next one
applies only to downloads. One of them can be left blank which
means infinity. A single number without any column means that
the same limit applies to upload and download.
“UserBandwidth” bandwidth | upload-bandwidth:download-bandwidth
对所有用户限制带宽。
pure-ftpd必须在编译时指定带宽限制支持，此标记才能正常工作。对上传和下载有
不同的带宽限制是可能的。-t 和 -T 可以跟随两个冒号分隔的数字。第一个数是上传
带宽，下一个是下载带宽。它们之一可以是空白代表没限制。当数值而没有冒号代表
上传和下载有相同的限制。
-u uid Do not allow uids below uid to log in (typically, low-numbered
uids are used for administrative accounts). -u 100 is suffi
cient to deny access to all administrative accounts on many
linux boxes, where 99 is the last administrative account.
Anonymous FTP is allowed even if the uid of the ftp user is
smaller than uid. -u 1 denies access only to root accounts. The
default is to allow FTP access to all accounts.
“MinUID” UserID
不允许UID低于此值的用户登录（典型的，数值低的UID是管理帐号使用的）。-u 100
足以在多数linux上禁止管理帐号登录了，这里99是最后的管理帐号。即使ftp帐号的
UID小于此值，匿名访问也是允许的。-u 1 只禁止了root帐号。缺省是允许所有帐号。
-U umask files:umask dirs
Change the mask for creation of new files and directories. The
default are 133 (files are readable -but not writable- by other
users) and 022 (same thing for directory, with the execute bit
on). If new files should only be readable by the user, use
177:077. If you want uploaded files to be executable, use
022:022 (files will be readable by other people) or 077:077
(files will only be readable by their owner).
“Umask” file-umask: dirctory-umask
修改新建文件和目录的掩码（缺省的权限）。缺省掩码是133（文件可读但其它组
用户不可写）和022（目录与文件相同，加上了执行权限）。如果希望新建文件只
对用户可读，使用177:077。如你想上传的文件可执行，使用022:022（文件将其它
组可读）或077:077（文件仅所有者可读）。
注意：umask是反码。如想新建文件权限为644，则umask是133。
-v bonjour name
Set the Bonjour name of the service (only available on MacOS X
when Bonjour support is compiled in).
对苹果机专用选项，忽略。
-V ip address
Allow non-anonymous FTP access only on this specific local IP
address. All other IP addresses are only anonymous. With that
option, you can have routed IPs for public access, and a local
IP (like 10.x.x.x) for administration. You can also have a
routable trusted IP protected by firewall rules, and only that
IP can be used to login as a non-anonymous user.
“TrustedIP” IP address
只允许特定本地ip地址进行非匿名用户访问。所有其他ip地址只允许匿名访问。使用此
选项，你可以指定一个对外服务的IP，和一个用于管理目的本地IP（象10.x.x.x）。你
也可以有一个由防火墙保护的IP，仅有此IP允许非匿名用户登录。
-w Enable support for the FXP protocol, for non-anonymous users
only.
“AllowUserFXP” yes or no
对非匿名用户开放FXP协议支持。
-W Enable the FXP protocol for everyone. FXP IS AN UNSECURE PROTO
COL. NEVER ENABLE IT ON UNTRUSTED NETWORKS.
“AllowAnonymousFXP” yes or no
允许所有用户FXP，包括匿名用户。FXP是一个不安全的协议。在不可信任的网络上
决不使此选项为有效。
-x In normal operation mode, authenticated users can read/write
files beginning with a dot (.). Anonymous users cant, for
security reasons (like changing banners or a forgotten .rhosts).
When -x is used, authenticated users can download dot-files,
but not overwrite/create them, even if they own them. That way,
you can prevent hosted users from messing
“ProhibitDotFilesWrite” yes or no
在标注操作模式，认证用户可以读、写点开始的文件。出于安全理由
（象修改banners或一忘记的.rhosts），匿名用户不允许。当 -x 被指定，认证用户
可以下载'.'开头的文件，但不能覆盖、建立它们，即使是它们的所有者。你可以避免
主机用户的捣乱。
-X This flag is identical to the previous one (writing dot-files is
prohibited), but in addition, users cant even *read* files and
directories beginning with a dot (like "cd .ssh").
“ProhibitDotFilesRead” yes or no
这个标记与前一个相同（禁止写'.'文件），另外，用户不能读'.'文件和目录
（象"cd .ssh"）。
-y per user max sessions:max anonymous sessions
This switch enables per-user concurrency limits. Two values are
separated by a column. The first one is the max number of con
current sessions for a single login. The second one is the maxi
mum number of anonoymous sessions.
“PerUserLimits” value1:value2
此选项能做每用户并发限制。两个数值使用冒号分隔。第一个是最大同一认证用户
（帐号）并发会话数。第二个是最大匿名用户并发会话数。
-Y tls behavior
-Y 0 (default) disables SSL/TLS security mechanisms.
-Y 1 Accept both normal sessions and SSL/TLS ones.
-Y 2 refuses connections that arent using SSL/TLS security
mechanisms, including anonymous ones.
The server must have been compiled with SSL/TLS support and a
valid certificate must be in place to accept encrypted sessions.
“TLS” 0|1|2
-Y 0 （缺省）禁用 SSL/TLS 安全机制。
-Y 1 接受标准会话和 SSL/TLS 会话。
-Y 2 只使用 SSL/TLS 安全机制，包括匿名访问。
服务器必须在编译时设定 SSL/TLS 支持，并且必须在合适的位置有有效的证书来接受
加密回话。
-z Allow anonymous users to read files and directories starting
with a dot (.).
“AllowDotFiles” yes or no
允许匿名用户读点开始的文件和目录。
-Z Add safe guards against common customer mistakes (like chmod 0
on their own files) .
“CustomerProof” yes or no
加入安全防护防护普通的客户犯错误（类似于：chmod 0 他们的文件）。
AUTHENTICATION
Some of the complexities of older servers are left out.
This version of pure-ftpd can use PAM for authentication. If you want
it to consult any files like /etc/shells or /etc/ftpd/ftpusers consult
pam docs. LDAP directories and SQL databases are also supported.
Anonymous users are authenticated in any of three ways:
匿名用户认证有多种方法：
1. The user logs in as "ftp" or "anonymous" and there is an account
called "ftp" with an existing home directory. This server does not ask
anonymous users for an email address or other password.
1、用“ftp”或“anonymous”作为用户名登录，有个叫“ftp”的帐号而且其home目录确实存在。
服务器不会询问匿名用户邮件地址或其它的口令。
2. The user connects to an IP address which resolves to the name of a
directory in /etc/pure-ftpd (or a symlink in that directory to a real
directory), and there is an account called "ftp" (which does not need
to have a valid home directory). See Virtual Servers below.
2、用户连接到解析出来的IP地址是/etc/pure-ftpd中的一个目录名（或是一个链接到一
实际目录的符号链），且有个帐号叫“ftp”（此帐号不需要有有效的home目录）。参见下
面的虚拟服务器。
Ftpd does a chroot(2) to the relevant base directory when an anonymous
user logs in.
当匿名用户登录后，ftpd做chroot到其相应的基本目录。
Note that ftpd allows remote users to log in as root if the password is
known and -u not used.
注意：ftpd允许远程用户作为root登录，如果你知道root的口令并且没有使用 -u 选项。
UNUSUAL FEATURES
Ftpd never switches uid and euid, it uses setfsuid(2) instead. The main
reason is that uid switching has been exploited in several breakins,
but the sheer ugliness of uid switching counts too. Ftpd only calls
setfsuid(2) once, at login.
If a users home directory is /path/to/home/./, FTP sessions under that
UID will be chroot()ed. In addition, if a userss home directory is
/path/to/home/./directory the session will be chroot()ed to
/path/to/home and the FTP session will start in directory.
如用户的home目录是/path/to/home/./，那个用户的ftp会话将被chroot。另外，如用户
home目录是/path/to/home/./directory则ftp会话被chroot到/path/to/home且ftp会话将
在directory中开始。
As noted above, this pure-ftpd omits several features that are required
by the RFC or might be considered useful at first. Here is a list of
the most important omissions.
同上面一样值得注意的是，这个pure-ftpd省略了多个被RFC或起先可能认为很有用的特性。
这儿有一非常重要的冗长列表。
On-the-fly tar is not supported, for several reasons. I feel that users
who want to get many files should use a special FTP client such as
"mirror," which also supports incremental fetch. I dont want to either
add several hundred lines of code to create tar files or execute an
external tar. Finally, on-the-fly tar distorts log files.
自动tar不被支持，有几个理由。我觉得想要获取多个文件的用户应该使用象“mirror”这样
的专门的ftp客户端软件，这种软件也支持增量获取。我不想为建立tar文件或执行外部程序tar
添加几百行代码。最后，自动tar会扰乱日志文件。
On-the-fly compression is left out too. Most files on an FTP site are
compressed already, and if a file isnt, there presumably is a reason
why. (As for decompression: Dont FTP users waste bandwidth enough
without help from on-the-fly decompression?)
自动压缩也被舍去。ftp站点上的大多数文件已经是压缩的了，如果没有，大概有不压缩的
理由。
DIRECTORY ALIASES
Shortcuts for the "cd" command can be set up if the server has been
compiled with the --with-diraliases feature.
To enable directory aliases, create a file called
/etc/pureftpd-dir-aliases and alternate lines of alias names and asso
ciated directories.
目录别名
如服务器编译时指定--with-diraliases选项，则可以设置cd命令的快捷方式。使目录别名生效，建
立一名叫/etc/pureftpd-dir-aliases 的文件，其中交替为别名行和关联的目录。
ANONYMOUS FTP
This server leaves out some of the commands and features that have been
used to subvert anonymous FTP servers in the past, but still you have
to be a little bit careful in order to support anonymous FTP without
risk to the rest of your files.
这个服务器去掉了过去扰乱匿名服务的一些命令和特性。
Make ~ftp and all files and directories below this directory owned by
some user other than "ftp," and only the .../incoming directory/direc
tories writable by "ftp." It is probably best if all directories are
writable only by a special group such as "ftpadmin" and "ftp" is not a
member of this group.
使~ftp和其下的所有文件、目录的所有者不要是“ftp”，此用户仅有incoming目录的写
权限。如只有象“ftpadmin”这样的指定组拥有所有目录的写权限，且“ftp”不是此组成员，
这样大概是最好的。
If you do not trust the local users, put ~ftp on a separate partition,
so local users cant hard-link unapproved files into the anonymous FTP
area.
如你不信任本地用户，放置~ftp到一独立磁盘分区，这样本地用户就不能将未经批准的文
件硬链接到匿名ftp区域。
Use of the -s option is strongly suggested. (Simply add "-s" to the end
of the ftpd line in /etc/inetd.conf to enable it.)
强烈建议使用 -s 选项。（在/etc/inetd.conf文件中ftpd那样行行尾加入 -s 使其生效。）
Most other FTP servers require that a number of files such as
~ftp/bin/ls exist. This server does not require that any files or
directories within ~/ftp whatsoever exist, and I recommend that all
such unnecessary files are removed (for no real reason).
大部分其它的ftp服务器都需要在匿名home目录下有许多的命令文件。这个服务器不需要匿名
home目录下有任何的文件或目录存在，而且我建议删除所有没有用的文件。
It may be worth considering to run the anonymous FTP service as a vir
tual server, to get automatic logins and to firewall off the FTP
address/port to which real users can log in.
运行匿名ftp服务作为虚拟服务器，使得能自动登录，防火墙后的ftp地址/端口用来真正
用户的登录，这种想法是很有价值的。
If your server is a public FTP site, you may want to allow only ftp
and anonymous users to log in. Use the -e option for this. Real
accounts will be ignored and you will get a secure, anonymous-only FTP
server.
如你的服务器是一公共ftp站点，你可能会想只允许匿名登录。使用 -e 选项来达到此目的。
实际用户将被忽略，完全的匿名ftp服务器将更安全。
MAGIC FILES
The files <ftproot>/ are magical.
<ftproot>下的.banner 和 .message 文件是不可思议的。
If there is a file called .banner in the root directory of the anony
mous FTP area, or in the root directory of a virtual host, and it is
shorter than 1024 bytes, it is printed upon login. (If the client does
not log in explicitly, and an implicit login is triggered by a CWD or
CDUP command, the banner is not printed. This is regrettable but hard
to avoid.)
如果在匿名ftp的根目录区有一叫.banner的文件，或在虚拟主机的根目录，并且文件长度
小于1024字节，它将在用户登录时显示。（如果客户端没有明确的登录，而是由CWD或CDUP
命令隐式的登录触发，banner将不会显示。这是非常可惜的，但又难于避免）。
If there is a file called .message in any directory and it is shorter
than 1024 bytes, that file is printed whenever a user enters that
directory using CWD or CDUP.
如果在任何目录下有一叫 .message 的文件且其长度小于1024字节，只要用户使用CWD或
CDUP命令进入目录，那个文件就会被显示。
VIRTUAL SERVERS
虚拟服务器
You can run several different anonymous FTP servers on one host, by
giving the host several IP addresses with different DNS names.
给主机多个ip地址和相应的不同域名，你能在同一台主机上开通多个不同的匿名服务器。
Here are the steps needed to create an extra server using an IP alias
on linux 2.4.x, called "ftp.example.com" on address 10.11.12.13. on the
IP alias eth0.
这儿有在linux 2.4.x下使用ip别名建立另外的服务器的步骤，在eth0上建立ip别名，地址
为10.11.12.13，域名为"ftp.example.com"。
1. Create an "ftp" account if you do not have one. It it best if the
account does not have a valid home directory and shell. I prefer to
make /dev/null the ftp accounts home directory and shell. Ftpd uses
this account to set the anonymous users uid.
1、如果你没有“ftp”帐号，现在就建一个。如果帐号没有有效的home目录和shell是最好了。
我喜欢把/dev/null作为ftp帐号的home目录和shell。ftpd使用此帐号去设置匿名用户UID。
2. Create a directory as described in Anonymous FTP and make a symlink
called which points to this directory.
2、建立匿名ftp目录并且在使得符号链接/etc/pure-ftpd/10.11.12.13链到这个新目录。
3. Make sure your kernel has support for IP aliases.
3、确认你的内核支持ip别名。
4. Make sure that the following commands are run at boot:
4、确认下列命令在下次系统引导时会执行：
/sbin/ifconfig eth0:1 10.11.12.13
That should be all. If you have problems, here are some things to try.
全部完成。如出现问题，尝试下面一些方法。
First, symlink /etc/pure-ftpd/127.0.0.1 to some directory and say "ftp
localhost". If that doesnt log you in, the problem is with ftpd.
首先，符合链接/etc/pure-ftpd/127.0.0.1到相同的目录，并执行"ftp localhost"。如果
不能登录，那是ftpd的问题。
If not, "ping -v 10.11.12.13" and/or "ping -v ftp.example.com" from the
same host. If this does not work, the problem is with the IP alias.
如果不是这样，在服务器上执行"ping -v 10.11.12.13"和"ping -v ftp.example.com"。
如果不能正常工作，则ip别名有问题。
Next, try "ping -v 10.11.12.13" from a host on the local ethernet, and
afterwards "/sbin/arp -a". If 10.11.12.13 is listed among the ARP
entries with the correct hardware address, the problem is probably with
the IP alias. If 10.11.12.13 is listed, but has hardware address
0:0:0:0:0:0, then proxy-ARP isnt working.
接下来，从局域网上的其它主机执行"ping -v 10.11.12.13"，然后执行"/sbin/arp -a"。
如10.11.12.13在列出的ARP条目之中且硬件地址正确，可能还是ip别名的毛病。如果列出
了10.11.12.13，但硬件地址是0:0:0:0:0:0，则ARP代理没有工作。
If none of that helps, Im stumped. Good luck.
如果对你没什么帮助，我也没办法了。祝你好运。
Warning: If you setup a virtual hosts, normal users will not be able to
login via this name, so dont create link/directory in /etc/pure-ftpd
for your regular hostname.
警告：如果你设置虚拟主机，标准用户将不能通过虚拟主机登录，因此，不要在/etc/pure-ftpd
目录中建立你的正规的主机名链接。
FILES
/etc/passwd is used via libc (and PAM is this case), to get the uid and
home directory of normal users, the uid and home directory of "ftp" for
normal anonymous ftp, and just the uid of "ftp" for virtual ftp hosts.
/etc/shadow is used like /etc/passwd if shadow support is enabled.
/etc/group is used via libc, to get the group membership of normal
users.
/proc/net/tcp is used to count existing FTP connections, if the -c or
-p options are used
/etc/pure-ftpd/<ip address> is the base directory for the <ip address>
virtual ftp server, or a symbolic link to its base directory. Ftpd
does a chroot(2) into this directory when a user logs in to <ip
address>, thus symlinks outside this directory will not work.
~ftp is the base directory for "normal" anonymous FTP. Ftpd does a
chroot(2) into this directory when an anonymous user logs in, thus sym
links outside this directory will not work.
LS
The behaviour of LIST and NLST is a tricky issue. Few servers send
RFC-compliant responses to LIST, and some clients depend on non-compli
ant responses.
This server uses glob(3) to do filename globbing.
The response to NLST is by default similar to that of ls(1), and that
to LIST is by default similar to that of ls -l or ls -lg on most Unix
systems, except that the "total" count is meaningless. Only regular
files, directories and symlinks are shown. Only important ls options
are supported:
-1 Undoes -l and -C.
-a lists even files/directories whose names begin with ".".
-C lists files in as many colums as will fit on the screen. Undoes
-1 and -l.
-d lists argument directories names rather their contents.
-D List files beginning with a dot (.) even when the client
doesnt append the -a option to the list command.
-F appends * to executable regular files, @ to symlinks and /
to directories.
-l shows various details about the file, including file group. See
ls(1) for details. Undoes -1 and -C.
-r reverses the sorting order (modifies -S and -t and the default
alphabetical ordering).
-R recursively descends into subdirectories of the argument direc
tories.
-S Sorts by file size instead of by name. Undoes -t.
-t Sorts by file modification time instead of by name. Undoes -S.
PROTOCOL
Here are the FTP commands supported by this server.
ABOR NOOP ALLO USER PASS QUIT SYST PORT EPRT PASV EPSV SPSV PWD XPWD
CWD XCWD CDUP XCUP HELP RETR REST DELE STOR APPE STOU MKD XMKD RMD XRMD
LIST NLST TYPE MODE STRU XDBG MDTM SIZE RNFR RNTO STAT MLST MLSD FEAT
ESTA ESTP AUTH TLS PBSZ PROT OPTS UTF8 OPTS MLST SITE IDLE SITE CHMOD
SITE HELP SITE TIME SITE UTIME
BUGS
Please report bugs to the mailing-list (see below). Pure-FTPd looks
very stable and is used on production servers. However it comes with no
warranty and it can have nasty bugs or security flaws.
HOME PAGE
http://www.pureftpd.org/
NEW VERSIONS
See the mailing-list on http://www.pureftpd.org/ml/.
AUTHOR AND LICENSE
Troll-FTPd was written by Arnt Gulbrandsen <agulbra@troll.no> and copy
right 1995-2002 Troll Tech AS, Waldemar Thranes gate 98B, N-0175 Oslo,
Norway, fax +47 22806380.
Pure-FTPd is (C)opyleft 2001-2006 by Frank DENIS <j@pureftpd.org> and
the Pure-FTPd team.
This software is covered by the BSD license.
Contributors:
Arnt Gulbrandsen,
Troll Tech AS,
Janos Farkas,
August Fullford,
Ximenes Zalteca,
Patrick Michael Kane,
Arkadiusz Miskiewicz,
Michael K. Johnson,
Kelley Lingerfelt,
Sebastian Andersson,
Andreas Westin,
Jason Lunz,
Mathias Gumz,
Claudiu Costin,
Ping,
Paul Lasarev,
Jean-Mathieux Schaffhauser,
Emmanuel Hocdet,
Sami Koskinen,
Sami Farin,
Luis Llorente Campo,
Peter Pentchev,
Darren Casey,
The Regents of the University of California,
Theo de Raadt (OpenBSD),
Matthias Andree,
Isak Lyberth,
Steve Reid,
RSA Data Security Inc,
Trilucid,
Dmtry Lebkov,
Johan Huisman,
Thorsten Kukuk,
Jan van Veen,
Roger Constantin Demetrescu,
Stefano F.,
Robert Varga,
Freeman,
James Metcalf,
Im Eunjea,
Philip Gladstone,
Kenneth Stailey,
Brad Smith,
Ulrik Sartipy,
Cindy Marasco,
Nicolas Doye,
Thomas Briggs,
Stanton Gallegos,
Florin Andrei,
Chan Wilson,
Bjoern Metzdorf,
Ben Gertzfield,
Akhilesch Mritunjai,
Dawid Szymanski,
Kurt Inge Smadal,
Alex Dupre,
Gabriele Vinci,
Andrey Ulanov,
Fygul Hether,
Jeffrey Lim,
Ying-Chieh Liao,
Johannes Erdfelt,
Martin Sarfy,
Clive Goodhead,
Aristoteles Pagaltzis,
Stefan Hornburg,
Mehmet Cokcevik,
Brynjar Eide,
Torgnt Wernersson,
Banhalmi Csaba,
Volodin D,
Oriol Magran Jui-Nan Lin,
Patrick Gosling.
SEE ALSO
ftp(1), pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8) pure-upload
script(8) pure-statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-
authd(8)
RFC 959, RFC 2228, RFC 2389 and RFC 2428.
Pure-FTPd Team 1.0.21 pure-ftpd(8)

复制代码

waxmax · 发表于 2006-10-16 09:22:56

好人啊,呵呵
支持一下

vincent339 · 发表于 2006-10-17 13:50:00

强烈支持！！

		自动登录	找回密码
密码			注册

pure-ftpd manual 中文翻译

本帖子中包含更多资源

浏览过的版块