Centos 7의 ProFTP. 동일한 서버 템플릿으로 생성된 2개의 virtualmin 가상 서버가 있습니다. A.com과 B.com을 가정해 보겠습니다. 사용자는 TLS를 사용하여 FTP 계정에 연결할 수 있습니다
여기 내 전역 구성이 있습니다.
ServerName "ProFTPD server"
ServerIdent on "FTP Server ready."
ServerAdmin root@localhost
DefaultServer on
# Cause every FTP user except adm to be chrooted into their home directory
DefaultRoot ~ !adm
# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS off
# Set the user and group that the server runs as
User nobody
Group nobody
MaxInstances 50
# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off
# Force to use Ascii transfer
DefaultTransferMode ascii
# Define the log formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LoadModule mod_ctrls_admin.c
LoadModule mod_deflate.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
LoadModule mod_vroot.c
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
# (http://www.proftpd.org/docs/modules/mod_dso.html#ModuleControlsACLs)
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
# Enable basic controls via ftpdctl
# (http://www.proftpd.org/docs/modules/mod_ctrls.html)
ControlsEngine on
ControlsACLs all allow user root
ControlsSocketACL allow user *
ControlsLog /var/log/proftpd/controls.log
# Enable admin controls via ftpdctl
# (http://www.proftpd.org/docs/contrib/mod_ctrls_admin.html)
<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
AdminControlsACLs all allow user root
</IfModule>
# Enable mod_vroot by default for better compatibility with PAM
# (http://bugzilla.redhat.com/506735)
<IfModule mod_vroot.c>
VRootEngine on
</IfModule>
# Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
<IfDefine DYNAMIC_BAN_LISTS>
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
# If the same client reaches the MaxLoginAttempts limit 2 times
# within 10 minutes, automatically add a ban for that client that
# will expire after one hour.
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
# Inform the user that it's not worth persisting
BanMessage "Host %a has been banned"
# Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
</IfDefine>
# Set networking-specific "Quality of Service" (QoS) bits on the packets used
# by the server (contrib/mod_qos.html)
<IfDefine QOS>
LoadModule mod_qos.c
# RFC791 TOS parameter compatibility
QoSOptions dataqos throughput ctrlqos lowdelay
# For a DSCP environment (may require tweaking)
#QoSOptions dataqos CS2 ctrlqos AF41
</IfDefine>
# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
# Allow users to overwrite files and change permissions
AllowOverwrite yes
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSRSACertificateFile /etc/ssl/let_proFTPD.crt
TLSRSACertificateKeyFile /etc/ssl/let_proFTPD.key
#TLSCACertificateFile /etc/ssl/certs/CA.pem
TLSOptions NoCertRequest EnableDiags NoSessionReuseRequired
TLSVerifyClient off
TLSRequired off
TLSRenegotiate required on
</IfModule>
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
RootLogin off
PassivePorts 20000 20100
</Global>
이제 A.com 사용자는 ftp를 시도할 때마다 아무 문제 없이 연결할 수 있지만 B.com 사용자는 때때로 연결할 수 있고 다른 경우에는 PWD 명령을 사용하게 됩니다.
Command: PWD
Response: 200 Protection set to Private
Error: Failed to parse returned path.
Error: Failed to retrieve directory listing
그런 다음 중지됩니다. TransferMode인지 궁금해서 DefaultTransferMode를 ASCII 또는 바이너리로 강제 실행하려고 시도했지만 성공하지 못했습니다. 그것에 대해 어떤 생각이 있나요?