Solaris FTP issue

发表于:2007-07-01来源:作者:点击数: 标签:
Solaris 9 里面的FTP跟Solaris 8 还是有一定差别的 原来放在/etc/default/目录里面,改成了在 /etc/ftpd/目录下了。 % ls -l total 14 -rw-r--r-- 1 root sys 1518 May 28 00:46 ftpaccess -rw-r--r-- 1 root sys 551 May 28 00:46 ftpconversions -rw-r--r-


Solaris 9 里面的FTP跟Solaris 8 还是有一定差别的
原来放在/etc/default/目录里面,改成了在 /etc/ftpd/目录下了。

% ls -l
total 14
-rw-r--r-- 1 root sys 1518 May 28 00:46 ftpaclearcase/" target="_blank" >ccess
-rw-r--r-- 1 root sys 551 May 28 00:46 ftpconversions
-rw-r--r-- 1 root sys 104 May 28 00:46 ftpgroups
-rw-r--r-- 1 root sys 108 May 28 00:46 ftphosts
-rw-r--r-- 1 root sys 114 May 28 00:46 ftpservers
-rw-r--r-- 1 root sys 185 May 28 00:46 ftpusers

FTP 默认使用端口21,设置存在于文件/etc/services

% grep ftp services
ftp-data 20/tcp
ftp 21/tcp
tftp 69/udp



进程存在于 /etc/inetd.conf

% grep ftp inetd.conf
# ftp telnet shell login exec tftp finger printer
ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd -a
# TFTPD - tftp server (primarily used for booting)
#tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot



如果想要修改ftp的端口号,可以直接在/etc/inetd.conf修改
(不用额外修改/etc/services)

格式如下:

# vi /etc/inetd.conf
# FTPD - FTP server daemon
ftp stream tcp6 nowait root /usr/sbin/ftpd.sh in.ftpd -P 221



当然需要重新启动inetd

# ps -ef|grep inetd
root 219 1 0 20:33:53 ? 0:01 /usr/sbin/inetd -s
root 597 596 1 23:28:44 pts/5 0:00 grep inetd
# kill -HUP 219 <------- 219 PID of inetd


FTP Session的时间设置:

# vi /etc/ftpd/ftpaccess

limit-time anonymous 30
limit-time guest 60

单位是分钟。


# ftp ftpserver
Connected to ftpserver.
220 ftpserver FTP server ready.
Name (ftpserver:user1): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230 Guest login ok, access restrictions apply.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
dev
etc
pub
usr
226 Transfer complete.
25 bytes received in 0.0029 seconds (8.50 Kbytes/s)
ftp>

Wait 30 minutes

ftp> ls
421 Timeout (900 seconds): closing control connection.
ftp>



对real用户不起作用。


ftp mask设置

ftp> site umask 000

200 UMASK set to 000 (was 022)

ftp> mkdir testdir1

257 "/tmp/testdir1" new directory created.

ftp> dir

drwxrwxrwx 2 root other 117 Jul 25 12:05 testdir1

ftp> site chmod 777 foo

200 CHMOD command successful.




在solaris 6 7 8 中用下面方式

# vi /etc/default/ftpd

UMASK=nnn


设置 FTP loging

1. 取消/etc/ftpd/ftpaccess 文件中下面这行的注释:

log commands real,guest,anonymous

2. 在/etc/syslog.conf 中添加:

daemon.info /var/log/ftplog

3. touch the file /var/log/ftplog

# touch /var/log/ftplog


4. 从新启动syslogd.

# kill -HUP `pgrep syslogd`

5. 登陆并验证:

test # cat ftplog
Nov 4 17:10:00 netlab11 ftpd[18885]: [ID 165209 daemon.info] USER root
Nov 4 17:10:02 netlab11 ftpd[18885]: [ID 125383 daemon.info] PASS
password
Nov 4 17:10:02 netlab11 ftpd[18885]: [ID 539042 daemon.info] failed
login from kerouac.East.Sun.COM [129.148.192.158]
Nov 4 17:10:04 netlab11 ftpd[18885]: [ID 225560 daemon.info] QUIT
Nov 4 17:10:10 netlab11 ftpd[18886]: [ID 165209 daemon.info] USER root
Nov 4 17:10:11 netlab11 ftpd[18886]: [ID 125383 daemon.info] PASS
password


因为ftplog使用的是 debug.info (facility/level) , 如果syslog.conf文件前面已经有其他行使用了 debug.info,那么相应的ftplog就会被记录到那一行所对应的log文件中。
如:
*.err;kern.debug;daemon.notice;mail.crit;daemon.info /var/adm/messages


Solaris 9 里面添加了wu-ftp,配置匿名ftp变得更加简单。
wu-ftp (SUNWftpr, SUNWftpu) 两个文件包。

执行 /usr/sbin/ftpconfig命令。
可以参考man手册

# ftpconfig -d /pub
Creating directory /pub
Updating directory /pub
#


Solaris 小于8 的 FTP log 设置



a: 创建ftp log文件
# touch /var/adm/ftpd.

b: 编辑inet服务配置文件
#vi /etc/inetd.conf.

# Ftp and telnet are standard Internet services.
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
修改成:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd -d -l

-d: 从syslogd得到 debug.info
-l: list 每一个FTP session


c: restart inetd daemons:

# ps -ef | grep inetd
root 14017 1 0 15:15:27 ? 0:01 /usr/sbin/inetd -s
# kill -1 <pid_inetd>
#
note: -1 ,重新读取配置文件并初始化进程,等于 kill -HUP <pid of inetd>.



d: 修改syslogd.conf并从新启动
# vi /etc/syslog.conf


daemon.debug /var/adm/ftpd <<-----增加这一行

note: 中间用tab,不能用空格,会出错的。

# ps -ef | grep syslogd
root 14076 1 0 15:33:07 ? 0:08 /usr/sbin/syslogd
root 16039 16001 0 12:27:03 pts/5 0:00 /usr/bin/grep syslogd
# kill -1 <PID-syslogd>




f: 验证

# ps -ef | grep syslogd
root 14076 1 0 15:33:07 ? 0:08 /usr/sbin/syslogd


# fuser /var/adm/ftpd
/var/adm/ftpd: 14076o
#


自动get文件的教本~


#!/usr/bin/sh
# Change HOSTNAME, USER, PASSWD and FILENAME appropriately
# Do NOT include any comment lines between LABELs
# The only thing that can appear between LABELs are valid ftp commands
# the -n switch is necessary
/usr/bin/ftp -n << LABEL
open HOSTNAME
user USER PASSWD
binary
get FILENAME
bye
LABEL


自动获得多个文件的脚本 ~

#!/usr/bin/sh
# Change HOSTNAME, USER, and PASSWD appropriately. The mput *.html file could be anything (*.txt, file*, etc)
# Do NOT include any comment lines between LABELs
# The only thing that can appear between LABELs are valid ftp commands
# the -n switch is necessary. The -i switch turns off interactive prompting during multiple file transfers.
/usr/bin/ftp -in << LABEL
open HOSTNAME
user USER PASSWD
binary
mput *.html
bye
LABEL


如果有防火墙,那么需要用到rftp来自动获取文件 ~~

#!/usr/bin/sh
# Change HOSTNAME, USER, PASSWD and FILENAME appropriately
# Do NOT include any comment lines between LABELs
# The only thing that can appear between LABELs are valid ftp commands
# the -n switch is necessary
# rftp is a SOCKS client version of ftp. Happily provided at Sun in /usr/dist/exe.
# Do not know where rftp can be obtained but a man page is at:
#
/usr/sbin/rftp -n << LABEL
open HOSTNAME
user USER PASSWD
binary
get FILENAME
bye
LABEL

原文转自:http://www.ltesting.net