loginfails 3
class all real,guest,anonymous *
class trust real
limit all 0 Any /tmp/a
limit trust 10 Any /tmp/a
banner /tmp/msg
deny 222.222.222.*
CNL 回复于:2004-11-09 15:09:53 |
limit目的用于流量控制, 如果limit之间互相冲突,则前面的设置自动失效
你两行limit有冲突,第2条limit的turst自身也是all中的成员,所以第1条limit all会失效 你的需求应该通过设置/etc/ftphosts中的allow和deny实现。 |
RunOut 回复于:2004-11-10 09:11:58 |
另外,SCO中ftphosts文件是无效的。。。SCO用的是wu-ftp 2.1,而网上教程的wu-ftp一般是高版本的,支持ftphosts文件配置 下面是SCO man中的example --------------------------- # comments begin with a pound (#) sign and continue to the end of the # line. Blank lines are ignored. deny *.isc.com /archive/etc/msgs/msg.deny deny /archive/etc/msgs/msg.deny # !nameserver is a special case, it triggers whenever the ftp server # is not able to resolve the remote system name via the nameserver. deny !nameserved /archive/etc/msgs/msg.no_nameserver # define a "dead" class in case we want to "shut down" the # ftp server for a while (this class, which has a 0-user # limit, will print a nice message to all new connections # telling them to go away and come back later) class dead real,anonymous * # define a class of local users (sites which are directly connected to # our local .network or which have a one-hop unloaded network connection. class local real,anonymous 128.212.* *.lachman.com # and everybody else... class remote real,anonymous * # define the user limits for various times # for remote users, limit to 100 users during off-peak hours and # 60 during peak hours # (off-peak ::= Saturday, Sunday or 6PM to 6AM weekdays) limit dead 0 Any /archive/etc/msgs/msg.dead limit local 20 Any /archive/etc/msgs/msg.toomany limit remote 100 SaSu|Any1800-0600 /archive/etc/msgs/msg.toomany limit remote 60 Any /archive/etc/msgs/msg.toomany # remind the users to read the README files readme /README* login readme README* cwd=* # let them know about special features of the archives message /etc/msgs/mirrors.msg cwd=/mirrors message /etc/msgs/welcome.msg login message .message cwd=* # let everyone compress/uncompress files on the fly compress yes local remote # ... and tar things, too. tar yes local remote # Passworded anonymous-access accounts are in group ftpguest guestgroup ftpguest # Make local-use information accessible only to local hosts by putting # them in UNIX group localuse. autogroup localuse local # Set up the private access group file # -rw------- 1 root 1025 May 23 14:37 /etc/ftpgroup private /etc/ftpgroup # log all commands the users execute (USER, PASS, # NLST, PORT, *EVERYTHING*) # this can run to several (i.e. 5-10) megabytes/day for a # heavily used archive site log commands anonymous,real,guest # log all file transfers to and from the archives log transfers anonymous,real,guest inbound,outbound |
lw371 回复于:2004-11-10 09:48:06 |
我来解释一下吧,老大们: limit的帮助信息说: displaying message_file if the user is denied access. 什么意思呢?是讲当对方被拒绝时显示的信息,明白吧,是拒绝后才显示的 如果不拒绝那么就不显示,这个什么意思呢,如果对方登录上来就不会有此信息了, 登录不上才会回应的,所以CNL讲是流量控制是基本正确的. 为什么帮助里面有个dead呢,那是当ftp服务停止了(端口关闭了), 这时当然ftp连接的用户数是0啦,都被断开了嘛. 当系统inetd守护进程检测到还有连接到ftp端口(一般是21), 就把limit dead 0后面的文件内容给对方展示一下, 这么讲,你的limit all 0 Any只有ftp服务停止后才有效, 这一点CNL老大说的就不对啦,不是失效,而是没到时候. 因此,如果你要deny就必须按照ftpaccess的说明加deny和allow 取巧是没有用的. |
RunOut 回复于:2004-11-10 10:43:22 |
我来解释一下吧,老大们: limit的帮助信息说: displaying message_file if the user is denied access. 什么意思呢?是讲当对方被拒绝时显示的信?.........[/quote:3c13e97b9f] 那么如何实现以下目的: 允许若干个地址访问 禁止其他所有地址访问 sco 5.0.5中不支持ftphosts的。 而用deny,是无法实现我的目的的。除非支持allow,但是ftpaccess的man中没有写allow语法啊 |
CNL 回复于:2004-11-10 10:54:07 |
5.0.5自带的ftp恐怕满足不了你的需求, 考虑安装个GNU的ftp服务程序算了 |
RunOut 回复于:2004-11-10 13:23:23 |
还有其他好的推荐吗 |
文章来源于领测软件测试网 https://www.ltesting.net/