proftpd 权限限制
CMD:Change Working Directory 改变目录
CDUP/XCUP: change to parent directory 即CD ..
CWD/XCWD :change working directory 即CD
MKD/XMKD:MaKe Directory 建立目录的权限
RNFR/RNTO: rename from/rename to一般在一起用
DELE:DELEte 删除文件的权限
RMD/XRMD:ReMove Directory 删除空目录的权限
RETR:RETRieve 从服务端下载到客户端的权限
STOR: store 上传存在则覆盖
STOU: store unique 上传并随机生成文件名存储
APPE: append 续上传不存在则新建
ALLO: allocate 请求服务器磁盘空间
REST: restart 重新开始(必须后跟RETR,STOR,APPE)
READ:可读的权限,不包括列目录的权限,相当于RETR,STAT等
WRITE:写文件或者目录的权限,包括MKD和RMD
DIRS:是否允许列目录,相当于LIST,NLST等权限,还是比较实用的
ALL:所有权限
LOGIN:是否允许登陆的权限
针对上面这个Limit所应用的对象,又包括以下范围
AllowUser 针对某个用户允许的Limit
DenyUser 针对某个用户禁止的Limit
AllowGroup 针对某个用户组允许的Limit
DenyGroup 针对某个用户组禁止的Limit
AllowAll 针对所有用户组允许的Limit
DenyAll 针对所有用户禁止的Limit
Order allow,deny参见apache的文章
http://www.fwolf.com/blog/post/191
http://blog.csdn.net/yjz0065/archive/2007/11/08/1873763.aspx
关于限制速率的参数为:
TransferRate STOR|RETR 速度(Kbytes/s) user 使用者
MaxClientsPerHost 数目
MORE:http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-ConfigurationTricks.html
http://www.proftpd.org/docs/contrib/mod_ifsession.html
http://www.proftpd.org/docs/contrib/
Name
Limit -- Set the commands/actions to be controlled
Synopsis
Limit [ <Limit command|command-group [command2 ..]>;]
Default
None
Context
server config, <VirtualHost>;, <Directory>;, <Anonymous>;, <Global>;, .ftpaccess
Module
mod_core
Compatibility
0.99.0 and later
Description
The Limit configuration block is used to place access restrictions on one or more FTP commands, within a given context. Limits flow downward, so that a Limit configuration in the server config context applies to all <Directory>; and <Anonymous>; blocks that also reside in the configuration; until it is overridden by a "lower" <Limit>; block. Any number of command parameters can be specified, against which the contents of the <Limit>; block will be applied. command can be any valid FTP command, but is generally one of the following: CWD (Change Working Directory) Sent by client when changing directories. MKD / XMKD (MaKe Directory) Sent by client to create a new directory. RNFR (ReName FRom), RNTO (ReName TO) Sent as a pair by client to rename a directory entry. DELE (DELEte) Sent by client to delete a file. RMD / XRMD (ReMove Directory) Sent by client to remove a directory. RETR (RETRieve) Transfer a file from the server to the client. STOR (STORe) Transfer a file from the client to the server. In addition, the following command-groups are accepted. They have a lower precedence than real commands, meaning that a real command limit will always be applied instead of the command-group. READ All FTP commands which deal with file reading (directory listing not included): RETR, SITE, SIZE, STAT WRITE All FTP commands which deal with file or directory write/creation/deletion: APPE, DELE, MKD, RMD, RNTO, STOR, XMKD, XRMD DIRS All FTP commands which deal with directory listing: CDUP, CWD, LIST, MDTM, NLST, PWD, RNFR, XCUP, XCWD, XPWD ALL ALL FTP commands (identical to READ WRITE DIRS). Note this group has the lowest precedence of all; it will not override a limit imposed by another command-group (e.g. DIRS). Finally, a special command is allowed which can be used to control login access: LOGIN Connection or login to the server. Applying a <Limit>; to this pseudo-command can be used to allow or deny initial connection or login to the context. It has no effect, and is ignored, when used in a context other than server config, <VirtualHost>; or <Anonymous>; (i.e. using it in a <Directory>; context is meaningless). <Limit>; command restrictions should not be confused with file/directory access permission. While limits can be used to restrict a command on a certain directory, they cannot be used to override the file permissions inherent to the base operating/file system. The following FTP commands cannot be restricted via <Limit>;: ABOR HELP MODE (not implemented, always S) NOOP PASS (use <Limit LOGIN>) PASV PORT QUIT REST (use AllowRetrieveRestart, AllowStoreRestart) STRU (not implemented, always F) SYST TYPE USER (use <Limit LOGIN>)
