服务端使用ProFTPD

安装EPEL库

yum -y install epel-release
yum -y update

关闭selinux，开放20，21端口

firewall-cmd --permanent --add-port=20/tcp&&firewall-cmd --reload
firewall-cmd --permanent --add-port=21/tcp&&firewall-cmd --reload

安装

yum -y install proftpd

配置/etc/proftpd.conf

# This is the ProFTPD configuration file
#
# See: http://www.proftpd.org/docs/directives/linked/by-name.html


ServerName          "Rgsc ProFTPD server"
#服务启动模式
ServerType                      standalone                         
ServerIdent         on "FTP Server ready."
ServerAdmin         root@localhost
Port                            21
# Don't do reverse DNS lookups (hangs on DNS problems)
UseReverseDNS           off
#禁止root登录ftp
RootLogin                       off
#允许断点继传（上传） 
AllowRetrieveRestart            on
#允许断点继传（下载）
AllowStoreRestart               on
#字符集
UseEncoding UTF-8 CP936
SystemLog                       /opt/ftpLog/SystemLog.log
# Set the user and group that the server runs as
User                nobody
Group               nobody

MaxInstances            20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile         off

# Define the log formats
LogFormat           default "%h %l %u %t \"%r\" %s %b"
LogFormat           auth    "%v [%P] %h %t \"%r\" %s"

# Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
<Global>
  #这里需要指定000，否则新建文件别人无法操作
  Umask             000
  #Umask                022
  AllowOverwrite        yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

<VirtualHost sy.rgsc.com.cn>
  ServerName            "RGSC SOFT"
  DeferWelcome          on
  DisplayLogin                  welcome.msg
  DefaultServer         on
  MaxClients            10
  MaxLoginAttempts      5
  PassivePorts                    50000 51000
  # DeferWelcome prevents proftpd from displaying the servername
  # until a client has authenticated.

  TransferLog                     /opt/ftpLog/soft/TransferLog.log
  # Use pam to authenticate (default) and be authoritative
  AuthPAMConfig         proftpd
  AuthOrder         mod_auth_file.c
  #用户登录是否需要shell（对虚拟用户很重要）
  RequireValidShell off
  AuthUserFile /opt/ftpd.passwd
  AuthGroupFile /opt/ftpd.group
  DefaultRoot ~
  AllowOverwrite        yes

  #tls
  TLSEngine on
  TLSLog /opt/ftpLog/tls.log
  TLSProtocol SSLv3 TLSv1 TLSv1.1 TLSv1.2
  TLSRequired on
  TLSRSACertificateFile /opt/ca/*******.pem
  TLSRSACertificateKeyFile /opt/ca/*******.key
  #客户端双向验证需要关闭
  TLSVerifyClient off
  TLSRenegotiate none


  #允许所有人可以查看根目录
  <Directory "~/*">    
    <Limit CWD READ>
    AllowAll
    </Limit>
  </Directory>
  <Directory "~/develop">
    <limit DELE RNFR RNTO RMD>
      DenyAll
      AllowGroup dev
     </Limit>
  </Directory>
  <Directory "~/test">
    <limit DELE RNFR RNTO RMD>
      DenyAll
      AllowGroup dev
      AllowGroup test
     </Limit>
  </Directory>
  <Directory "~/product">
    <limit DELE RNFR RNTO RMD>
      DenyAll
      #AllowUser zhuye
     </Limit>
  </Directory>
</VirtualHost>

/etc/shell添加nologin

/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
#本行为添加内容
/sbin/nologin

安装proftpd-utils

yum install -y  proftpd-utils

ftpsswd简单操作

#添加用户，用-stdin 方便脚本批量添加
echo ****你的密码**|ftpasswd  --passwd --file=/opt/ftp/ftpd.passwd --name=rose  --uid=1001  --home=/opt/ftp/soft/test  --shell=/bin/false –stdin
#添加组
ftpasswd --group --file=/opt/ftp/ftpd.group --name=soft --gid=1002
#组添加成员
ftpasswd --group --file=/opt/ftpd.passwd --name=soft --gid=10 --member=jack --member=rose