手机浏览 RSS 2.0 订阅 膘叔的简单人生 , 腾讯云RDS购买 | 超便宜的Vultr , 注册 | 登陆
浏览模式: 标准 | 列表分类:Linux

查看/修改Linux时区和时间

Submitted by gouki on 2012, January 10, 12:10 PM

原来我也写过一两篇,但真的不够详细,这一篇我复制过来的,比较详细,还是以这个为准吧:

原文地址是:http://tech.ddvip.com/2009-05/1242293722119123.html

  一、时区

  1. 查看当前时区

  date -R

  2. 修改设置时区

  方法(1)

  tzselect

  方法(2) 仅限于RedHat Linux 和 CentOS

  timeconfig

  方法(3) 适用于Debian

  dpkg-reconfigure tzdata

  3. 复制相应的时区文件,替换系统时区文件;或者创建链接文件

  cp /usr/share/zoneinfo/$主时区/$次时区 /etc/localtime

  在中国可以使用:

  cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

  二、时间

  1、查看时间和日期

  date

  2、设置时间和日期

  将系统日期设定成1996年6月10日的命令

  date -s 06/22/96

  将系统时间设定成下午1点52分0秒的命令

  date -s 13:52:00

  3. 将当前时间和日期写入BIOS,避免重启后失效

  hwclock -w

  三、定时同步时间

  * * * * * /usr/sbin/ntpdate 210.72.145.44 > /dev/null 2>&1

Linux | 评论:0 | 阅读:13294

一些基于xmpp的server列表

Submitted by gouki on 2012, January 8, 9:12 PM

在xmpp的官网上,有一个基于xmpp协议的服务器的列表,其中有一些是开源的,当然也有商业的。所以,如果你需要自己架设xmpp服务器,可以考虑搞一款开源的(可以用来做内部聊天室,内部联络方式,也不用担心这些帐号会遗失之类的。)
官网的地址在这里:http://xmpp.org/xmpp-software/servers/
懒得移步的人,可以直接看下面的地址,当然要注意其中哪些是商业版的哪些是开源的。
嗯,大部分都是java的。如果你用win服务器就太轻松了。

Name Platform(s) License Details
Apache Vysper Windows / Linux Apache License Version 2.0 mina.apache.org
Citidel Linux GPL3 citadel.org
CommuniGate Pro Linux / Mac OS X / Windows Commercial communigate.com
djabberd Linux GPL3 danga.com
ejabberd Linux / Mac OS X / Solaris / Windows GPL2 process-one.net
IceWarp Linux / Windows Commercial icewarp.com
iChat Server Mac OS X Commercial apple.com
in.jabberd Linux GPL2 inetdxtra.sourceforge.net
Isode M-Link Linux / Solaris / Windows Commercial isode.com
jabberd 1.x Linux GPL2 jabberd.org
jabberd 2.x Linux / Solaris / Windows GPL2 jabberd2.xiaoka.com
Jabber XCP Linux / Solaris / Windows Commercial jabber.com
Jerry Messenger Linux / Windows Commercial j-livesupport.com
Kwickserver Windows GPL kwickserver.info
Openfire Linux / Mac OS X / Solaris / Windows GPL igniterealtime.org
Open IM Linux BSD openim.techlab.smk.fr
Prosody Linux / Mac OS X / Windows MIT/X11 prosody.im
psyced Linux / Mac OS X / Windows GPL2 psyced.org
SoapBox Server Windows Commercial coversant.net
Oracle Communications Instant Messaging Server Linux / Solaris / Windows Commercial oracle.com
Tigase Linux / Solaris / Mac OS X / Windows GPL3 tigase.org
Vines Linux / Mac OS X MIT GetVines.com
Wokkel Linux / Solaris / Mac OS X MIT wokkel.ik.nu

Tags: java

Linux | 评论:0 | 阅读:23001

ubuntu下最简单的更改时区

Submitted by gouki on 2012, January 5, 1:28 PM

   一般情况下,我们刚装好的ubuntu时区都是US(默认语言为英文时),而且,它本身就是使用UTC格式作为标准时间格式,如果在Linux下运行程序,且在程序中指定了与系统不一样的时区的时候,可能会造成时间错误。 如果是Ubuntu的桌面版,可以直接在图形模式下修改时区信息,如果是Server版呢,则需要通过tzconfig来修改时区信息了。只是这样的方式会相对比较麻烦,
     使用方式 (如将时区设置成Asia/Chongqing):
sudo tzconfig
然后按照提示选择 Asia对应的序号,选完后会显示一堆新的提示—输入城市名,如Shanghai或Chongqing,最后再用 sudo date -s “” 来修改本地时间。

但事实上,并不需要这么复杂的处理,一个偷懒的方法就是,直接:cp /usr/share/zoneinfo/Asia/ShangHai /etc/localtime,用shanghai的时区文件覆盖localtime。灰常方便,这时候看一下date,时间是不是正确了?

Tags: ubuntu, 时区

Linux | 评论:1 | 阅读:25766

转:apache一个优化小技巧

Submitted by gouki on 2011, December 9, 10:54 PM

determine the MaxClient

決定 web server 效能一個最重要的因素就是記憶體的量,而藉由調整 MaxClient,可以避免 Apache 產生過多無用的 child process。這個數字到底要調到多少,老實說也沒有一個標準答案,網路上大家比較建議的算法都是用機器有的記憶體和每個 child process 的 size 去做粗估。但事實上,要估計 apache child process 的 size 也不是一件容易的事,如果你用 ps aux 這個指令去看,出來的 VSZ or RSS value,其實都會把 shared memory 重覆記算(詳細內容請參考: Understanding memory usage on Linux , Memory usage determination with the ps command ),所以後來我採用的作法是:先將 MaxClent 設成一個比較小的值 (e.g. 30),然後再定期去看 error log 是否有 run out of clients 的情形,如果有的話,就再幫 MaxClients 加個 5。

原文来自:http://brooky.cc/2011/06/30/practical-guide-on-setup-wordpress-on-amazon-ec2-free-tier/

disable “AllowOverride”

 

理論上,AllowOverride 會造成 Apache 在路徑的每一層去找找看是否有 .htaccess 這個 file。
例如說:如果 virtual host 的設定是:

DocumentRoot /www/htdocs AllowOverride all

那任何一個 /index.html 的 request, Apache 都會試著去找 /.htaccess, /www/.htaccess, and /www/htdocs/.htaccess.
所以除非必要,是可以將 AllowOverride 設成 None.

但如果你用了 wordpress Pretty Permalinks”這個功能,那就會需要 rewrite rule 的功能。在這種情況下,可以考慮將 AllowOverride 的設定直接寫在 config 檔裡。

----------
上文中的链接:Memory usage determination with the ps command

The ps command can also be used to monitor memory usage of individual processes.

The ps v PID command provides the most comprehensive report on memory-related statistics for an individual process, such as:

  • Page faults
  • Size of working segment that has been touched
  • Size of working segment and code segment in memory
  • Size of text segment
  • Size of resident set
  • Percentage of real memory used by this process
The following is an example: 
# ps v 
 PID    TTY STAT  TIME PGIN  SIZE   RSS   LIM  TSIZ   TRS %CPU %MEM COMMAND
 36626  pts/3 A     0:00    0   316   408 32768    51    60  0.0  0.0 ps v

The most important columns on the resulting ps report are described as follows:

PGIN
Number of page-ins caused by page faults. Since all I/O is classified as page faults, this is basically a measure of I/O volume.
SIZE
Virtual size (in paging space) in kilobytes of the data section of the process (displayed as SZ by other flags). This number is equal to the number of working segment pages of the process that have been touched times 4. If some working segment pages are currently paged out, this number is larger than the amount of real memory being used. SIZE includes pages in the private segment and the shared-library data segment of the process.
RSS
Real-memory (resident set) size in kilobytes of the process. This number is equal to the sum of the number of working segment and code segment pages in memory times 4. Remember that code segment pages are shared among all of the currently running instances of the program. If 26 ksh processes are running, only one copy of any given page of the ksh executable program would be in memory, but the ps command would report that code segment size as part of the RSS of each instance of the ksh program.
TSIZ
Size of text (shared-program) image. This is the size of the text section of the executable file. Pages of the text section of the executable program are only brought into memory when they are touched, that is, branched to or loaded from. This number represents only an upper bound on the amount of text that could be loaded. The TSIZ value does not reflect actual memory usage. This TSIZ value can also be seen by executing the dump -ov command against an executable program (for example, dump -ov /usr/bin/ls).
TRS
Size of the resident set (real memory) of text. This is the number of code segment pages times 4. This number exaggerates memory use for programs of which multiple instances are running. The TRS value can be higher than the TSIZ value because other pages may be included in the code segment such as the XCOFF header and the loader section.
%MEM
Calculated as the sum of the number of working segment and code segment pages in memory times 4 (that is, the RSS value), divided by the size of the real memory in use, in the machine in KB, times 100, rounded to the nearest full percentage point. This value attempts to convey the percentage of real memory being used by the process. Unfortunately, like RSS, it tends the exaggerate the cost of a process that is sharing program text with other processes. Further, the rounding to the nearest percentage point causes all of the processes in the system that have RSS values under 0.005 times real memory size to have a %MEM of 0.0.
Note: The ps command does not indicate memory consumed by shared memory segments or memory-mapped segments. Because many applications use shared memory or memory-mapped segments, the svmon command is a better tool to view the memory usage of these segments.
-----------
第二篇:http://virtualthreads.blogspot.com/2006/02/understanding-memory-usage-on-linux.html

这篇文章来自blogspot,一般情况下打不开,所幸我用Read it later,直接用广本模式,让他帮我打开了。HOHO,有点长,慢慢看:

This entry is for those people who have ever wondered, "Why the hell is a simple KDE text editor taking up 25 megabytes of memory?" Many people are led to believe that many Linux applications, especially KDE or Gnome programs, are "bloated" based solely upon what tools like ps report. While this may or may not be true, depending on the program, it is not generally true -- many programs are much more memory efficient than they seem.

What ps reports
The ps tool can output various pieces of information about a process, such as its process id, current running state, and resource utilization. Two of the possible outputs are VSZ and RSS, which stand for "virtual set size" and "resident set size", which are commonly used by geeks around the world to see how much memory processes are taking up.

For example, here is the output of ps aux for KEdit on my computer:


USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
dbunker   3468  0.0  2.7  25400 14452 ?        S    20:19   0:00 kdeinit: kedit

According to ps, KEdit has a virtual size of about 25 megabytes and a resident size of about 14 megabytes (both numbers above are reported in kilobytes). It seems that most people like to randomly choose to accept one number or the other as representing the real memory usage of a process. I'm not going to explain the difference between VSZ and RSS right now but, needless to say, this is the wrong approach; neither number is an accurate picture of what the memory cost of running KEdit is.

Why ps is "wrong"
Depending on how you look at it, ps is not reporting the real memory usage of processes. What it is really doing is showing how much real memory each process would take up if it were the only process running. Of course, a typical Linux machine has several dozen processes running at any given time, which means that the VSZ and RSS numbers reported by ps are almost definitely "wrong". In order to understand why, it is necessary to learn how Linux handles shared libraries in programs.

Most major programs on Linux use shared libraries to facilitate certain functionality. For example, a KDE text editing program will use several KDE shared libraries (to allow for interaction with other KDE components), several X libraries (to allow it to display images and copy and pasting), and several general system libraries (to allow it to perform basic operations). Many of these shared libraries, especially commonly used ones like libc, are used by many of the programs running on a Linux system. Due to this sharing, Linux is able to use a great trick: it will load a single copy of the shared libraries into memory and use that one copy for every program that references it.

For better or worse, many tools don't care very much about this very common trick; they simply report how much memory a process uses, regardless of whether that memory is shared with other processes as well. Two programs could therefore use a large shared library and yet have its size count towards both of their memory usage totals; the library is being double-counted, which can be very misleading if you don't know what is going on.

Unfortunately, a perfect representation of process memory usage isn't easy to obtain. Not only do you need to understand how the system really works, but you need to decide how you want to deal with some hard questions. Should a shared library that is only needed for one process be counted in that process's memory usage? If a shared library is used my multiple processes, should its memory usage be evenly distributed among the different processes, or just ignored? There isn't a hard and fast rule here; you might have different answers depending on the situation you're facing. It's easy to see why ps doesn't try harder to report "correct" memory usage totals, given the ambiguity.

Seeing a process's memory map
Enough talk; let's see what the situation is with that "huge" KEdit process. To see what KEdit's memory looks like, we'll use the pmap program (with the -d flag):


Address   Kbytes Mode  Offset           Device    Mapping
08048000      40 r-x-- 0000000000000000 0fe:00000 kdeinit
08052000       4 rw--- 0000000000009000 0fe:00000 kdeinit
08053000    1164 rw--- 0000000008053000 000:00000   [ anon ]
40000000      84 r-x-- 0000000000000000 0fe:00000 ld-2.3.5.so
40015000       8 rw--- 0000000000014000 0fe:00000 ld-2.3.5.so
40017000       4 rw--- 0000000040017000 000:00000   [ anon ]
40018000       4 r-x-- 0000000000000000 0fe:00000 kedit.so
40019000       4 rw--- 0000000000000000 0fe:00000 kedit.so
40027000     252 r-x-- 0000000000000000 0fe:00000 libkparts.so.2.1.0
40066000      20 rw--- 000000000003e000 0fe:00000 libkparts.so.2.1.0
4006b000    3108 r-x-- 0000000000000000 0fe:00000 libkio.so.4.2.0
40374000     116 rw--- 0000000000309000 0fe:00000 libkio.so.4.2.0
40391000       8 rw--- 0000000040391000 000:00000   [ anon ]
40393000    2644 r-x-- 0000000000000000 0fe:00000 libkdeui.so.4.2.0
40628000     164 rw--- 0000000000295000 0fe:00000 libkdeui.so.4.2.0
40651000       4 rw--- 0000000040651000 000:00000   [ anon ]
40652000     100 r-x-- 0000000000000000 0fe:00000 libkdesu.so.4.2.0
4066b000       4 rw--- 0000000000019000 0fe:00000 libkdesu.so.4.2.0
4066c000      68 r-x-- 0000000000000000 0fe:00000 libkwalletclient.so.1.0.0
4067d000       4 rw--- 0000000000011000 0fe:00000 libkwalletclient.so.1.0.0
4067e000       4 rw--- 000000004067e000 000:00000   [ anon ]
4067f000    2148 r-x-- 0000000000000000 0fe:00000 libkdecore.so.4.2.0
40898000      64 rw--- 0000000000219000 0fe:00000 libkdecore.so.4.2.0
408a8000       8 rw--- 00000000408a8000 000:00000   [ anon ]
... (trimmed) ...
mapped: 25404K    writeable/private: 2432K    shared: 0K

I cut out a lot of the output; the rest is similar to what is shown. Even without the complete output, we can see some very interesting things. One important thing to note about the output is that each shared library is listed twice; once for its code segment and once for its data segment. The code segments have a mode of "r-x--", while the data is set to "rw---". The Kbytes, Mode, and Mapping columns are the only ones we will care about, as the rest are unimportant to the discussion.

If you go through the output, you will find that the lines with the largest Kbytes number are usually the code segments of the included shared libraries (the ones that start with "lib" are the shared libraries). What is great about that is that they are the ones that can be shared between processes. If you factor out all of the parts that are shared between processes, you end up with the "writeable/private" total, which is shown at the bottom of the output. This is what can be considered the incremental cost of this process, factoring out the shared libraries. Therefore, the cost to run this instance of KEdit (assuming that all of the shared libraries were already loaded) is around 2 megabytes. That is quite a different story from the 14 or 25 megabytes that ps reported.

What does it all mean?
The moral of this story is that process memory usage on Linux is a complex matter; you can't just run ps and know what is going on. This is especially true when you deal with programs that create a lot of identical children processes, like Apache. ps might report that each Apache process uses 10 megabytes of memory, when the reality might be that the marginal cost of each Apache process is 1 megabyte of memory. This information becomes critial when tuning Apache's MaxClients setting, which determines how many simultaneous requests your server can handle (although see one of my past postings for another way of increasing Apache's performance).

It also shows that it pays to stick with one desktop's software as much as possible. If you run KDE for your desktop, but mostly use Gnome applications, then you are paying a large price for a lot of redundant (but different) shared libraries. By sticking to just KDE or just Gnome apps as much as possible, you reduce your overall memory usage due to the reduced marginal memory cost of running new KDE or Gnome applications, which allows Linux to use more memory for other interesting things (like the file cache, which speeds up file accesses immensely).

Tags: apache

Linux | 评论:1 | 阅读:15837

vsftp + mysql的架设文档

Submitted by gouki on 2011, November 19, 12:52 AM

上次介绍的vsftpd的配置是官方文档,这次是COPY来的,相对也是比较方便的,而且改动也很少。
只是需要libpam-mysql,mysql-dev等包。如果是基于ubuntu,那就实在是方便多了。都可以apt回来。。
OK,还是来原文吧,内容有点长,慢慢看就OK了:http://www.extmail.org/forum/thread-5427-1-1.html

   VSFTP+MySQL虚拟用户配置

   参考
       [url]http://www.mysql-china.com/bbs/archiver/?tid-114.html[/url]
       [url]http://blog.chinaunix.net/u1/39544/showart_310591.html[/url]
    VSFTPD是一种在UNIX/Linux中非常安全且快速的FTP服务器,目前已经被许多大型站点所采用。VSFTPD支持将用户名和口令保存在数据库文件或数据库服务器中。VSFTPD称这种形式的用户为虚拟用户。相对于FTP的本地(系统)用户来说,虚拟用户只是FTP服务器的专有用户,虚拟用户只能访问FTP服务器所提供的资源,这大大增强系统本身的安全性。相对于匿名用户而言,虚拟用户需要用户名和密码才能获取FTP服务器中的文件,增加了对用户和下载的可管理性。对于需要提供下载服务,但又不希望所有人都可以匿名下载;既需要对下载用户进行管理,又考虑到主机安全和管理方便的FTP站点来说,虚拟用户是一种极好的解决方案。
    环境:
       操作系统: centos 4
       流程图:   user --> vsftpd-2.0.1 --> pam_mysql-0.71 --> mysql-server-4.1

1,初始化centos升级服务器.
# vi /etc/yum.repos.d/CentOS-Base.repo
=============== 代码 { ================================================
[base]
name=CentOS-4 - Base
baseurl=http://mirror.be10.com/centos/4/os/i386/
gpgcheck=1

#released updates
[update]
name=CentOS-4 - Updates
baseurl=http://mirror.be10.com/centos/4/updates/i386/
gpgcheck=1

#packages used/produced in the build but not released
[addons]
name=CentOS-4 - Addons
baseurl=http://mirror.be10.com/centos/4/addons/i386/
gpgcheck=1

#additional packages that may be useful
[extras]
name=CentOS-4 - Extras
baseurl=http://mirror.be10.com/centos/4/extras/i386/
gpgcheck=1

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-4 - Plus
baseurl=http://mirror.be10.com/centos/4/centosplus/i386/
gpgcheck=1
enabled=0

#contrib - packages by Centos Users
[contrib]
name=CentOS-4 - Contrib
baseurl=http://mirror.be10.com/centos/4/contrib/i386/
gpgcheck=1
enabled=0

#packages in testing
[testing]
name=CentOS-4 - Testing
baseurl=http://mirror.be10.com/centos/4/testing/i386/
gpgcheck=1
enabled=0
=============== 代码 } =================================================

# rpm -import [url]http://mirror.be10.com/centos/RPM-GPG-KEY-CentOS-4[/url]

2.安装所要软件包:
   # yum -y install mysql-server*
   # yum -y install vsftpd
   # yum -y install vim*

3.建立系统用户,用户ftp登录时访问目录权限.但用户不允许登录.
   # useradd vsftpdguest
   # vi /etc/passwd
============= 代码 { =====================================
vsftpdguest:x:501:501::/home/vsftpdguest:/bin/nologin
============= 代码 } =====================================

4.将虚拟用户保存在MySQL数据库服务器中
      建立数据库vsftpdvu,表users,字段name和passwd用于保存虚拟用户的用户名和口令,增加两个虚拟用户q和ftp1。
# service mysqld start
    # mysql
mysql> create database vsftpdvu;
mysql> use vsftpdvu;
mysql> create table users(name char(16) binary,passwd char(16) binary);
mysql> insert into users (name,passwd) values ('q','q');
mysql> insert into users (name,passwd) values ('ftp1','success8');
mysql> quit
   
      授权vsftpdguest可以读vsftpdvu数据库的users表。执行以下命令:
# mysql -u root mysql -p
mysql> grant select on vsftpdvu.users to vsftpdguest@localhost identified by 'i52serial0';
mysql> quit;
      
       验证刚才的操作是否成功可以执行下面命令:
# mysql -u vsftpdguest -pi52serial0 vsftpdvu
mysql> select * from users;

5.设置MySQL的PAM验证(pam_mysql.so)
        利用mysql进行pam验证的开源项目([url]http://sourceforge.net/projects/[/url]),主要目的是生成 pam_mysql.so文件
# tar xvzf pam_mysql-0.5.tar.gz
# cd pam_mysql
# make
# make install
   make install这一步可能会出现错误,那只好手动将该目录下生成的pam_mysql.so复制到/lib/security目录下。
  
       设置vsftpd的PAM验证文件。打开/etc/pam.d/vsftpd文件,修改内容:
    # vi /etc/pam.d/vsftpd
    ======================== 代码 { ======================================
#%PAM-1.0
    #auth       required    pam_listfile.so item=user sense=deny file=/etc/vsftpd.ftpusers onerr=succeed
    #auth       required    pam_stack.so service=system-auth
    #auth       required    pam_shells.so
    #account    required    pam_stack.so service=system-auth
    #session    required    pam_stack.so service=system-auth
    auth required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=0
account required pam_mysql.so user=vsftpdguest passwd=i52serial0 host=localhost db=vsftpdvu table=users usercolumn=name passwdcolumn=passwd crypt=0
    ======================== 代码 { ======================================  
      上面涉及到的参数,只要对应前面数据库的设置就可以明白它们的含义。这里需要说明的是crypt参数。crypt表示口令字段中口令的加密方式:crypt=0,口令以明文方式(不加密)保存在数据库中;crypt=1,口令使用UNIX系统的DES加密方式加密后保存在数据库中;crypt=2,口令经过MySQL的password()函数加密后保存,但是使用了crypt=2时会出错,可能是pam_mysql.so文件问题.

6.设置vsftpd 登录模式:
    # vi /etc/vsftpd/vsftpd.conf
    ======================= 代码 { ==============================
    local_enable=yes   <--本地用户登录权限,要开启
    pam_service_name=vsftpd  <--验证文件/etc/pam.d/目录下
    anonymous_enable=NO   <--取消匿名登录
    guest_enable=YES      <--除了匿名用户外的所有用户都是guest
    guest_username=vsftpdguest  <--初了匿名用户外的所有用户使用vsftpdguest
    ======================= 代码 } ==============================
7.重启mysql、vsftpd数据库,进行测试:
    # service mysqld restart
    # service vsftpd restart

8.进一步的虚拟用户设置
      首先,介绍虚拟用户的权限设置。
       新添了virtual_use_local_privs参数,当该参数激活(YES)时,虚拟用户使用与本地用户相同的权限。当此参数关闭(NO)时,虚拟用户使用与匿名用户相同的权限,这两者种做法相比,后者更加严格一些,特别是在有写访问的情形下。默认情况下此参数是关闭的(NO)。
      当virtual_use_local_privs=YES时,只需设置write_enable=YES,虚拟用户就可以就拥有写权限。
         当virtual_use_local_privs=NO时,对虚拟用户权限的设置就更多一些更严格一些。
         控制虚拟用户浏览目录:如果让用户不能浏览目录,但仍可以对文件操作,那么需要执行以下二个步骤:
             第一步骤:配置文件中:
                       anon_world_readable_only=YES
             允许虚拟用户上传文件:  write_enable=YES
                                    anon_upload_enable=YES
             允许虚拟用户修改文件名和删除文件:    anon_other_write_enable=YES
             第二步骤:虚拟用户目录的权限改为只能由vsftpdguest操作:
                # chown vsftpdguest.vsftpdguest /home/vsftpdguest
                # chmod 700 /home/vsftpdguest
         由于以上选项的设置同样会对匿名用户生效。如果不想匿名用户趁机拥有同样的权限,最好是禁止匿名用户登录。

    其次,由于虚拟用户在系统中是vsftpdguest身份,所以可以访问到系统的其他目录。为了更加安全,我们可以将虚拟用户限制在自家目录下。有两种做法:
          第一种做法:在配置文件中修改
                   chroot_local_user=YES。
            第二种做法:在配置文件中增加以下选项
               chroot_local_user=NO
               chroot_list_enable=YES
              chroot_list_file=/etc/vsftpd.chroot_list
              然后,在/etc/vsftpd.chroot_list文件中加入虚拟用户名q和ftp1。
        经过修改后,虚拟用户登录后其根目录就限制在/home/vsftpdguest下,无法访问其他目录。

9.虚拟用户个人目录(没有测试)
  登录后所在的目录都是/home/vsftpdguest,即都是guest_username用户的自家目录。为每个虚拟用户建立自家目录。
      首先,在主配置文件中加入以下选项:
           # vi /etc/vsftpd/vsftpd.conf
                 user_config_dir=/etc/vsftpd/vsftpd_user_conf
  然后,生成/etc/vsftpd/vsftpd_user_conf目录,并在该目录下建立与特定虚拟用户同名的文件:
       # mkdir /etc/vsftpd/vsftpd_user_conf
       # cd /etc/vsftpd/vsftpd_user_conf
       # touch q
       以上操作为虚拟用户q建立了个人配置文件/etc/vsftpd/vsftpd_user_conf/q.
      接下来,在q的个人配置文件中将 q虚拟用户的自家目录修改为/home/q,配置选项为:
       local_root=/home/q
  最后,新建q目录,并将权限设为vsftpdguest:
      # mkdir /home/q
      # chown vsftpdguest.vsftpdguest /home/q
      # chmod 600 /home/q
    经过以上设置,q登录VSFTPD后,用“pwd”指令就可以发现被自己被定位到自己的“/home/q”目录。
   从文件系统层次来看,由于“/home/q”目录的权限是属于vsftpdguest的,所以其他的虚拟用户同样也可以访问q的自家目录。
   解决这个问题也很简单,只需要让VSFTPD负责将虚拟用户限制在其自家目录,就可以避免虚拟用户的互相访问。具体做法参照前面第8步中所述。经过以上设置后,虚拟用户就可以拥有属于自己的目录了。
   使用user_config_dir参数,在每个用户独立的配置文件里设定不同的权限和local_root参数就可以了

帮助:
在第5步处可以对程序进行调整:
  # vi /etc/vsftpd/vsftpd.conf  查看ftp连接情况
     log_ftp_protocol=YES
     dual_log_enable=YES
     syslog_enable=YES  
  # vi /etc/pam.d/vsftpd 调试pam_mysql连接情况
     auth   required      /usr/local/lib/security/pam_mysql.so user=root passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=2 verbose=1
     account  required    /usr/local/lib/security/pam_mysql.so user=root passwd=123456 host=localhost db=vsftpd table=users usercolumn=name passwdcolumn=passwd crypt=2 verbose=1

---------
最后,你在上传的时候会发现,文件权限都是600,看vsftpd.conf里,有一个local_umask,上面还有注释,如果要改改成022,大多数Ftpd都是这么配置的。
关于umask为什么是022,可以查看老王的文章:Umask补习班
里面有这么一句:注:权限计算实际上是二进制位的与操作,参考All About the umask and Permissions

Tags: vsftpd

Linux | 评论:1 | 阅读:14438

Records:284«28293031323334353637»