PureFTP

pure-ftpd-1.0.27.tar.gz
Shell> cd /usr/local
Shell> mkdir /usr/local/1
Shell> cp pure-ftpd-1.0.27.tar.gz /usr/local/1
Shell>tar zxvf pure-ftpd-1.0.27.tar.gz
Shell>cd pure-ftpd-1.0.27/
Shell>./configure --prefix=/usr/local/1/pureftpd --with-language=english --with-everything
Shell>make
Shell>make install
Shell>mkdir /usr/local/1/pureftpd/etc
adduser
Shell>/usr/local/1/pureftpd/bin/pure-pw useradd user u 2121 g 2121 d /var/www/ -f
/usr/local/1/pureftpd/etc/pureftpd.passwd
Database
Shell>/usr/local/1/pureftpd/bin/pure-pw mkdb /usr/local/1/pureftpd/etc/pureftpd.pdb f
/usr/local/1/pureftpd/etc/pureftpd.passwd
start FTP
Shell>/usr/local/1/pureftpd/sbin/pure-ftpd A B c300 C5 D E fftp H I15
lpuredb:/usr/local/1/pureftpd/etc/pureftpd.pdb L8000:8 m4 s U133:022 u100 j k99 Z
O clf:/var/log/pureftpd.log
Note: pureftpd started!
pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]
-D/-d <home directory> [-c <gecos>]
[-t <download bandwidth>] [-T <upload bandwidth>]
[-n <max number of files>] [-N <max Mbytes>]
[-q <upload ratio>] [-Q <download ratio>]
[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
[-y <max number of concurrent sessions>]
[-z <hhmm>-<hhmm>] [-m]

pure-pw usermod <login> -f <passwd file> -u <uid> [-g <gid>]
-D/-d <home directory> -[c <gecos>]
[-t <download bandwidth>] [-T <upload bandwidth>]
[-n <max number of files>] [-N <max Mbytes>]
[-q <upload ratio>] [-Q <download ratio>]
[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
[-y <max number of concurrent sessions>]
[-z <hhmm>-<hhmm>] [-m]

pure-pw userdel <login> [-f <passwd file>] [-m]
pure-pw passwd <login> [-f <passwd file>] [-m]
pure-pw show <login> [-f <passwd file>]
pure-pw mkdb [<puredb database file> [-f <passwd file>]]
pure-pw list [-f <passwd file>]
-d <home directory> : chroot user (recommended)
-D <home directory> : don't chroot user
-<option> '' : set this option to unlimited
-m : also update the /usr/local/pureftpd/etc/pureftpd.pdb database
For a 1:10 ratio, use -q 1 -Q 10
To allow access only between 9 am and 6 pm, use -z 0900-1800
- -0: when a file is uploaded and there is already a previous version of the
file with the same name, the old file will neither get removed nor truncated.
Upload will take place in a temporary file and once the upload is complete,
the switch to the new version will be atomic. For instance, when a large PHP
script is being uploaded, the web server will still serve the old version and
immediatly switch to the new one as soon as the full file will have been
transfered. This option is incompatible with virtual quotas.
- -1: log the PID of each session in syslog output.
- -4: only listen to IPv4 connections.
- -6: dont listen to IPv4, only listen to IPv6.
- -a <gid>: Authenticated users will be granted access to their home
directory and nothing else (chroot) . This is especially useful for users
without shell access, for instance, WWW-hosting services shared by several
customers. Only member of group number <gid> will have unrestricted access
to the whole filesystem. So add a staff, admin or ftpadmin group and
put your trusted users in. <gid> is a NUMERIC group number, not a group name.
This feature is mainly designed for system users, not for virtual ones.
- -A: chroot() everyone, but root.
- -b: Ignore parts of RFC standards in order to deal with some totally
broken FTP clients, or broken firewalls/NAT boxes.
- -B: Have the standalone server start in background (daemonization).
- -c <number of clients>: Allow a maximum of clients to be connected. For
instance -c 42 will limit access to simultaneous 42 clients. There is a
50 client limit by default.
- -C <max connection per ip>: Limit the number of simultanous connections
coming from the same IP address. This is yet another very effective way to
prevent stupid denial of services and bandwidth starvation by a single user.
It works only when the server is launched in standalone mode (if you use a
super-server, it is supposed to do that) . If the server is launched with
-C 2, it doesnt mean that the total number of connections is limited to 2.
But the same client, coming from the same machine (or at least the same IP),
cant have more than two simultaneous connections. This feature needs some
memory to track IP addresses, but its recommended to use it.
- -d: Send various debugging messages to the syslog. Dont use this
unless you really want to debug Pure-FTPd. Passwords arent logged.
Duplicate -d to log responses, too.
- -D: List files beginning with a dot (.) even when the client doesnt
append the -a option to the list command. A workaround for badly
configured FTP clients. If you are a purist, dont enable this. If you
provide hosting services and if you have lousy customers, enable this.
- -e: Only allow anonymous users. Use this on a public FTP site with no
remote FTP access to real accounts.
- -f <facility>: Use that facility for syslog logging. It defaults to
ftp (or local2 if you got an obsolete libc without that facility).
Logging can be disabled with -f none .
- -F <fortune file>: Display a fortune cookie on login. The sentence is
a random extract from the text file <fortune file>. This text file should be
formatted like standard fortune files (fortunes are separated by a %
sign on a single line) . Pure-FTPd has to be compiled with support for
cookies (with-cookie). If you just want a simple banner displayed before
the login prompt, add the name of any text file here.
- -g <pid file>: Change the location of the pid file when the server is
run in standalone mode. The default is /var/run/pure-ftpd.pid .
- -G: Disallow renaming.
- -H: By default, fully-qualified host names are logged. To achieve this,
DNS lookups are mandatory. The -H flag avoids host names resolution.
(213.41.14.252 will be logged instead of www.toolinux.com) . It can
significantly speed up connections and reduce bandwidth usage on busy
servers. Use it especially on public FTP sites. Also, please note that
without -H, host names are informative but shouldnt be trusted: no reverse
mapping check is done to save DNS queries.
- -i: Disallow upload for anonymous users, whatever directory permissions
are. This option is especially useful for virtual hosting, to avoid your
users creating warez sites in their account.
- -I <timeout>: Change the maximum idle time. The timeout is in minutes
and defaults to 15 minutes. Modern FTP clients are trying to fool timeouts
by sending fake commands at regular interval. We disconnect these clients
when they are idle for twice (because they are active anyway) the normal
timeout.
- -j: If the home directory of a user doesnt exist, automatically create
it. The newly created home directory belongs to the user and permissions are
set according to the current directory mask. Only the home directory can be
created (so /home/john/./public_html wont work, but /home/john will) . To
avoid local attacks, the parent directory should never belong to an untrusted
user. Also note that you must trust whoever manages the users databases,
because with that feature, hell be able to create/chown directories anywhere
on the servers filesystem.
- -k <percentage>: Dont allow uploads if the partition is more than
<percentage>% full. For instance, -k 95 will ensure your disks will never
get filled more than 95% by FTP. No need for the percent sign after the
number.
- -K: Allow users to resume and upload files, but *NOT* to delete or rename
them. Directories can be removed, but only if they are empty. However,
overwriting existing files is still allowed (to support upload resume) . If
you want to disable this too, add -r (autorename) .
- -l <authentication> or -l <authentication>:<config file>: Adds a new
rule to the authentication chain. Please read the Authentication section,
later in this README file. Its an important section.
- -L <max files>:<max depth>: To avoid stupid denial-of-service attacks
(or just CPU hogs), Pure-FTPd never displays more than 2000 files in response
to an ls command. Also, a recursive ls (-R) never goes further than 5
subdirectories. You can increase/decrease those limits with the -L option.
- -m <cpu load>: Dont allow anonymous download if the load is above <cpu
load> . A very efficient way to prevent overloading your server. Upload is
still allowed, though.
- -M: Allow anonymous users to create directories.
- -n <max files>:<max size>: If the server has been compiled with support
for virtual quotas, enforce these quota settings for all users (except
members of the trusted group) . <max size> is in Megabytes. See the
virtual quotas section later in this document.
- -N: NAT mode. Force ACTIVE mode. If your FTP server is behind a NAT box
that doesnt support applicative FTP proxying, or if you use port
redirection without a transparent FTP proxy, use this. Well the previous
sentence isnt very clear. Okay: if your network looks like this:
(FTP server)-(NAT/masquerading gateway/router)(Internet)
and if you want people coming from the internet to have access to your FTP
server, please try without this option first. If Netscape clients can
connect without any problem, your NAT gateway rulez. If Netscape doesnt
display directory listings, your NAT gateway sucks. Use -N as a workaround.
- -o: Write all uploaded files to /var/run/pure-ftpd.upload.pipe so
that the pure-uploadscript program can run. Dont enable that option if
you dont actually use pure-uploadscript.
- -O <format>:<log file>: Record all file transfers into a specific log
file, in an alternative format. Currently, four formats are supported: CLF
(Apache-like), Stats, W3C and xferlog.
- -p <first port>:<last port>: Use only ports in the range <first port>
to <last port> inclusive for passive-mode downloads. This is especially
useful if the server is behind a firewall without FTP connection tracking.
Use high ports (40000-50000 for instance), where no regular server should be
listening.
- -P <ip address or host name>: Force the specified IP address in reply to
a PASV/EPSV/SPSV command. If the server is behind a masquerading (NAT) box
that doesnt properly handle stateful FTP masquerading, put the ip address
of that box here. If you have a dynamic IP address, you can put the public
host name of your gateway, that will be resolved every time a new client will
connect.
- -q <upload ratio>:<download ratio>: Enable ratios for anonymous users.
- -Q <upload ratio>:<download ratio>: Enable ratios for everybody
(anonymous and non-anonymous). Members of the root (0, something called
wheel) have no ratio.
- -r: Never overwrite existing files. Uploading a file whoose name
already exists cause an automatic rename. Files are called xyz, xyz.1, xyz.2,
xyz.3, etc.
- -R: Disallow users (even non-anonymous ones) usage of the CHMOD
command. On hosting services, it may prevent newbies from making mistakes,
like setting bad permissions on their home directory. Only root can use
CHMOD when -R is enabled.
- -s: The waReZ protection. Dont allow anonymous users to download
files owned by ftp (generally, files uploaded by other anonymous users) .
So that uploads have to be validated by a system administrator (chown to
another user) before being available for download.
- -S [<ip address>,|<hostname>,] [<port>|<service name>]. This option is
only effective when the server is launched as a standalone server.
Connections are accepted on the specified IP and port. IPv4 and IPv6 are
supported. Numeric and fully-qualified host names are accepted. A service
name (see /etc/services) can be used instead of a numeric port number.
- -T <bandwidth> and -t <bandwidth>: Enable bandwidth limitation (see
below) . <bandwidth> is specified in kilobytes/seconds. To set up separate
upload/download bandwidth, the [<upload>]:[<download>] syntax is supported.
- -u <uid>: Dont allow uids below <uid> to log in. -u 1 denies access
to root (safe), -u 100 denies access to virtual accounts on most Linux
distros.
- -U <umask for files>:<umask for dirs>: Change the file creation mask.
The default is 133:022. If you want a new file uploaded by a user to only be
readable by that user, use -U 177:077. If you want uploaded files to be
executable, use 022:022 (files will be readable -but not writable- by other
users) or 077:077 (files will only be executable and readable by their
owner) . Please note that Pure-FTPd support the SITE CHMOD extension, so a
user can change the permissions of his own files.
- -V <ip address>: Allow non-anonymous FTP access only on this specific
local IP address. All other IP addresses are only anonymous. With that
option, you can have routed IPs for public access and a local IP (like
10.x.x.x) for administration. You can also have a routable trusted IP
protected by firewall rules and only that IP can be used to login as a
non-anonymous user.
- -v <name>: Set the service name for Apples Bonjour. Only available on
MacOS X when Bonjour support is compiled in.
- -w: Support the FXP protocol only for authenticated users. FXP works
with IPv4 and IPv6 addresses.
- -W: Support the FXP protocol. FXP allows transfers between two remote
servers without any file data going to the client asking for the transfer.
- -x: In normal operation mode, authenticated users can read/write files
beginning with a dot (.) . Anonymous users cant, for security reasons
(like changing banners or a forgotten .rhosts) . When -x is used,
authenticated users can download dot-files, but not overwrite/create them,
even if they own them. That way, you can prevent hosted users from messing
.qmail files. If you want to give user access to a special dot-file, create a
symbolic link to the dot-file with a file name that has no dot in it and the
client will be able to retrieve the file through that link.
- -X: This flag is identical to the previous one (writing dot-files is
prohibited), but in addition, users cant even *read* files and directories
beginning with a dot (like cd .ssh) .
- -y <max user logins>:<max anonymous logins>: This option only
works if the server has been compiled with with-peruserlimits. It
restricts the number of concurrent sessions the same user can have.
A null value (0) means unlimited.
Heres a concrete example:
/usr/local/sbin/pure-ftpd -y 3:20 -c 15 -C 5 -B
Here, we allow:
* A max total of 15 sessions.
* 5 connections max coming from the same IP address.
* 3 connections max with the same user name.
* 20 anonymous users max.
- -Y 0: Disable the SSL/TLS encryption layer (default).
-Y 1: Accept both standard and encrypted sessions.
-Y 2: Refuse connections that arent using SSL/TLS security mechanisms,
including anonymous sessions. The server must have been compiled with
with-tls and a valid certificate must be in place to get this feature.
See the README.TLS file for more info about SSL/TLS.
- -z: Allow anonymous users to read files and directories starting with a
dot (.) .
2.Virtual users
Since release 0.99.2, Pure-FTPd supports virtual users.
Virtual users is a simple mechanism to store a list of users, with their
password, name, uid, directory, etc. Its just like /etc/passwd. But its
not /etc/passwd. Its a different file, only for FTP.
It means that you can easily create FTP-only accounts without messing up
your system accounts.
Additionnaly, virtual users files can store individual quotas, ratios,
bandwidth, etc. System accounts cant do this.
Thousands of virtual users can share the same system user, as long as they
all are chrooted and they have their own home directory.
So a good thing to do before using virtual users is to create a system user
for this. Of course, you can use any existing account like nobody (but not
root), but its better to have a dedicated account.
Lets create an ftpgroup group and an ftpuser user.
Linux/OpenBSD/NetBSD/Solaris/HPUX/a lot of other Unix-like systems:
groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser
FreeBSD:
pw groupadd ftpgroup
pw useradd ftpuser -g ftpgroup -d /dev/null -s /etc
Then, all maintenance of virtual users can be made with the pure-pw
command. You can also edit the files by hand if you want.
- -
Files storing virtual users have one line per user. These lines have the
following syntax:
<account>:<password>:<uid>:<gid>:<gecos>:<home directory>:<upload
bandwidth>:<download bandwidth>:<upload ratio>:<download ratio>:<max number
of connections>:<files quota>:<size quota>:<authorized local IPs>:<refused
local IPs>:<authorized client IPs>:<refused client IPs>:<time
restrictions>
Fields can be left empty (exceptions: account, password, uid, gid, home
directory) .
Passwords are compatible with the hashing function used in /etc/passwd or
/etc/master.passwd . They are crypto hashed with blowfish, md5, multiple-des
and simple des, in this order, according to what your system has support fort.
CREATING A NEW USER
To add a new user, use the following syntax:
pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]
-D/-d <home directory> [-c <gecos>]
[-t <download bandwidth>] [-T <upload bandwidth>]
[-n <max number of files>] [-N <max Mbytes>]
[-q <upload ratio>] [-Q <download ratio>]
[-r <allow client host>[/<mask>][,<allow client host>[/<mask>]]]
[-R <deny client host>[/<mask>][,<deny client host>[/<mask>]]]
[-i <allow local host>[/<mask>][,<allow client host>[/<mask>]]]
[-I <deny local host>[/<mask>][,<deny local host>[/<mask>]]]
[-y <max number of concurrent sessions>]
[-z <hhmm>-<hhmm>] [-m]
Lets create joe, whoose home directory will be /home/ftpusers/joe . The
system account associated with joe is ftpusers.
pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe
Joes password is asked twice.
With -d, joe will be chrooted. If you want to give joe access to the whole
filesystem, use -D instead of -d.
You dont need to create /home/ftpusers/joe if you run pure-ftpd with the
-j (createhome) switch. With that switch, home directories will
automatically be created when users will log in for the first time.
The -z option allow an user to connect only during a range of day time.
For instance, with -z 0900-1800, joe will only be able to connect from 9 am
to 18 pm. Warning: an user that connected during authorized hours can
finish his session after these authorized hours.
-r and -R are handy to restrict where the user can connect from. They can be
followed by a simple IP/mask pair (-r 192.168.1.0/24), multiple pairs
separated by a coma (-r 192.168.1.0/24,10.1.0.0/16,127.0.0.1/32), single IPs
(-r 192.168.1.4,10.1.1.5), host names (-r bla.bla.net,yopcitron.com), or any
combination of those.
-y is to restrict the number of concurrent sessions an user can have
at the same time. or 0 mean unlimited. Avoid this feature on very loaded
servers. Use per-ip limits instead.
Ok, joe has been created. By default, the list of virtual users is stored
in the /etc/pureftpd.passwd file (you can of course change this with -f
<file>) .
Lets have a look at its content:
joe:$1$LX/3.F60$bYdYwsQOYIaWq.Ko.hfI3.:500:101::/home/ftpusers/joe/./:::::::::::::
Passwords are hashed with the best one-way hash function your system supports.
Hashes are tried in this order: Blowfish, MD5, multiple DES, simple DES.
CHANGING INFO
Once virtual users have been created, you can edit their info. For instance
you can add bandwidth throttling, change quotas, add their full name, update
ratio, etc.
The pure-pw usermod command works just like pure-pw useradd except that
it modifies an existing account instead of creating a new one.
For instance, we will add a quota to Joe. Joe should be limited to 1000
files and 10 Megabytes.
pure-pw usermod joe -n 1000 -N 10
Lets have a look at /etc/pureftpd.passwd:
joe:$1$LX/3.F60$bYdYwsQOYIaWq.Ko.hfI3.:500:101::/home/ftpusers/joe/./::::::1000:1048
5760::::::
As you can see, the size quota is stored in bytes in the file.
RESETTING ATTRIBUTES
To disable file quotas, use pure-pw usermod <user> -n
To disable size quotas, use pure-pw usermod <user> -N
To disable ratios, use pure-pw usermod <user> -q -Q
To disable download bandwidth throttling, use pure-pw usermod <user> -t
To disable upload bandwidth throttling, use pure-pw usermod <user> -T
To disable IP filtering, use pure-pw usermod <user> <-i,-I,-r or -R>
To disable time restrictions, use pure-pw usermod <user> -z
To disable the number of concurrent sessions, use pure-pw usermod <user> -y
DELETING USERS
We wont delete Joe at this time. Joe is a fine guy But FYI, deleting an
user is as simple as running pure-pw userdel, whoose syntax is:
pure-pw userdel <login> [-f <passwd file>] [-m]
Deleting Joe would be:
pure-pw userdel joe
The content of his home directory is kept. Delete it by hand if you want.
CHANGING PASSWORDS
To change the password of an user, use pure-pw passwd:
pure-pw passwd <login> [-f <passwd file>] [-m]
DISPLAYING INFO
To review info about one user, reading the /etc/pureftpd.passwd file is ok,
but its not really human-friendly.
Its why you can use pure-pw show, whoose syntax is:
pure-pw show <login> [-f <passwd file>]
Lets try with joe:
pure-pw show joe

Login : joe
Password : $1$LX/3.F60$bYdYwsQOYIaWq.Ko.hfI3.
UID : 500 (ftpuser)
GID : 101 (ftpgroup)
Directory : /home/ftpusers/joe/./
Full name :
Download bandwidth : 0 Kb (unlimited)
Upload bandwidth : 0 Kb (unlimited)
Max files : 1000 (enabled)
Max size : 10 Mb (enabled)
Ratio : 0:0 (unlimited:unlimited)
Allowed local IPs :
Denied local IPs :
Allowed client IPs : 192.168.0.0/16
Denied client IPs : 192.168.1.1,blah.verybadhost.com
Time restrictions : 0900-1800 (enabled)
Max sim sessions : 0 (unlimited)
/./ at the end of a home directory means that this user will be chrooted.
COMMITING CHANGES
IMPORTANT:
You can add, modify and delete users with the previous commands, or by
editing /etc/pureftpd.passwd by hand. But the FTP server wont consider the
changes you make to that file, until you commit them.
Commiting changes really means that a new file is created from
/etc/pureftpd.passwd (or whatever file name you choose) . That new file is a
PureDB file. It contains exactly the same info than the other file. But in
that file, accounts are sorted and indexed for faster access, even with
thousands of accounts. PureDB files are binary files, dont try to view them
or your terminal will beep like hell.
Lets create a PureDB file from /etc/pureftpd.passwd. The indexed file will
be called /etc/pureftpd.pdb (as always, choose whatever name you like):
pure-pw mkdb
this reads /etc/pureftpd.passwd and creates /etc/pureftpd.pdb by default, but
to read another file, add the pdb file, optionnaly followed by -f <passwd file>
For instance:
pure-pw mkdb /etc/accounts/myaccounts.pdb -f /etc/accounts/myaccounts.txt
All modifications you made to the virtual users database will be committed
atomatically: all new accounts will be activated at the same time and all
deleted users wont be able to log in as soon as youll have hit the Return
key.
Theres no need to restart the pure-ftpd server to commit changes.
You can also change something to the text passwords file (add users, change
password, delete users, etc) and automatically run
pure-pw mkdb /etc/pureftpd.pdb afterwards. To do so, just use the -m
switch:
pure-pw passwd joe -m
This command will change Joes password in pureftpd.passwd *and* commit the
change to /etc/pureftpd.pwd .
ENABLING VIRTUAL USERS
Of course, to use virtual users, you have to enable their support in the FTP
server itself. At compile-time, this is done by giving with-puredb to
./configure (with-everything also enables it and binary packages have it
compiled in) .
Then, add this switch to your usual pure-ftpd switches:
-l puredb:/path/to/puredb_file
If long options are enabled, you can also use login instead of -l .
Lets run the server with automatic creation of home directories and puredb
authentication:
/usr/local/sbin/pure-ftpd -j -lpuredb:/etc/pureftpd.pdb &
Try to ftp localhost and log in as joe.
CONVERTING SYSTEM ACCOUNTS
You can convert all system (/etc/passwd) accounts to virtual FTP users, with
the pure-pwconvert tool.
Just run it:
pure-pwconvert >> /etc/pureftpd.passwd
If you do it as a non-privileged user, passwords wont be filled in. If you
do it as root, everything will be copied, even hashed passwords.
Copying system accounts to FTP accounts makes sense, because that way, users
can use different passwords for FTP and for Telnet access.
ENVIRONNEMENT VARIABLES
If defined, a PURE_PASSWDFILE environment variable can set the default path
to the pureftpd.passwd file. Without this variable, it defaults to
/etc/pureftpd.passwd .
If defined, a PURE_DBFILE environment variable can set the default path
to the pureftpd.pdb file. Without this variable, it defaults to
/etc/pureftpd.pdb .
Pure-FTP Web Interface
Jre install and configure
Upload jre-1_5_0_15-linux-i586.bin to /var/local
Shell>chmod a+x jre-1_5_0_15-linux-i586.bin
Shell>/var/local/jre-1_5_0_15-linux-i586.bin
Shell>vi /etc/profile
Add
JAVA_HOME=/var/local/jre1.5.0_15
CLASSPATH=$CLASSPATH:$JAVA_HOME/lib
PATH=$JAVA_HOME/bin:$PATH:$HOME/bin
export JAVA_HOME CLASSPATH PATH
# source profile
Shell> java version

java version "1.5.0_15"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_15-b04)
Java HotSpot(TM) Server VM (build 1.5.0_15-b04, mixed mode)
Java installation successful
2.Tomcat install and configure
Upload apache-tomcat-6.0.26.tar.gz to /var/local
Shell> tar -zxvf apache-tomcat-6.0.26.tar.gz
IE test
http://ip:8080/
If display failed,configure tomcat
Shell>/var/local/apache-tomcat-6.0.26/bin/shutdown.s
Shell> vi /var/local/apache-tomcat-6.0.26/bin/conf/server.xml
<Connector port="80" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
connectionTimeout="20000" disableUploadTimeout="true" />
IE test
http://ip:port
upload enftpweb.war to /var/local/apache-tomcat-6.0.26/webapps/
http://ip:port/ftpweb/