「Linux」- 挂载 FTP 到本地目录,CurlFtpFS

  CREATED BY JENKINSBOT

CurlFtpFS,基于 FUSE 与 cURL,将 FTP Server 挂载到本地目录。在 Google上 搜索了几篇文章,排名靠前的都是 CurlFtpFS 工具。

安装应用

通过仓库直接安装

# Ubuntu 16.04 TLS
apt-get install curlftpfs

通过源码编译安装

去官网下载CurlFtpFS源码,安装过程参考 INSTALL 中件。

安装的可执行程序

curlftpfs
主程序文件,将ftp主机挂在到本地目录中。

curlftpfs

curlftpfs,主程序文件,将ftp主机挂在到本地目录中。

命令行语法格式

curlftpfs [options] host path

命令描述

该程序可以将远程的FTP目录挂在到本地的文件夹中,然后将远程FTP的目录映射到本地。

curlftpfs所有于传输相关的特征都依赖于libcurl(man 3 libcurl)库。
FUSE之上实现的文件系统。可以去FUSE主页查看相关内容(原主页实在SourceForge上,后来挪到Github了)。

FTP 有关的选项(FTP OPTIONS)

-v/–verbose
Make libcurl print verbose debug output.

-o
以下的选项需要使用-o选项来指定,多个参数之间使用逗号(,)分割:

cacert=<file>
(SSL) Pass a string naming a file holding one or more certificates to verify the peer with.

Note that option is by default set to the system path where libcurl’s cacert bundle is assumed to be stored, as

established at build time.

capath=<directory>
(SSL) Tells curlftpfs to use the specified certificate directory to verify the peer. The certificates must be in PEM

format, and the directory must have been processed using the c_rehash utility supplied with openssl. Using cap‐

ath can allow curlftpfs to make connections much more efficiently than using cacert if the cacert file contains many

CA certificates.

cert=<certificate>
(SSL) Tells curlftpfs to use the specified certificate file. The default format is “PEM” and can be changed with

cert_type.

cert_type=<type>
(SSL) Tells curlftpfs what certificate type the provided certificate is in. PEM, DER and ENG are recognized types.

ciphers=<list of ciphers>
(SSL) Specifies which ciphers to use in the connection. The list must be syntactically correct, it consists of one or

more cipher strings separated by colons. Commas or spaces are also acceptable separators but colons are normally

used, , – and + can be used as operators. Valid examples of cipher lists include ‘RC4-SHA’, ´SHA1+DES’, ‘TLSv1’

and ‘DEFAULT’. The default list is normally set when you compile OpenSSL.

Read up on SSL cipher list details on this URL:
http://www.openssl.org/docs/apps/ciphers.html

codepage=<name>
Sets the encoding the ftp server uses to encode file names.

connect_timeout=<seconds>
Maximum time in seconds that you allow the connection to the server to take. This only limits the connection phase,

once curlftpfs has connected this option is of no more use.

custom_list=<command>
Command used by curlftpfs to list files. The default is “LIST -a” but some servers might require extra options, e.g.

“LIST -la”.

disable_eprt
Tell curlftpfs to disable the use of the EPRT and LPRT commands when doing active FTP transfers. Curlftpfs will nor‐

mally always first attempt to use EPRT, then LPRT before using PORT, but with this option, it will use PORT right

away. EPRT and LPRT are extensions to the original FTP protocol, may not work on all servers but enable more function‐

ality in a better way than the traditional PORT command.

disable_epsv
Tell curlftpfs to disable the use of the EPSV command when doing passive FTP transfers. This is the default.

enable_epsv
Tell curlftpfs to enable the use of the EPSV command when doing passive FTP transfers. Curlftpfs will first attempt to

use EPSV before PASV.

engine=<name>
Select the OpenSSL crypto engine to use for cipher operations. Use:

curl –engine list

to print a list of build-time supported engines. Note that not all (or none) of the engines may be avail‐

able at run-time.

ftpfs_debug
Make curlftpfs print lots of debug information. Useful only in conjunction with the -d option.

ftp_method=<method>
Control what method curlftpfs should use to reach a file on the server. The method argument should be one of the fol‐

lowing alternatives:

multicwd
curlftpfs does a single CWD operation for each path part in the given URL. For deep hierarchies this means very

many commands. This is how RFC1738 says it should be done. This is the default but the slowest behavior.

singlecwd
curlftpfs does one CWD with the full target directory and then operates on the file “normally” (like in the

multicwd case).

ftp_port=<address>

Reverses the initiator/listener roles when connecting with ftp. This switch makes curlftpfs use the PORT command

instead of PASV. In practice, PORT tells the server to connect to the client’s specified address and port, while PASV

asks the server for an ip address and port to connect to.
<address>的值如下:

  • interface: 指定要使用的网络接口。如:eth0
  • IP address: 指定准确的IP地址。如:”192.168.10.1″
  • host name: 指定机器。如:”my.host.domain”
  • -: 使curlftpfs选择已经用于控制连接的相同IP地址。主动模式。

使用disable_eprt来禁用尝试使用EPRT命令而不是PORT。 EPRT是真正的PORT++。

httpproxy
Set the proxy type to HTTP. This is the default type.

interface=<name>
Pass a string as parameter. This set the interface name to use as outgoing network interface. The name can be an

interface name, an IP address or a host name.

iocharset=<name>
Sets the charset used by the client side for codepage to charset translation. Default: UTF8.

ipv4 If libcurl is capable of resolving an address to multiple IP versions (which it is if it is ipv6-capable), this
option tells libcurl to resolve names to IPv4 addresses only.

ipv6 If libcurl is capable of resolving an address to multiple IP versions (which it is if it is ipv6-capable), this
option tells libcurl to resolve names to IPv6 addresses only.

key=<key>
(SSL) Private key file name. Allows you to provide your private key in this separate file. The default format is

“PEM” and can be changed with key_type.

key_type=<type>
(SSL) Pass a string in the format of your private key. Supported formats are “PEM”, “DER” and “ENG”.

The format “ENG” enables you to load the private key from a crypto engine. In this case key is used as an iden‐

tifier passed to the engine. You have to set the crypto engine with engine option. “DER” format key file cur‐

rently does not work because of a bug in OpenSSL.

krb4=<level>
Enable kerberos4 authentication and use. The level must be entered and should be one of ‘clear’, ‘safe’, ‘confiden‐

tial’ or ‘private’. Should you use a level that is not one of these, ‘private’ will instead be used.

This option requires that the libcurl library was built with kerberos4 support. This is not very common.

no_verify_hostname
(SSL) Curlftpfs will not verify the hostname when connecting to a SSL enabled server.

no_verify_peer
(SSL) Curlftpfs will not verify the certificate when connecting to a SSL enabled server.

pass=<password>
(SSL) Pass phrase for the private key.

proxy=<host[:port]>
Use specified HTTP proxy. If the port number is not specified, it is assumed at port 1080.

This option overrides existing environment variables that sets proxy to use. If there’s an environment variable

setting a proxy, you can set proxy to “” to override it.

This options implies the proxytunnel option.

Starting with libcurl version 7.14.1, the proxy host can be specified the exact same way as the proxy environment

variables, including protocol prefix (http://) and embedded user + password.

proxytunnel
Tells curlftpfs to use a tunnel proxy. This option is implied by the proxy option but you need to set it manually if

you use the proxy environment variable.

proxy_anyauth
Tells curl to pick a suitable authentication method when communicating with the given proxy. This will cause

an extra request/response round-trip.

proxy_basic
Tells curlftpfs to use HTTP Basic authentication when communicating with the given proxy. Basic is the default authen‐

tication method curlftpfs is used with proxies.

proxy_digest
Tells curlftpfs to use HTTP Digest authentication when communicating with the given proxy.

proxy_ntlm
Tells curlftpfs to use HTTP NTLM authentication when communicating with the given proxy.

proxy_user=<user:password>
Specify user and password to use for proxy authentication.

skip_pasv_ip
Tell curlftpfs to not use the IP address the server suggests in its response to curlftpfs’s PASV command when

curlftpfs connects the data connection. Instead curlftpfs will re-use the same IP address it already uses for the

control connection.

socks4 Set the proxy type to SOCKS4.

socks5 Set the proxy type to SOCKS5.

ssl Make curlftpfs use SSL/TLS for both control and data connections.

sslv3 Forces curlftpfs to use SSL version 3 when negotiating with a remote SSL server.

ssl_control
Make curlftpfs use SSL/TLS only for the control connection.

ssl_try
Curlftpfs will try to use SSL/TLS for both the control and data connections but if the server doesn’t support it, it

will still connect unencrypted.

tcp_nodelay
Turn on the TCP_NODELAY option. See the curl_easy_setopt(3) man page for details about this option.

tlsv1 (SSL) Forces curlftpfs to use TLS version 1 when negotiating with a remote TLS server.

transform_symlinks
Append path to the absolute symlinks so that they still point inside the ftp directory structure. Otherwise those

links will very probably be broken.

user=<user:password>
指定用户名、密码。覆盖netrc文件中的配置。

utf8

Try to transfer file list with UTF-8 encoding. Send OPTS UTF8 ON at the beginning of file list transfer.

FUSE 有关的选项(FUSE OPTIONS)

-d Enable FUSE debug output. Implies -f.

-f Run curlftpfs in foreground mode.

-r Mount read-only.

-s Disable multi-threaded operation.

-o
以下的选项需要使用-o选项来指定,多个参数之间使用逗号(,)分割:

allow_other
允许其他用户访问。默认情况下,只允许挂载的用户访问,即使是root也不行。

allow_root
Allow access to root user. By default the mount point is only accessible to the user that mounted it and not even to

root.

debug enable debug output

direct_io
use direct I/O

fsname=NAME
set filesystem name in mtab

gid=N set file group

hard_remove
immediate removal (don’t hide files)

kernel_cache
Let the kernel VFS do some caching of the files.

large_read
issue large read requests (2.4 only)

max_read=N
set maximum size of read requests

nonempty
allow mounts over non-empty file/dir

readdir_ino
try to fill in d_ino in readdir

uid=N set file owner

umask=M
set file permissions (octal)

use_ino
let filesystem set inode numbers

辅助类型的选项

-h/–help
打印帮助信息。

-V/–version
打印curlftpfs、libcurl、fuse的版本。

简单示例

将主机名为www.ex.com的主机挂在到/mnt/ftp目录下:

#!/bin/bash

mkdir /mnt/ftp
curlftpfs ftp.yourserver.com /mnt/ftp/ -o user=username:password

允许其他用户访问

#!/bn/bash

curlftpfs ftp.yourserver.com /mnt/ftp/ -o user=username:password,allow_other

FTP主动模式

#!/bin/bash

curlftpfs ftp.yourserver.com /mnt/ftp/ -o user=username:password,allow_other,ftp_port=-

在/etc/fstab中使用

curlftpfs#USER:PASSWORD@ftp.domain.org		/mnt/mydomainorg		fuse		auto,user,uid=1000,allow_other,_netdev		0		0

相关文档

mount(8)

在/etc/fstab中配置CurlFtpFS

https://ubuntuforums.org/showthread.php?t=1036636
http://blog.secaserver.com/2011/12/linux-mount-ftp-file-system/
https://wiki.archlinux.org/index.php/CurlFtpFS

参考文献

The CurlFtpFS Website: http://curlftpfs.sourceforge.net/
man 1 curlftpfs, version CurlFtpFS 0.9.2