分类: BSD
2006-06-13 11:10:29
FreeBSD全能服务器安装手册FTP篇之A安装配置篇
cd /usr/ports/ftp/pure-ftpd
make WITH_WELCOMESG=yes WITH_UPLOADSCRIPT=yes WITH_COOKIE=yes \
WITH_VIRTUALHOSTS=yes WITH_VIRTUALROOT=yes WITH_DIRALIASES=yes \
WITH_QUOTAS=yes WITH_SYSQUOTAS=yes WITH_RATIOS=yes \
WITH_RATIOS=yes WITH_THROTTLING=yes \
WITH_MYSQL=1 WITH_LANG=simplified-chinese \
WITH_EVERYHING=yes WITH_PARANOIDMSG=yes \
WITH_VIRTUALCHROOT=yes WITH_TLS=yes \
WITH_LARGEFILE=yes
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Options for pure-ftpd 1.0.21 x
x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x
x x[ ] LDAP Support for users in LDAP directories x x
x x[X] MYSQL Support for users in MySQL database x x
x x[X] PAM Support for PAM authentication x x
x x[ ] PGSQL Support for users in PostgreSQL database x x
x x[ ] PRIVSEP Enable privilege separation x x
x x[ ] PERUSERLIMITS Per-user concurrency limits x x
x x[X] THROTTLING Bandwidth throttling x x
x x[X] BANNER Show pure-ftpd welcome upon session start x x
x x[X] UPLOADSCRIPT Support uploadscript daemon x x
x x[ ] UTF8 Support for charset conversion (expreimental)x x
x x x x
x x x x
x x x x
x x x x
x x x x
tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu
x [ OK ] Cancel x
mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
make install
make clean
make rmconfig
cd /usr/local/etc
cp pureftpd-mysql.conf.sample pureftpd-mysql.conf
cp pure-ftpd.conf.sample pure-ftpd.conf
####################################建立ftp用户组##############################
pw groupadd ftpusers -g 2000
pw useradd ftp -u 2000 -g ftpusers -s /sbin/nologin
###############################################################################
#################将以下代码保存成文本文件并命名成script.mysql####################
INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv,
Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv,
Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv,
Index_priv, Alter_priv) VALUES
('localhost','ftp',PASSWORD('passwd'),'Y','Y','Y','Y','N','N','N','N',
'N','N','N','N','N','N');
FLUSH PRIVILEGES;
CREATE DATABASE ftpusers;
USE ftpusers;
CREATE TABLE admin (
Username varchar(35) NOT NULL default '',
Password char(32) binary NOT NULL default '',
PRIMARY KEY (Username)
) TYPE=MyISAM;
INSERT INTO admin VALUES ('Administrator',MD5('passwd'));
CREATE TABLE users (
User char(16) NOT NULL default '',
Password char(32) binary NOT NULL default '',
Uid int(11) NOT NULL default '2000',
Gid int(11) NOT NULL default '2000',
Dir char(128) NOT NULL default '',
QuotaFiles int(10) NOT NULL default '500',
QuotaSize int(10) NOT NULL default '30',
ULBandwidth int(10) NOT NULL default '80',
DLBandwidth int(10) NOT NULL default '80',
status enum('0','1') NOT NULL default '1',
ipaccess varchar(15) NOT NULL default '*',
comment tinytext NOT NULL,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) TYPE=MyISAM;
INSERT INTO `users` VALUES ('test1',MD5('123456'),2001,2000,'/home/test1',500,30,80,5,1,'*','*');
##############################################################################################################################################################
#################################添加ftp用户数据库#############################
mysql -u root -ppassword < script.mysql
###############################################################################
################################设置pureftpd-mysql.conf##########################
ee /usr/local/etc/pureftpd-mysql.conf
###############################################################################
##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#选择:MySQL服务器的名字或IP地址。没有对unix 套接字作出详细定义
# MYSQLServer 127.0.0.1
#MYSQL服务器的 IP
# Optional : MySQL port. Don't define this if a local unix socket is used.
#选择:MySQL服务器对外服务的端口。如果本地UNIX端口已经被使用,则这个连接不能#被使用
# MYSQLPort 3306
#MYSQL 端口号
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /tmp/mysql.sock
#使用UNIX.sock本地连接
# Mandatory : user to bind the server as.
MYSQLUser root
#MYSQL中存放FTP用户的数据库的用户名
# Mandatory : user password. You must have a password.
MYSQLPassword rootpw
#MYSQL中存放FTP用户的数据库的密码
# Mandatory : database to open.
MYSQLDatabase pureftpd
#MYSQL中存放FTP用户的数据库的名字
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt cleartext
#密码加密方式"cleartext", "crypt", "md5" and "password"
# cleartext 明文,crypt,md5,password是Backend password(‘your-passwd’)函数(MYSQL
#数据库所使用的password()函数)
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
# 密码字段,我使用users表中的Password做为密码字段
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
#UID用户ID字段
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
#默认的UID (注:如何开启该选项,MYSQLGetUID将失去作用)
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
#GID组ID字段
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
#默认的GID (注:如何开启该选项,MYSQLGetGID将失去作用)
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
#从数据库中获取FTP用户目录如/home/web/www-9812-net
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
#磁盘限额,文件数限制。如1000,允许用户上传1千个文件
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
#磁盘限额,FTP用户空间限制(单位为M),如:100M
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
#上传/下载比率。MySQLGetRatioUL为上传比,MySQLGetRatioDL下载比。如:1:5
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
#下传/下载带宽(单位KB/s)。MySQLGetBandwidthUL上传带宽,MySQLGetBandwidthDL3
#下载带宽。如上传500KB/s,下载50KB/s
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 1)你知道你正在做什么?
# 2) Real and virtual users match.
# 2)真实的和虚拟的用户相匹配
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
# 此文的配置文件可以根据个人的实际需要来配置完成
#############################################################################################################################################################################################################################################
###############################################################################
#################################设置pure-ftpd.conf##############################
ee /usr/local/etc/pure-ftpd.conf
############################################################
# #
# Configuration file for pure-ftpd wrappers #
# #
############################################################
# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.shtml for a complete list of
# options.
# Cage in every user in his home directory
ChrootEveryone yes
# chroot每一个用户,等同于Proftpd 中的DefaultRoot~ , 可以限制用户在某个地方活动,增
# 强服务器的安全性。使用户不能通过cd命令进入上一级目录。
# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
# TrustedGID 100
#以上两者要一起用
# Turn on compatibility hacks for broken clients
BrokenClientsCompatibility no
# Maximum number of simultaneous users
MaxClientsNumber 50
#最大链接数
# Fork in background
Daemonize yes
#Fork in background 以守护进程方式在后台运行
# Maximum number of sim clients with the same IP address
MaxClientsPerIP 8
#每个ip最多链接数,最好设小点。
# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
VerboseLog no
#是否要把所有client端的指令都log下来
# List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
#显示开头的文件
# Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
#是否只让匿名登录
# Disallow anonymous connections. Only allow authenticated users.
NoAnonymous no
#不开放匿名登入
# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
# 应该是对日志做一下过滤 (auth, authpriv, daemon, ftp, security, user, local*)可以让日志只
# 记录想要的信息
# Display fortune cookies
# FortunesFile /usr/share/fortune/zippy
# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
DontResolve yes
#不反向解释客户端的ip
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 15
#最大闲置时间(分钟)
# LDAP configuration file (see README.LDAP)
# LDAPConfigFile /etc/pureftpd-ldap.conf
#使用LDAP认证
# MySQL configuration file (see README.MySQL)
# MySQLConfigFile /etc/pureftpd-mysql.conf
#使用MySQL认证 注意:配置文件的正确路径
# Postgres configuration file (see README.PGSQL)
# PGSQLConfigFile /etc/pureftpd-pgsql.conf
#使用PGSQL认证
# PureDB user database (see README.Virtual-Users)
# PureDB /etc/pureftpd.pdb
#使用者资料的DB存放地点 [由于我是用PureFTPD的內建DB.固有此选项
# Path to pure-authd socket (see README.Authentication-Modules)
# ExtAuth /var/run/ftpd.sock
#pure-authd socket 路径 (详细请看 README.Authentication-Modules)
# If you want to enable PAM authentication, uncomment the following line
# PAMAuthentication yes
#开启PAM认证
# If you want simple Unix (/etc/passwd) authentication, uncomment this
# UnixAuthentication yes
#如果你想要有简单的Unix(/etc/passwd)的认证
# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.
# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
LimitRecursion 2000 8
#ls最多列出2000个文件.最深8层
# Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
#匿名用户可以创建目录
# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
MaxLoad 4
#当system load超过4時.使用者将不能再下载
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 30000 50000
#被动连接应答范围
# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio for anonymous users.
# AnonymousRatio 1 10
# Anonymous连接上传/下载比率
# Upload/download ratio for all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# 用户上传/下载比率(注:如果使用ldap,mysql,pgsql,pam不要启用该功能,否则你在ldap
# 等中设置的Ratio无校)
# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
AntiWarez yes
#上传的文件不能被下载(owner is ftp).等到local admin确认
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
#要绑定和ip/port,在你的系统中有两个FTP Server这样你其中一个FTP就要使用其它端口。
#格式-> 127.0.0.1,21 如果只写port表All ip,port
# Maximum bandwidth for anonymous users in KB/s
# AnonymousBandwidth 8
#Anonymous 带宽,单位KB/s
# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
# UserBandwidth 8
#用户带宽,单位KB/s
# File creation mask.
# 177:077 if you feel paranoid.
Umask 133:022
#上传文件的Umask.(
# Minimum UID for an authenticated user to log in.
MinUID 100
# UID至少多少才能登录
# Allow FXP transfers for authenticated users.
AllowUserFXP no
#支不支持FXP
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
#Anonymous支不支持FXP
# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
ProhibitDotFilesWrite no
#(”.”)开头的文件能不能被读/写,UNIX Like下以点开头的文件是隐藏文件ls –a才能列出
#Pureftpd Quota模式下做产生” .ftpquota”文件。
# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
#(”.”)开头的文件能不能被读/写,UNIX Like下以点开头的文件是隐藏文件ls –a才能列出
#Pureftpd Quota模式下做产生” .ftpquota”文件。
# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
#上传文件若有相同文件名自动改名(file.1,file.2...)
# Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload no
#匿名用户上传文件
# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
#锁IP
# If you want to add the PID to every logged line, uncomment the following
# line.
#LogPID yes
#Log文件添加PID
# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
# AltLog clf:/var/log/pureftpd.log
#log存放地点,注日志有几种常用的格式
#clf 类似apache格式,stats UNIX log格式,w3c 标准W3C格式,可能是HTML格式
# Create an additional log file with transfers logged in a format optimized
# for statistic reports.
# AltLog stats:/var/log/pureftpd.log
#log存放地点,注日志有几种常用的格式
#clf 类似apache格式,stats UNIX log格式,w3c 标准W3C格式,可能是HTML格式
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)
# AltLog w3c:/var/log/pureftpd.log
#log存放地点,注日志有几种常用的格式
#clf 类似apache格式,stats UNIX log格式,w3c 标准W3C格式,可能是HTML格式
# Disallow the CHMOD command. Users can't change perms of their files.
#NoChmod yes
#不给chmod指令的权限
# Allow users to resume and upload files, but *NOT* to delete them.
#KeepAllFiles yes
#使用者可续传.但不可刪除文件
# Automatically create home directories if they are missing
#CreateHomeDir yes
#如果user的home不存在自动建立(我把这个设为YES)
# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
#Quota <文件数>:<容量Megabytes >,FTP限制10M空间,可以上传1000个文件(注:如
#果使用ldap,mysql,pgsql,pam不要启用该功能,否则你在ldap等中设置的Quota无校)
# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
#PIDFile /var/run/pure-ftpd.pid
#记录pure-ftpd的PID文件
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
#CallUploadScript yes
#呼叫UploadScript
# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
MaxDiskUsage 99
#当硬盘使用率到多少時将停止上传
# Set to 'yes' if you don't want your users to rename files.
#NoRename yes
#用户不能重命名文件名
# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is :
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
# PerUserLimits 3:20
#<每个账号最多可登入几次:Anonymous最多可同時登入几次>
# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual quotas.
# NoTruncate yes
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
# TLS 1
# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.
# IPV4Only yes
# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.
# IPV6Only yes
# UTF-8 support for file names (RFC 2640)
# Define charset of the server filesystem and optionnally the default charset
# for remote clients if they don't use UTF-8.
# Works only if pure-ftpd has been compiled with --with-rfc2640
# FileSystemCharset big5
# ClientCharset big5
#############################################################################################################################################################################################################################################
#################################启动pure-ftpd##################################
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
也可以通过
/usr/local/etc/rc.d/pure-ftpd.sh start
提示一下信息证明pure-ftpd已经工作
Running: /usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -E -fftp -H -I15
-lmysql:/usr/local/etc/pureftpd-mysql.conf -L2000:8 -m4 -Q1:10 -s -U133:022
-u100 -Ow3c:/var/log/pureftpd.log -j -k99 -Z
#################################测试pureftp####################################
ftp 192.168.0.205
Connected to 192.168.0.205.
220---------- 欢迎来到 Pure-FTPd [TLS] ----------
220-您是第 1 个使用者,最多可达 50 个连接
220-现在本地时间是 13:17。服务器端口: 21。
220-这是私人系统 - 不开放匿名登录
220-这部主机也欢迎IPv6的连接
220 在 15 分钟内没有活动,您被会断线。
Name (192.168.0.205:chb):
输入用户名、密码
##############################设置ftp管理的虚拟主机############################
ee /usr/local/etc/apache/httpd.conf
添加
DocumentRoot "/home/chb/ftp"
ServerName
allow from all
Options +Indexes
#######################增加二级登陆密码以增强安全性############################
ee /web/ftp/.htaccess
添加以下内容
AuthType Basic
AuthUserFile /usr/local/etc/pureftpd.passwd
AuthName FTP服务器后台管理登陆界面
require valid-user
satisfy any
cd /web/chinaPHP_Manager/ftp
chown www .htaccess
chmod 644 .htaccess
touch pureftpd.passwd
htpasswd -bc /usr/local/etc/pureftpd.passwd name password
chmod 644 /usr/local/etc/pureftpd.passwd
###################################增加ftp启动项###############################
ee /etc/rc.conf
添加
pureftpd_enable="YES"