Chinaunix首页 | 论坛 | 博客
  • 博客访问: 422546
  • 博文数量: 77
  • 博客积分: 2303
  • 博客等级: 大尉
  • 技术积分: 808
  • 用 户 组: 普通用户
  • 注册时间: 2004-11-30 09:15
文章存档

2015年(1)

2013年(3)

2012年(2)

2011年(46)

2009年(4)

2008年(2)

2005年(12)

2004年(7)

我的朋友

分类: 系统运维

2011-02-17 16:15:42

一.安装postgresql
1.安装
见sol10安装postgresql
http://blog.chinaunix.net/space.php?uid=45057&do=blog&id=125597

2.修改配制
#postgresql.conf
  1. vi $PGDATA/postgresql.conf
  2. 修改
  3. listen_addresses = '*'
#pg_hba.conf添加
  1. host mdcftp ftp 192.168.195.0/24 md5
3.创建用户
  1. postgres=# create role ftp login password 'mdcftp';
4.建表空间
  1. shell>su - postgres
  2. shell>mkdir $PGDATA/mdcftp
  3. shell>chmod 700 mdcftp
  4. postgres=# create tablespace ftp_data owner ftp location
5.建库
  1. postgres=# create database ftp owner=ftp tablespace ftp_data;

6.建模式--模式(schema)是对数据库(database)逻辑分割
用ftp用户登录建schema
  1. ftp=> create schema ftp authorization ftp;
7.建表和数据

-- 数据库: `ftp`
--
-- --------------------------------------------------------

--
-- 表的结构 `groups`
--
 
  1. CREATE TABLE groups (
  2.     groupname VARCHAR(30) NOT NULL,
  3.     gid INTEGER NOT NULL,
  4.     members VARCHAR(255)
  5.   )


  6. INSERT INTO groups VALUES ('mdc', 1000, 'feifan');
-- --------------------------------------------------------

--
-- 表的结构 `users`
--

  1. CREATE TABLE users(
  2.   username varchar(20) NOT NULL primary key,
  3.   passwd varchar(80) NOT NULL,
  4.   uid integer NOT NULL,
  5.   gid integer NOT NULL,
  6.   homedir varchar(255) NOT NULL default '',
  7.   shell varchar(255) NOT NULL default '/bin/false',
  8.   count integer NOT NULL default '0',
  9.   host varchar(30) NOT NULL,
  10.   accessed timestamp NOT NULL default now(),
  11.   modified timestamp NOT NULL default now()
  12. )

  13. INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('feifan', 'hades', 1000, 1000, '/export/home/feifan', 'chen');
  14. INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('mdc', 'down', 1001, 1000, '/export/home/mdcshare', 'chen');
注:数据中的UID和GID分别表示映射为系统中的用户ID和组ID.
        
二.安装proftpd
1.编译安装proftpd
我这里有的sun cc,你也可以使用gcc
  1. CC=cc;export CC
  2. ./configure --prefix=/usr/local/proftpd \
  3. --with-modules=mod_sql:mod_sql_postgres \
  4. --with-includes=/export/home/postgres/pgsql/include \
  5. --with-libraries=/export/home/postgres/pgsql/lib
  6. make
  7. make install
2.把postgres的lib文件加入系统变量
  1. #crle -u -l /export/home/postgres/pgsql/lib
3.配制proftpd
bash-3.00# more proftpd.conf
  1. # This is a basic ProFTPD configuration file (rename it to
  2. # 'proftpd.conf' for actual use. It establishes a single server
  3. # and a single anonymous login. It assumes that you have a user/group
  4. # "nobody" and "ftp" for normal operation and anon.

  5. ServerName "MDC FTP server"
  6. ServerType standalone
  7. DefaultServer on

  8. # Display message
  9. DisplayLogin /usr/local/proftpd/etc/ftplogin.msg

  10. # Port 21 is the standard FTP port.
  11. Port 21

  12. # Don't use IPv6 support by default.
  13. UseIPv6 off

  14. # Umask 022 is a good standard umask to prevent new dirs and files
  15. # from being group and world writable.
  16. Umask 022

  17. # To prevent DoS attacks, set the maximum number of child processes
  18. # to 30. If you need to allow more than 30 concurrent connections
  19. # at once, simply increase this value. Note that this ONLY works
  20. # in standalone mode, in inetd mode you should use an inetd server
  21. # that allows you to limit maximum number of processes per service
  22. # (such as xinetd).
  23. MaxInstances 30

  24. # Set the user and group under which the server will run.
  25. User nobody
  26. Group nogroup

  27. # To cause every FTP user to be "jailed" (chrooted) into their home
  28. # directory, uncomment this line.
  29. DefaultRoot ~

  30. # Normally, we want files to be overwriteable.
  31. AllowOverwrite on

  32. # Sets how many password attempts are allowed before disconnection
  33. MaxLoginAttempts 5

  34. # Users needs a valid shell
  35. #
  36. RequireValidShell off

  37. # Performance: skip DNS resolution when we process the logs...
  38. UseReverseDNS off

  39. # Restart session support
  40. #
  41. AllowStoreRestart on
  42. AllowRetrieveRestart on

  43. # Client config
  44. MaxClientsPerHost 3 "Sorry, the maximum number clients (%m) from your host are already connected."
  45. MaxClientsPerUser 5 "Sorry, the maximum number of clients (%m) for this user already connected."

  46. # Bar use of SITE CHMOD by default
  47. <Limit SITE_CHMOD>
  48.   DenyAll
  49. </Limit>

  50. #Logfile
  51. Systemlog /var/log/proftpd.log
  52. TransferLog /var/log/proftpd.xferlog
  53. # Record all logins
  54. ExtendedLog /var/log/proftpd.auth_log AUTH
  55. ExtendedLog /var/log/proftpd.log ALL

  56. # A basic anonymous configuration, no upload directories. If you do not
  57. # want anonymous users, simply delete this entire <Anonymous> section.
  58. #<Anonymous ~mdcftp>
  59. # User mdcftp
  60. # Group staff
  61. #
  62. # # We want clients to be able to login with "anonymous" as well as "ftp"
  63. # UserAlias anonymous mdcftp
  64. #
  65. # # Limit the maximum number of anonymous logins
  66. # MaxClients 10
  67. #
  68. # # We want 'welcome.msg' displayed at login, and '.message' displayed
  69. # # in each newly chdired directory.
  70. # DisplayLogin welcome.msg
  71. # DisplayChdir .message
  72. #
  73. # # Limit WRITE everywhere in the anonymous chroot
  74. # <Limit WRITE>
  75. # DenyAll
  76. # </Limit>
  77. #</Anonymous>

  78. # For SQL Postgresql
  79. #
  80. SQLAuthTypes Crypt Plaintext
  81. #Backend表示用户认证方式为MySQL数据库的认证方式
  82. #Plaintext表示明文认证方式,排在最前面的为最先使用的方式
  83. SQLAuthenticate users

  84. # databasename@host database_user user_password
  85. SQLConnectInfo ftp@localhost ftp mdcftp
  86. SQLUserInfo users username passwd uid gid homedir shell host
  87. SQLGroupInfo groups groupname gid members
  88. #SQLHomedirOnDemand如果用户主目录不存在,则系统会根据此用户在用户数据表中的homedir字段的值新建一个目录
  89. CreateHome on
  90. SQLNegativeCache on
  91. SQLLogFile /var/log/proftpd.sql.log

  92. # Update count every time user logs in
  93. SQLLog PASS updatecount
  94. SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE username='%u'" users
  95. # Update modified everytime user uploads or deletes a file
  96. SQLLog STOR,DELE modified
  97. SQLNamedQuery modified UPDATE "modified=now() WHERE username='%u'" users

  98. SQLNamedQuery getcount SELECT "count from users where username='%u'"

4.把proftpd加入SMF
vi /var/svc/manifest/network/proftpd.xml
  1. <?xml version="1.0"?>
  2. <!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">


  3. <service_bundle type='manifest' name='Proftpd'>

  4. <service
  5.         name='network/proftpd'
  6.         type='service'
  7.         version='1'>

  8.         

  9.         <instance name='default' enabled='false'>
  10.                 
  11.                 <dependency name='network'
  12.                     grouping='require_all'
  13.                     restart_on='error'
  14.                     type='service'>
  15.                     <service_fmri value='svc:/milestone/network:default' />
  16.                 </dependency>

  17.                 
  18.                 <dependency name='filesystem-local'
  19.                     grouping='require_all'
  20.                     restart_on='none'
  21.                     type='service'>
  22.                     <service_fmri
  23.                         value='svc:/system/filesystem/local:default' />
  24.                 </dependency>

  25.                 
  26.                 <dependency name='autofs'
  27.                     grouping='optional_all'
  28.                     restart_on='error'
  29.                     type='service'>
  30.                     <service_fmri
  31.                         value='svc:/system/filesystem/autofs:default' />
  32.                 </dependency>

  33.                 <exec_method
  34.                         type='method'
  35.                         name='start'
  36.                         exec='/usr/local/proftpd/sbin/in.proftpd'
  37.                         timeout_seconds='30' />

  38.                 <exec_method
  39.                         type='method'
  40.                         name='stop'
  41.                         exec='/usr/bin/kill `cat /usr/local/proftpd/var/proftpd.pid`'
  42.                         timeout_seconds='30' />

  43.                 <exec_method
  44.                         type='method'
  45.                         name='refresh'
  46.                         exec='/usr/bin/kill -HUP `cat /usr/local/proftpd/var/proftpd.pid`'
  47.                         timeout_seconds='30' />

  48.                 <property_group name='proftpd' type='application'>
  49.                         <stability value='Evolving' />
  50.                         <propval name='ssl' type='boolean' value='false' />
  51.                 </property_group>

  52.                 <property_group name='startd' type='framework'>
  53.                         
  54.                         <propval name='ignore_error' type='astring'
  55.                                 value='core,signal' />
  56.                 </property_group>

  57.         </instance>

  58.         <stability value='Evolving' />

  59.         <template>
  60.                 <common_name>
  61.                         <loctext xml:lang='C'>
  62.                                 ProFTPD server
  63.                         </loctext>
  64.                 </common_name>
  65.                 <documentation>
  66.                         <manpage title='proftpd' section='8'
  67.                                 manpath='/usr/local/proftpd/share/man' />
  68.                         <doc_link name='proftpd.org'
  69.                                 uri='' />
  70.                 </documentation>
  71.         </template>
  72. </service>
  73. </service_bundle>
5.导入并启动服务
  1. cd /var/svc/manifest/network
  2. svccfg -v validate proftpd.xml
  3. svccfg -v import proftpd.xml
  4. svcs -l proftpd
  5. svcadm enable proftpd
 
目前存在的问题:
 密码只能明文的方式验证.

参考文档
819-5150.pdf
solaris-smf-manifest-wp-167902.pdf
httpd-apache2.xml
阅读(1773) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~