一.安装postgresql
1.安装
见sol10安装postgresql
http://blog.chinaunix.net/space.php?uid=45057&do=blog&id=1255972.修改配制
#postgresql.conf
- vi $PGDATA/postgresql.conf
-
修改
-
listen_addresses = '*'
#pg_hba.conf添加
- host mdcftp ftp 192.168.195.0/24 md5
3.创建用户
- postgres=# create role ftp login password 'mdcftp';
4.建表空间
- shell>su - postgres
-
shell>mkdir $PGDATA/mdcftp
-
shell>chmod 700 mdcftp
-
postgres=# create tablespace ftp_data owner ftp location
5.建库
- postgres=# create database ftp owner=ftp tablespace ftp_data;
6.建模式--模式(schema)是对数据库(database)逻辑分割
用ftp用户登录建schema
- ftp=> create schema ftp authorization ftp;
7.建表和数据
-- 数据库: `ftp`
--
-- --------------------------------------------------------
--
-- 表的结构 `groups`
--
- CREATE TABLE groups (
-
groupname VARCHAR(30) NOT NULL,
-
gid INTEGER NOT NULL,
-
members VARCHAR(255)
-
)
-
-
-
INSERT INTO groups VALUES ('mdc', 1000, 'feifan');
-- --------------------------------------------------------
--
-- 表的结构 `users`
--
- CREATE TABLE users(
-
username varchar(20) NOT NULL primary key,
-
passwd varchar(80) NOT NULL,
-
uid integer NOT NULL,
-
gid integer NOT NULL,
-
homedir varchar(255) NOT NULL default '',
-
shell varchar(255) NOT NULL default '/bin/false',
-
count integer NOT NULL default '0',
-
host varchar(30) NOT NULL,
-
accessed timestamp NOT NULL default now(),
-
modified timestamp NOT NULL default now()
-
)
-
-
INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('feifan', 'hades', 1000, 1000, '/export/home/feifan', 'chen');
-
INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('mdc', 'down', 1001, 1000, '/export/home/mdcshare', 'chen');
注:数据中的UID和GID分别表示映射为系统中的用户ID和组ID.
二.安装proftpd
1.编译安装proftpd
我这里有的sun cc,你也可以使用gcc
- CC=cc;export CC
-
./configure --prefix=/usr/local/proftpd \
-
--with-modules=mod_sql:mod_sql_postgres \
-
--with-includes=/export/home/postgres/pgsql/include \
-
--with-libraries=/export/home/postgres/pgsql/lib
-
make
-
make install
2.把postgres的lib文件加入系统变量
- #crle -u -l /export/home/postgres/pgsql/lib
3.配制proftpd
bash-3.00# more proftpd.conf
- # This is a basic ProFTPD configuration file (rename it to
-
# 'proftpd.conf' for actual use. It establishes a single server
-
# and a single anonymous login. It assumes that you have a user/group
-
# "nobody" and "ftp" for normal operation and anon.
-
-
ServerName "MDC FTP server"
-
ServerType standalone
-
DefaultServer on
-
-
# Display message
-
DisplayLogin /usr/local/proftpd/etc/ftplogin.msg
-
-
# Port 21 is the standard FTP port.
-
Port 21
-
-
# Don't use IPv6 support by default.
-
UseIPv6 off
-
-
# Umask 022 is a good standard umask to prevent new dirs and files
-
# from being group and world writable.
-
Umask 022
-
-
# To prevent DoS attacks, set the maximum number of child processes
-
# to 30. If you need to allow more than 30 concurrent connections
-
# at once, simply increase this value. Note that this ONLY works
-
# in standalone mode, in inetd mode you should use an inetd server
-
# that allows you to limit maximum number of processes per service
-
# (such as xinetd).
-
MaxInstances 30
-
-
# Set the user and group under which the server will run.
-
User nobody
-
Group nogroup
-
-
# To cause every FTP user to be "jailed" (chrooted) into their home
-
# directory, uncomment this line.
-
DefaultRoot ~
-
-
# Normally, we want files to be overwriteable.
-
AllowOverwrite on
-
-
# Sets how many password attempts are allowed before disconnection
-
MaxLoginAttempts 5
-
-
# Users needs a valid shell
-
#
-
RequireValidShell off
-
-
# Performance: skip DNS resolution when we process the logs...
-
UseReverseDNS off
-
-
# Restart session support
-
#
-
AllowStoreRestart on
-
AllowRetrieveRestart on
-
-
# Client config
-
MaxClientsPerHost 3 "Sorry, the maximum number clients (%m) from your host are already connected."
-
MaxClientsPerUser 5 "Sorry, the maximum number of clients (%m) for this user already connected."
-
-
# Bar use of SITE CHMOD by default
-
<Limit SITE_CHMOD>
-
DenyAll
-
</Limit>
-
-
#Logfile
-
Systemlog /var/log/proftpd.log
-
TransferLog /var/log/proftpd.xferlog
-
# Record all logins
-
ExtendedLog /var/log/proftpd.auth_log AUTH
-
ExtendedLog /var/log/proftpd.log ALL
-
-
# A basic anonymous configuration, no upload directories. If you do not
-
# want anonymous users, simply delete this entire <Anonymous> section.
-
#<Anonymous ~mdcftp>
-
# User mdcftp
-
# Group staff
-
#
-
# # We want clients to be able to login with "anonymous" as well as "ftp"
-
# UserAlias anonymous mdcftp
-
#
-
# # Limit the maximum number of anonymous logins
-
# MaxClients 10
-
#
-
# # We want 'welcome.msg' displayed at login, and '.message' displayed
-
# # in each newly chdired directory.
-
# DisplayLogin welcome.msg
-
# DisplayChdir .message
-
#
-
# # Limit WRITE everywhere in the anonymous chroot
-
# <Limit WRITE>
-
# DenyAll
-
# </Limit>
-
#</Anonymous>
-
-
# For SQL Postgresql
-
#
-
SQLAuthTypes Crypt Plaintext
-
#Backend表示用户认证方式为MySQL数据库的认证方式
-
#Plaintext表示明文认证方式,排在最前面的为最先使用的方式
-
SQLAuthenticate users
-
-
# databasename@host database_user user_password
-
SQLConnectInfo ftp@localhost ftp mdcftp
-
SQLUserInfo users username passwd uid gid homedir shell host
-
SQLGroupInfo groups groupname gid members
-
#SQLHomedirOnDemand如果用户主目录不存在,则系统会根据此用户在用户数据表中的homedir字段的值新建一个目录
-
CreateHome on
-
SQLNegativeCache on
-
SQLLogFile /var/log/proftpd.sql.log
-
-
# Update count every time user logs in
-
SQLLog PASS updatecount
-
SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE username='%u'" users
-
# Update modified everytime user uploads or deletes a file
-
SQLLog STOR,DELE modified
-
SQLNamedQuery modified UPDATE "modified=now() WHERE username='%u'" users
-
-
SQLNamedQuery getcount SELECT "count from users where username='%u'"
4.把proftpd加入SMF
vi /var/svc/manifest/network/proftpd.xml
- <?xml version="1.0"?>
-
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
-
-
-
<service_bundle type='manifest' name='Proftpd'>
-
-
<service
-
name='network/proftpd'
-
type='service'
-
version='1'>
-
-
-
-
<instance name='default' enabled='false'>
-
-
<dependency name='network'
-
grouping='require_all'
-
restart_on='error'
-
type='service'>
-
<service_fmri value='svc:/milestone/network:default' />
-
</dependency>
-
-
-
<dependency name='filesystem-local'
-
grouping='require_all'
-
restart_on='none'
-
type='service'>
-
<service_fmri
-
value='svc:/system/filesystem/local:default' />
-
</dependency>
-
-
-
<dependency name='autofs'
-
grouping='optional_all'
-
restart_on='error'
-
type='service'>
-
<service_fmri
-
value='svc:/system/filesystem/autofs:default' />
-
</dependency>
-
-
<exec_method
-
type='method'
-
name='start'
-
exec='/usr/local/proftpd/sbin/in.proftpd'
-
timeout_seconds='30' />
-
-
<exec_method
-
type='method'
-
name='stop'
-
exec='/usr/bin/kill `cat /usr/local/proftpd/var/proftpd.pid`'
-
timeout_seconds='30' />
-
-
<exec_method
-
type='method'
-
name='refresh'
-
exec='/usr/bin/kill -HUP `cat /usr/local/proftpd/var/proftpd.pid`'
-
timeout_seconds='30' />
-
-
<property_group name='proftpd' type='application'>
-
<stability value='Evolving' />
-
<propval name='ssl' type='boolean' value='false' />
-
</property_group>
-
-
<property_group name='startd' type='framework'>
-
-
<propval name='ignore_error' type='astring'
-
value='core,signal' />
-
</property_group>
-
-
</instance>
-
-
<stability value='Evolving' />
-
-
<template>
-
<common_name>
-
<loctext xml:lang='C'>
-
ProFTPD server
-
</loctext>
-
</common_name>
-
<documentation>
-
<manpage title='proftpd' section='8'
-
manpath='/usr/local/proftpd/share/man' />
-
<doc_link name='proftpd.org'
-
uri='' />
-
</documentation>
-
</template>
-
</service>
-
</service_bundle>
5.导入并启动服务
- cd /var/svc/manifest/network
-
svccfg -v validate proftpd.xml
-
svccfg -v import proftpd.xml
-
svcs -l proftpd
-
svcadm enable proftpd
目前存在的问题:
密码只能明文的方式验证.
参考文档
819-5150.pdf
solaris-smf-manifest-wp-167902.pdf
httpd-apache2.xml
阅读(1773) | 评论(0) | 转发(0) |