Chinaunix首页 | 论坛 | 博客
  • 博客访问: 4483739
  • 博文数量: 192
  • 博客积分: 10014
  • 博客等级: 上将
  • 技术积分: 8232
  • 用 户 组: 普通用户
  • 注册时间: 2006-07-21 00:22
文章分类

全部博文(192)

文章存档

2011年(4)

2009年(14)

2008年(174)

我的朋友

分类:

2008-05-22 23:48:42

本文转自:
 
原文:
 
用惯了proftpd,本来打算用pureftpd的,后来想想算了。proftpd虚拟用户的配置其实很早就解决了,只是虚拟用户和本地用户同时登录,一直没有解决。于是趁这个机会仔细研究了下。依然是debian下面的配置。

参考站点:  上面有很多server的配置,各种平台下,从debian到redhat,以及suse,mandriva都有,非常详细。强烈推荐。

安装mysql和phpmyadmin,其中phpmyadmin不是必需的

apt-get install mysql-server mysql-client libmysqlclient15-dev phpmyadmin apache2

为mysql设置root密码

mysqladmin -u root password yourrootsqlpassword

如果需要其他人访问本机的mysql,同样需要设置密码

mysqladmin -h server1.example.com -u root password yourrootsqlpassword

安装带mysql支持的proftpd,注意选择proftpd工作在standalone模式

apt-get install proftpd-mysql

建立虚拟用户组,这个是为了把proftpd用户虚拟到本机的一个用户上。注意下面的2001修改为自定义的。

groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser

建立proftpd使用的mysql数据库,并创建数据表。

bt:~# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 18
Server version: 5.0.32-Debian_7etch1-log Debian etch distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database ftp;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost.localdomain' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> USE ftp;
Database changed
mysql> CREATE TABLE ftpgroup (groupname varchar(16) NOT NULL default '',gid smallint(6) NOT NULL default '5500',members varchar(16) NOT NULL default '',KEY groupname (groupname)) TYPE=MyISAM COMMENT='ProFTP group table';
Query OK, 0 rows affected, 1 warning (0.06 sec)

mysql> CREATE TABLE ftpquotalimits (
    -> name varchar(30) default NULL,
    -> quota_type enum('user','group','class','all') NOT NULL default 'user',
    -> per_session enum('false','true') NOT NULL default 'false',
    -> limit_type enum('soft','hard') NOT NULL default 'soft',
    -> bytes_in_avail int(10) unsigned NOT NULL default '0',
    -> bytes_out_avail int(10) unsigned NOT NULL default '0',
    -> bytes_xfer_avail int(10) unsigned NOT NULL default '0',
    -> files_in_avail int(10) unsigned NOT NULL default '0',
    -> files_out_avail int(10) unsigned NOT NULL default '0',
    -> files_xfer_avail int(10) unsigned NOT NULL default '0'
    -> ) TYPE=MyISAM;
Query OK, 0 rows affected, 1 warning (0.03 sec)

mysql> CREATE TABLE ftpquotatallies (
    -> name varchar(30) NOT NULL default '',
    -> quota_type enum('user','group','class','all') NOT NULL default 'user',
    -> bytes_in_used int(10) unsigned NOT NULL default '0',
    -> bytes_out_used int(10) unsigned NOT NULL default '0',
    -> bytes_xfer_used int(10) unsigned NOT NULL default '0',
    -> files_in_used int(10) unsigned NOT NULL default '0',
    -> files_out_used int(10) unsigned NOT NULL default '0',
    -> files_xfer_used int(10) unsigned NOT NULL default '0'
    -> ) TYPE=MyISAM;

Query OK, 0 rows affected, 1 warning (0.03 sec)

mysql> CREATE TABLE ftpuser (
    -> id int(10) unsigned NOT NULL auto_increment,
    -> userid varchar(32) NOT NULL default '',
    -> passwd varchar(32) NOT NULL default '',
    -> uid smallint(6) NOT NULL default '5500',
    -> gid smallint(6) NOT NULL default '5500',
    -> homedir varchar(255) NOT NULL default '',
    -> shell varchar(16) NOT NULL default '/sbin/nologin',
    -> count int(11) NOT NULL default '0',
    -> accessed datetime NOT NULL default '0000-00-00 00:00:00',
    -> modified datetime NOT NULL default '0000-00-00 00:00:00',
    -> PRIMARY KEY (id),
    -> UNIQUE KEY userid (userid)
    -> ) TYPE=MyISAM COMMENT='ProFTP user table';

Query OK, 0 rows affected, 1 warning (0.03 sec)

mysql> quit;
Bye

然后就是修改proftpd的配置文件了,nano /etc/proftpd/proftpc.conf

首先关闭对ipv6支持

UseIPv6 off

然后增加对mysql的验证支持

DefaultRoot ~

# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes            Plaintext Crypt
SQLAuthenticate         users groups

# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost proftpd password

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

然后nano /etc/proftpd/modules.conf,注释掉没用的部分,然后重新启动proftpd

#LoadModule mod_sql_postgres.c

/etc/init.d/proftpd restart

建立数据库并测试,强烈推荐这些通过phpmyadmin来进行操作

mysql -u root -p

USE ftp;

INSERT INTO `ftpgroup` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', 2001, 'ftpuser');

INSERT INTO `ftpquotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES ('exampleuser', 'user', 'true', 'hard', 15728640, 0, 0, 0, 0, 0);

INSERT INTO `ftpuser` (`id`, `userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`) VALUES (1, 'exampleuser', 'secret', 2001, 2001, '/home/', '/sbin/nologin', 0, '', '');

quit;

下面是配置匿名用户登录

依然是增加一个用户组

groupadd -g 2002 anonymous_ftp
useradd -u 2002 -s /bin/false -d /home/anonymous_ftp -m -c "Anonymous FTP User" -g anonymous_ftp anonymous_ftp

建立登录文件夹,如果想匿名用户和虚拟用户登录到同一个地方,这一步可以略过,在proftpd的配置文件中指定就行了

mkdir /home/anonymous_ftp/incoming
chown anonymous_ftp:nogroup /home/anonymous_ftp/incoming

然后编辑proftpd的配置文件,增加下面部分,然后重新启动。配置文件具体含义不说了


  User                                anonymous_ftp
  Group                               nogroup
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                        anonymous anonymous_ftp
  # Cosmetic changes, all files belongs to ftp user
  DirFakeUser        on anonymous_ftp
  DirFakeGroup on anonymous_ftp

  RequireValidShell                off

  # Limit the maximum number of anonymous logins
  MaxClients                        10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                        welcome.msg
  DisplayFirstChdir                .message

  # Limit WRITE everywhere in the anonymous chroot
 
   
      DenyAll
   

 

  # Uncomment this if you're brave.
 
    # Umask 022 is a good standard umask to prevent new files and dirs
    # (second parm) from being group and world writable.
    Umask                                022  022
            
             DenyAll
            

            
             AllowAll
            

 

这样就ok了

阅读(1977) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~