Proftpd mysql认证配置文档
ver1.0, 2012/09/25
一、下载安装proftp mysql
下载 wget http://cloud.github.com/downloads/proftpd/proftpd.github.com/proftpd-1.3.4rc2.tar.gz
tar zxvf proftpd-1.3.4rc2.tar.gz
cd proftpd-1.3.4rc2
./configure--prefix=/usr/local/proftp
--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql
--with-includes=/usr/include/mysql
--with-libraries=/usr/lib/mysql
make && make install
解释
--with-includes: 指定MySQL服务器includes所在的位置,mysql的include文件通常是.h结尾,
--with-libraries:指定MySQL服务器libraries所在的位置,mysql的库文件通常是*结尾
到此proftp已安装结束
mysql安装方式 yum安装编译安装。
二、创建proftp数据库
创建数据库proftp(utf-8)
导入附件中sql文件或,输入
CREATE TABLE IF NOT EXISTS `ftpgroup` (
`groupname` varchar(16) NOT NULL default '',
`gid` smallint(6) NOT NULL default '5500',
`members` varchar(16) NOT NULL default '',
KEY `groupname` (`groupname`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='ProFTP group table';
-- --------------------------------------------------------
--
-- Table structure for table `ftpquotalimits`
--
CREATE TABLE IF NOT EXISTS `ftpquotalimits` (
`name` varchar(30) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`per_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'soft',
`bytes_in_avail` int(10) unsigned NOT NULL default '0',
`bytes_out_avail` int(10) unsigned NOT NULL default '0',
`bytes_xfer_avail` int(10) unsigned NOT NULL default '0',
`files_in_avail` int(10) unsigned NOT NULL default '0',
`files_out_avail` int(10) unsigned NOT NULL default '0',
`files_xfer_avail` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `ftpquotatallies`
--
CREATE TABLE IF NOT EXISTS `ftpquotatallies` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_in_used` int(10) unsigned NOT NULL default '0',
`bytes_out_used` int(10) unsigned NOT NULL default '0',
`bytes_xfer_used` int(10) unsigned NOT NULL default '0',
`files_in_used` int(10) unsigned NOT NULL default '0',
`files_out_used` int(10) unsigned NOT NULL default '0',
`files_xfer_used` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-- --------------------------------------------------------
--
-- Table structure for table `ftpuser`
--
CREATE TABLE IF NOT EXISTS `ftpuser` (
`id` int(10) unsigned NOT NULL auto_increment,
`userid` varchar(32) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
`uid` smallint(6) NOT NULL default '2001',
`gid` smallint(6) NOT NULL default '2001',
`homedir` varchar(255) NOT NULL default '/home/web',
`shell` varchar(16) NOT NULL default '/sbin/nologin',
`count` int(11) NOT NULL default '0',
`accessed` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`),
UNIQUE KEY `userid` (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='ProFTP user table' AUTO_INCREMENT=0 ;
三、配置proftpd.conf
备份原proftpd.conf文件,copy 附件中配置并修改以下几处内容
cp /usr/local/proftp/etc/proftpd.conf/usr/local/proftp/etc/proftpd.conf-bak
vi /usr/local/proftp/etc/proftpd.conf
替换以下内容(此部分可见文件夹中proftp.conf)
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
DefaultAddress 192.168.3.58
#SocketBindTight on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022 022
AllowRetrieveRestart on
AllowStoreRestart on
SyslogLevel warn
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User ftpuser
Group ftpgroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
#<Limit SITE_CHMOD>
# DenyAll
#</Limit>
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
# User ftp
# Group ftpg
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Limit the maximum number of anonymous logins
# MaxClients 10
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
#LangPath /usr/share/locale
#LangEngine on
#UseEncoding on #UTF-8 UTF-8
SQLAuthTypes Backend Plaintext
SQLAuthenticate users* groups*
# databasename@host database_user user_password
SQLConnectInfo yourDBname@yourDBhost youeDBuser yourDBpass
#usertable ftpuser
SQLNamedQuery ftpuserinfo SELECT "userid,passwd,uid,gid,homedir,shell from ftpuser where userid = '%U' and count < 1"
SQLUserInfo custom:/ftpuserinfo
#SQLUserInfo ftpuser userid passwd uid gid homedir shell
#SQLLogFile "/usr/local/proftpd/sqllog"
SQLGroupInfo ftpgroup groupname gid members
#SQLHomedirOnDemand on
CreateHome on
SQLDefaultGID 2001
SQLDefaultUID 2001
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE userid='%u'" ftpuser
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
#QuotaLog "/var/log/quota"
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
UseReverseDns off
IdentLookups off
修改以下2处
DefaultAddress修改为本ftp所在服务器ip地址
SQLConnectInfo yourDBname@yourDBhost youeDBuser yourDBpass
修改数据名数据库用户及密码
四、添加proftp系统用户
1、添加ftp运行用户及组
groupadd ftpgroup -g 2001
adduser ftpuser -u 2001 -g 2001 -d /var/ftp -s /sbin/nologin
ps:uid 和gid 号可以自定义,设置后需要修改proftp.conf中SQLDefaultGID 2001
SQLDefaultUID 2001这两处,这里我新建的就是2001 所以proftp中我就没有修改
2、添加 ftp虚拟用户及组
groupadd ftpusers -g 2002
adduser proftp -u 2002 -g 2001 -d /var/ftp -s /sbin/nologin
ps:添加ftp用户,将其组加入到proftp运行组中,虚拟用户将继承2002 用户权限
五、初始化proftp配置
在数据库中插入
INSERT INTO `proftp`.`ftpgrps` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', '2001', 'ftpuser');
INSERT INTO `proftp`.`ftpgrps` (`groupname`, `gid`, `members`) VALUES ('ftpusers', '2002', 'proftp');