五、Proftpd(MySQL验证+配额)配置
1、下载ProFTPD,用编译安装,因为yum安装后在数据库认证会有问题,待研究:
/bin/mkdir /home/src/
cd /home/src/
/usr/bin/wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gz
/bin/tar zxvf proftpd-1.3.4d.tar.gz
cd proftpd-1.3.4d
./configure --prefix=/usr/local/proftpd --enable-nls --enable-nls --sysconfdir=/etc --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/include/mysql --with-libraries=/usr/lib64/mysql
#./configure --prefix=/usr/local/proftpd --enable-shadow --enable-autoshadow --enable-dso --enable-nls --sysconfdir=/usr/local/etc --with-modules=mod_ifsession:mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/include/mysql --with-libraries=/usr/lib64/mysql
#--enable-nls 支持多语言环境(如中文),安装完成后在主配置文件中需要指定字符编码(UseEncoding UTF-8 CP936);
#--enable-shadow --enable-autoshadow 支持使用系统的/etc/shadow验证FTP用户密码,一般不用;
#--enable-openssl 支持TLS加密FTP服务,--sysconfdir=DIR 指定FTP服务配置文件路径
#--with-includes=MySQL服务器includes所在的位置,用到mysql.h;--with-libraries=MySQL服务器libraries所在的位置,用到libmysqlclient.a
#make clean #重新编译时,要清空上一次的产生文件
/usr/bin/make
/usr/bin/make install
2、备份配置文件(全新安装配置在后面部分):
/bin/mv -a /etc/proftpd.conf /etc/proftpd.conf.`date +%Y%m%d.%H%M%S`
#修改/etc/proftpd.conf中的user和group为nobody,以nobody的身份运行,以下几行不用;
#新增组ftpgroup,组标识号是10000
/usr/sbin/groupadd -g 10000 ftpnobody
#新增用户ftpuser,用户标识号是10000,指定登录shell是/sbin/nologin,不创建主目录,给账户添加注释信息“proftpd user”,指定用户所属的组,用户名
/usr/sbin/useradd -u 10000 -s /sbin/nologin -M -c "proftpd user" -g ftpnobody ftpnobody
3、开机启动脚本,设置自启动
/bin/ln -s /usr/local/proftpd/sbin/proftpd /usr/sbin/
/bin/cp /home/src/proftpd-1.3.4d/contrib/dist/rpm/proftpd.init.d /etc/init.d/proftpd
/bin/chmod 755 /etc/init.d/proftpd
/sbin/chkconfig proftpd on
/sbin/service proftpd start
# 除错的两个命令
/usr/sbin/proftpd --configtest
/usr/local/proftpd/sbin/proftpd
# 查看加载的模块
/usr/local/proftpd/sbin/proftpd -l
4、迁移proftpd要完成的工作:
#从迁移的主机rsync旧的配置文件过来:
/usr/bin/rsync -avu -e 'ssh -p 210' root@sg.appbition.sg:/etc/proftpd.conf .
#数据库也要迁移过来,根据需要修改,库proftpd中,表ftpusers中,列homedir中对应的各个用户的ftp根目录;
#错误信息,解决办法是将/etc/sysconfig/network中HOSTNAME=appbition,改为HOSTNAME=appbition.com,重启reboot(重启proftpd是否可以还要再测,也可以考虑修改主机名 /etc/hosts);
[root@appbition etc]# proftpd --configtest
Checking syntax of configuration file
appbition proftpd[20723]: warning: unable to determine IP address of 'appbition'
appbition proftpd[20723]: error: no valid servers configured
appbition proftpd[20723]: Fatal: error processing configuration file '/etc/proftpd.conf'
5、新装proftpd,要配置数据,建库和表等,对命令不熟,也可以在phpMyAdmin中配置更方便,用root登录数据库
/usr/bin/mysql -u root -p
# 为ftp建proftpddb库
CREATE DATABASE proftpddb;
#新增数据库用户proftpduser,密码为12345678,也可留空不设密码,只可在localhost登录,并对数据库proftpddb进行查询、修改的操作;
GRANT SELECT,INSERT,UPDATE,DELETE on proftpddb.* to proftpduser@localhost identified by '123456=abcd';
#赋予所有数据库的高级权限;
#GRANT all on *.* to webuser@localhost;
# 刷新系统权限表
flush privileges;
# 切换数据库
use proftpddb;
# 数据库的表结构
CREATE TABLE `ftpgroups` (
`groupname` varchar(64) NOT NULL default '',
`gid` smallint(6) NOT NULL default '10000',
`members` varchar(255) NOT NULL default '',
KEY `groupname` (`groupname`)
) COMMENT='proftpd group table';
# 建立一个 Group,并插入数据
INSERT INTO `ftpgroups` VALUES ('ftpnobody', 10000, 'ftpuser01');
#或参考如下,
#groupadd -g 2001 ftpgroup
#useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser
#INSERT INTO `ftpgroups` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', 2001, 'ftpuser');
CREATE TABLE `ftpusers` (
`id` int(10) unsigned NOT NULL auto_increment,
`username` varchar(64) NOT NULL default '',
`passwd` varchar(128) NOT NULL default '',
`uid` smallint(6) NOT NULL default '10001',
`gid` smallint(6) NOT NULL default '10001',
`homedir` varchar(255) NOT NULL default '',
`shell` varchar(16) NOT NULL default '/sbin/nologin',
`count` int(11) NOT NULL default '0',
`host` varchar(32) NOT NULL default '',
`lastlogin` varchar(32) NOT NULL default '',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`),
UNIQUE KEY username (username)
) COMMENT='proftpd user table';
# 插入一条数据例子
INSERT INTO `ftpusers` VALUES (1, 'ftpuser01', password('123456=abcd'), 10001, 10000, '/var/www/html/ftpuser01', '/sbin/nologin', 0, '', '0000-00-00 00:00:00', '0000-00-00 00:00:00');
# 或参考以下,增加两个用户:
INSERT INTO `ftpuser` (`id`, `userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `modified`) VALUES (1, 'USERNAME', 'PASSWORD', 2001, 2001, '/home/www.demo.com', '/sbin/nologin', 0, '', '');
INSERT INTO `ftpuser` (`id`, `userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `modified`) VALUES (2, 'USERNAME2', 'PASSWORD2', 2002, 2001, '/home/www.demo2.com', '/sbin/nologin', 0, '');
# username 就是FTP的用户名,这个是必填写字段;
# passwd 是FTP用户的密码,这个是必填写字段;
# uid和gid 字段默认是10000;增加一个用户uid加1,gid不变;
# homedir 是FTP用户的家目录放在哪里,要自己指定;
# shell 这个是用来指定用户是否能登录系统,因为是虚拟用户,不能登录系统;所以默认是/sbin/nologin;
# count 是访问次数,默认是0;
# host 是登录FTP服务器的IP地址记录,可以不设置;服务器会自己纪录;
# lastlogin 是最后登录时间,这个也是自动生成,可以不必理会;
CREATE TABLE `ftpquotalimits` (
`name` varchar(64) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`per_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'hard',
`bytes_in_avail` float NOT NULL default '0',
`bytes_out_avail` float NOT NULL default '0',
`bytes_xfer_avail` float NOT NULL default '0',
`files_in_avail` int(10) unsigned NOT NULL default '0',
`files_out_avail` int(10) unsigned NOT NULL default '0',
`files_xfer_avail` int(10) unsigned NOT NULL default '0'
) ;
INSERT INTO `ftpquotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES ('ftpuser01', 'user', 'false', 'soft', 10485760000, 0, 0, 0, 0, 0);
# ftpquotalimits 表中一些字段的含意:
# name: - 用户帐号
# quota type: - user, group, class, all (we use user)
# per_session: - 用了false才统计到流量;false表示用户,无论如何只有规定的流量,而true则同一用户另一线程可再上传规定的流量
# limit_type: - 硬限制 or 软限制 (我们一般用硬限制)用软限的多,软比硬松一些;软是上传完到下一个文件才报超,硬则传到一半满就报;
# bytes_in_avail: - 允许上传的字节数 (1MB=1048576;1GB=1073741824)
# bytes_out_avail: - 允许下载的字节数
# bytes_xfer_avail: - 允许传输的字节数(包括上传/下载)
# files_in_avail: - 允许上传的文件数
# files_out_avail: - 允许下载的文件数
# files_xfer_avail: - 允许传输的文件数(包括上传/下载)
CREATE TABLE `ftpquotatallies` (
`name` varchar(64) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_in_used` float NOT NULL default '0',
`bytes_out_used` float NOT NULL default '0',
`bytes_xfer_used` float NOT NULL default '0',
`files_in_used` int(10) unsigned NOT NULL default '0',
`files_out_used` int(10) unsigned NOT NULL default '0',
`files_xfer_used` int(10) unsigned NOT NULL default '0'
) ;
# 说明一下,quotatallies表不需要作修改,它记录了用户当前的磁盘使用情况,由程序自动记录
# 退出MYSQL
quit;
http://blog.chinaunix.net/space.php?uid=20422357&do=blog&id=1683054
http://www.debianhelp.co.uk/proftpmysql.htm
6、修改配置文件/etc/proftpd.conf(可直接用配置好的文件替换)
#修改/etc/proftpd.conf如下(改动部分或说明在后加#注释,)
/bin/vi /etc/proftpd.conf
#--------------/etc/proftpd.conf--------------#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "Welcome to Appbition FTP Service"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
# Umask 022 用户文件上传后的权限是-rw-r-r,以下是-rw-rw-rw
Umask 000
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
# 最多200个ip同时登录使用ftp
MaxInstances 200
# Set the user and group under which the server will run.
# 改为对应的系统用户和组
User ftpnobody
Group ftpnobody
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
# 是否允许覆盖
AllowOverwrite on
# Bar use of SITE CHMOD by default
#限制用户使用chmod
#
#DenyAll
#
#下面是关于匿名用户的相关配置,根据需要自己设定,用不到的部分,全部加#屏敝
## A basic anonymous configuration, no upload directories. If you do not
## want anonymous users, simply delete this entire section.
#
#User ftp
#Group ftp
## We want clients to be able to login with "anonymous" as well as "ftp"
#UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
# 最多允许200个用户在线
MaxClients 200 "Sorry, max %m users -- try again later"
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# 当使用者登录时,则会显示 welcome.msg 中的欢迎词信息
DisplayLogin welcome.msg
# 当使用者转换目录,则会显示 .message 中的信息
DisplayChdir .message
## Limit WRITE everywhere in the anonymous chroot
#
#DenyAll
#
#
# 每个帐号只允许5个IP连接
MaxHostsPerUser 5 "Sorry, you may not connect more than one time"
# 每个帐户最多200个客户端可以同时登陆
#MaxClientsPerUser 200 "Only 200 such user at a time"
# 每个IP只能最多200个线程可以登陆
#MaxClientsPerHost 200 "Sorry, only 200 session for one host"
# 限制ftpusers组的用户在自己的目录下
DefaultRoot ~
#设置只有ftpuser组的用户可以ftp登录
# <limit login>
#DenyALL
#AllowGroup ftpusers
#
# 管理员信箱
ServerAdmin xxxx@xxxxx.com
# 禁止root登陆
RootLogin off
# 当shell为空时,(/bin/false)允许用户可以使用Ftp
requirevalidshell off
# 屏蔽服务器版本信息
ServerIdent off
# 最大连接次数
MaxLoginAttempts 10
# 客户端idel时间设置,默认就是600秒
TimeoutIdle 600
# 下载时,允许断点续传(默认已有,可不设置)
AllowRetrieveRestart on
# 上传时,允许断点续传
AllowStoreRestart on
# GMT 和 CST相差八个小时,日志里的时间;使用本地时间
SetEnv TZ /etc/localtime
TimesGMT off
# 连接快些,在使用者登入時反查對方的Username
IdentLookups off
# 加快连接速度,在使用者登入時反查對方的DNS記錄
UseReverseDNS off
# set min UID and GID - otherwise these are 999 each
SQLMinID 10001
# create a user's home directory on demand if it doesn't exist
# 使用者 FTP 登入后如没有目录存在,就自动建立,新版本代替SQLHomedirOnDemand
CreateHome on
# -------- load sql.mod for mysql authoritative --------#
# 下面这行是MySQL连接服务器部份,根据情况改;
# Backend允许指定的后端数据库密码方式,Plaintext允许数据库密码以明文存在,Crypt为password()加密过的密码,排在最前面的为最先使用的方式
SQLAuthTypes Backend Plaintext
SQLAuthenticate users groups usersetfast groupsetfast
# SQLConnectInfo dbname@host:port username password
SQLConnectInfo proftpddb@localhost proftpduser 12345678
SQLUserInfo ftpusers username passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
# ftp用户登陆时显示230信息
SQLNamedQuery getcount SELECT "count from ftpusers where username='%u'"
SQLNamedQuery getlastlogin SELECT "lastlogin from ftpusers where username='%u'"
SQLShowInfo PASS "230" "You've logged on %{getcount} times, last login at %{getlastlogin}"
# Update count every time user logs in
SQLNamedQuery updatecount UPDATE "count=count+1,host='%h',lastlogin=current_timestamp() WHERE username='%u'" ftpusers
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE username='%u'" ftpusers
SQLLog PASS updatecount
SQLNegativeCache on
SQLLogFile /var/log/proftpd.sql.log
#-------- load sql.mod for mysql authoritative --------#
#--------- load qudes.mod for Quota limit --------#
# 磁盘限额部分
QuotaEngine on
QuotaDirectoryTally on
# 磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits "Mb"
# 打开磁盘限额信息,当登陆FTP帐户后,使用命令 "quote SITE QUOTA" 后可显示当前用户的磁盘限额
QuotaShowQuotas on
# 磁盘限额日志记录
QuotaLog /var/log/proftpd.quota.log
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
#--------- load qudes.mod for Quota limit --------#
#下面几行是存放log的设置,不必改动也行;查看log就到上面相应的文件看吧;
# Logging options
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
SyslogLevel info
SystemLog /var/log/proftpd.system.log
TransferLog /var/log/proftpd.xfer.log
# Some logging formats
#
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Log file/dir access
# ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth.log AUTH auth
# Paranoia logging level....
ExtendedLog /var/log/proftpd.paranoid.log ALL default
7、ftp登陆欢迎信息文件说明:
%T 目前的时间
%F 所在硬盘剩下的容量
%C 目前所在的目录
%R Client 端的主机名称
%L Server 端的主机名称
%U 使用者帐户名称
%M 最大允许连接人数
%N 目前的服务器连接人数
%E FTP服务器管理员的 email
%i 本次上传的文件数量
%o 本次下载的文件数量
%t 本次上传+下载的文件数量
8、新增加另1个ftp用户,
#在phpMyAdmin中配置更方便,用proftpduser登录数据库proftpddb;里面三个表对应的复制第1个ftp用户,修改对应的部分就可以。
#新增加的ftp用户登录ftp会创建自己的目录,但权限是700,作为website改为755就可以访问;