proftp + mysql 配置管理
一、下载安装proftp mysql下载wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gz
tar zxf proftpd-1.3.4d.tar.gz
INSTALLATIONMod_Clamav
To install Mod_Clamav, download and unpack the Mod_Clamav source code.
wget http://www.thrallingpenguin.com/resources/mod_clamav-0.10.tar.gz
tar xzvf mod_clamav-0.10.tar.gz
Download the latest proftpd source code, and prepare it for building Mod_Clamav.
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gz
tar xzvf proftpd-1.3.1.tar.gz
cp mod_clamav-0.10/mod_clamav.* proftpd-1.3.1/contrib
Apply the required patch:
cd proftpd-1.3.1
patch -p1 < ../mod_clamav-0.10/proftpd.patch
Now the usual steps for building ProFTPd, using third-party modules, apply. Additionally, you may change any configure arguments to meet your needs.
cd proftpd-1.3.4d
--prefix=/usr/local/proftpd-1.3.4d --enable-ctrls --with-mysql-config=/usr/local/mysql/bin/mysql_config --with-libraries=/usr/local/mysql/lib
--with-includes=/usr/local/mysql/include --enable-shadow --enable-autoshadow --enable-openssl --enable-pool-size --enable-dso
--with-modules=mod_ratio:mod_readme:mod_wrap2:mod_wrap2_sql:mod_ifsession:mod_sql:mod_sql_mysql:mod_sql_passwd:mod_quotatab:mod_quotatab_sql:mod_quotatab_file:mod_clamav
--with-include=/usr/local/lab/unixODBC-2.3.2/includes:/usr/local/mysql/include --with-libraries=/usr/local/lab/unixODBC-2.3.2/lib:/usr/local/mysql/lib
make && make install
说明:
--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql 这句是让编译ProFTPD 支持MySQL的模块,并有磁盘限额支持;
--with-includes= 这是来指定MySQL服务器includes所在的位置;在这里我设置的是/usr/include/mysql,因为我的MySQL服务器的includes的确在这个目录;你可以根据自己的机器环境来调整;
--with-libraries= 这是来指定MySQL服务器libraries所在的位置;在这里我设置的是/usr/lib/mysql,因为我的MySQL服务器的libraries的确在这个目录;你可以根据自己的机器环境来调整;
到此proftp已安装结束
主要配置文件如下:
# cat proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.It establishes a single server
# and a single anonymous login.It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
# Where do we put the pid files?
#ScoreboardPath /var/run/proftpd
# To prevent DoS attacks, set the maximum number of child processes
# to 30.If you need to allow more than 30 concurrent connections
# at once, simply increase this value.Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
MaxLoginAttempts 3
# Set the user and group under which the server will run.
User apache
Group users
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# 上传断点续传
AllowRetrieveRestart on
AllowStoreRestart on
# Bar use of SITE CHMOD by default
DenyAll
# A basic anonymous configuration, no upload directories.If you do not
# want anonymous users, simply delete this entiresection.
#
#User ftp
#Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
#UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
#MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
#DisplayLogin welcome.msg
#DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
#设置MySQL认证:
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo proftpd@192.168.1.1 proftpd 123456#用户名与密码
#数据库认证的类型:
SQLAuthTypes OpenSSL
#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid home shell
SQLGroupInfo FTPGRPS grpname gid members
#设置如果shell为空时允许用户登录:
RequireValidShell off
#数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast
#如果home目录不存在,则系统会为根据它的home项新建一个目录:
CreateHome off
#判断这个用户是否允许登录本机
#SQLUserWhereClause "accesshost like'%10.10.26.195%'" #这里的%号ProFtp不识别, 妈的!所以用下面的方法.
SQLUserWhereClause "0 !=FIND_IN_SET('192.168.1.1',accesshost)"
#SQL验证日志
#SQLLog
SQLLogFile /usr/local/proftpd/var/sql.log
#SQL验证用户的UID和GID
SQLMinUserUID 500
SQLMinUserGID 100
SQLDefaultUID 500
SQLDefaultGID 100
##########
MaxClients 50
UseReverseDNS off
IdentLookupsoff
#QuotaLimitTable file:/usr/local/proftpd/etc/ftpquota.limittab
#QuotaTallyTable file:/usr/local/proftpd/etc/ftpquota.tallytab
QuotaDirectoryTallyon
QuotaDisplayUnits Mb
QuotaEngine on
QuotaLog /usr/local/proftpd/var/quota.log
QuotaShowQuotas on
QuotaOptions ScanOnLogin
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
DefaultRoot ~
DisplayLogin welcome to ftp server !
AllowStoreRestart on
############ Fixed Log Format #########
LogFormat awstats "%t %h %u %m %f %s %b"
ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats
TransferLog /usr/local/proftpd/var/transfer.log
ServerLog /usr/local/proftpd/var/server.log
#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's>
ClamAV on
ClamServer localhost
ClamPort 3310
ClamMaxSize 250 Mb
数据库设置:
注:数据库与proftpd 程序可以位于不同的服务器上面.可实现需要部署proftpd 程序的服务器都统一使用数据库用户认证,便于ftp账号的统一管理.一个ftp 账号也可以指定在多台proftpd 部署的程序主要上面登录.
例如:
mysql> select * from FTPUSERS;
+--------+--------------------------+-----+-----+-----------------------------+---------------+--------------------------+-------------------+
| userid | passwd | uid | gid | home | shell | accesshost | coment |
+--------+--------------------------+-----+-----+--------------------------------------------+---------------+--------------------------+-----------
| user01 | bog7BizRhTQS0p9qVroQ==yyyyyyy | 500 | 100 | /data/mysql | /sbin/nologin | 192.168.1.1,192.168.1.2| |
| user02 | 6+CETb6sIYZfbVNt3sSIS4444rrrr | 500 | 100 | /opt | /sbin/nologin | 192.168.1.1 | |
用户user01 在主机(192.168.1.1,192.168.1.2)部署好程序设置后,都可以使用FTP进行登录.
创建用户:
mysql>create database proftpd;
mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.*to proftpd@localhost> mysql>flush privileges;
导入以下数据库表结构:
-- Current Database: `proftpd`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `ftp_db` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `proftpd`;
--
-- Table structure for table `FTPGRPS`
--
DROP TABLE IF EXISTS `FTPGRPS`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `FTPGRPS` (
`grpname` text NOT NULL,
`gid` smallint(6) NOT NULL,
`members` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `FTPUSERS`
--
DROP TABLE IF EXISTS `FTPUSERS`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `FTPUSERS` (
`userid` text NOT NULL,
`passwd` text NOT NULL,
`uid` int(11) NOT NULL,
`gid` int(11) NOT NULL,
`home` text,
`shell` text,
`accesshost` text,
`coment` text
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `quotalimits`
--
DROP TABLE IF EXISTS `quotalimits`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `quotalimits` (
`name` varchar(30) DEFAULT NULL,
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`per_session` enum('false','true') NOT NULL DEFAULT 'false',
`limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft',
`bytes_in_avail` float NOT NULL DEFAULT '0',
`bytes_out_avail` float NOT NULL DEFAULT '0',
`bytes_xfer_avail` float NOT NULL DEFAULT '0',
`files_in_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_avail` int(10) unsigned NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `quotatallies`
--
DROP TABLE IF EXISTS `quotatallies`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `quotatallies` (
`name` varchar(30) NOT NULL DEFAULT '',
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`bytes_in_used` float NOT NULL DEFAULT '0',
`bytes_out_used` float NOT NULL DEFAULT '0',
`bytes_xfer_used` float NOT NULL DEFAULT '0',
`files_in_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_used` int(10) unsigned NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
proftpd 程序启动文件配置:
ln -s /usr/local/proftpd/proftpd.sh /etc/init.d/proftpd
chkconfig --add proftpd
/etc/init.d/proftpd stop
启动文件内容:
# cat proftpd.sh
#!/bin/sh
#
# Startup script for ProFTPD
# chkconfig: 345 85 15
# description: ProFTPD is an enhanced FTP server with \
# a focus toward simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /usr/local/proftpd/etc/proftpd.conf
#
# By: Osman Elliyasa
# $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/proftpd ]; then
. /etc/sysconfig/proftpd
fi
PATH="$PATH:/usr/local/proftpd/sbin"
# See how we were called.
case "$1" in
start)
echo -n "Starting proftpd: "
daemon proftpd $OPTIONS
echo
touch /var/lock/subsys/proftpd
;;
stop)
echo -n "Shutting down proftpd: "
killproc proftpd
echo
rm -f /var/lock/subsys/proftpd
;;
status)
status proftpd
;;
restart)
$0 stop
$0 start
;;
reread)
echo -n "Re-reading proftpd config: "
killproc proftpd -HUP
echo
;;
suspend)
hash ftpshut >/dev/null 2>&1
if [ $? = 0 ]; then
if [ $# -gt 1 ]; then
shift
echo -n "Suspending with '$*' "
ftpshut $*
else
echo -n "Suspending NOW "
ftpshut now "Maintanance in progress"
fi
else
echo -n "No way to suspend "
fi
echo
;;
resume)
if [ -f /etc/shutmsg ]; then
echo -n "Allowing sessions again "
rm -f /etc/shutmsg
else
echo -n "Was not suspended "
fi
echo
;;
*)
echo -n "Usage: $0 {start|stop|restart|status|reread|resume"
hash ftpshut
if [ $? = 1 ]; then
echo '}'
else
echo '|suspend}'
echo 'suspend accepts additional arguments which are passed to ftpshut(8)'
fi
exit 1
esac
if [ $# -gt 1 ]; then
shift
$0 $*
fi
exit 0
添加用户相关脚本:
# cat adduser_dir.sh
#!/bin/bash
usage () {
echo ""
echo "Please Input Correct infomation!"
echo ""
echo "USAGE: `basename $0` username /dir ftp_server_ip"
echo "Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"
echo ""
echo "Result:"
echo " UserName: Lee"
echo " UserHome: /data/lee/home"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $3 == ""]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
home=$2
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
shell='/sbin/nologin'
accesshost=$3
/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\
use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "userHome: $home"
echo "FTPIPs: $accesshost"
echo ""
# cat adduser_domain.sh
#!/bin/bash
usage () {
echo ""
echo "Please Input Correct infomation!"
echo ""
echo "USAGE: `basename $0` domainname ftp_server_ip"
echo "Exp: `basename $0` www.test.com 1.1.1.1,2.2.2.2"
echo ""
echo "Result:"
echo " UserName: www.test.com"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $2 == ""]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
domain=$userid
if [[ $1 =~ ^www ]];then
domain=${1#www.}
fi
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
home="/data/www/vhosts/$domain"
shell='/sbin/nologin'
accesshost=$2
/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\
use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "FTPIPs: $accesshost"
echo ""
关于用户限额配置:
quotalimits
name - username
quota_type - user, group,> per_session - true or false (we use false)
limit_type - quota limit type - hard or soft (we use soft)
bytes_in_avail - upload limit in bytes - allowed bytes on disk (eg diskquota)
bytes_out_avail - download limit in bytes - allowed bytes a user can download
bytes_xfer_avail - allowed bytes a user can transfer in/out
files_in_avail - upload limit in files - allowed number of uploaded files
files_out_avail - allowed number of downloaded files
files_xfer_avail - allowed number of files a user can transfer in/out
name 应该这样理解,既能表示单个用户,也能表示用户组名;如果我们在quota_type(限额类型)中使用group来认证的话,那就得在这里设置组名,这样整组都具有统一的磁盘限额的特性;当然您要在ftpgroups表中插入组纪录;并且在member字段中得把用户一个一个的列进去,这是后话了;先自己研究一下,只是插入纪录的事;我们只说最简单的单个用户的磁盘限额;默认值可以为空NULL,如果为空则针对所在有quota_type中设置的类型,比如在quota_type中设置为user ,就是针对所有ftpusers 中的用户起作用;如果是group名,也是对ftpgroups 所有组作用;
quota_type 磁盘限额类型,可以设置为用户,也可以设置为用户组group ;如果您的name写的是用户组,那在这里就得设置为group来认定;默认为user认证;
per_session 默认为false;
limit_type 默认为soft;
bytes_in_avail 用户占用空间大小,也就是家目录的空间最大可以让用户占用多少,单位是byte;默认为0,0是不受限制,以下同理;
bytes_out_avail 注;所有下载文件的总和,默认为0;
bytes_xfer_avail 注;一个用户上传下载流量总和,默认为0
files_in_avail 注:限制上传文件总数,默认为0;
files_out_avail 注;限制下载文件个数总计,默认为0
files_xfer_avail 注:允许下载和上传的文件总和我,默认为0;
由此看来,我们比如想让test用户,约束空间大小为100M,其它不受限制;则可用下面的mysql命令添加;
先让我们对照quotalimits表的结构,然后根据表的结构来添加;
mysql> describe quotalimits;
+------------------+------------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+------------------+------------------------------------+------+-----+---------+-------+
| name | varchar(30) | YES| | NULL | |
| quota_type | enum('user','group','class','all') | | | user | |
| per_session | enum('false','true') | | | false | |
| limit_type | enum('soft','hard') | | | soft | |
| bytes_in_avail | float | | | 0 | |
| bytes_out_avail| float | | | 0 | |
| bytes_xfer_avail | float | | | 0 | |
| files_in_avail | int(10) unsigned | | | 0 | |
| files_out_avail| int(10) unsigned | | | 0 | |
| files_xfer_avail | int(10) unsigned | | | 0 | |
+------------------+------------------------------------+------+-----+---------+-------+
10 rows in set (0.00 sec)
添加记录
mysql>insert into quotalimits VALUES('test','user','false','soft','104857600','0','0','0','0','0');
运算公式:
1Kb=1024 byte
1M=1024 Kb
100M=100x1024 Kb= 100x1024x1024 byte=104857600 byte
注意:磁盘限额生效,必须让FTP用户重新登录才有效;比如test用户正在ftp上,这时要先退出,然后再登录,这是磁盘限额就有效了;
查看用户空间使用情况
登录FTP后用下面的命令;
quote site quota;
举例:
lftp test@192.168.1.5:/> quote site quota;
200-The current quota for this session are :
Name: test
Quota Type: User
Per Session: False
Limit Type: Soft
Uploaded Mb: 19.00/95.37
页:
[1]