Debian中proftpd+mysql+虛擬用戶+匿名用戶+磁盤限額的配置
作者:佚名
Debian所系統(tǒng)目前采用的是 Linux 內(nèi)核。Debian 支持內(nèi)核的工作也正在進行。最主要的就是 Hurd,Hurd 是一組在微內(nèi)核 (例如 Mach) 上運行的提供各種不同功能的守護進程。本文講述的是Debian中proftpd+mysql+虛擬用戶+匿名用戶+磁盤限額的配置。
Debian所系統(tǒng)目前采用的是 Linux 內(nèi)核。Debian 支持內(nèi)核的工作也正在進行。最主要的就是 Hurd,Hurd 是一組在微內(nèi)核 (例如 Mach) 上運行的提供各種不同功能的守護進程。本文講述的是Debian中proftpd+mysql+虛擬用戶+匿名用戶+磁盤限額的配置。
用慣了proftpd,本來打算用pureftpd的,后來想想算了。proftpd虛擬用戶的配置其實很早就解決了,只是虛擬用戶和本地用戶同時登錄,一直沒有解決。于是趁這個機會仔細研究了下。依然是debian下面的配置。
安裝mysql和phpmyadmin,其中phpmyadmin不是必需的
- apt-get install mysql-server mysql-client libmysqlclient15-dev phpmyadmin apache2
為mysql設置root密碼
- mysqladmin -u root password yourrootsqlpassword
如果需要其他人訪問本機的mysql,同樣需要設置密碼
- mysqladmin -h server1.example.com -u root password yourrootsqlpassword
安裝帶mysql支持的proftpd,注意選擇proftpd工作在standalone模式
- apt-get install proftpd-mysql
建立虛擬用戶組,這個是為了把proftpd用戶虛擬到本機的一個用戶上。注意下面的2001修改為自定義的。
- groupadd -g 2001 ftpgroup
- useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser
建立proftpd使用的mysql數(shù)據(jù)庫,并創(chuàng)建數(shù)據(jù)表。
- bt:~# mysql -u root -p
- Enter password:
- Welcome to the MySQL monitor. Commands end with ; or \g.
- Your MySQL connection id is 18
- Server version: 5.0.32-Debian_7etch1-log Debian etch distribution
- Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
- mysql> create database ftp;
- Query OK, 1 row affected (0.00 sec)
- mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost' IDENTIFIED BY 'password';
- Query OK, 0 rows affected (0.00 sec)
- mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost.localdomain' IDENTIFIED BY 'password';
- Query OK, 0 rows affected (0.00 sec)
- mysql> USE ftp;
- Database changed
- mysql> CREATE TABLE ftpgroup (groupname varchar(16) NOT NULL default '',gid smallint(6) NOT NULL default '5500',members varchar(16) NOT NULL default '',KEY groupname (groupname)) TYPE=MyISAM COMMENT='ProFTP group table';
- Query OK, 0 rows affected, 1 warning (0.06 sec)
- mysql> CREATE TABLE ftpquotalimits (
- -> name varchar(30) default NULL,
- -> quota_type enum('user','group','class','all') NOT NULL default 'user',
- -> per_session enum('false','true') NOT NULL default 'false',
- -> limit_type enum('soft','hard') NOT NULL default 'soft',
- -> bytes_in_avail int(10) unsigned NOT NULL default '0',
- -> bytes_out_avail int(10) unsigned NOT NULL default '0',
- -> bytes_xfer_avail int(10) unsigned NOT NULL default '0',
- -> files_in_avail int(10) unsigned NOT NULL default '0',
- -> files_out_avail int(10) unsigned NOT NULL default '0',
- -> files_xfer_avail int(10) unsigned NOT NULL default '0'
- -> ) TYPE=MyISAM;
- Query OK, 0 rows affected, 1 warning (0.03 sec)
- mysql> CREATE TABLE ftpquotatallies (
- -> name varchar(30) NOT NULL default '',
- -> quota_type enum('user','group','class','all') NOT NULL default 'user',
- -> bytes_in_used int(10) unsigned NOT NULL default '0',
- -> bytes_out_used int(10) unsigned NOT NULL default '0',
- -> bytes_xfer_used int(10) unsigned NOT NULL default '0',
- -> files_in_used int(10) unsigned NOT NULL default '0',
- -> files_out_used int(10) unsigned NOT NULL default '0',
- -> files_xfer_used int(10) unsigned NOT NULL default '0'
- -> ) TYPE=MyISAM;
- Query OK, 0 rows affected, 1 warning (0.03 sec)
- mysql> CREATE TABLE ftpuser (
- -> id int(10) unsigned NOT NULL auto_increment,
- -> userid varchar(32) NOT NULL default '',
- -> passwd varchar(32) NOT NULL default '',
- -> uid smallint(6) NOT NULL default '5500',
- -> gid smallint(6) NOT NULL default '5500',
- -> homedir varchar(255) NOT NULL default '',
- -> shell varchar(16) NOT NULL default '/sbin/nologin',
- -> count int(11) NOT NULL default '0',
- -> accessed datetime NOT NULL default '0000-00-00 00:00:00',
- -> modified datetime NOT NULL default '0000-00-00 00:00:00',
- -> PRIMARY KEY (id),
- -> UNIQUE KEY userid (userid)
- -> ) TYPE=MyISAM COMMENT='ProFTP user table';
- Query OK, 0 rows affected, 1 warning (0.03 sec)
- mysql> quit;
- Bye
然后就是修改proftpd的配置文件了,nano /etc/proftpd/proftpc.conf
首先關(guān)閉對ipv6支持
UseIPv6 off
然后增加對mysql的驗證支持
#p#
- DefaultRoot ~
- # The passwords in MySQL are encrypted using CRYPT
- SQLAuthTypes Plaintext Crypt
- SQLAuthenticate users groups
- # used to connect to the database
- # databasename@host database_user user_password
- SQLConnectInfo ftp@localhost proftpd password
- # Here we tell ProFTPd the names of the database columns in the "usertable"
- # we want it to interact with. Match the names with those in the db
- SQLUserInfo ftpuser userid passwd uid gid homedir shell
- # Here we tell ProFTPd the names of the database columns in the "grouptable"
- # we want it to interact with. Again the names match with those in the db
- SQLGroupInfo ftpgroup groupname gid members
- # set min UID and GID - otherwise these are 999 each
- SQLMinID 500
- # create a user's home directory on demand if it doesn't exist
- SQLHomedirOnDemand on
- # Update count every time user logs in
- SQLLog PASS updatecount
- SQLNamedQuery updatecount UPDATE "countcount=count+1, accessed=now() WHERE userid='%u'" ftpuser
- # Update modified everytime user uploads or deletes a file
- SQLLog STOR,DELE modified
- SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
- # User quotas
- # ===========
- QuotaEngine on
- QuotaDirectoryTally on
- QuotaDisplayUnits Mb
- QuotaShowQuotas on
- SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
- SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
- SQLNamedQuery update-quota-tally UPDATE "bytes_in_usedbytes_in_used = bytes_in_used + %{0}, bytes_out_usedbytes_out_used = bytes_out_used + %{1}, bytes_xfer_usedbytes_xfer_used = bytes_xfer_used + %{2}, files_in_usedfiles_in_used = files_in_used + %{3}, files_out_usedfiles_out_used = files_out_used + %{4}, files_xfer_usedfiles_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
- SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
- QuotaLimitTable sql:/get-quota-limit
- QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
- RootLogin off
- RequireValidShell off
然后nano /etc/proftpd/modules.conf,注釋掉沒用的部分,然后重新啟動proftpd
#LoadModule mod_sql_postgres.c
/etc/init.d/proftpd restart
建立數(shù)據(jù)庫并測試,強烈推薦這些通過phpmyadmin來進行操作
- mysql -u root -p
- USE ftp;
- INSERT INTO `ftpgroup` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', 2001, 'ftpuser');
- INSERT INTO `ftpquotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES ('exampleuser', 'user', 'true', 'hard', 15728640, 0, 0, 0, 0, 0);
- INSERT INTO `ftpuser` (`id`, `userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`) VALUES (1, 'exampleuser', 'secret', 2001, 2001, '/home/www.example.com', '/sbin/nologin', 0, '', '');
- quit;
下面是配置匿名用戶登錄
依然是增加一個用戶組
- groupadd -g 2002 anonymous_ftp
- useradd -u 2002 -s /bin/false -d /home/anonymous_ftp -m -c "Anonymous FTP User" -g anonymous_ftp anonymous_ftp
建立登錄文件夾,如果想匿名用戶和虛擬用戶登錄到同一個地方,這一步可以略過,在proftpd的配置文件中指定就行了
- mkdir /home/anonymous_ftp/incoming
- chown anonymous_ftp:nogroup /home/anonymous_ftp/incoming
然后編輯proftpd的配置文件,增加下面部分,然后重新啟動。配置文件具體含義不說了
- User anonymous_ftp
- Group nogroup
- # We want clients to be able to login with "anonymous" as well as "ftp"
- UserAlias anonymous anonymous_ftp
- # Cosmetic changes, all files belongs to ftp user
- DirFakeUser on anonymous_ftp
- DirFakeGroup on anonymous_ftp
- RequireValidShell off
- # Limit the maximum number of anonymous logins
- MaxClients 10
- # We want 'welcome.msg' displayed at login, and '.message' displayed
- # in each newly chdired directory.
- DisplayLogin welcome.msg
- DisplayFirstChdir .message
- # Limit WRITE everywhere in the anonymous chroot
- DenyAll
- # Uncomment this if you're brave.
- # Umask 022 is a good standard umask to prevent new files and dirs
- # (second parm) from being group and world writable.
- Umask 022 022
- DenyAll
- AllowAll
這樣配置Debian中proftpd+mysql+虛擬用戶+匿名用戶+磁盤限額的配置 就ok了。
【編輯推薦】
責任編輯:zhaolei
來源:
網(wǎng)絡轉(zhuǎn)載
