摘要
本文介绍一个非常好的ftp服务安装,实现了数据库管理和吃盘限额。只要稍微修改一下,就可以作为个人主业页服务器的服务平台!(文章参考了一些网上的文档,因为写的时间久了,记不起,希望不要见怪!)
--------------------------------------------------------------------------------
By 光辉
Proftpd1.2.8+mysql3.23.56用户认证+quota磁盘限额
安装环境:redhat8,安装选择的是自定义,没选数据库和ftp部分(因为我们要自己编译,如果安装了也没问题,你可以rpm -qa|grep mysql ,然后rpm -e mysql*.rpm卸载掉
网上关于proftpd的安装文章实在是不少,我只是稍微整理了一下,并且使用了新的 quota磁盘限额模块,mysql选择3.23.56版。
首先下载源码
proftpd1.2.8:
ftp://ftp.proftpd.org/上下载吧
ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.8.tar.gz
mod_quotatab-1.2.7
http://www.castaglia.org/proftpd ... otatab-1.2.7.tar.gz(对应proftpd1.2.8版本的)
mysql3.23.56:
http://www.mysql.com/downloads/mysql-3.23.html#Source
注意是下载源代码包(我一般喜欢自己编译)
全部下载到/root目录。
1,安装mysql3.23.56
#groupadd mysql
#useradd -g mysql mysql
#cd /root
#tar -zxvf mysql-3.23.56.tar.gz
#cd mysql-3.23.56
#./configure --prefix=/usr/local/mysql
#make
#make install
#scripts/mysql_install_db
#chown -R root /usr/local/mysql
#chown -R mysql /usr/local/mysql/var
#chgrp -R mysql /usr/local/mysql
#cp support-files/my-medium.cnf /etc/my.cnf
#/usr/local/mysql/bin/safe_mysqld --user=mysql &
2,安装proftpd
将proftpd的源码包解压缩到某临时目录下:
localhost# tar -zxvf proftpd-1.2.8.tar.gz
解压缩 mod_quotatab-1.2.7
localhost# tar -zxvf proftpd-mod-quotatab-1.2.7.tar.gz
进入 mod_quotatab 目录
localhost proftpd# cd mod_quotatab
把mod_quotatab中的文件拷贝到 proftpd 中的modules 目录中
localhost mod_quotatab# cp * ../proftpd-1.2.8/modules
在开始运行configure之前,我们要先改动一个文件
进入 proftpd-1.2.8/contrib 目录
localhost mod_quotatab # cd ../proftpd-1.2.8/contrib
修改 mod_sql_mysql.c
localhost contrib# vi mod_sql_mysql.c
找到#include 把他该为你实际路径
如果你的mysql 安装在/usr/local/mysql 下,就像我前面一样,就把它修改为#include
然后
localhost contrib# cd ..
localhostproftpd-1.2.7#./configure --prefix=DIR --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=DIR --with-libraries=DIR
需要修改的三个地方
--prefix=DIR 你要安装到哪里
--with-includes=DIR mysql 的includes 目录
--with-libraries=DIR mysql 的lib 目录
然后
make
make install 完成安装
3.配置proftpd.conf
接下来,进入你安装好的proftpd目录 ,修改etc/proftpd.conf 文件开始配置
基本配置讲解:
示例:proftpd.conf
ServerName "HRBEU's ftp server" #服务名
ServerType standalone #f服务器启动方式
DefaultServer on
# Port 21 is the standard FTP port.
Port 21 #使用端口
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
#limit the user in his owner directory
DefaultRoot ~ #限制用户只能在自己的目录里,不能上去进入其他目录
#put the proftpd log files in /var/log/ftp.syslog
SystemLog /data/logs/ftp.syslog #proftpd的系统日志存放地
#TransferLog log files
TransferLog /data/logs/ftp.transferlog #传输日志存放地
#set The maxtimes user Attempts times
MaxLoginAttempts 30 #当登陆失败后,可以尝试登陆的次数
#setup the Restart
AllowRetrieveRestart on
#setup the download and upload speed
#TransferRate [kilobytes-per-sec[:100]] #1.2.8版本的速率限制
#setup the disk quota
QuotaDirectoryTally on
#quota b"|"Kb"|"Mb"|"Gb"
#setup the disk quota
#QuotaDirectoryTally on
#quota b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits Kb
QuotaEngine on
QuotaLog /data/logs/Quota.log
QuotaShowQuotas on
# We put our mod_sql directives in a block so they'll be
# inherited by the block below, and any other
# blocks we may want to add. For a simple server these don't need to
# be in a block but it won't hurt anything.
# Specify our connection information. Both mod_sql_mysql and
# mod_sql_postgres use the same format, other backends may specify a
# different format for the first argument to SQLConnectInfo. By not
# specifying a fourth argument, we're defaulting to 'PERSESSION'
# connections -- a connection is made to the database at the start of
# the session and closed at the end. This should be fine for most
# situations.
# SQLConnectInfo dbname@host:port username password
SQLConnectInfo ftp@localhost:3306 wgh 58648217
# Specify our authentication schemes. Assuming we're using
# mod_sql_mysql, here we're saying 'first try to authenticate using
# mysql's password scheme, then try to authenticate the user's
# password as plaintext'. Note that 'Plaintext' isn't a smart way to
# store passwords unless you've got your database well secured.
SQLAuthTypes Backend Plaintext
# Specify the table and fields for user information. If you've
# created the database as it specifies in 'README.mod_sql', you don't
# need to have this directive at all UNLESS you've elected not to
# create some fields. In this case we're telling mod_sql to look in
# table 'users' for the fields 'username','password','uid', and
# 'gid'. The 'homedir' and 'shell' fields are specified as 'NULL' --
# this will be explained below.
# SQLUserInfo users username password uid gid NULL NULL
SQLUserInfo FTPUSERS userid passwd uid gid home shell
SQLGroupInfo FTPGRPS groupname gid members
# Here we tell mod_sql that every user it authenticates should have
# the same home directory. A much more common option would be to
# specify a homedir in the database and leave this directive out. Note
# that this directive is necessary in this case because we specified
# the homedir field as 'NULL', above. mod_sql needs to get homedir
# information from *somewhere*, otherwise it will not allow access.
# SQLDefaultHomedir "/tmp"
# This is not a mod_sql specific directive, but it's here because of
# the way we specified 'SQLUserInfo', above. By setting this to
# 'off', we're telling ProFTPD to allow users to connect even if we
# have no (or bad) shell information for them. Since we specified the
# shell field as 'NULL', above, we need to tell ProFTPD to allow the
# users in even though their shell doesn't exist.
RequireValidShell off
# Here we tell mod_sql how to get out group information. By leaving
# this commented out, we're telling mod_sql to go ahead and use the
# defaults for the tablename and all the field names.
# SQLGroupInfo groups groupname gid members
# For small sites, the following directive will speed up queries at
# the cost of some memory. Larger sites should read the complete
# description of the 'SQLAuthenticate' directive; there are options
# here that control the use of potentially expensive database
# queries. NOTE: these arguments to 'SQLAuthoritative' limit the way
# you can structure your group table. Check the README for more
# information.
SQLAuthenticate users
# Finally, some example logging directives. If you have an integer
# field named 'count' in your users table, these directives will
# automatically update the field each time a user logs in and display
# their current login count to them.
# SQLNamedQuery getcount SELECT "count, userid from users where userid='%u'"
# SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users
# SQLShowInfo PASS "230" "You've logged on %{getcount} times, %u"
# SQLLog PASS updatecount
SQLHomedirOnDemand on
#...SQL...............
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
# close our block.
#全局设置完成
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the normal user and group permissions for the server.
User FTPUSR
Group FTPGRP
# Normally, we want files to be overwriteable.
AllowOverwrite on
# A basic anonymous configuration, no upload directories. If you
# don't want to support anonymous access, simply remove this
# ... block.
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 100
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
DenyAll
4,mysql 用户认证部分
在proftpd.conf中加入以下内容
#设置MySQL认证:
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo ftp@localhost:3306 ftpuser ftppasswd
#数据库认证的类型:
SQLAuthTypes Backend Plaintext
#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid homedir shell
SQLGroupInfo FTPGRPS groupname gid members
#设置如果shell为空时允许用户登录:
RequireValidShell off
#数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast
#如果home目录不存在,则系统会为根据它的home项新建一个目录:
SQLHomedirOnDemand on
然后在这个数据库中建立一个用户表FTPUSERS,这个表是必须的:
use ftp;
create table FTPUSERS (
userid TEXT NOT NULL,
passwd TEXT NOT NULL,
uid INT NOT NULL,
gid INT NOT NULL,
home TEXT,
shell TEXT
);
此表格是为了用户认证所需要的,其中userid、passwd是必不可少的,userid是用做FTP服务的用户名;passwd是指此用户的密码;uid是系统用户的ID,也就是所映射的系统用户;gid是所属系统组的ID;home是该用户所在的HOME目录;shell可以为该用户指定相应的shell。当然你可以建立更多的字段,例如:用来记录用户登录次数的count,或者是日期的date,如果你对配置熟悉了之后,你可以根据自己的喜欢添加更多的功能。在此就不多讲。
3、如果你想需要所有的功能,你还可以添加另外一个需要的表:FTPGRPS,也就是确定组的表格,当然也可以不用,这里讲一个它的格式:
create table FTPGRPS (
grpname TEXT NOT NULL,
gid SMALLINT NOT NULL,
members TEXT NOT NULL,
);
其中grpname是组的名称,gid是系统组的ID,members是组的成员。注意:多成员,他们之间要用逗号隔开,不能使用空格。
4、为空表格插入记录:
INSERT INTO FTPUSERS (userid, passwd, uid, gid, home, shell)
valueS ('user1', '999999', '1000', '1000', '/home/FTP/user1', '' );
按此格式你可以插入这每一个用户添加一个记录。
如果你要想应用到更多的功能,且建立了组的表格,你也要为此添加记录,不过一定要注意在members的字段多个成员一定要用逗号隔开。
INSERT INTO FTPGRPS VALUES ('FTPGRPS', 1000, 'FTPUSR');
四、为FTP用户建立相应的系统用户。
在本例中,只整个FTP服务只提供一个有效的系统用户FTPUSR和组FTPGRP,当然你也可以设置多个系统用户。但出于安全的考虑,我只设一个,用他来启动FTP daemon,并把所有的FTP用户映射过这个用户。
先建立FTPGRP组:
groupadd -g 1000 -r FTPGRP
建立FTPUSR用户:
adduser -u 1000 -g 1000 -d /home/FTP -s /bin/bash -r FTPUSR
为FTPUSR建立HOME,把所有的FTP user 活动空间全放在此目录下:
mkdir /home/FTP
chown FTPUSR /home/FTP
chgrp FTPGRP /home/FTP
到这里MYSQL认证部分就算基本配置好了,接下来是磁盘限额部分
首先,还是编辑proftpd文件
#磁盘限额部分
QuotaDirectoryTally on
#磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits "Kb"
QuotaEngine on
#磁盘限额日志记录
QuotaLog "你的LOG路径"
# 打开磁盘限额信息,当登陆FTP帐户后,使用命令 "quote SITE QUOTA" 后可显示当前用户的磁盘限额
QuotaShowQuotas on
#以下是SQL调用语句,不用修改直接拷贝过去
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
然后建立mysql 数据表
CREATE TABLE quotalimits (
name VARCHAR(30),
quota_type ENUM("user", "group", "class", "all") NOT NULL,
per_session ENUM("false", "true") NOT NULL,
limit_type ENUM("soft", "hard") NOT NULL,
bytes_in_avail FLOAT NOT NULL,
bytes_out_avail FLOAT NOT NULL,
bytes_xfer_avail FLOAT NOT NULL,
files_in_avail INT UNSIGNED NOT NULL,
files_out_avail INT UNSIGNED NOT NULL,
files_xfer_avail INT UNSIGNED NOT NULL
);
CREATE TABLE quotatallies (
name VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") NOT NULL,
bytes_in_used FLOAT NOT NULL,
bytes_out_used FLOAT NOT NULL,
bytes_xfer_used FLOAT NOT NULL,
files_in_used INT UNSIGNED NOT NULL,
files_out_used INT UNSIGNED NOT NULL,
files_xfer_used INT UNSIGNED NOT NULL
);
quotatallies表不需要作修改,它记录了用户当前的磁盘使用情况,由程序自动记录
quotalimits 表中一些字段的含意
quota_type 磁盘限额的鉴别
bytes_in_avail 上传最大字节数,就是FTP用户空间容量
bytes_out_avail 下载最大字节数
bytes_xfer_avail 总共可传输的文件的最大字节数(上传和下载流量)
files_in_avail 总共能上传文件的数目
files_out_avail 能从服务器上下载文件的总数目
files_xfer_avail 总共可传输文件的数目(上传和下载)
开始使用磁盘限额,我们要将上面建立的user1帐号给予10M空间,最多能上传500个文件到服务器上,文件传输流量为20M,只能传输10个文件。只要在MYSQL中插入
INSERT INTO `quotalimits` ( `name` , `quota_type` , `per_session` , `limit_type` , `bytes_in_avail` , `bytes_out_avail` , `bytes_xfer_avail` , `files_in_avail` , `files_out_avail` , `files_xfer_avail` )
VALUES ('user1', 'user', 'false', 'soft', '10240000', '0', '2048000', '500', '0', '10');
就可以了,不需要设置的部分用0代替就可以了
现在运行proftpd,登陆到user1 ,使用quote SITE QUOTA 就会显示user1用户的磁盘使用情况
ftp> quote SITE QUOTA
200-The current quota for this session are [current/limit]:
Name: user1
Quota Type: User
Per Session: False
Limit Type: Soft
Uploaded Kb: 0.00/10000.00
Downloaded Kb: unlimited
Transferred Kb: 0.00/2000.00
Uploaded files: 0/500
Downloaded files: unlimited
Transferred files: 0/10
200 Please contact root@localhost if these entries are inaccurate
OK,安装完毕
附件:启动和关闭proftpd
#!/bin/sh
# ProFTPD files
FTPD_BIN=/usr/local/proftpd/sbin/proftpd
FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf
PIDFILE=/usr/local/proftpd/var/proftpd.pid
# If PIDFILE exists, does it point to a proftpd process?
if [ -f $PIDFILE ]; then
pid=`cat $PIDFILE`
fi
if [ ! -x $FTPD_BIN ]; then
echo " $0: $FTPD_BIN: cannot execute"
exit 1
fi
case $1 in
start)
if [ -n " $pid" ]; then
echo " $0: proftpd [PID $pid] already running"
exit
fi
if [ -r $FTPD_CONF ]; then
echo "Starting proftpd..."
$FTPD_BIN -c $FTPD_CONF
else
echo " $0: cannot start proftpd -- $FTPD_CONF missing"
fi
;;
stop)
if [ -n " $pid" ]; then
echo "Stopping proftpd..."
kill -TERM $pid
else
echo " $0: proftpd not running"
exit 1
fi
;;
restart)
if [ -n " $pid" ]; then
echo "Rehashing proftpd configuration"
kill -HUP $pid
else
echo " $0: proftpd not running"
exit 1
fi
;;
*)
echo "usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0
至于你现在想写什么样的php程序来控制数据库,然后让一切web化,就不在本文讨论范围了。其实大家只要稍微修改一下,就可以作为虚拟主机提供给大家。因为你可以修改数据表!