Proftpd1.2.8+mysql3.23.56用户认证+quota磁盘限额v1.0

摘要

本文介绍一个非常好的ftp服务安装，实现了数据库管理和吃盘限额。只要稍微修改一下，就可以作为个人主业页服务器的服务平台!(文章参考了一些网上的文档，因为写的时间久了，记不起，希望不要见怪！)

--------------------------------------------------------------------------------

By 光辉

Proftpd1.2.8+mysql3.23.56用户认证+quota磁盘限额

安装环境：redhat8，安装选择的是自定义，没选数据库和ftp部分（因为我们要自己编译，如果安装了也没问题，你可以rpm -qa|grep mysql ,然后rpm -e mysql*.rpm卸载掉

网上关于proftpd的安装文章实在是不少，我只是稍微整理了一下，并且使用了新的 quota磁盘限额模块,mysql选择3.23.56版。

首先下载源码

proftpd1.2.8:

ftp://ftp.proftpd.org/上下载吧

ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.8.tar.gz

mod_quotatab-1.2.7

http://www.castaglia.org/proftpd ... otatab-1.2.7.tar.gz（对应proftpd1.2.8版本的）

mysql3.23.56:

http://www.mysql.com/downloads/mysql-3.23.html#Source

注意是下载源代码包（我一般喜欢自己编译）

全部下载到/root目录。

1，安装mysql3.23.56

#groupadd mysql

#useradd -g mysql mysql

#cd /root

#tar -zxvf mysql-3.23.56.tar.gz

#cd mysql-3.23.56

#./configure --prefix=/usr/local/mysql

#make

#make install

#scripts/mysql_install_db

#chown -R root /usr/local/mysql

#chown -R mysql /usr/local/mysql/var

#chgrp -R mysql /usr/local/mysql

#cp support-files/my-medium.cnf /etc/my.cnf

#/usr/local/mysql/bin/safe_mysqld --user=mysql &

2，安装proftpd

将proftpd的源码包解压缩到某临时目录下：

localhost# tar -zxvf proftpd-1.2.8.tar.gz

解压缩 mod_quotatab-1.2.7

localhost# tar -zxvf proftpd-mod-quotatab-1.2.7.tar.gz

进入 mod_quotatab 目录

localhost proftpd# cd mod_quotatab

把mod_quotatab中的文件拷贝到 proftpd 中的modules 目录中

localhost mod_quotatab# cp * ../proftpd-1.2.8/modules

在开始运行configure之前，我们要先改动一个文件

进入 proftpd-1.2.8/contrib 目录

localhost mod_quotatab # cd ../proftpd-1.2.8/contrib

修改 mod_sql_mysql.c

localhost contrib# vi mod_sql_mysql.c

找到#include 把他该为你实际路径

如果你的mysql 安装在/usr/local/mysql 下，就像我前面一样，就把它修改为#include

然后

localhost contrib# cd ..

localhostproftpd-1.2.7#./configure --prefix=DIR --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=DIR --with-libraries=DIR

需要修改的三个地方

--prefix=DIR 你要安装到哪里

--with-includes=DIR mysql 的includes 目录

--with-libraries=DIR mysql 的lib 目录

然后

make

make install 完成安装

3.配置proftpd.conf

接下来，进入你安装好的proftpd目录，修改etc/proftpd.conf 文件开始配置

基本配置讲解：

示例：proftpd.conf

ServerName "HRBEU's ftp server" #服务名

ServerType standalone #f服务器启动方式

DefaultServer on

# Port 21 is the standard FTP port.

Port 21 ＃使用端口

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask 022

#limit the user in his owner directory

DefaultRoot ~ ＃限制用户只能在自己的目录里，不能上去进入其他目录

#put the proftpd log files in /var/log/ftp.syslog

SystemLog /data/logs/ftp.syslog ＃proftpd的系统日志存放地

#TransferLog log files

TransferLog /data/logs/ftp.transferlog ＃传输日志存放地

#set The maxtimes user Attempts times

MaxLoginAttempts 30 ＃当登陆失败后，可以尝试登陆的次数

#setup the Restart

AllowRetrieveRestart on

#setup the download and upload speed

#TransferRate [kilobytes-per-sec[:100]] ＃1.2.8版本的速率限制

#setup the disk quota

QuotaDirectoryTally on

#quota b"|"Kb"|"Mb"|"Gb"

#setup the disk quota

#QuotaDirectoryTally on

#quota b"|"Kb"|"Mb"|"Gb"

QuotaDisplayUnits Kb

QuotaEngine on

QuotaLog /data/logs/Quota.log

QuotaShowQuotas on

# We put our mod_sql directives in a block so they'll be

# inherited by the block below, and any other

# blocks we may want to add. For a simple server these don't need to

# be in a block but it won't hurt anything.

# Specify our connection information. Both mod_sql_mysql and

# mod_sql_postgres use the same format, other backends may specify a

# different format for the first argument to SQLConnectInfo. By not

# specifying a fourth argument, we're defaulting to 'PERSESSION'

# connections -- a connection is made to the database at the start of

# the session and closed at the end. This should be fine for most

# situations.

# SQLConnectInfo dbname@host:port username password

SQLConnectInfo ftp@localhost:3306 wgh 58648217

# Specify our authentication schemes. Assuming we're using

# mod_sql_mysql, here we're saying 'first try to authenticate using

# mysql's password scheme, then try to authenticate the user's

# password as plaintext'. Note that 'Plaintext' isn't a smart way to

# store passwords unless you've got your database well secured.

SQLAuthTypes Backend Plaintext

# Specify the table and fields for user information. If you've

# created the database as it specifies in 'README.mod_sql', you don't

# need to have this directive at all UNLESS you've elected not to

# create some fields. In this case we're telling mod_sql to look in

# table 'users' for the fields 'username','password','uid', and

# 'gid'. The 'homedir' and 'shell' fields are specified as 'NULL' --

# this will be explained below.

# SQLUserInfo users username password uid gid NULL NULL

SQLUserInfo FTPUSERS userid passwd uid gid home shell

SQLGroupInfo FTPGRPS groupname gid members

# Here we tell mod_sql that every user it authenticates should have

# the same home directory. A much more common option would be to

# specify a homedir in the database and leave this directive out. Note

# that this directive is necessary in this case because we specified

# the homedir field as 'NULL', above. mod_sql needs to get homedir

# information from *somewhere*, otherwise it will not allow access.

# SQLDefaultHomedir "/tmp"

# This is not a mod_sql specific directive, but it's here because of

# the way we specified 'SQLUserInfo', above. By setting this to

# 'off', we're telling ProFTPD to allow users to connect even if we

# have no (or bad) shell information for them. Since we specified the

# shell field as 'NULL', above, we need to tell ProFTPD to allow the

# users in even though their shell doesn't exist.

RequireValidShell off

# Here we tell mod_sql how to get out group information. By leaving

# this commented out, we're telling mod_sql to go ahead and use the

# defaults for the tablename and all the field names.

# SQLGroupInfo groups groupname gid members

# For small sites, the following directive will speed up queries at

# the cost of some memory. Larger sites should read the complete

# description of the 'SQLAuthenticate' directive; there are options

# here that control the use of potentially expensive database

# queries. NOTE: these arguments to 'SQLAuthoritative' limit the way

# you can structure your group table. Check the README for more

# information.

SQLAuthenticate users

# Finally, some example logging directives. If you have an integer

# field named 'count' in your users table, these directives will

# automatically update the field each time a user logs in and display

# their current login count to them.

# SQLNamedQuery getcount SELECT "count, userid from users where userid='%u'"

# SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users

# SQLShowInfo PASS "230" "You've logged on %{getcount} times, %u"

# SQLLog PASS updatecount

SQLHomedirOnDemand on

#...SQL...............

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

# close our block.

＃全局设置完成

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 30

# Set the normal user and group permissions for the server.

User FTPUSR

Group FTPGRP

# Normally, we want files to be overwriteable.

AllowOverwrite on

# A basic anonymous configuration, no upload directories. If you

# don't want to support anonymous access, simply remove this

# ... block.

User ftp

Group ftp

# We want clients to be able to login with "anonymous" as well as "ftp"

UserAlias anonymous ftp

# Limit the maximum number of anonymous logins

MaxClients 100

# We want 'welcome.msg' displayed at login, and '.message' displayed

# in each newly chdired directory.

DisplayLogin welcome.msg

DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot

DenyAll

4,mysql 用户认证部分

在proftpd.conf中加入以下内容

#设置MySQL认证：

#数据库联接的信息，DatabaseName是数据库名， HostName是主机名，

#Port是端口号，UserName是连接数据库的用户名，Password是密码。

SQLConnectInfo ftp@localhost:3306 ftpuser ftppasswd

#数据库认证的类型：

SQLAuthTypes Backend Plaintext

#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字，等一会而在下面建立)

SQLUserInfo FTPUSERS userid passwd uid gid homedir shell

SQLGroupInfo FTPGRPS groupname gid members

#设置如果shell为空时允许用户登录：

RequireValidShell off

#数据库的鉴别

SQLAuthenticate users groups usersetfast groupsetfast

#如果home目录不存在，则系统会为根据它的home项新建一个目录：

SQLHomedirOnDemand on

然后在这个数据库中建立一个用户表FTPUSERS，这个表是必须的：

use ftp;

create table FTPUSERS (

userid TEXT NOT NULL,

passwd TEXT NOT NULL,

uid INT NOT NULL,

gid INT NOT NULL,

home TEXT,

shell TEXT

);

此表格是为了用户认证所需要的，其中userid、passwd是必不可少的，userid是用做FTP服务的用户名；passwd是指此用户的密码；uid是系统用户的ID，也就是所映射的系统用户；gid是所属系统组的ID；home是该用户所在的HOME目录；shell可以为该用户指定相应的shell。当然你可以建立更多的字段，例如：用来记录用户登录次数的count，或者是日期的date，如果你对配置熟悉了之后，你可以根据自己的喜欢添加更多的功能。在此就不多讲。

3、如果你想需要所有的功能，你还可以添加另外一个需要的表：FTPGRPS，也就是确定组的表格，当然也可以不用，这里讲一个它的格式：

create table FTPGRPS (

grpname TEXT NOT NULL,

gid SMALLINT NOT NULL,

members TEXT NOT NULL,

);

其中grpname是组的名称，gid是系统组的ID，members是组的成员。注意：多成员，他们之间要用逗号隔开，不能使用空格。

4、为空表格插入记录：

INSERT INTO FTPUSERS (userid, passwd, uid, gid, home, shell)

valueS ('user1', '999999', '1000', '1000', '/home/FTP/user1', '' );

按此格式你可以插入这每一个用户添加一个记录。

如果你要想应用到更多的功能，且建立了组的表格，你也要为此添加记录，不过一定要注意在members的字段多个成员一定要用逗号隔开。

INSERT INTO FTPGRPS VALUES ('FTPGRPS', 1000, 'FTPUSR');

四、为FTP用户建立相应的系统用户。

在本例中，只整个FTP服务只提供一个有效的系统用户FTPUSR和组FTPGRP，当然你也可以设置多个系统用户。但出于安全的考虑，我只设一个，用他来启动FTP daemon，并把所有的FTP用户映射过这个用户。

先建立FTPGRP组：

groupadd -g 1000 -r FTPGRP

建立FTPUSR用户：

adduser -u 1000 -g 1000 -d /home/FTP -s /bin/bash -r FTPUSR

为FTPUSR建立HOME，把所有的FTP user 活动空间全放在此目录下：

mkdir /home/FTP

chown FTPUSR /home/FTP

chgrp FTPGRP /home/FTP

到这里MYSQL认证部分就算基本配置好了，接下来是磁盘限额部分

首先，还是编辑proftpd文件

#磁盘限额部分

QuotaDirectoryTally on

#磁盘限额单位 b"|"Kb"|"Mb"|"Gb"

QuotaDisplayUnits "Kb"

QuotaEngine on

#磁盘限额日志记录

QuotaLog "你的LOG路径"

# 打开磁盘限额信息，当登陆FTP帐户后，使用命令 "quote SITE QUOTA" 后可显示当前用户的磁盘限额

QuotaShowQuotas on

#以下是SQL调用语句，不用修改直接拷贝过去

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

然后建立mysql 数据表

CREATE TABLE quotalimits (

name VARCHAR(30),

quota_type ENUM("user", "group", "class", "all") NOT NULL,

per_session ENUM("false", "true") NOT NULL,

limit_type ENUM("soft", "hard") NOT NULL,

bytes_in_avail FLOAT NOT NULL,

bytes_out_avail FLOAT NOT NULL,

bytes_xfer_avail FLOAT NOT NULL,

files_in_avail INT UNSIGNED NOT NULL,

files_out_avail INT UNSIGNED NOT NULL,

files_xfer_avail INT UNSIGNED NOT NULL

);

CREATE TABLE quotatallies (

name VARCHAR(30) NOT NULL,

quota_type ENUM("user", "group", "class", "all") NOT NULL,

bytes_in_used FLOAT NOT NULL,

bytes_out_used FLOAT NOT NULL,

bytes_xfer_used FLOAT NOT NULL,

files_in_used INT UNSIGNED NOT NULL,

files_out_used INT UNSIGNED NOT NULL,

files_xfer_used INT UNSIGNED NOT NULL

);

quotatallies表不需要作修改，它记录了用户当前的磁盘使用情况，由程序自动记录

quotalimits 表中一些字段的含意

quota_type 磁盘限额的鉴别

bytes_in_avail 上传最大字节数，就是FTP用户空间容量

bytes_out_avail 下载最大字节数

bytes_xfer_avail 总共可传输的文件的最大字节数(上传和下载流量)

files_in_avail 总共能上传文件的数目

files_out_avail 能从服务器上下载文件的总数目

files_xfer_avail 总共可传输文件的数目(上传和下载)

开始使用磁盘限额，我们要将上面建立的user1帐号给予10M空间，最多能上传500个文件到服务器上，文件传输流量为20M，只能传输10个文件。只要在MYSQL中插入

INSERT INTO `quotalimits` ( `name` , `quota_type` , `per_session` , `limit_type` , `bytes_in_avail` , `bytes_out_avail` , `bytes_xfer_avail` , `files_in_avail` , `files_out_avail` , `files_xfer_avail` )

VALUES ('user1', 'user', 'false', 'soft', '10240000', '0', '2048000', '500', '0', '10');

就可以了，不需要设置的部分用0代替就可以了

现在运行proftpd，登陆到user1 ，使用quote SITE QUOTA 就会显示user1用户的磁盘使用情况

ftp> quote SITE QUOTA

200-The current quota for this session are [current/limit]:

Name: user1

Quota Type: User

Per Session: False

Limit Type: Soft

Uploaded Kb: 0.00/10000.00

Downloaded Kb: unlimited

Transferred Kb: 0.00/2000.00

Uploaded files: 0/500

Downloaded files: unlimited

Transferred files: 0/10

200 Please contact root@localhost if these entries are inaccurate

OK,安装完毕

附件：启动和关闭proftpd

#!/bin/sh

# ProFTPD files

FTPD_BIN=/usr/local/proftpd/sbin/proftpd

FTPD_CONF=/usr/local/proftpd/etc/proftpd.conf

PIDFILE=/usr/local/proftpd/var/proftpd.pid

# If PIDFILE exists, does it point to a proftpd process?

if [ -f $PIDFILE ]; then

pid=`cat $PIDFILE`

if [ ! -x $FTPD_BIN ]; then

echo " $0: $FTPD_BIN: cannot execute"

exit 1

case $1 in

start)

if [ -n " $pid" ]; then

echo " $0: proftpd [PID $pid] already running"

exit

if [ -r $FTPD_CONF ]; then

echo "Starting proftpd..."

$FTPD_BIN -c $FTPD_CONF

else

echo " $0: cannot start proftpd -- $FTPD_CONF missing"

;;

stop)

if [ -n " $pid" ]; then

echo "Stopping proftpd..."

kill -TERM $pid

else

echo " $0: proftpd not running"

exit 1

;;

restart)

if [ -n " $pid" ]; then

echo "Rehashing proftpd configuration"

kill -HUP $pid

else

echo " $0: proftpd not running"

exit 1

;;

echo "usage: $0 {start|stop|restart}"

exit 1

;;

esac

exit 0

至于你现在想写什么样的php程序来控制数据库，然后让一切web化，就不在本文讨论范围了。其实大家只要稍微修改一下，就可以作为虚拟主机提供给大家。因为你可以修改数据表！