本文使用环境:Redhat linux
1 准备工作... 3
1.1 安装MySQL数据库... 3
1.2 安装PostgreSQL 数据库... 3
1.3 安装OpenLDAP. 4
2 安装Pure-FTPd. 4
3 配置pure-ftpd.conf 5
4 运行pureftpd. 5
5 MySQL模块... 5
5.1 创建MySQL数据库... 5
5.2 配置pureftpd-mysql.conf 6
5.3 测试pureftpd. 7
6 PGSQL模块... 8
6.1 配置PostgreSQL 数据库... 8
6.1.1 postgresql.conf 8
6.1.2 pg_hba.conf 8
6.1.3 Restart PostgreSQL. 8
6.2 创建PostgreSQL 数据库... 8
6.3 配置pureftpd-pgsql.conf 10
6.4 测试pureftpd. 12
7 LDAP模块... 12
7.1 配置OpenLDAP. 12
7.2 rootdn的结构... 12
7.3 创建dn. 13
7.4 pureftpd-ldap.conf 14
7.5 测试pureftpd. 14
8 Virtual-Users. 14
9 配置文件实例... 16
9.1 pure-ftpd.conf 16
9.2 pureftpd-ldap.conf 26
9.3 pureftpd-mysql.conf 27
9.4 pureftpd-pgsql.conf 30
9.5 pureftpd.passwd. 32
10 FAQ.. 33
10.1 不能访问http://www.pureftpd.org/ 33
10.2 目录与OpenSource RDBMS比较... 33
10.3 产生Crypt密码... 33
10.3.1 使用C产生... 33
10.3.2 使用PHP产生... 34
10.3.3 使用perl产生... 34
10.3.4 使用SQL语句产生... 34
10.3.5 使用Java产生... 35
11 参考资料... 35
12 声明... 35
1 准备工作
[root@linux root]# wget ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.15.tar.gz
[root@linux root]# wget http://home.9812.net/linux/download/myphp/site-2.1.0.tar.gz
mysql : http://www.mysql.com
pgsql: http://www.postgresql.org
openldap: http://www.openldap.org
1.1 安装MySQL数据库
[root@linux mysql]$ cat install
rpm -Uvh MySQL-server-4.0.13-0.i386.rpm
rpm -Uvh MySQL-client-4.0.13-0.i386.rpm
rpm -Uvh MySQL-devel-4.0.13-0.i386.rpm
rpm -Uvh MySQL-shared-4.0.13-0.i386.rpm
rpm -Uvh MySQL-shared-compat-4.0.13-0.i386.rpm
[root@linux root]# service mysql start
1.2 安装PostgreSQL 数据库
[root@linux pgsql]$ cat install
rpm -Uvh --nodeps postgresql-libs-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-devel-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-server-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-contrib-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-docs-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-jdbc-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-pl-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-python-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-tcl-?.?.?-1PGDG.i386.rpm
rpm -Uvh --nodeps postgresql-test-?.?.?-1PGDG.i386.rpm
[root@linux root]# rpm -qa|grep post
[root@linux root]# service postgresql start
1.3 安装OpenLDAP
[root@linux ldap]$ cat install
rpm -ivh openldap-servers-2.0.25-1.i386.rpm
rpm -ivh openldap-clients-2.0.25-1.i386.rpm
rpm -ivh openldap-2.0.25-1.i386.rpm
rpm -ivh openldap12-1.2.13-5.i386.rpm
rpm -ivh openldap-devel-2.0.25-1.i386.rpm
[root@linux root]# service ldap start
2 安装Pure-FTPd
[root@linux root]# tar zxvf pure-ftpd-1.0.15.tar.gz
[root@linux root]# cd pure-ftpd-1.0.15
[root@linux pure-ftpd-1.0.15]#./configure \--prefix=/usr/local/pureftpd \--with-ldap \--with-mysql \--with-pgsql \--with-puredb
--with-shadow \--with-pam \--with-paranoidmsg \--with-welcomemsg \--with-uploadscript \--with-cookie \--with-virtualchroot
--with-virtualhosts \--with-virtualroot \--with-diraliases \--with-quotas \--with-sysquotas \--with-ratios \--with-ftpwho \--with-throttling \--with-language=simplified-chinese
[root@linux pure-ftpd-1.0.15]#make
[root@linux pure-ftpd-1.0.15]#make check
[root@linux pure-ftpd-1.0.15] #make install
[root@linux pure-ftpd-1.0.15]# cd configuration-file
[root@linux configuration-file]# chmod u+x pure-config.pl
[root@linux configuration-file]# cp pure-config.pl /usr/local/pureftpd/bin
[root@linux configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc
[root@linux configuration-file]# cd ..
[root@linux pure-ftpd-1.0.15]# cp pureftpd* /usr/local/pureftpd/etc/
3 配置pure-ftpd.conf
# LDAP configuration file (see README.LDAP)
LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
# Postgres configuration file (see README.PGSQL)
PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
4 运行pureftpd
[root@linux bin]# pure-config.pl ../etc/pure-ftpd.conf
5 MySQL模块
5.1 创建MySQL数据库
CREATE DATABASE pureftpd;
grant all on pureftpd.* to pureftpd@localhost identified by 'qKiscCbwbXAkWp.'
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(32) unsigned NOT NULL auto_increment,
`User` varchar(16) NOT NULL default '',
`Password` varchar(64) NOT NULL default '',
`Uid` varchar(11) NOT NULL default '-1',
`Gid` varchar(11) NOT NULL default '-1',
`Dir` varchar(128) NOT NULL default '',
`QuotaSize` smallint(5) NOT NULL default '0',
`QuotaFiles` int(11) NOT NULL default '0',
`ULBandwidth` smallint(5) NOT NULL default '0',
`DLBandwidth` smallint(5) NOT NULL default '0',
`ULRatio` smallint(6) NOT NULL default '0',
`DLRatio` smallint(6) NOT NULL default '0',
`comment` tinytext NOT NULL,
`ipaccess` varchar(15) NOT NULL default '*',
`status` enum('0','1') NOT NULL default '0',
`create_date` datetime NOT NULL default '0000-00-00 00:00:00',
`modify_date` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`,`User`),
UNIQUE KEY `User` (`User`)
) TYPE=MyISAM AUTO_INCREMENT=5 ;
INSERT INTO `users` VALUES (5, 'test', encrypt('test'), '505', '505', '/tmp', 0, 0, 0, 0, 0, 0, '', '*', '1', '2003-06-26 18:04:33', '2003-06-26 18:04:33');
5.2 配置pureftpd-mysql.conf
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword qKiscCbwbXAkWp.
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
#MYSQLCrypt cleartext
MYSQLCrypt crypt
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\\L"
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\\L"
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\\L"
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\\L"
# Optional : ratios. The server has to be compiled with ratio support.
MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\\L"
MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\\L"
5.3 测试pureftpd
启动pureftpd
[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
测试pureftpd
[root@linux root]ncftp ftp://test:test@localhost:21
6 PGSQL模块
6.1 配置PostgreSQL 数据库
6.1.1 postgresql.conf
[root@linux root]# vi /var/lib/pgsql/data/postgresql.conf
tcpip_socket = true
6.1.2 pg_hba.conf
[root@linux root]# vi /var/lib/pgsql/data/pg_hba.conf
host all all 127.0.0.1 255.255.255.255 md5
local all all trust
加入上面几行
6.1.3 Restart PostgreSQL
[root@linux root]# service postgresql restart
Starting postgresql service: [ OK ]
6.2 创建PostgreSQL 数据库
[root@linux root]# su postgres
bash-2.05$ createdb
bash-2.05$ psql -l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
postgres | postgres | SQL_ASCII
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
(5 rows)
bash-2.05$ psql
postgres=# CREATE USER pureftpd WITH PASSWORD ' pureftpd ';
CREATE USER
postgres=# CREATE DATABASE pureftpd WITH OWNER = pureftpd TEMPLATE = template0 ENCODING = 'EUC_CN';
CREATE DATABASE
postgres=# \\q
bash-2.05$
bash-2.05$ psql -l
List of databases
Name | Owner | Encoding
-----------+----------+-----------
postgres | postgres | SQL_ASCII
pureftpd | pureftpd | EUC_CN
template0 | postgres | SQL_ASCII
template1 | postgres | SQL_ASCII
(5 rows)
bash-2.05$ createlang plpgsql pureftpd
bash-2.05$ psql -u pureftpd
psql: Warning: The -u option is deprecated. Use -U.
User name: pureftpd
Password:
Welcome to psql 7.3.2, the PostgreSQL interactive terminal.
Type: \\copyright for distribution terms
\\h for help with SQL commands
\\? for help on internal slash commands
\\g or terminate with semicolon to execute query
\\q to quit
pureftpd=>
DROP TABLE users CASCADE;
DROP SEQUENCE users_id_seq CASCADE;
CREATE TABLE "users" (
id integer DEFAULT nextval('users_id_seq'::text) NOT NULL,
"User" character varying(16) NOT NULL default '',
status smallint default 0,
"Password" character varying(64) NOT NULL default '',
"Uid" character varying(11) DEFAULT -1 NOT NULL,
"Gid" character varying(11) DEFAULT -1 NOT NULL,
"Dir" character varying(128) NOT NULL,
"comment" text,
ipaccess character varying(15) DEFAULT '*' NOT NULL,
"ULBandwidth" smallint default 0,
"DLBandwidth" smallint default 0,
"QuotaSize" integer DEFAULT 0,
"QuotaFiles" integer DEFAULT 0,
ULRatio smallint default 0,
DLRatio smallint default 0,
create_date timestamp with time zone DEFAULT now() NOT NULL,
modify_date timestamp without time zone DEFAULT now() NOT NULL
);
CREATE SEQUENCE users_id_seq;
CREATE INDEX users_index ON users (id,"User");
ALTER TABLE ONLY users ADD CONSTRAINT users_pkey PRIMARY KEY (id);
ALTER TABLE ONLY users ADD CONSTRAINT users_id_key UNIQUE (id, "User");
pureftpd=> \\d
List of relations
Schema | Name | Type | Owner
--------+--------------+----------+----------
public | users | table | pureftpd
public | users_id_seq | sequence | pureftpd
(2 rows)
pureftpd=>
6.3 配置pureftpd-pgsql.conf
# If PostgreSQL listens to a TCP socket
PGSQLServer localhost
# *or* if PostgreSQL can only be reached through a local Unix socket
# PGSQLServer /tmp
# PGSQLPort .s.PGSQL.5432
# Mandatory : user to bind the server as.
PGSQLUser pureftpd
# Mandatory : user password. You *must* have a password.
PGSQLPassword pureftpd
# Mandatory : database to open.
PGSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" or "any"
#PGSQLCrypt cleartext
PGSQLCrypt crypt
PGSQLGetPW SELECT Password FROM users WHERE User='\\L'
# Query to execute in order to fetch the system user name or uid
PGSQLGetUID SELECT Uid FROM users WHERE User='\\L'
# Query to execute in order to fetch the system user group or gid
PGSQLGetGID SELECT Gid FROM users WHERE User='\\L'
# Query to execute in order to fetch the home directory
PGSQLGetDir SELECT Dir FROM users WHERE User='\\L'
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
PGSQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\\L'
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
PGSQLGetQTASZ SELECT QuotaSize FROM users WHERE User='\\L'
# Optional : ratios. The server has to be compiled with ratio support.
PGSQLGetRatioUL SELECT ULRatio FROM users WHERE User='\\L'
PGSQLGetRatioDL SELECT DLRatio FROM users WHERE User='\\L'
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
PGSQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\\L'
PGSQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\\L'
6.4 测试pureftpd
启动pureftpd
[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
测试pureftpd
[root@linux root]ncftp ftp://test:test@localhost:21
7 LDAP模块
OpenLDAP 使用 Berkeley DB (一个层次型数据库,注意:与RDBMS不同) 存储数据
7.1 配置OpenLDAP
[root@linux root]vi /etc/openldap/slapd.conf
include /etc/openldap/schema/pureftpd.schema
suffix "dc=gdfz,dc=com"
rootdn "cn=Manager,dc=gdfz,dc=com"
rootpw {crypt}sa0hRW/W3DLvQ
[root@linux root]service ldap restart
7.2 rootdn的结构
rootdn:dc=gdfz,dc=com
|-----cn=one, dc=gdfz,dc=com
| |--- objectClass: posixAccount
| |---cn: joe
| |---uid: joe
| |---uidNumber: 500
| |---gidNumber: 500
| |---homeDirectory: /home/joe
| |---userPassword: {crypt}saO3qRXM8wjUE
|---- cn=xxx-1, dc=gdfz,dc=com
| |--- …………………………
| |--- …………………………
|---- cn=xxx-n, dc=gdfz,dc=com
|---- ou=two, dc=gdfz,dc=com
| |---- cn=one,ou=two, dc=gdfz,dc=com
| | |--- objectClass: posixAccount
| | |---cn: joe
| | |---uid: joe
| | |---uidNumber: 500
| | |---gidNumber: 500
| | |---homeDirectory: /home/joe
| | |---userPassword: {crypt}saO3qRXM8wjUE
| |---- cn=two,ou=two, dc=gdfz,dc=com
| | |--- …………………………
| | |--- …………………………
| |---- cn=there,ou=two, dc=gdfz,dc=com
|---- ou=other, dc=gdfz,dc=com
|---- cn=one,ou=other, dc=gdfz,dc=com
|---- cn=two,ou=other, dc=gdfz,dc=com
7.3 创建dn
[root@linux root]# cat base-dn.ldif
dn: dc=gdfz,dc=com
objectClass: person
cn: gdfz
sn: gdfz
ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f base-dn.ldif
[root@linux etc]# cat pureftpd.ldif
dn: cn=joe,dc=gdfz,dc=com
objectClass: posixAccount
cn: joe
uid: joe
uidNumber: 500
gidNumber: 500
homeDirectory: /home/joe
userPassword: {crypt}saO3qRXM8wjUE
[root@linux root]#ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif
[root@linux root]# cat pureftpd.ldif
dn: uid=chen,dc=gdfz,dc=com
objectClass: posixAccount
cn: chen
uid:chen
uidnumber:501
gidNumber:501
homeDirectory: /home/chen
userPassword: {crypt}$1$chen$y13/Ao8O3O/9jhSSCPFZg0
objectClass: PureFTPdUser
FTPStatus: enabled
FTPQuotaFiles: 50
FTPQuotaMBytes: 10
FTPDownloadBandwidth: 50
FTPUploadBandwidth: 50
FTPDownloadRatio: 5
FTPUploadRatio: 1
[root@linux root]# ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif
7.4 pureftpd-ldap.conf
LDAPServer localhost
# Optional : server port. Default : 389
LDAPPort 389
# Mandatory : the base DN to search accounts from. No default.
LDAPBaseDN dc=gdfz,dc=com
# Optional : who we should bind the server as.
# Default : binds anonymously
LDAPBindDN cn=Manager,dc=gdfz,dc=com
# Password if we don't bind anonymously
# This configuration file should be only readable by root
LDAPBindPW chen
7.5 测试pureftpd
启动pureftpd
[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
测试pureftpd
[root@linux root]ncftp ftp://chen:passwd@localhost:21
8 Virtual-Users
pure-pw 使用方法
[root@linux bin]# ./pure-pw
Usage :
pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]
-D/-d <home directory> [-c <gecos>]
[-t <download bandwidth>] [-T <upload bandwidth>]
[-n <max number of files>] [-N <max Mbytes>]
[-q <upload ratio>] [-Q <download ratio>]
[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
[-y <max number of concurrent sessions>]
[-z <hhmm>-<hhmm>] [-m]
pure-pw usermod <login> -f <passwd file> -u <uid> [-g <gid>]
-D/-d <home directory> -[c <gecos>]
[-t <download bandwidth>] [-T <upload bandwidth>]
[-n <max number of files>] [-N <max Mbytes>]
[-q <upload ratio>] [-Q <download ratio>]
[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]
[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]
[-y <max number of concurrent sessions>]
[-z <hhmm>-<hhmm>] [-m]
pure-pw userdel <login> [-f <passwd file>] [-m]
pure-pw passwd <login> [-f <passwd file>] [-m]
pure-pw show <login> [-f <passwd file>]
pure-pw mkdb [<puredb database file> [-f <passwd file>]]
pure-pw list [-f <passwd file>]
-d <home directory> : chroot user (recommended)
-D <home directory> : don't chroot user
-<option> '' : set this option to unlimited
-m : also update the /usr/local/pureftpd/etc/pureftpd.pdb database
For a 1:10 ratio, use -q 1 -Q 10
To allow access only between 9 am and 6 pm, use -z 0900-1800
*WARNING* : that pure-ftpd server hasn't been compiled with puredb support
添加9812用户,用户目录/home/www/9812.net/,使用web用户的uid与gid
[root@linux bin]# ./pure-pw useradd 9812 -u web -d /home/www/9812.net/
Password:
Enter it again:
[root@linux bin]#
[root@linux etc]# cat pureftpd.passwd
qqqq:$1$suA.WBZ0$Uu/05AtMi/4cNdhg9gKjP/:505:505::/home/web/./::::::::::::
9812:$1$4.iPvGE0$lY5CEVYLde.Mb9QWNu.so0:505:505::/home/www/9812.net/./::::::::::::
生成pureftpd.pdb
[root@linux etc]# ../bin/pure-pw mkdb
[root@linux etc]# ls
pure-config.pl pure-ftpd.conf pureftpd-ldap.conf pureftpd-mysql.conf pureftpd.passwd pureftpd.pdb pureftpd-pgsql.conf
启动pureftpd
[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
测试pureftpd
[root@linux root]ncftp ftp://9812:passwd@localhost:21
9 配置文件实例
9.1 pure-ftpd.conf
############################################################
# #
# Configuration file for pure-ftpd wrappers #
# #
############################################################
# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
#
# RPM binary files use another configuration file by default :
# /etc/sysconfig/pure-ftpd
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.html for a complete list of
# options.
# Cage in every user in his home directory
ChrootEveryone yes
# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
# TrustedGID 100
# Turn on compatibility hacks for broken clients
BrokenClientsCompatibility no
# Maximum number of simultaneous users
MaxClientsNumber 50
# Fork in background
Daemonize yes
# Maximum number of sim clients with the same IP address
MaxClientsPerIP 8
# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
VerboseLog no
# List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
# Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
# Disallow anonymous connections. Only allow authenticated users.
NoAnonymous no
# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
# Display fortune cookies
# FortunesFile /usr/share/fortune/zippy
# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
DontResolve yes
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 15
# LDAP configuration file (see README.LDAP)
# LDAPConfigFile /etc/pureftpd-ldap.conf
LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
# MySQLConfigFile /etc/pureftpd-mysql.conf
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
# Postgres configuration file (see README.PGSQL)
# PGSQLConfigFile /etc/pureftpd-pgsql.conf
PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
# PureDB /etc/pureftpd.pdb
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
# Path to pure-authd socket (see README.Authentication-Modules)
# ExtAuth /var/run/ftpd.sock
# If you want to enable PAM authentication, uncomment the following line
# PAMAuthentication yes
# If you want simple Unix (/etc/passwd) authentication, uncomment this
# UnixAuthentication yes
# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.
# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
LimitRecursion 2000 8
# Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
MaxLoad 4
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 30000 50000
# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio for anonymous users.
# AnonymousRatio 1 10
# Upload/download ratio for all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
AntiWarez yes
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
Bind 127.0.0.1,8021
# Maximum bandwidth for anonymous users in KB/s
# AnonymousBandwidth 8
# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
# UserBandwidth 8
# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.
Umask 133:022
# Minimum UID for an authenticated user to log in.
MinUID 100
# Allow FXP transfers for authenticated users only.
AllowUserFXP yes
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
ProhibitDotFilesWrite no
# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
# Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload no
# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
# If you want to add the PID to every logged line, uncomment the following
# line.
#LogPID yes
# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
# AltLog clf:/var/log/pureftpd.log
# Create an additional log file with transfers logged in a format optimized
# for statistic reports.
# AltLog stats:/var/log/pureftpd.log
#AltLog stats:/var/log/pureftpd.log
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)
# AltLog w3c:/var/log/pureftpd.log
# Disallow the CHMOD command. Users can't change perms of their files.
#NoChmod yes
# Allow users to resume and upload files, but *NOT* to delete them.
#KeepAllFiles yes
# Automatically create home directories if they are missing
#CreateHomeDir yes
# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
#PIDFile /var/run/pure-ftpd.pid
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
#CallUploadScript yes
# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
MaxDiskUsage 99
# Set to 'yes' if you don't want your users to rename files.
#NoRename yes
# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
# PerUserLimits 3:20
9.2 pureftpd-ldap.conf
#############################################
# #
# Sample Pure-FTPd LDAP configuration file. #
# See README.LDAP for explanations. #
# #
#############################################
# Optional : name of the LDAP server. Default : localhost
#LDAPServer ldap.c9x.org
LDAPServer localhost
# Optional : server port. Default : 389
LDAPPort 389
# Mandatory : the base DN to search accounts from. No default.
#LDAPBaseDN cn=Users,dc=c9x,dc=org
LDAPBaseDN dc=gdfz,dc=com
# Optional : who we should bind the server as.
# Default : binds anonymously
#LDAPBindDN cn=Manager,dc=c9x,dc=org
LDAPBindDN cn=Manager,dc=gdfz,dc=com
# Password if we don't bind anonymously
# This configuration file should be only readable by root
#LDAPBindPW r00tPaSsw0rD
LDAPBindPW chen
# Optional : default UID, when there's no entry in an user object
# LDAPDefaultUID 500
# Optional : default GID, when there's no entry in an user object
# LDAPDefaultGID 100
# Filter to use to find the object that contains user info
# \\L is replaced by the login the user is trying to log in as
# The default filter is (&(objectClass=posixAccount)(uid=\\L))
# LDAPFilter (&(objectClass=posixAccount)(uid=\\L))
# Attribute to get the home directory
# Default is homeDirectory (the standard attribute from posixAccount)
# LDAPHomeDir homeDirectory
# LDAP protocol version to use
# Version 3 (default) is mandatory with recent releases of OpenLDAP.
# LDAPVersion 3
9.3 pureftpd-mysql.conf
##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
#MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/lib/mysql/mysql.sock
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword qKiscCbwbXAkWp.
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
#MYSQLCrypt cleartext
MYSQLCrypt crypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \\L is replaced by the login of the user trying to authenticate.
# \\I is replaced by the IP address the user connected to.
# \\P is replaced by the port number the user connected to.
# \\R is replaced by the IP address the user connected from.
# \\D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\\L"
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\\L"
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\\L"
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\\L"
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
9.4 pureftpd-pgsql.conf
###################################################
# #
# Sample Pure-FTPd PostgreSQL configuration file. #
# See README.PGSQL for explanations. #
# #
###################################################
# If PostgreSQL listens to a TCP socket
#PGSQLServer localhost
PGSQLServer localhost
#PGSQLPort 5432
PGSQLPort 5432
# *or* if PostgreSQL can only be reached through a local Unix socket
# PGSQLServer /tmp
# PGSQLPort .s.PGSQL.5432
# Mandatory : user to bind the server as.
#PGSQLUser postgres
PGSQLUser pureftpd
# Mandatory : user password. You *must* have a password.
#PGSQLPassword rootpw
PGSQLPassword pureftpd
# Mandatory : database to open.
#PGSQLDatabase pureftpd
PGSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" or "any"
#PGSQLCrypt cleartext
PGSQLCrypt crypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \\L is replaced by the login of the user trying to authenticate.
# \\I is replaced by the IP address the user connected to.
# \\P is replaced by the port number the user connected to.
# \\R is replaced by the IP address the user connected from.
# \\D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
PGSQLGetPW SELECT Password FROM users WHERE User='\\L'
# Query to execute in order to fetch the system user name or uid
PGSQLGetUID SELECT Uid FROM users WHERE User='\\L'
# Optional : default UID - if set this overrides PGSQLGetUID
#PGSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
PGSQLGetGID SELECT Gid FROM users WHERE User='\\L'
# Optional : default GID - if set this overrides PGSQLGetGID
#PGSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
PGSQLGetDir SELECT Dir FROM users WHERE User='\\L'
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# PGSQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\\L'
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# PGSQLGetQTASZ SELECT QuotaSize FROM users WHERE User='\\L'
# Optional : ratios. The server has to be compiled with ratio support.
# PGSQLGetRatioUL SELECT ULRatio FROM users WHERE User='\\L'
# PGSQLGetRatioDL SELECT DLRatio FROM users WHERE User='\\L'
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# PGSQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\\L'
# PGSQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\\L'
9.5 pureftpd.passwd
[root@linux etc]# cat pureftpd.passwd
qqqq:$1$suA.WBZ0$Uu/05AtMi/4cNdhg9gKjP/:505:505::/home/web/./::::::::::::
9812:$1$4.iPvGE0$lY5CEVYLde.Mb9QWNu.so0:505:505::/home/www.9812.net/./::::::::::::
10 FAQ
10.1 不能访问http://www.pureftpd.org/
http://www.pureftpd.org/ 网站被我们政府封了,你可以使用代理服务器
代理服务器列表:http://www.salala.com/proxy_index.htm
10.2 目录与OpenSource RDBMS比较
性能:
读速度:OpenLDAP > MySQL > PostgreSQL
写入/修改:MySQL > PostgreSQL > OpenLDAP
集群:OpenLDAP > PostgreSQL> MySQL(不支持集群)
海量存储:PostgreSQL > OpenLDAP(分布式存储)> MySQL
10.3 产生Crypt密码
10.3.1 使用C产生
[root@linux root]# cat crypt.c
/*
Netkiller 2003-06-27 crypt.c
char *crypt(const char *key, const char *salt);
*/
#include <unistd.h>
main(){
char key[256];
char salt[64];
char passwd[256];
printf("key:");
scanf("%s",&key);
printf("salt:");
scanf("%s",&salt);
sprintf(passwd,"passwd:%s\\n",crypt(key,salt));
printf(passwd);
}
[root@linux root]# gcc -o crypt -s crypt.c –lcrypt
[root@linux root]# ./crypt
key:chen
salt:salt
passwd:sa0hRW/W3DLvQ
[root@linux root]#
10.3.2 使用PHP产生
# cat des.php
<html>
<p>DES 密码产生器</p>
<form method=post action=des.php>
<p>password:<input name=passwd type=text size=20></p>
<input type=submit value=submit>
</form>
<?
$enpw=crypt($passwd);
echo "password is: $enpw";
?>
[root@linux root]# wget http://home.9812.net/linux/download/myphp/site-2.1.0.tar.gz
[root@linux root]#tar zxvf site-2.1.0.tar.gz
[root@linux root]#cp –r site /usr/local/apache/htdocs
[root@linux root]#lynx http://localhost/site
10.3.3 使用perl产生
perl -e 'print("userPassword: ".crypt("secret","salt")."\\n");'
产生的DES密码,同样也可以用于OpenLDAP的管理员密码
# vi /etc/openldap/slapd.conf
rootpw {crypt}ijFYNcSNctBYg
10.3.4 使用SQL语句产生
select encrypt('password');
mysql> select encrypt('password');
+---------------------+
| encrypt('password') |
+---------------------+
| WXvvG0CWY7v5I |
+---------------------+
1 row in set (0.00 sec)
mysql>
10.3.5 使用Java产生
Crypt.java
Import netkiller. Security;
Crypt pw = new Crypt();
String passwd = pw.crypt(“passwd”,”salt”);
System.out.println(passwd);
