本文根据网上流行的一篇文章整理改编而成,并修正了原文的一些小错误。
由于为每一个需要使用ftp服务的用户建立系统帐户会影响系统的安全,所以我们使用数据库用户进行ftp用户验证。
系统组成:
Proftpd1.2.7
proftpd-mod-quotatab-1.2.4
mysql3.23
因为ports里没有proftpd-mod-quotatab-1.2.4模块,我们下载源代码安装。
下载源代码包:(必须下载相同版本的源代码包)
到 http://www.proftpd.org 或 ftp://ftp.servus.at/ProFTPD/distrib/source/proftpd-1.2.7.tar.gz
去下载proftpd-1.2.7.tar.gz。
到 http://www.castaglia.org/proftpd/ 去下载proftpd-mod-quotatab-1.2.4.tar.gz。(1.2.5 版本的mod_quotatab是用在1.2.8rc1上的)
用ftp将它们上传到/home/ylf/app目录。
然后解压缩源代码包:
# cd /home/ylf/app
# tar zxvf proftpd-1.2.7.tar.gz
# tar zxvf proftpd-mod-quotatab-1.2.4.tar.gz
进入mod-quotatab目录
# cd mod_quotatab
把mod_quotatab中的文件拷贝到proftpd 中的modules 目录中
# cp * ../proftpd-1.2.7/modules
在开始运行configure之前,我们要先改动一个文件
进入 proftpd-1.2.7/contrib 目录
# cd /home/ylf/app/proftpd-1.2.7/contrib
修改 mod_sql_mysql.c
# vi mod_sql_mysql.c
找到#include 把他改为你的实际路径,这里是:
#include
然后编译安装:
# cd /home/ylf/app/proftpd-1.2.7
#./configure --prefix=/usr/local/proftpd --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/local/include/mysql --with-libraries=/usr/local/lib/mysql
# make
# make install
进入到proftpd配置文件所在目录
# cd /usr/local/proftpd/etc
备份原配置文件
# mv proftpd.conf proftpd.conf.bak
然后编辑新的配置文件proftpd.conf
# vi proftpd.conf
我的proftpd.conf内容如下:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ftpx.3322.org"
ServerType standalone
DefaultServer on
# 用户登陆时不显示ftp服务器版本信息
ServerIdent off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
MaxLoginAttempts 3
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
MaxClients 100
# 设置每台主机最多并发连接数
MaxClientsPerHost 3
AllowOverwrite no
AllowStoreRestart on
UseReverseDNS off
# 设置如果shell为空时允许用户登录
RequireValidShell off
# 将用户限制在自己的主目录下
DefaultRoot ~ ftpusers
DefaultRoot ~ FTPGRP
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User FTPUSR
Group FTPGRP
# Normally, we want files to be overwriteable.
AllowOverwrite on
# A basic anonymous configuration, no upload directories.
# 匿名登录设置。匿名用户目录为/ftp
User ftp
Group ftpusers
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
# 数据库联接的信息,FTP是数据库名,localhost是主机名,root是连接数据库的用户名,#123456是密码
#(如果没有密码留空)
SQLConnectInfo FTP@localhost root 123456
# 数据库认证的类型
SQLAuthTypes Backend Plaintext
# 指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会
# 在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid homedir shell
SQLGroupInfo FTPGRPS groupname gid members
# 数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast
# 如果home目录不存在,则系统会根据它的home项新建一个目录
SQLHomedirOnDemand on
# 启用磁盘限额
QuotaDirectoryTally on
# 磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits "Kb"
QuotaEngine on
# 磁盘限额日志记录
QuotaLog "/var/log"
# 打开磁盘限额信息,当登陆FTP帐户后,使用命令 "quote SITE QUOTA" 后可显示当前用#户的磁盘限额
QuotaShowQuotas on
# SQL调用语句,不用修改
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail,files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
下面为ftp用户建立相应的数据库和表
进入mysql数据库命令状态:
# mysql ?p
提示输入密码
建立数据库FTP(注意大小写和每句话后面的“;”)
CREATE DATABASE FTP;
然后在这个数据库中建立一个用户表FTPUSERS,这个表是必须的:
use FTP;
create table FTPUSERS (
userid TEXT NOT NULL,
passwd TEXT NOT NULL,
uid INT NOT NULL,
gid INT NOT NULL,
homedir TEXT,
shell TEXT
);
此表格是为了用户认证所需要的,其中userid、passwd是必不可少的,userid是用做FTP服务的用户名;passwd是指此用户的密码; uid是系统用户的ID,也就是所映射的系统用户;gid是所属系统组的ID;homedir是该用户所在的HOME目录;shell可以为该用户指定相 应的shell。当然你可以建立更多的字段,例如:用来记录用户登录次数的count,或者是日期的date,如果你对配置熟悉了之后,你可以根据自己的 喜欢添加更多的功能。在此就不多讲。
为了提供更多的功能,我们添加另外一个需要的表:FTPGRPS,也就是确定组的表格,这里是它的格式:
create table FTPGRPS (
groupname TEXT NOT NULL,
gid SMALLINT NOT NULL,
members TEXT NOT NULL
);
其中groupname是组的名称,gid是系统组的ID,members是组的成员。注意:多成员,他们之间要用逗号隔开,不能使用空格。
为FTP
