Proftpd mysql認證配置文檔

ver1.0, 2012/09/25

一、下載安裝proftp mysql

下載 wget http://cloud.github.com/downloads/proftpd/proftpd.github.com/proftpd-1.3.4rc2.tar.gz

tar zxvf proftpd-1.3.4rc2.tar.gz

cd proftpd-1.3.4rc2

?

./configure--prefix=/usr/local/proftp \

--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql \

--with-includes=/usr/include/mysql \

--with-libraries=/usr/lib/mysql \

make && make install

?

解釋

--with-includes: 指定MySQL服務器includes所在的位置，mysql的include文件通常是.h結尾，

--with-libraries：指定MySQL服務器libraries所在的位置，mysql的庫文件通常是*結尾

到此proftp已安裝結束

?

mysql安裝方式 yum安裝編譯安裝。

二、創建proftp數據庫

創建數據庫proftp（utf-8）

導入附件中sql文件或，輸入

?

CREATE TABLE IF NOT EXISTS `ftpgroup` (

? `groupname` varchar(16) NOT NULL default '',

? `gid` smallint(6) NOT NULL default '5500',

? `members` varchar(16) NOT NULL default '',

? KEY `groupname` (`groupname`)

) ENGINE=MyISAM DEFAULT CHARSET=latin1 COMMENT='ProFTP group table';

?

-- --------------------------------------------------------

?

--

-- Table structure for table `ftpquotalimits`

--

?

CREATE TABLE IF NOT EXISTS `ftpquotalimits` (

? `name` varchar(30) default NULL,

? `quota_type` enum('user','group','class','all') NOT NULL default 'user',

? `per_session` enum('false','true') NOT NULL default 'false',

? `limit_type` enum('soft','hard') NOT NULL default 'soft',

? `bytes_in_avail` int(10) unsigned NOT NULL default '0',

? `bytes_out_avail` int(10) unsigned NOT NULL default '0',

? `bytes_xfer_avail` int(10) unsigned NOT NULL default '0',

? `files_in_avail` int(10) unsigned NOT NULL default '0',

? `files_out_avail` int(10) unsigned NOT NULL default '0',

? `files_xfer_avail` int(10) unsigned NOT NULL default '0'

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

?

-- --------------------------------------------------------

?

--

-- Table structure for table `ftpquotatallies`

--

?

CREATE TABLE IF NOT EXISTS `ftpquotatallies` (

? `name` varchar(30) NOT NULL default '',

? `quota_type` enum('user','group','class','all') NOT NULL default 'user',

? `bytes_in_used` int(10) unsigned NOT NULL default '0',

? `bytes_out_used` int(10) unsigned NOT NULL default '0',

? `bytes_xfer_used` int(10) unsigned NOT NULL default '0',

? `files_in_used` int(10) unsigned NOT NULL default '0',

? `files_out_used` int(10) unsigned NOT NULL default '0',

? `files_xfer_used` int(10) unsigned NOT NULL default '0'

) ENGINE=MyISAM DEFAULT CHARSET=latin1;

?

-- --------------------------------------------------------

?

--

-- Table structure for table `ftpuser`

--

?

CREATE TABLE IF NOT EXISTS `ftpuser` (

? `id` int(10) unsigned NOT NULL auto_increment,

? `userid` varchar(32) NOT NULL default '',

? `passwd` varchar(32) NOT NULL default '',

? `uid` smallint(6) NOT NULL default '2001',

? `gid` smallint(6) NOT NULL default '2001',

? `homedir` varchar(255) NOT NULL default '/home/web',

? `shell` varchar(16) NOT NULL default '/sbin/nologin',

? `count` int(11) NOT NULL default '0',

? `accessed` datetime NOT NULL default '0000-00-00 00:00:00',

? `modified` datetime NOT NULL default '0000-00-00 00:00:00',

? PRIMARY KEY? (`id`),

? UNIQUE KEY `userid` (`userid`)

) ENGINE=MyISAM? DEFAULT CHARSET=latin1 COMMENT='ProFTP user table' AUTO_INCREMENT=0 ;

?

?

?

三、配置proftpd.conf

備份原proftpd.conf文件，copy 附件中配置并修改以下幾處內容

cp /usr/local/proftp/etc/proftpd.conf/usr/local/proftp/etc/proftpd.conf-bak

vi /usr/local/proftp/etc/proftpd.conf

替換以下內容(此部分可見文件夾中proftp.conf)

# This is a basic ProFTPD configuration file (rename it to

# 'proftpd.conf' for actual use.? It establishes a single server

# and a single anonymous login.? It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.

?

ServerName?????????????? "ProFTPD Default Installation"

ServerType???????????????? standalone

DefaultServer??????????????????? on

DefaultAddress???????????????? 192.168.3.58

#SocketBindTight ??????????? on

# Port 21 is the standard FTP port.

Port??????????????????????????? 21

# Don't use IPv6 support by default.

UseIPv6????????????????????? off

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask??????????????????????? 022 022

AllowRetrieveRestart??????????? on

AllowStoreRestart?????????????? on

SyslogLevel ?????????????? warn

# To prevent DoS attacks, set the maximum number of child processes

# to 30.? If you need to allow more than 30 concurrent connections

# at once, simply increase this value.? Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances??????????????????? 30

?

# Set the user and group under which the server will run.

User??????????????????????????? ftpuser

Group???????????????????????? ftpgroup

?

# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

DefaultRoot ~

?

# Normally, we want files to be overwriteable.

AllowOverwrite????????? on

?

# Bar use of SITE CHMOD by default

#<Limit SITE_CHMOD>

#? DenyAll

#</Limit>

?

# A basic anonymous configuration, no upload directories.? If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

#<Anonymous ~ftp>

#? User????????????????????? ftp

#? Group????????????????????????? ftpg

?

#? # We want clients to be able to login with "anonymous" as well as "ftp"

#? UserAlias???????????????????? anonymous ftp

?

#? # Limit the maximum number of anonymous logins

#? MaxClients????????????????? 10

?

#? # We want 'welcome.msg' displayed at login, and '.message' displayed

#? # in each newly chdired directory.

#? DisplayLogin??????????????? welcome.msg

#? DisplayChdir??????????????? .message

?

#? # Limit WRITE everywhere in the anonymous chroot

#? <Limit WRITE>

#??? DenyAll

#? </Limit>

#</Anonymous>

#LangPath??????? /usr/share/locale

#LangEngine on

#UseEncoding on #UTF-8 UTF-8

SQLAuthTypes Backend Plaintext

SQLAuthenticate users* groups*

?

# databasename@host database_user user_password

?

SQLConnectInfo? yourDBname@yourDBhost youeDBuser yourDBpass

#usertable ftpuser

SQLNamedQuery ftpuserinfo SELECT "userid,passwd,uid,gid,homedir,shell from ftpuser where userid = '%U' and count < 1"

SQLUserInfo custom:/ftpuserinfo

#SQLUserInfo ftpuser userid passwd uid gid homedir shell

#SQLLogFile "/usr/local/proftpd/sqllog"

?

SQLGroupInfo ftpgroup groupname gid members

#SQLHomedirOnDemand on

CreateHome? on

SQLDefaultGID 2001

SQLDefaultUID 2001

# Update count every time user logs in

SQLLog PASS updatecount

SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE userid='%u'" ftpuser

?

# Update modified everytime user uploads or deletes a file

SQLLog STOR,DELE modified

SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

?

QuotaEngine on

QuotaDirectoryTally on

QuotaDisplayUnits Mb

QuotaShowQuotas on

#QuotaLog "/var/log/quota"

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

?

?

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

?

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

?

?

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

?

?

QuotaLimitTable sql:/get-quota-limit

?

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

UseReverseDns off

IdentLookups off

?

?

?

修改以下2處

DefaultAddress修改為本ftp所在服務器ip地址

SQLConnectInfo? yourDBname@yourDBhost youeDBuser yourDBpass

修改數據名數據庫用戶及密碼

?

四、添加proftp系統用戶

?

1、添加ftp運行用戶及組

groupadd ftpgroup -g 2001

adduser ftpuser -u 2001 -g 2001 -d /var/ftp -s /sbin/nologin

?

ps：uid 和gid 號可以自定義，設置后需要修改proftp.conf中SQLDefaultGID 2001

SQLDefaultUID 2001這兩處，這里我新建的就是2001 所以proftp中我就沒有修改

?

?

2、添加 ftp虛擬用戶及組

groupadd ftpusers -g 2002

adduser proftp -u 2002 -g 2001 -d /var/ftp -s /sbin/nologin

?

?

ps：添加ftp用戶，將其組加入到proftp運行組中，虛擬用戶將繼承2002 用戶權限

五、初始化proftp配置

?

在數據庫中插入

INSERT INTO `proftp`.`ftpgrps` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', '2001', 'ftpuser');

INSERT INTO `proftp`.`ftpgrps` (`groupname`, `gid`, `members`) VALUES ('ftpusers', '2002', 'proftp');

?

?

Proftpd mysql認證配置文檔