首页 > 代码库 > proftp + mysql 配置管理

proftp + mysql 配置管理

一、下载安装proftp mysql


下载  wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gz

tar zxf proftpd-1.3.4d.tar.gz


INSTALLATION  Mod_Clamav

To install Mod_Clamav, download and unpack the Mod_Clamav source code.


wget http://www.thrallingpenguin.com/resources/mod_clamav-0.10.tar.gz

tar xzvf mod_clamav-0.10.tar.gz

Download the latest proftpd source code, and prepare it for building Mod_Clamav.


wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gz

tar xzvf proftpd-1.3.1.tar.gz

cp mod_clamav-0.10/mod_clamav.* proftpd-1.3.1/contrib

Apply the required patch:


cd proftpd-1.3.1

patch -p1 < ../mod_clamav-0.10/proftpd.patch

Now the usual steps for building ProFTPd, using third-party modules, apply. Additionally, you may change any configure arguments to meet your needs.


cd proftpd-1.3.4d

--prefix=/usr/local/proftpd-1.3.4d --enable-ctrls --with-mysql-config=/usr/local/mysql/bin/mysql_config --with-libraries=/usr/local/mysql/lib 

--with-includes=/usr/local/mysql/include --enable-shadow --enable-autoshadow --enable-openssl --enable-pool-size --enable-dso

--with-modules=mod_ratio:mod_readme:mod_wrap2:mod_wrap2_sql:mod_ifsession:mod_sql:mod_sql_mysql:mod_sql_passwd:mod_quotatab:mod_quotatab_sql:mod_quotatab_file:mod_clamav

--with-include=/usr/local/lab/unixODBC-2.3.2/includes:/usr/local/mysql/include --with-libraries=/usr/local/lab/unixODBC-2.3.2/lib:/usr/local/mysql/lib 


make && make install

说明:

--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql   这句是让编译ProFTPD 支持MySQL的模块,并有磁盘限额支持;

--with-includes=    这是来指定MySQL服务器includes所在的位置;在这里我设置的是/usr/include/mysql,因为我的MySQL服务器的includes的确在这个目录;你可以根据自己的机器环境来调整;

--with-libraries=    这是来指定MySQL服务器libraries所在的位置;在这里我设置的是/usr/lib/mysql,因为我的MySQL服务器的libraries的确在这个目录;你可以根据自己的机器环境来调整;


到此proftp已安装结束

主要配置文件如下:

[root@server:/usr/local/proftpd/etc]# cat proftpd.conf 

# This is a basic ProFTPD configuration file (rename it to 

# ‘proftpd.conf‘ for actual use.  It establishes a single server

# and a single anonymous login.  It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.


ServerName                      "ProFTPD Default Installation"

ServerType                      standalone

DefaultServer                   on


# Port 21 is the standard FTP port.

Port                            21


# Don‘t use IPv6 support by default.

UseIPv6                         off


# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                           022

TimeoutLogin         120

TimeoutIdle          600

TimeoutNoTransfer    900

TimeoutStalled      3600

# Where do we put the pid files?

#ScoreboardPath    /var/run/proftpd

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                    30

MaxLoginAttempts        3

# Set the user and group under which the server will run.

User                            apache

Group                           users

# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

#DefaultRoot ~

# Normally, we want files to be overwriteable.

AllowOverwrite          on

# 上传断点续传

AllowRetrieveRestart    on

AllowStoreRestart       on

# Bar use of SITE CHMOD by default

<Limit SITE_CHMOD>

  DenyAll

</Limit>

# A basic anonymous configuration, no upload directories.  If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

#<Anonymous ~ftp>

#  User                         ftp

#  Group                                ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"

#  UserAlias                    anonymous ftp

  # Limit the maximum number of anonymous logins

#  MaxClients                   10

  # We want ‘welcome.msg‘ displayed at login, and ‘.message‘ displayed

  # in each newly chdired directory.

#  DisplayLogin                 welcome.msg

#  DisplayChdir                 .message

  # Limit WRITE everywhere in the anonymous chroot

#  <Limit WRITE>

#    DenyAll

#  </Limit>

#</Anonymous>

#设置MySQL认证:

#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,

#Port是端口号,UserName是连接数据库的用户名,Password是密码。

SQLConnectInfo proftpd@192.168.1.1 proftpd 123456  #用户名与密码


#数据库认证的类型:

SQLAuthTypes OpenSSL

#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)

SQLUserInfo FTPUSERS userid passwd uid gid home shell

SQLGroupInfo FTPGRPS grpname gid members

#设置如果shell为空时允许用户登录:

RequireValidShell off

#数据库的鉴别

SQLAuthenticate users groups usersetfast groupsetfast

#如果home目录不存在,则系统会为根据它的home项新建一个目录:

CreateHome off

#判断这个用户是否允许登录本机

#SQLUserWhereClause "accesshost like‘%10.10.26.195%‘" #这里的%号ProFtp不识别, 妈的!所以用下面的方法.

SQLUserWhereClause "0 !=FIND_IN_SET(‘192.168.1.1‘,accesshost)"

#SQL验证日志

#SQLLog

SQLLogFile /usr/local/proftpd/var/sql.log


#SQL验证用户的UID和GID

SQLMinUserUID 500

SQLMinUserGID 100

SQLDefaultUID 500

SQLDefaultGID 100


#####  #####

MaxClients      50

UseReverseDNS   off

IdentLookups  off

#QuotaLimitTable file:/usr/local/proftpd/etc/ftpquota.limittab

#QuotaTallyTable file:/usr/local/proftpd/etc/ftpquota.tallytab

QuotaDirectoryTally  on

QuotaDisplayUnits Mb

QuotaEngine on

QuotaLog /usr/local/proftpd/var/quota.log

QuotaShowQuotas on

QuotaOptions ScanOnLogin

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = ‘%{0}‘ AND quota_type = ‘%{1}‘"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = ‘%{0}‘ AND quota_type = ‘%{1}‘"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = ‘%{6}‘ AND quota_type = ‘%{7}‘" quotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies


QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally


DefaultRoot ~

DisplayLogin welcome to ftp server !

AllowStoreRestart on


############ Fixed Log Format #########

LogFormat awstats "%t   %h      %u      %m      %f      %s      %b"

ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats

TransferLog /usr/local/proftpd/var/transfer.log

ServerLog /usr/local/proftpd/var/server.log

#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who‘s size is less than 250MB will be scanned.

<IfModule mod_clamav.c>

   ClamAV on

   ClamServer localhost

   ClamPort 3310

   ClamMaxSize 250 Mb

</IfModule>


数据库设置:

注:数据库与proftpd 程序可以位于不同的服务器上面.可实现需要部署proftpd 程序的服务器都统一使用数据库用户认证,便于ftp账号的统一管理.一个ftp 账号也可以指定在多台proftpd 部署的程序主要上面登录.

例如:

mysql> select * from FTPUSERS;

+--------+--------------------------+-----+-----+-----------------------------+---------------+--------------------------+-------------------+

| userid         | passwd                | uid | gid | home                          | shell         | accesshost               | coment            |

+--------+--------------------------+-----+-----+--------------------------------------------+---------------+--------------------------+-----------

| user01    | bog7BizRhTQS0p9qVroQ==yyyyyyy | 500 | 100 | /data/mysql              | /sbin/nologin | 192.168.1.1,192.168.1.2  |                   |

| user02    | 6+CETb6sIYZfbVNt3sSIS4444rrrr | 500 | 100 | /opt                     | /sbin/nologin | 192.168.1.1              |                   |


用户user01 在主机(192.168.1.1,192.168.1.2)部署好程序设置后,都可以使用FTP进行登录.


创建用户:

mysql>create database proftpd;

mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.*  to proftpd@localhost Identified by "123456";

mysql>flush privileges;


导入以下数据库表结构:


-- Current Database: `proftpd`

--

CREATE DATABASE /*!32312 IF NOT EXISTS*/ `ftp_db` /*!40100 DEFAULT CHARACTER SET latin1 */;


USE `proftpd`;

--

-- Table structure for table `FTPGRPS`

--


DROP TABLE IF EXISTS `FTPGRPS`;

/*!40101 SET @saved_cs_client     = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `FTPGRPS` (

  `grpname` text NOT NULL,

  `gid` smallint(6) NOT NULL,

  `members` text NOT NULL

) ENGINE=InnoDB DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;


--

-- Table structure for table `FTPUSERS`

--


DROP TABLE IF EXISTS `FTPUSERS`;

/*!40101 SET @saved_cs_client     = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `FTPUSERS` (

  `userid` text NOT NULL,

  `passwd` text NOT NULL,

  `uid` int(11) NOT NULL,

  `gid` int(11) NOT NULL,

  `home` text,

  `shell` text,

  `accesshost` text,

  `coment` text

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;


--

-- Table structure for table `quotalimits`

--


DROP TABLE IF EXISTS `quotalimits`;

/*!40101 SET @saved_cs_client     = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `quotalimits` (

  `name` varchar(30) DEFAULT NULL,

  `quota_type` enum(‘user‘,‘group‘,‘class‘,‘all‘) NOT NULL DEFAULT ‘user‘,

  `per_session` enum(‘false‘,‘true‘) NOT NULL DEFAULT ‘false‘,

  `limit_type` enum(‘soft‘,‘hard‘) NOT NULL DEFAULT ‘soft‘,

  `bytes_in_avail` float NOT NULL DEFAULT ‘0‘,

  `bytes_out_avail` float NOT NULL DEFAULT ‘0‘,

  `bytes_xfer_avail` float NOT NULL DEFAULT ‘0‘,

  `files_in_avail` int(10) unsigned NOT NULL DEFAULT ‘0‘,

  `files_out_avail` int(10) unsigned NOT NULL DEFAULT ‘0‘,

  `files_xfer_avail` int(10) unsigned NOT NULL DEFAULT ‘0‘

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;


--

-- Table structure for table `quotatallies`

--


DROP TABLE IF EXISTS `quotatallies`;

/*!40101 SET @saved_cs_client     = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `quotatallies` (

  `name` varchar(30) NOT NULL DEFAULT ‘‘,

  `quota_type` enum(‘user‘,‘group‘,‘class‘,‘all‘) NOT NULL DEFAULT ‘user‘,

  `bytes_in_used` float NOT NULL DEFAULT ‘0‘,

  `bytes_out_used` float NOT NULL DEFAULT ‘0‘,

  `bytes_xfer_used` float NOT NULL DEFAULT ‘0‘,

  `files_in_used` int(10) unsigned NOT NULL DEFAULT ‘0‘,

  `files_out_used` int(10) unsigned NOT NULL DEFAULT ‘0‘,

  `files_xfer_used` int(10) unsigned NOT NULL DEFAULT ‘0‘

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;

/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;



proftpd 程序启动文件配置:


      ln -s /usr/local/proftpd/proftpd.sh /etc/init.d/proftpd

      chkconfig --add proftpd

     /etc/init.d/proftpd stop

启动文件内容:

[root@server:/usr/local/proftpd]# cat proftpd.sh 

#!/bin/sh

#

# Startup script for ProFTPD

# chkconfig: 345 85 15

# description: ProFTPD is an enhanced FTP server with \

#              a focus toward simplicity, security, and ease of configuration. \

#              It features a very Apache-like configuration syntax, \

#              and a highly customizable server infrastructure, \

#              including support for multiple ‘virtual‘ FTP servers, \

#              anonymous FTP, and permission-based directory visibility.

# processname: proftpd

# config: /usr/local/proftpd/etc/proftpd.conf

#

# By: Osman Elliyasa <osman@Cable.EU.org>

# $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $

 

# Source function library.

. /etc/rc.d/init.d/functions

 

if [ -f /etc/sysconfig/proftpd ]; then

      . /etc/sysconfig/proftpd

fi

 

PATH="$PATH:/usr/local/proftpd/sbin"

 

# See how we were called.

case "$1" in

    start)

        echo -n "Starting proftpd: "

        daemon proftpd $OPTIONS

        echo

        touch /var/lock/subsys/proftpd

        ;;

    stop)

        echo -n "Shutting down proftpd: "

        killproc proftpd

        echo

        rm -f /var/lock/subsys/proftpd

        ;;

    status)

        status proftpd

        ;;

    restart)

        $0 stop

        $0 start

        ;;

    reread)

        echo -n "Re-reading proftpd config: "

        killproc proftpd -HUP

        echo

        ;;

    suspend)

        hash ftpshut >/dev/null 2>&1

        if [ $? = 0 ]; then

            if [ $# -gt 1 ]; then

                shift

                echo -n "Suspending with ‘$*‘ "

                ftpshut $*

            else

                echo -n "Suspending NOW "

                ftpshut now "Maintanance in progress"

            fi

        else

            echo -n "No way to suspend "

        fi

        echo

        ;;

    resume)

        if [ -f /etc/shutmsg ]; then

            echo -n "Allowing sessions again "

            rm -f /etc/shutmsg

        else

            echo -n "Was not suspended "

        fi

        echo

        ;;

    *)

        echo -n "Usage: $0 {start|stop|restart|status|reread|resume"

        hash ftpshut

        if [ $? = 1 ]; then

            echo ‘}‘

        else

            echo ‘|suspend}‘

            echo ‘suspend accepts additional arguments which are passed to ftpshut(8)‘

        fi

        exit 1

esac

 

if [ $# -gt 1 ]; then

    shift

    $0 $*

fi 

exit 0

添加用户相关脚本:

[root@server:/usr/local/proftpd]# cat adduser_dir.sh 

#!/bin/bash


usage () {

        echo ""

        echo "  Please Input Correct infomation!"

        echo ""

        echo "  USAGE: `basename $0` username /dir ftp_server_ip"

        echo "  Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"

        echo ""

        echo "  Result:"

        echo "          UserName: Lee"

        echo "          UserHome: /data/lee/home"

        echo "          PassWord: N1Jy3Fqol"

        echo ""

}


if [[ $3 == ""  ]];then

        usage;

        exit 1;

fi


datetime=`date +%Y%m%d" "%H:%M:%S`

userid=$1

passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`

home=$2

dst_passwd=‘{md5}‘`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`

shell=‘/sbin/nologin‘

accesshost=$3

/usr/local/mysql/bin/mysql -u ftp_user -p‘ws&&**ftp‘ -h 192.168.254.101 -e "\

use proftpd;insert into FTPUSERS VALUES(‘$userid‘,‘$dst_passwd‘,500,100,‘$home‘,‘/sbin/nologin‘,‘$accesshost‘,‘$datetime‘);"

echo "UserName: $userid"

echo "PassWord: $passwd"

echo "userHome: $home"

echo "FTP  IPs: $accesshost"

echo ""

[root@server:/usr/local/proftpd]# cat adduser_domain.sh 

#!/bin/bash

usage () {

        echo ""

        echo "  Please Input Correct infomation!"

        echo ""

        echo "  USAGE: `basename $0` domainname ftp_server_ip"

        echo "  Exp: `basename $0` www.test.com 1.1.1.1,2.2.2.2"

        echo ""

        echo "  Result:"

        echo "          UserName: www.test.com"

        echo "          PassWord: N1Jy3Fqol"

        echo ""

}

if [[ $2 == ""  ]];then

        usage;

        exit 1;

fi

datetime=`date +%Y%m%d" "%H:%M:%S`

userid=$1

passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`

domain=$userid

if [[ $1 =~ ^www ]];then

        domain=${1#www.}

fi

dst_passwd=‘{md5}‘`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`

home="/data/www/vhosts/$domain"

shell=‘/sbin/nologin‘

accesshost=$2

/usr/local/mysql/bin/mysql -u ftp_user -p‘ws&&**ftp‘ -h 192.168.254.101 -e "\

use proftpd;insert into FTPUSERS VALUES(‘$userid‘,‘$dst_passwd‘,500,100,‘$home‘,‘/sbin/nologin‘,‘$accesshost‘,‘$datetime‘);"

echo "UserName: $userid"

echo "PassWord: $passwd"

echo "FTP  IPs: $accesshost"

echo ""

  

关于用户限额配置:


quotalimits


     name - username

     quota_type - user, group, class, all (we use user)

     per_session - true or false (we use false)

     limit_type - quota limit type - hard or soft (we use soft)

     bytes_in_avail - upload limit in bytes - allowed bytes on disk (eg diskquota)

     bytes_out_avail - download limit in bytes - allowed bytes a user can download

     bytes_xfer_avail - allowed bytes a user can transfer in/out

     files_in_avail - upload limit in files - allowed number of uploaded files

     files_out_avail - allowed number of downloaded files

     files_xfer_avail - allowed number of files a user can transfer in/out

name 应该这样理解,既能表示单个用户,也能表示用户组名;如果我们在quota_type(限额类型)中使用group来认证的话,那就得在这里设置组名,这样整组都具有统一的磁盘限额的特性;当然您要在ftpgroups表中插入组纪录;并且在member字段中得把用户一个一个的列进去,这是后话了;先自己研究一下,只是插入纪录的事;我们只说最简单的单个用户的磁盘限额;默认值可以为空NULL,如果为空则针对所在有quota_type中设置的类型,比如在quota_type中设置为user ,就是针对所有ftpusers 中的用户起作用;如果是group名,也是对ftpgroups 所有组作用;


quota_type 磁盘限额类型,可以设置为用户,也可以设置为用户组group ;如果您的name写的是用户组,那在这里就得设置为group来认定;默认为user认证;


per_session 默认为false;

limit_type 默认为soft;

bytes_in_avail 用户占用空间大小,也就是家目录的空间最大可以让用户占用多少,单位是byte;默认为0,0是不受限制,以下同理;

bytes_out_avail 注;所有下载文件的总和,默认为0;

bytes_xfer_avail 注;一个用户上传下载流量总和,默认为0

files_in_avail 注:限制上传文件总数,默认为0;

files_out_avail 注;限制下载文件个数总计,默认为0

files_xfer_avail 注:允许下载和上传的文件总和我,默认为0;

由此看来,我们比如想让test用户,约束空间大小为100M,其它不受限制;则可用下面的mysql命令添加;


先让我们对照quotalimits表的结构,然后根据表的结构来添加;


mysql> describe quotalimits;

+------------------+------------------------------------+------+-----+---------+-------+

| Field            | Type                               | Null | Key | Default | Extra |


+------------------+------------------------------------+------+-----+---------+-------+

| name             | varchar(30)                        | YES  |     | NULL    |       |

| quota_type       | enum(‘user‘,‘group‘,‘class‘,‘all‘) |      |     | user    |       |

| per_session      | enum(‘false‘,‘true‘)               |      |     | false   |       |

| limit_type       | enum(‘soft‘,‘hard‘)                |      |     | soft    |       |

| bytes_in_avail   | float                              |      |     | 0       |       |

| bytes_out_avail  | float                              |      |     | 0       |       |

| bytes_xfer_avail | float                              |      |     | 0       |       |

| files_in_avail   | int(10) unsigned                   |      |     | 0       |       |

| files_out_avail  | int(10) unsigned                   |      |     | 0       |       |

| files_xfer_avail | int(10) unsigned                   |      |     | 0       |       |

+------------------+------------------------------------+------+-----+---------+-------+

10 rows in set (0.00 sec)

添加记录

mysql>insert into quotalimits VALUES  (‘test‘,‘user‘,‘false‘,‘soft‘,‘104857600‘,‘0‘,‘0‘,‘0‘,‘0‘,‘0‘);

运算公式:

1Kb=1024 byte

1M=1024 Kb

100M=100x1024 Kb= 100x1024x1024 byte=104857600 byte


注意:磁盘限额生效,必须让FTP用户重新登录才有效;比如test用户正在ftp上,这时要先退出,然后再登录,这是磁盘限额就有效了;

查看用户空间使用情况

登录FTP后用下面的命令;

quote site quota;

举例:

lftp test@192.168.1.5:/> quote site quota;

200-The current quota for this session are [current/limit]:

Name: test

Quota Type: User

Per Session: False

Limit Type: Soft

   Uploaded Mb:         19.00/95.37


proftp + mysql 配置管理