一、下载安装proftp mysql
下载 wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gz
tar zxf proftpd-1.3.4d.tar.gz
INSTALLATION Mod_Clamav
To install Mod_Clamav, download and unpack the Mod_Clamav source code.
wget http://www.thrallingpenguin.com/resources/mod_clamav-0.10.tar.gz
tar xzvf mod_clamav-0.10.tar.gz
Download the latest proftpd source code, and prepare it for building Mod_Clamav.
wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gz
tar xzvf proftpd-1.3.1.tar.gz
cp mod_clamav-0.10/mod_clamav.* proftpd-1.3.1/contrib
Apply the required patch:
cd proftpd-1.3.1
patch -p1 < ../mod_clamav-0.10/proftpd.patch
Now the usual steps for building ProFTPd, using third-party modules, apply. Additionally, you may change any configure arguments to meet your needs.
cd proftpd-1.3.4d
--prefix=/usr/local/proftpd-1.3.4d --enable-ctrls --with-mysql-config=/usr/local/mysql/bin/mysql_config --with-libraries=/usr/local/mysql/lib
--with-includes=/usr/local/mysql/include --enable-shadow --enable-autoshadow --enable-openssl --enable-pool-size --enable-dso
--with-modules=mod_ratio:mod_readme:mod_wrap2:mod_wrap2_sql:mod_ifsession:mod_sql:mod_sql_mysql:mod_sql_passwd:mod_quotatab:mod_quotatab_sql:mod_quotatab_file:mod_clamav
--with-include=/usr/local/lab/unixODBC-2.3.2/includes:/usr/local/mysql/include --with-libraries=/usr/local/lab/unixODBC-2.3.2/lib:/usr/local/mysql/lib
make && make install
说明:
--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql 这句是让编译ProFTPD 支持MySQL的模块,并有磁盘限额支持;
--with-includes= 这是来指定MySQL服务器includes所在的位置;在这里我设置的是/usr/include/mysql,因为我的MySQL服务器的includes的确在这个目录;你可以根据自己的机器环境来调整;
--with-libraries= 这是来指定MySQL服务器libraries所在的位置;在这里我设置的是/usr/lib/mysql,因为我的MySQL服务器的libraries的确在这个目录;你可以根据自己的机器环境来调整;
到此proftp已安装结束
主要配置文件如下:
[root@server:/usr/local/proftpd/etc]# cat proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
# Where do we put the pid files?
#ScoreboardPath /var/run/proftpd
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
MaxLoginAttempts 3
# Set the user and group under which the server will run.
User apache
Group users
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# 上传断点续传
AllowRetrieveRestart on
AllowStoreRestart on
# Bar use of SITE CHMOD by default
DenyAll
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire
#
# User ftp
# Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
# MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
#
# DenyAll
#
#
#设置MySQL认证:
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo [email protected] proftpd 123456 #用户名与密码
#数据库认证的类型:
SQLAuthTypes OpenSSL
#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid home shell
SQLGroupInfo FTPGRPS grpname gid members
#设置如果shell为空时允许用户登录:
RequireValidShell off
#数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast
#如果home目录不存在,则系统会为根据它的home项新建一个目录:
CreateHome off
#判断这个用户是否允许登录本机
#SQLUserWhereClause "accesshost like'%10.10.26.195%'" #这里的%号ProFtp不识别, 妈的!所以用下面的方法.
SQLUserWhereClause "0 !=FIND_IN_SET('192.168.1.1',accesshost)"
#SQL验证日志
#SQLLog
SQLLogFile /usr/local/proftpd/var/sql.log
#SQL验证用户的UID和GID
SQLMinUserUID 500
SQLMinUserGID 100
SQLDefaultUID 500
SQLDefaultGID 100
##### #####
MaxClients 50
UseReverseDNS off
IdentLookups off
#QuotaLimitTable file:/usr/local/proftpd/etc/ftpquota.limittab
#QuotaTallyTable file:/usr/local/proftpd/etc/ftpquota.tallytab
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaEngine on
QuotaLog /usr/local/proftpd/var/quota.log
QuotaShowQuotas on
QuotaOptions ScanOnLogin
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
DefaultRoot ~
DisplayLogin welcome to ftp server !
AllowStoreRestart on
############ Fixed Log Format #########
LogFormat awstats "%t %h %u %m %f %s %b"
ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats
TransferLog /usr/local/proftpd/var/transfer.log
ServerLog /usr/local/proftpd/var/server.log
#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's size is less than 250MB will be scanned.
ClamAV on
ClamServer localhost
ClamPort 3310
ClamMaxSize 250 Mb
数据库设置:
注:数据库与proftpd 程序可以位于不同的服务器上面.可实现需要部署proftpd 程序的服务器都统一使用数据库用户认证,便于ftp账号的统一管理.一个ftp 账号也可以指定在多台proftpd 部署的程序主要上面登录.
例如:
mysql> select * from FTPUSERS;
+--------+--------------------------+-----+-----+-----------------------------+---------------+--------------------------+-------------------+
| userid | passwd | uid | gid | home | shell | accesshost | coment |
+--------+--------------------------+-----+-----+--------------------------------------------+---------------+--------------------------+-----------
| user01 | bog7BizRhTQS0p9qVroQ==yyyyyyy | 500 | 100 | /data/mysql | /sbin/nologin | 192.168.1.1,192.168.1.2 | |
| user02 | 6+CETb6sIYZfbVNt3sSIS4444rrrr | 500 | 100 | /opt | /sbin/nologin | 192.168.1.1 | |
用户user01 在主机(192.168.1.1,192.168.1.2)部署好程序设置后,都可以使用FTP进行登录.
创建用户:
mysql>create database proftpd;
mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.* to proftpd@localhost Identified by "123456";
mysql>flush privileges;
导入以下数据库表结构:
-- Current Database: `proftpd`
--
CREATE DATABASE /*!32312 IF NOT EXISTS*/ `ftp_db` /*!40100 DEFAULT CHARACTER SET latin1 */;
USE `proftpd`;
--
-- Table structure for table `FTPGRPS`
--
DROP TABLE IF EXISTS `FTPGRPS`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `FTPGRPS` (
`grpname` text NOT NULL,
`gid` smallint(6) NOT NULL,
`members` text NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `FTPUSERS`
--
DROP TABLE IF EXISTS `FTPUSERS`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `FTPUSERS` (
`userid` text NOT NULL,
`passwd` text NOT NULL,
`uid` int(11) NOT NULL,
`gid` int(11) NOT NULL,
`home` text,
`shell` text,
`accesshost` text,
`coment` text
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `quotalimits`
--
DROP TABLE IF EXISTS `quotalimits`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `quotalimits` (
`name` varchar(30) DEFAULT NULL,
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`per_session` enum('false','true') NOT NULL DEFAULT 'false',
`limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft',
`bytes_in_avail` float NOT NULL DEFAULT '0',
`bytes_out_avail` float NOT NULL DEFAULT '0',
`bytes_xfer_avail` float NOT NULL DEFAULT '0',
`files_in_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_avail` int(10) unsigned NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `quotatallies`
--
DROP TABLE IF EXISTS `quotatallies`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `quotatallies` (
`name` varchar(30) NOT NULL DEFAULT '',
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`bytes_in_used` float NOT NULL DEFAULT '0',
`bytes_out_used` float NOT NULL DEFAULT '0',
`bytes_xfer_used` float NOT NULL DEFAULT '0',
`files_in_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_used` int(10) unsigned NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
proftpd 程序启动文件配置:
ln -s /usr/local/proftpd/proftpd.sh /etc/init.d/proftpd
chkconfig --add proftpd
/etc/init.d/proftpd stop
启动文件内容:
[root@server:/usr/local/proftpd]# cat proftpd.sh
#!/bin/sh
#
# Startup script for ProFTPD
# chkconfig: 345 85 15
# description: ProFTPD is an enhanced FTP server with \
# a focus toward simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /usr/local/proftpd/etc/proftpd.conf
#
# By: Osman Elliyasa
# $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $
# Source function library.
. /etc/rc.d/init.d/functions
if [ -f /etc/sysconfig/proftpd ]; then
. /etc/sysconfig/proftpd
fi
PATH="$PATH:/usr/local/proftpd/sbin"
# See how we were called.
case "$1" in
start)
echo -n "Starting proftpd: "
daemon proftpd $OPTIONS
echo
touch /var/lock/subsys/proftpd
;;
stop)
echo -n "Shutting down proftpd: "
killproc proftpd
echo
rm -f /var/lock/subsys/proftpd
;;
status)
status proftpd
;;
restart)
$0 stop
$0 start
;;
reread)
echo -n "Re-reading proftpd config: "
killproc proftpd -HUP
echo
;;
suspend)
hash ftpshut >/dev/null 2>&1
if [ $? = 0 ]; then
if [ $# -gt 1 ]; then
shift
echo -n "Suspending with '$*' "
ftpshut $*
else
echo -n "Suspending NOW "
ftpshut now "Maintanance in progress"
fi
else
echo -n "No way to suspend "
fi
echo
;;
resume)
if [ -f /etc/shutmsg ]; then
echo -n "Allowing sessions again "
rm -f /etc/shutmsg
else
echo -n "Was not suspended "
fi
echo
;;
*)
echo -n "Usage: $0 {start|stop|restart|status|reread|resume"
hash ftpshut
if [ $? = 1 ]; then
echo '}'
else
echo '|suspend}'
echo 'suspend accepts additional arguments which are passed to ftpshut(8)'
fi
exit 1
esac
if [ $# -gt 1 ]; then
shift
$0 $*
fi
exit 0
添加用户相关脚本:
[root@server:/usr/local/proftpd]# cat adduser_dir.sh
#!/bin/bash
usage () {
echo ""
echo " Please Input Correct infomation!"
echo ""
echo " USAGE: `basename $0` username /dir ftp_server_ip"
echo " Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"
echo ""
echo " Result:"
echo " UserName: Lee"
echo " UserHome: /data/lee/home"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $3 == "" ]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
home=$2
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
shell='/sbin/nologin'
accesshost=$3
/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\
use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "userHome: $home"
echo "FTP IPs: $accesshost"
echo ""
[root@server:/usr/local/proftpd]# cat adduser_domain.sh
#!/bin/bash
usage () {
echo ""
echo " Please Input Correct infomation!"
echo ""
echo " USAGE: `basename $0` domainname ftp_server_ip"
echo " Exp: `basename $0` www.test.com 1.1.1.1,2.2.2.2"
echo ""
echo " Result:"
echo " UserName: www.test.com"
echo " PassWord: N1Jy3Fqol"
echo ""
}
if [[ $2 == "" ]];then
usage;
exit 1;
fi
datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
domain=$userid
if [[ $1 =~ ^www ]];then
domain=${1#www.}
fi
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
home="/data/www/vhosts/$domain"
shell='/sbin/nologin'
accesshost=$2
/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\
use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "FTP IPs: $accesshost"
echo ""
关于用户限额配置:
quotalimits
name - username
quota_type - user, group, class, all (we use user)
per_session - true or false (we use false)
limit_type - quota limit type - hard or soft (we use soft)
bytes_in_avail - upload limit in bytes - allowed bytes on disk (eg diskquota)
bytes_out_avail - download limit in bytes - allowed bytes a user can download
bytes_xfer_avail - allowed bytes a user can transfer in/out
files_in_avail - upload limit in files - allowed number of uploaded files
files_out_avail - allowed number of downloaded files
files_xfer_avail - allowed number of files a user can transfer in/out
name 应该这样理解,既能表示单个用户,也能表示用户组名;如果我们在quota_type(限额类型)中使用group来认证的话,那就得在这里设置组名,这样整组都具有统一的磁盘限额的特性;当然您要在ftpgroups表中插入组纪录;并且在member字段中得把用户一个一个的列进去,这是后话了;先自己研究一下,只是插入纪录的事;我们只说最简单的单个用户的磁盘限额;默认值可以为空NULL,如果为空则针对所在有quota_type中设置的类型,比如在quota_type中设置为user ,就是针对所有ftpusers 中的用户起作用;如果是group名,也是对ftpgroups 所有组作用;
quota_type 磁盘限额类型,可以设置为用户,也可以设置为用户组group ;如果您的name写的是用户组,那在这里就得设置为group来认定;默认为user认证;
per_session 默认为false;
limit_type 默认为soft;
bytes_in_avail 用户占用空间大小,也就是家目录的空间最大可以让用户占用多少,单位是byte;默认为0,0是不受限制,以下同理;
bytes_out_avail 注;所有下载文件的总和,默认为0;
bytes_xfer_avail 注;一个用户上传下载流量总和,默认为0
files_in_avail 注:限制上传文件总数,默认为0;
files_out_avail 注;限制下载文件个数总计,默认为0
files_xfer_avail 注:允许下载和上传的文件总和我,默认为0;
由此看来,我们比如想让test用户,约束空间大小为100M,其它不受限制;则可用下面的mysql命令添加;
先让我们对照quotalimits表的结构,然后根据表的结构来添加;
mysql> describe quotalimits;
+------------------+------------------------------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+------------------+------------------------------------+------+-----+---------+-------+
| name | varchar(30) | YES | | NULL | |
| quota_type | enum('user','group','class','all') | | | user | |
| per_session | enum('false','true') | | | false | |
| limit_type | enum('soft','hard') | | | soft | |
| bytes_in_avail | float | | | 0 | |
| bytes_out_avail | float | | | 0 | |
| bytes_xfer_avail | float | | | 0 | |
| files_in_avail | int(10) unsigned | | | 0 | |
| files_out_avail | int(10) unsigned | | | 0 | |
| files_xfer_avail | int(10) unsigned | | | 0 | |
+------------------+------------------------------------+------+-----+---------+-------+
10 rows in set (0.00 sec)
添加记录
mysql>insert into quotalimits VALUES ('test','user','false','soft','104857600','0','0','0','0','0');
运算公式:
1Kb=1024 byte
1M=1024 Kb
100M=100x1024 Kb= 100x1024x1024 byte=104857600 byte
注意:磁盘限额生效,必须让FTP用户重新登录才有效;比如test用户正在ftp上,这时要先退出,然后再登录,这是磁盘限额就有效了;
查看用户空间使用情况
登录FTP后用下面的命令;
quote site quota;
举例:
lftp [email protected]:/> quote site quota;
200-The current quota for this session are [current/limit]:
Name: test
Quota Type: User
Per Session: False
Limit Type: Soft
Uploaded Mb: 19.00/95.37