本文描述在UBuntu9.10server上安装pure-ftpd的方法。设置pure-ftpd,达到如下目的:
1)添加自己的验证模块进行用户名和密码的验证
2)允许动态创建用户目录
3) 用户只能访问自己的目录
4)用户上传文件后将得到通知
在/下创建pureFTPRoot目录,并改变权限:
chenshu@csserver:/$ sudo mkdir pureFTPRoot
chenshu@csserver:/$ sudo chmod 777 ./pureFTPRoot/
先添加一个用户组:
sudo groupadd pureFTP
然后添加一个pureFTP所有的虚拟用户使用的用户:
sudo useradd -g pureFTP -d /home/ftp -s /sbin/nologin pureFTPUser
查看uid和gid:
chenshu@csserver:~$ id pureFTPUser
uid=1003(pureFTPUser) gid=1002(pureFTP) groups=1002(pureFTP)
sudo apt-get install pure-ftpd
新建文件 /etc/pure-ftpd/conf/ChrootEveryone
内容为:
yes
这会导致启动的时候出现参数-A
新建文件/etc/pure-ftpd/conf/CreateHomeDir
内容为:
yes
这会导致启动的时候出现参数-j
新建文件/etc/pure-ftpd/conf/CallUploadScript
内容为:
yes
这会导致启动的时候出现参数-o
配置/etc/default/pure-ftpd-common文件内容如下:
# Configuration for pure-ftpd
# (this file is sourced by /bin/sh, edit accordingly)
# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone
# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=false
# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)
# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=/usr/sbin/upload2.sh
# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=1002
UPLOADGID=1003
注意:
uid和gid都是用户pureFTPUser的。这里很奇怪,用root用户的uid:0和gid:0是不行的。
这里upload2.sh文件必须放在/usr/sbin目录下,否则无效
脚本内容:
#!/bin/sh
echo "$1" > /tmp/pure-was-here$(date +%Y%m%d%H%M%S)
重新启动服务,观察所用的参数 -A -j -o 都在
chenshu@csserver:~$ sudo /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l pam -A -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -H -j -E -o -u 1000 -B
重新启动计算机,并检查服务:
chenshu@csserver:~$ ps -def | grep pure
root 1222 1 0 17:24 ? 00:00:00 pure-ftpd (SERVER)
root 1225 1 0 17:24 ? 00:00:00 /usr/sbin/pure-uploadscript -r /usr/sbin/upload2.sh -B -u 1002 -g 1003
第二行启动了pure-uploadscript命令,参数就是我们在/etc/pure-ftpd/conf/CallUploadScript文件中配置的。
创建一个简单的验证脚本/home/chenshu/ftp-auth-handler
#! /bin/sh
if test "$AUTHD_ACCOUNT" = "john"; then
echo 'auth_ok:1'
echo 'uid:1003'
echo 'gid:1002'
echo 'dir:/pureFTPRoot/john'
echo 'slow_tilde_expansion:0'
elif test "$AUTHD_ACCOUNT" = "mike"; then
echo 'auth_ok:1'
echo 'uid:1003'
echo 'gid:1002'
echo 'dir:/pureFTPRoot/mike'
echo 'slow_tilde_expansion:1'
else
echo 'auth_ok:0'
fi
echo 'end'
注意,修改权限
sudo chmod 777 /home/chenshu/ftp-auth-handler
到目前位置,我一直使用配置文件,通过pure-ftpd-wrapper读取这些配置文件,生成pure-ftpd的参数,但是当我使用自定义验证模块的时候,我没有找到配置的方法,所以只能采用下面的方法:
首先删除默认启动命令
chenshu@csserver:/home/pureFTP$ sudo update-rc.d -f pure-ftpd remove
Removing any system startup links for /etc/init.d/pure-ftpd ...
/etc/rc1.d/K80pure-ftpd
/etc/rc2.d/S20pure-ftpd
/etc/rc3.d/S20pure-ftpd
/etc/rc4.d/S20pure-ftpd
/etc/rc5.d/S20pure-ftpd
先建立一个开机启动脚本,我的是/etc/init.d/Myshell
chmod 755 /etc/init.d/MyShell
建立一个软链接,名称为S99MyShell.
sudo ln -s /etc/init.d/MyShell /etc/rc2.d/S99MyShell
S为开始执行
99为执行顺序
MyShell为文件名
然后将自启动脚本文件的内容如下:
pure-authd -s /var/run/ftpd.sock -r /home/chenshu/ftp-auth-handler &
/usr/sbin/pure-ftpd -l extauth:/var/run/ftpd.sock -A -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -H -j -E -o -u 1000 -B
/usr/sbin/pure-uploadscript -r /usr/sbin/upload2.sh -B -u 1003 -g 1002
现在测试:
输入john或者mike登录,会自动创建用户目录,并且只能使用该目录。上传文件后,/tmp目录下会出现上传脚本写出的文件。
日志文件在/var/log/pure-ftpd/目录下。按照我们之前的配置,如果文件上传,会生成一个/var/log/pure-ftpd/transfer.log日志文件。
但是还有一些ftp服务的日志是默认情况下记录到 /var/log/message 中的。比如下面的内容:
Jan 14 18:44:18 csserver pure-ftpd: ([email protected]) [INFO] New connection from 192.168.0.100
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] john is now logged in
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /etc: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /home: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /pureFTPRoot: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /untitled folder: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] New connection from 192.168.0.100
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] john is now logged in
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /untitled folder: No such file or directory
Jan 14 18:46:58 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /test_data60000.csv2: No such file or directory
Jan 14 18:46:59 csserver pure-ftpd: ([email protected]) [NOTICE] /pureFTPRoot/john//test_data60000.csv2 uploaded (14499310 bytes, 11446.58KB/sec)
Jan 14 19:01:59 csserver pure-ftpd: ([email protected]) [INFO] Timeout - try typing a little faster next time
Jan 14 19:01:59 csserver pure-ftpd: ([email protected]) [INFO] Timeout - try typing a little faster next time
虽然花了很多力气,配置完成。可是测试的结果让我很不爽。
首先,如果我一次上传7个文件。上传脚本只报了3个文件,其余的丢失了。如果我一个接一个的上传,没问题,都报告了。
如果我上传一个大文件,中途取消,pureFTP也会认为是一个已经上传完的文件。这可能和FTP协议没有记录源文件的大小有关。
唯一较好的就是自动创建用户目录功能,不过这个自己也可以很轻松的实现。不就是mkdir么。