UBuntu9.10 server上配置Pure FTPd 常用功能

本文描述在UBuntu9.10server上安装pure-ftpd的方法。设置pure-ftpd,达到如下目的:
1)添加自己的验证模块进行用户名和密码的验证
2)允许动态创建用户目录
3) 用户只能访问自己的目录
4)用户上传文件后将得到通知

创建FTP根目录

在/下创建pureFTPRoot目录,并改变权限:
chenshu@csserver:/$ sudo mkdir pureFTPRoot
chenshu@csserver:/$ sudo chmod 777 ./pureFTPRoot/

创建所有FTP用户使用的系统组和用户


先添加一个用户组:
sudo groupadd pureFTP

然后添加一个pureFTP所有的虚拟用户使用的用户:
sudo useradd -g pureFTP -d /home/ftp -s /sbin/nologin pureFTPUser


查看uid和gid:
chenshu@csserver:~$ id pureFTPUser
uid=1003(pureFTPUser) gid=1002(pureFTP) groups=1002(pureFTP)

安装程序

sudo apt-get install pure-ftpd

配置FTP用户只允许它们访问自己的目录

新建文件 /etc/pure-ftpd/conf/ChrootEveryone
内容为:
yes

这会导致启动的时候出现参数-A

配置自动创建用户的Home目录

新建文件/etc/pure-ftpd/conf/CreateHomeDir
内容为:
yes

这会导致启动的时候出现参数-j

配置FTP在上传成功后调用上传脚本

新建文件/etc/pure-ftpd/conf/CallUploadScript
内容为:
yes

这会导致启动的时候出现参数-o

配置/etc/default/pure-ftpd-common文件内容如下:

# Configuration for pure-ftpd                                                                                                                                                      
# (this file is sourced by /bin/sh, edit accordingly)                                                                                                                              

# STANDALONE_OR_INETD                                                                                                                                                              
# valid values are "standalone" and "inetd".                                                                                                                                       
# Any change here overrides the setting in debconf.                                                                                                                                
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:                                                                                                                                                                   
# whether to use binary with virtualchroot support                                                                                                                                 
# valid values are "true" or "false"                                                                                                                                               
# Any change here overrides the setting in debconf.                                                                                                                                
VIRTUALCHROOT=false

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,                                                                                                           
# pure-uploadscript will also be run to spawn the program given below                                                                                                              
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or                                                                                                                  
# pure-uploadscript(8)                                                                                                                                                             

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl                                                                                                                           
UPLOADSCRIPT=/usr/sbin/upload2.sh

# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the                                                                                                                
# given uid and gid                                                                                                                                                                
UPLOADUID=1002
UPLOADGID=1003

注意:
uid和gid都是用户pureFTPUser的。这里很奇怪,用root用户的uid:0和gid:0是不行的。
这里upload2.sh文件必须放在/usr/sbin目录下,否则无效

脚本内容:
#!/bin/sh                                                                                                                                                                                                        
echo "$1" > /tmp/pure-was-here$(date +%Y%m%d%H%M%S)



重新启动服务,观察所用的参数 -A -j -o 都在
chenshu@csserver:~$ sudo /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l pam -A -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -H -j -E -o -u 1000 -B

重新启动计算机,并检查服务:
chenshu@csserver:~$ ps -def | grep pure
root      1222     1  0 17:24 ?        00:00:00 pure-ftpd (SERVER)                                                                                                                      
root      1225     1  0 17:24 ?        00:00:00 /usr/sbin/pure-uploadscript -r /usr/sbin/upload2.sh -B -u 1002 -g 1003

第二行启动了pure-uploadscript命令,参数就是我们在/etc/pure-ftpd/conf/CallUploadScript文件中配置的。

配置自定义验证模块

    创建一个简单的验证脚本/home/chenshu/ftp-auth-handler
#! /bin/sh                                                                                                                                                                         

if test "$AUTHD_ACCOUNT" = "john"; then
  echo 'auth_ok:1'
  echo 'uid:1003'
  echo 'gid:1002'
  echo 'dir:/pureFTPRoot/john'
  echo 'slow_tilde_expansion:0'
elif test "$AUTHD_ACCOUNT" = "mike"; then
  echo 'auth_ok:1'
  echo 'uid:1003'
  echo 'gid:1002'
  echo 'dir:/pureFTPRoot/mike'
  echo 'slow_tilde_expansion:1'
else
  echo 'auth_ok:0'
fi
echo 'end'

  注意,修改权限
sudo chmod 777 /home/chenshu/ftp-auth-handler


到目前位置,我一直使用配置文件,通过pure-ftpd-wrapper读取这些配置文件,生成pure-ftpd的参数,但是当我使用自定义验证模块的时候,我没有找到配置的方法,所以只能采用下面的方法:

首先删除默认启动命令

chenshu@csserver:/home/pureFTP$ sudo update-rc.d -f pure-ftpd remove
 Removing any system startup links for /etc/init.d/pure-ftpd ...
   /etc/rc1.d/K80pure-ftpd
   /etc/rc2.d/S20pure-ftpd
   /etc/rc3.d/S20pure-ftpd
   /etc/rc4.d/S20pure-ftpd
   /etc/rc5.d/S20pure-ftpd

先建立一个开机启动脚本,我的是/etc/init.d/Myshell
chmod 755 /etc/init.d/MyShell 

建立一个软链接,名称为S99MyShell.

    sudo ln  -s  /etc/init.d/MyShell  /etc/rc2.d/S99MyShell

    S为开始执行

    99为执行顺序

    MyShell为文件名

 

然后将自启动脚本文件的内容如下:
pure-authd -s /var/run/ftpd.sock -r /home/chenshu/ftp-auth-handler &
/usr/sbin/pure-ftpd -l extauth:/var/run/ftpd.sock -A -O clf:/var/log/pure-ftpd/transfer.log -8 UTF-8 -H -j -E -o -u 1000 -B
/usr/sbin/pure-uploadscript -r /usr/sbin/upload2.sh -B -u 1003 -g 1002


现在测试:
输入john或者mike登录,会自动创建用户目录,并且只能使用该目录。上传文件后,/tmp目录下会出现上传脚本写出的文件。



日志

日志文件在/var/log/pure-ftpd/目录下。按照我们之前的配置,如果文件上传,会生成一个/var/log/pure-ftpd/transfer.log日志文件。
但是还有一些ftp服务的日志是默认情况下记录到 /var/log/message 中的。比如下面的内容:


Jan 14 18:44:18 csserver pure-ftpd: ([email protected]) [INFO] New connection from 192.168.0.100
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] john is now logged in
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /etc: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /home: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /pureFTPRoot: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /untitled folder: No such file or directory
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] New connection from 192.168.0.100
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] john is now logged in
Jan 14 18:44:19 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /untitled folder: No such file or directory
Jan 14 18:46:58 csserver pure-ftpd: ([email protected]) [INFO] Can't change directory to /test_data60000.csv2: No such file or directory
Jan 14 18:46:59 csserver pure-ftpd: ([email protected]) [NOTICE] /pureFTPRoot/john//test_data60000.csv2 uploaded  (14499310 bytes, 11446.58KB/sec)
Jan 14 19:01:59 csserver pure-ftpd: ([email protected]) [INFO] Timeout - try typing a little faster next time
Jan 14 19:01:59 csserver pure-ftpd: ([email protected]) [INFO] Timeout - try typing a little faster next time

pureFTP并不完美


虽然花了很多力气,配置完成。可是测试的结果让我很不爽。
首先,如果我一次上传7个文件。上传脚本只报了3个文件,其余的丢失了。如果我一个接一个的上传,没问题,都报告了。
如果我上传一个大文件,中途取消,pureFTP也会认为是一个已经上传完的文件。这可能和FTP协议没有记录源文件的大小有关。
唯一较好的就是自动创建用户目录功能,不过这个自己也可以很轻松的实现。不就是mkdir么。

你可能感兴趣的:(ubuntu)