Pure-FTPd的简介
Pure-FTPd 是一款免费(BSD)的,安全的,高质量和符合标准的FTP服务器。 侧重于运行效率和易用性。 它提供了简单的答案,他满足了大众化的需求,包括普通用户以及主机供应商们。
Pure-FTPd 安全性
pure - ftpd 得到了充分的支持,它是始终以安全设计为理念,其代码总是作为有漏洞的来进行讨论,并重新审核。该服务可以适应严格的安全需要做到权限分离。 甚至在不需要Root权限的情况下通过其内建的chroot()仿真以及虚拟帐户100%正常运行。避免密码作为明文传输:pure - ftpd的OpenSSL库支持可选的 SSL / TLS加密层使用。
系统认证方式有:
LDAPConfigFile
MySQLConfigFile
PGSQLConfigFile
PureDB
ExtAuth
PAMAuthentication
UnixAuthentication等
pureftp的一些常见问题:
1、默认安装时允许匿名用户和系统非root用户登录
2、上传下载速度的限制不是很准确,浮动较大,比vsftp要差一些。
3、磁盘配额不是实时的。
配置具体步骤:
一、安装所需软件包
yum -y install php httpd php-mysql mysql mysql-server mysql-devel
二、源码安装pure-ftp
tar -zxvf pure-ftpd-1.0.36.tar.gz -C /usr/local/src/
cd /usr/local/src/pure-ftpd-1.0.36/
检测预编译环境
[root@localhost pure-ftpd-1.0.36]#./configure \
--prefix=/usr/local/pureftpd \
--with-mysql \
--with-shadow \
--with-pam \
--with-welcomemsg \
--with-uploadscript \
--with-cookie \
--with-virtualchroot \
--with-virtualhosts \
--with-diraliases \
--with-quotas \
--with-puredb \
--with-sysquotas \
--with-ratios \
--with-ftpwho \
--with-throttling \
--with-language=simplified-chinese
编译
[root@localhost pure-ftpd-1.0.36]#make
将编译产生的四类文件放置合适的位置
[root@localhost pure-ftpd-1.0.36]#make install
创建pureftpd的配置文件存放的目录
[root@localhost ~]#mkdir -p /usr/local/pureftpd/etc/
三、生成pure-ftpd的服务脚本
[root@localhost pure-ftpd-1.0.36]# cd configuration-file/
[root@localhost configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc/
[root@localhost configuration-file]# chmod 755 pure-config.pl
[root@localhost configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin/
拷贝pureftpd的控制脚本redhat.init
[root@localhost ~]# cd /usr/local/src/pure-ftpd-1.0.36/contrib/
[root@localhost contrib]# cp redhat.init /etc/init.d/pureftpd
[root@localhost contrib]# chmod 755 /etc/init.d/pureftpd #给脚本可执行权限
四、生成pure-ftpd的服务
编辑控制脚本vim /etc/init.d/pureftpd,修改路径如下
17 prog=pure-config.pl
18 fullpath=/usr/local/pureftpd/sbin/$prog
19 pureftpwho=/usr/local/pureftpd/sbin/pure-ftpwho
24 $fullpath /usr/local/pureftpd/etc/pure-ftpd.conf –daemonize
启动pureftpd服务
service pureftpd restart
[root@localhost ~]# chkconfig --add pureftpd
[root@localhost ~]# chkconfig pureftpd on
五、配置虚拟用户登录环境
[root@localhost ~]# mkdir /usr/local/src/pure-ftpd-1.0.36/contrib/ftproot
[root@localhost contrib]# chmod -R 777 ftproot/
[root@localhost contrib]# useradd virtualftp -d /ftproot -s /sbin/nologin -M
[root@localhost contrib]# chown virtualftp.virtualftp ftproot
修改配置文件
vim /usr/local/pureftpd/etc/pure-ftpd.conf
其中有几项要修改:
20 ChrootEveryone yes #限定在自己的家目录
40 MaxClientsNumber 50 #最大连接数目
52 MaxClientsPerIP 8 #每个IP最大连接数目
71 NoAnonymous yes #不允许匿名登录
336 CreateHomeDir yes #允许用户登录后自动创建家目录
六、用pureDB认证
编辑pureftp的配置文件
vim /usr/local/pureftpd/etc/pure-ftpd.conf
116 MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
[root@localhost ~]# cp pureftpd-mysql.conf /usr/local/pureftpd/etc/
[root@localhost ~]# cd /usr/local/pureftpd/etc/
[root@localhost etc]# vim pureftpd-mysql.conf
27 MYSQLUser ftp #用户ftp
32 MYSQLPassword tmppasswd #密码
37 MYSQLDatabase ftpusers #数据库
45 MYSQLCrypt md5 #密码类型
导入数据库文件pureftp.sql
[root@localhost ~]# vim pureftp.sql
-- -------------------------------------------------------
INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv, Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv, Index_priv, Alter_priv) VALUES('localhost','ftp',PASSWORD('passwd'),'Y','Y','Y','Y','N','N','N','N','N','N','N','N','N','N');
FLUSH PRIVILEGES;
CREATE DATABASE ftpusers;
USE ftpusers;
CREATE TABLE admin (
Username varchar(35) NOT NULL default '',
Password char(32) binary NOT NULL default '',
PRIMARY KEY (Username)
) TYPE=MyISAM;
INSERT INTO admin VALUES ('admin',MD5('123'));
CREATE TABLE `users` (
`User` varchar(16) NOT NULL default '',
`Password` varchar(32) binary NOT NULL default '',
`Uid` int(11) NOT NULL default '14',
`Gid` int(11) NOT NULL default '5',
`Dir` varchar(128) NOT NULL default '',
`QuotaFiles` int(10) NOT NULL default '500',
`QuotaSize` int(10) NOT NULL default '30',
`ULBandwidth` int(10) NOT NULL default '80',
`DLBandwidth` int(10) NOT NULL default '80',
`Ipaddress` varchar(15) NOT NULL default '*',
`Comment` tinytext,
`Status` enum('0','1') NOT NULL default '1',
`ULRatio` smallint(5) NOT NULL default '1',
`DLRatio` smallint(5) NOT NULL default '1',
PRIMARY KEY (`User`),
UNIQUE KEY `User` (`User`)
) TYPE=MyISAM;
导入数据库
[root@localhost ~]# mysql -u root -p < pureftp.sql
Enter password:
进入数据库,查看是否导入成功
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ftpusers |
| mysql |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> use ftpusers;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+--------------------+
| Tables_in_ftpusers |
+--------------------+
| admin |
| users |
+--------------------+
2 rows in set (0.01 sec)
mysql> select * from admin;
+----------+----------------------------------+
| Username | Password |
+----------+----------------------------------+
| admin | 202cb962ac59075b964b07152d234b70 |
+----------+----------------------------------+
1 row in set (0.00 sec)
查看数据库,并给ftp账号设置权限,让ftpusers数据库下所有表ftp用户都有访问的权限
mysql -u root –p
Enter password:
mysql> grant all privileges on ftpusers.* to ftp@localhost identified by 'tmppasswd';
mysql> flush privileges; #使上述策略生效
mysql> quit
配置基于PHP的管理界面PureAdmin-0.3
tar -zxvf PureAdmin-0.3.tar.gz -C /var/www/html/
[root@localhost ~]# cd /var/www/html/
[root@localhost html]# mv PureAdmin-0.3/ pureadmin
[root@localhost html]# cd pureadmin/
[root@localhost pureadmin]# vim config.php
1 <?php
2 $cfg['dbhost']='localhost'; #mysql所在主机
3 $cfg['dbname']='ftpusers'; #mysql 数据库名字
4 $cfg['dbuser']='ftp'; #mysql的用户
5 $cfg['dbpasswd']='tmppasswd'; #mysql的密码
8 $cfg['page']=15;
10 $cfg['passwdtype']='MD5'; #密码类型MD5
12 $cfg['uid']=1000; #用户ID
13 $cfg['gid']=1000; #组ID
14 $cfg['dir']='/ftproot/'; #用户家目录
15 $cfg['qf']=0;
16 $cfg['qs']=100; #配额限制100M
17 $cfg['ul']=0; #上传速录无限制
18 $cfg['dl']=200; #下载速率限制为200k
19 $cfg['ur']=0;
20 $cfg['dr']=0;
21 $cfg['status']=1;
22 $cfg['ip']= '*'; #允许所有IP
23 ?>
启动apache服务
service httpd start
http://192.168.10.10/pureadmin/访问后台管理,管理员管理pureftpd
登陆管理后台,创建新的用户user1和user2,并设置用户的配额,下载宽带等基本信息
登录系统,可以看到mysql自动在表users中创建了两个用户user1和user2
mysql> select * from users;
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| User | Password | Uid | Gid | Dir | QuotaFiles | QuotaSize | ULBandwidth | DLBandwidth | Ipaddress | Comment | Status | ULRatio | DLRatio |
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| user1 | 202cb962ac59075b964b07152d234b70 | 1000 | 1000 | /ftproot/user1 | 0 | 100 | 0 | 200 | * | | 1 | 0 | 0 |
| user2 | 202cb962ac59075b964b07152d234b70 | 1000 | 1000 | /ftproot/user2 | 0 | 100 | 0 | 200 | * | | 1 | 0 | 0 |
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
2 rows in set (0.00 sec)
虚拟账号映射到本地目录
vim /usr/local/pureftpd/etc/pure-ftpd.conf
126 PureDB /usr/local/pureftpd/pureftpd.pdb
[root@localhost ~]# cd /usr/local/pureftpd/bin/
[root@localhost bin]# echo PATH=$PATH:/usr/local/pureftpd/bin/ >>/etc/profile
[root@localhost bin]# . /etc/profile #使之立即生效
[root@localhost ftproot]# pure-pw useradd user1 -u virtualftp -g virtualftp -d /ftproot/user1 –m #产生映射
Password:
Enter it again:
user1是用户名,-u virtualftp是其实际的linux用户,-d指定起始目录,并锁定于该目录。如果不锁定,则用-D;如果需要不同的权限,可以建立新的linux用户与组
如果用的系统自带的ftp用户,这样的话还需修改配置文件pure-ftpd.conf中的MinUID为ftp用户的UID 14,否则登录时会出现530错误;所以这里建议创建另一个非系统自带的用户做映射
建立用户数据库
[root@localhost ftproot]# pure-pw mkdb /usr/local/pureftpd/pureftpd.pdb
重启服务
service pureftpd restart
service httpd restart
七、测试
user1和user2访问ftp服务器
在linux系统下,我们发现系统在/ftproot/下自动创建了user1和user2的目录
[root@localhost ~]# cd /ftproot/
[root@localhost ftproot]# ll
总计 8
drwxr-xr-x 2 1000 1000 4096 07-31 03:13 user1
drwxr-xr-x 2 1000 1000 4096 07-31 03:18 user2
用户也可采用浏览器方式访问ftp服务器