ftp是文件传输协议,客户端在登录和上传下载都是明文传输,显然是不安全的,我们可以基于协议进行加密ftps,但是这只能在客户端运行,对于管理ftp很不方便,为了易于管理,我们使用pure-ftp架构,能够实现管理员通过http浏览器来管理后台,注册的帐号存在于数据库中,并且能够给管理员以网页形式的管理界面,管理界面叫pureadmin它基于php,pureadmin使用的是pureadmin-0.3.tar.gz,所以我们要搭建LAMP,搭建LAMP我使用的是linux中自带的软件包。前台用户通过ftp访问pure-ftpd服务器,使用的是pure-ftp- 1.0.36 .tar.gz,登录时要做身份验证,注册的帐号都存在于mysql数据库中,向数据库导入数据使用的是pureftp.sql文件,pure-ftp服务器和mysql数据库之间调度我们使用pureftp-mysql.conf配置文件连接。用户登录时使用虚拟帐号,ftp的站点存放在本地磁盘的目录下/ftproot,该目录的权限应该设置为本地帐号的权限,所以还要实现虚拟帐号到本地帐号的映射,从官方网下载源码和文件,下面我们就在linux系统中实现pure-ftp的配置。
安装步骤:
(1)首先我们先安装LAMP,使用yum安装,解决依赖关系
[root@localhost ~]# mkdir /mnt/cdrom
[root@localhost ~]# mount /dev/cdrom /mnt/cdrom
[root@localhost ~]# vim /etc/yum.repos.d/rhel-debuginfo.repo #编辑yum客户端
[rhel-server]
name=Red Hat Enterprise Linux server
baseurl=file:///mnt/cdrom/Server
enabled=1
gpgcheck=1
gpgkey=file:///mnt/cdrom/RPM-GPG-KEY-redhat-release
[root@localhost ~]# yum grouplist #查看编译环境,并且都已经安装
Installed Groups:
Administration Tools
Development Libraries
Development Tools
Editors
GNOME Desktop Environment
Games and Entertainment
Graphical Internet
Graphics
Legacy Network Server
Legacy Software Development
Legacy Software Support
Mail Server
Network Servers
Office/Productivity
Printing Support
Server Configuration Tools
Sound and Video
System Tools
Text-based Internet
Web Server
X Software Development
X Window System
安装LAMP所需的软件包
[root@localhost ~]# yum install httpd php php-mysql php-mbstring mysql mysql-server mysql-devel
安装完成后启动服务
[root@localhost ~]# service httpd start
启动 httpd: [确定]
[root@localhost ~]# netstat -tupln |grep mysql
tcp 0 0 0.0.0 .0:3306 0.0.0 .0:* LISTEN 4726/mysqld
[root@localhost ~]# mysqladmin -u root -p password '123'
Enter password: #设备mysql的管理帐号和密码
LAMP安装完成
(2)安装pure-ftpd服务器
把需要的源代码和文件放在一个文件夹pureftp中,传到root目录下
[root@localhost pureftp]# ll
total 10804
-rw-r--r-- 1 root root 29148 May 4 08:42 PureAdmin-0.3.tar.gz
-rw-r--r-- 1 root root 578781 May 4 08:42 pure-ftpd- 1.0.36 .tar.gz
-rw-r--r-- 1 root root 4718 May 4 08:42 pureftpd-mysql.conf
-rw-r--r-- 1 root root 2102 May 4 14:47 pureftp.sql
[root@localhost pureftp]# tar -zxvf pure-ftpd- 1.0.36 .tar.gz -C /usr/local/src
[root@localhost pureftp]# cd /usr/local/src/pure-ftpd- 1.0.36
[root@localhost pure-ftpd- 1.0.36 ]# ./configure \
> --prefix=/usr/local/pureftpd \ #安装目录
> --with-mysql \ #连接数据库进行身份验证
> --with-shadow \ #本地帐号验证
> --with-pam \
> --with-welcomemsg \
> --with-uploadscript \
> --with-cookie \
> --with-virtualchroot \
> --with-virtualhosts \
> --with-diraliases \
> --with-quotas \ #配额限制
> --with-puredb \ #虚拟帐号和本地帐号映射
> --with-sysquotas \
> --with-ratios \
> --with-ftpwho \
> --with-throttling \
> --with-language=simplified-chinese
[root@localhost pure-ftpd- 1.0.36 ]# make
[root@localhost pure-ftpd- 1.0.36 ]# make install
在上面的安装过程中并没有配置文件的目录,我们查看默认存放位置是在安装目录的/etc下
[root@localhost pure-ftpd- 1.0.36 ]# ./configure --help |grep sysconf
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
[root@localhost pure-ftpd- 1.0.36 ]# cd /usr/local/pureftpd/ #切换到安装目录
[root@localhost pureftpd]# ll
total 12
drwxr-xr-x 2 root root 4096 May 4 12:42 bin
drwxr-xr-x 2 root root 4096 May 4 12:42 sbin
drwxr-xr-x 3 root root 4096 May 4 12:42 share
[root@localhost pureftpd]# mkdir etc #没有etc文件夹,创建文件夹
为了方便管理服务器需要控制脚本和配置文件,我们就去源码目录下去查找
[root@localhost pureftpd]# cd /usr/local/src/pure-ftpd- 1.0.36 /
[root@localhost pure-ftpd- 1.0.36 ]# cd configuration-file/ #存放文件
[root@localhost configuration-file]# ls
Makefile pure-config.pl pure-config.py.in
Makefile.am pure-config.pl.in pure-ftpd.conf
Makefile.in pure-config.py pure-ftpd.conf.in
Pure-config.pl是ftp服务器的启动可执行文件,拷贝到安装目录的sbin目录下
[root@localhost configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin
[root@localhostconfiguration-file]#chmod a+x /usr/local/pureftpd/sbin/pure-config.pl #改变权限可执行
pure-ftpd.conf是ftp的配置文件,拷贝到安装目录的/etc目录下
[root@localhost configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc
我们再查找控制文件,回到源码目录下
[root@localhost configuration-file]# cd ..
[root@localhost pure-ftpd- 1.0.36 ]# cd contrib/ #存放文件
[root@localhost contrib]# ls
Makefile Makefile.in pure-vpopauth.pl suse.init
Makefile.am pure-stat.pl redhat.init xml_python_processors.txt
[root@localhost contrib]# grep start * #基于当前目录下所有文件查找含有start的
redhat.init:start() {
redhat.init: start)
redhat.init: start
redhat.init: restart)
redhat.init: start
redhat.init: condrestart)
redhat.init: start
redhat.init: echo $"Usage: $prog {start|stop|restart|condrestart|status}"
所以redhat.init就是ftp的控制脚本
[root@localhost contrib]# cp redhat.init /etc/init.d/pureftpd
[root@localhost contrib]# chmod a+x /etc/init.d/pureftpd
[root@localhost contrib]# vim /etc/init.d/pureftpd #改变一些路径,其他不用修改
#!/bin/bash
#
# Startup script for the pure-ftpd FTP Server $Revision: 1.3 $
#
# chkconfig: 2345 85 15
# description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# processname: pure-ftpd
# pidfile: /var/run/pure-ftpd.pid
# config: /etc/pure-ftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
# Path to the pure-ftp binaries.
prog=pure-config.pl
fullpath=/usr/local/pureftpd/sbin/$prog
pureftpwho=/usr/local/pureftpd/sbin/pure-ftpwho
start() {
echo -n $"Starting $prog: "
$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf --daemonize
RETVAL=$?
[ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
echo
}
stop() {
echo -n $"Stopping $prog: "
kill $(cat /var/run/pure-ftpd.pid)
RETVAL=$?
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/$prog
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/lock/subsys/$prog ] ; then
stop
# avoid race
sleep 3
start
fi
;;
status)
status $prog
RETVAL=$?
if [ -f $pureftpwho ] && [ $RETVAL -eq 0 ] ; then
$pureftpwho
fi
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
[root@localhost ~]# service pureftpd start
启动 pure-config.pl:Running: /usr/local/pureftpd/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -k99 –Z
(3)mysql中导入一些库和表格,实现管理员注册帐号和ftp登录,打开导入文件
[root@localhost pureftp]# vim pureftp.sql
INSERT INTO admin VALUES ('admin',MD5('123')); #大约50行修改密码为123
在15行要去掉一个横杠
[root@localhost pureftp]# mysql -u root -p <pureftp.sql #导入输入密码
Enter password:
查看导入数据
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ftpusers |
| mysql |
| test |
+--------------------+
4 rows in set (0.01 sec)
mysql> use ftpusers;
mysql> show tables;
+--------------------+
| Tables_in_ftpusers |
+--------------------+
| admin |
| users |
+--------------------+
2 rows in set (0.01 sec)
mysql> select * from admin;
+----------+----------------------------------+
| Username | Password |
+----------+----------------------------------+
| admin | 202cb962ac59075b964b07152d234b70 |
+----------+----------------------------------+
1 row in set (0.00 sec)
(4)pure-ftp和mysql的调度通过pureftpd-mysql.conf连接
数据库和表格创建完后要授权给一个用户来管理,添加连接mysql用户
先用root登录mysql,执行
[root@localhost ~]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> grant all privileges on ftpusers.* to ftp@localhost identified by 'tmppasswd';
Query OK, 0 rows affected (0.05 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> \q
Bye
把连接ftp和mysql的文件拷贝到安装目录的/etc目录下
[root@localhost pureftp]# cp pureftpd-mysql.conf /usr/local/pureftpd/etc
[root@localhost pureftp]# vim /usr/local/pureftpd/etc/pureftpd-mysql.conf #修改文件内容
MYSQLServer 127.0.0.1 #12行
MYSQLPort 3306 #17行
MYSQLPassword tmppasswd #32行
MYSQLCrypt md5 #45行
改变pure-ftpd的配置文件使能找到连接文件
[root@localhost etc]# vim pure-ftpd.conf
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
#在116行打开连接数据库的文件路径
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
#在126行打开虚拟帐号映射为本地帐号的功能
CreateHomeDir yes
#在336行打开用户创建家目录
(5)后台管理员管理是以网页的形式,管理界面叫pureadmin它基于php,pureadmin里面存放的是网页,所以我们把该源码直接释放到站点下
[root@localhost pureftp]# tar -zxvf PureAdmin-0.3.tar.gz -C /var/www/html
[root@localhost pureftp]# cd /var/www/html
[root@localhost html]# ll
total 8
-rw-r--r-- 1 root root 20 May 4 11:51 index.php
drwxr-xr-x 4 root 80 4096 Mar 22 2009 PureAdmin-0.3
[root@localhost html]# mv PureAdmin-0.3 pureadmin #改成容易记的名字
改变pureadmin的配置文件来找到mysql数据库
[root@localhost pureadmin]# vim config.php
$cfg['dbname']='ftpusers'; //mysql db name #在3行数据库名称
$cfg['dbuser']='ftp'; //mysql user #在4行管理帐号名
$cfg['dbpasswd']='tmppasswd'; //mysql password #在5行密码
$cfg['passwdtype']='MD5'; #在10行加密
$cfg['dir']='/ftproot/'; //dir #在14行创建家目录
创建家目录
[root@localhost pureadmin]# mkdir /ftproot
[root@localhost pureadmin]# useradd virtualftp -s /sbin/nologin -d /ftproot/
[root@localhost pureadmin]# ll -d /ftproot/
drwxr-xr-x 2 root root 4096 May 4 16:24 /ftproot/
[root@localhost pureadmin]# chown virtualftp.virtualftp /ftproot/ #改变所有者
[root@localhost pureadmin]# chmod -R 777 /ftproot/ #改变家目录权限
这样管理员就可以注册帐号了,但是当用户通过ftp进行登录时使用虚拟帐号,虚拟帐号要映射到本地帐号,运用数据库来完成映射
[root@localhost pureadmin]# cd /usr/local/pureftpd/etc
[root@localhost etc]# /usr/local/pureftpd/bin/pure-pw useradd user1 -u virtualftp -g virtualftp -d /ftproot/user1 -m
Password:
Enter it again:
#user1是用户名,-u virtualftp是其实际的linux用户,-d指定起始目录,并锁定于该目录。如果不锁定,则用-D;如果需要不同的权限,可以建立新的linux用户与组,如果用的系统自带的ftp用户,这样的话还需修改配置文件pure-ftpd.conf中的MinUID为ftp用户的UID 14,否则登录时会出现530错误;所以这里建议创建另一个非系统自带的用户做映射
[root@localhostetc]#/usr/local/pureftpd/bin/pure-pwmkdb/usr/local/pureftpd/pureftpd.pdb #建立用户数据库,今后每添加或修改用户数据库都应该执行一次mkdb
重启服务
[root@localhost etc]# service httpd restart
停止 httpd: [确定]
启动 httpd: [确定]
[root@localhost etc]# service mysqld restart
停止 MySQL: [确定]
启动 MySQL: [确定]
[root@localhost etc]# service pureftpd restart
停止 pure-config.pl:
启动 pure-config.pl:Running: /usr/local/pureftpd/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -lmysql:/usr/local/pureftpd/etc/pureftpd-mysql.conf -lpuredb:/usr/local/pureftpd/etc/pureftpd.pdb -L10000:8 -m4 -s -U133:022 -u100 -j -k99 –Z
测试后台管理员注册帐号
[root@localhost etc]# mysql -u root –p
mysql> show databases;
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ftpusers |
| mysql |
| test |
+--------------------+
4 rows in set (0.00 sec)
mysql> use ftpusers;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+--------------------+
| Tables_in_ftpusers |
+--------------------+
| admin |
| users |
+--------------------+
2 rows in set (0.00 sec)
mysql> select * from users;
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| User | Password | Uid | Gid | Dir | QuotaFiles | QuotaSize | ULBandwidth | DLBandwidth | Ipaddress | Comment | Status | ULRatio | DLRatio |
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| user1 | 202cb962ac59075b964b07152d234b70 | 1000 | 1000 | /ftproot/user1 | 0 | 100 | 0 | 0 | * | | 1 | 0 | 0 |
| user2 | 202cb962ac59075b964b07152d234b70 | 1000 | 1000 | /ftproot/user2 | 0 | 100 | 0 | 0 | * | | 1 | 0 | 0 |
+-------+----------------------------------+------+------+----------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
2 rows in set (0.00 sec)
在物理机进行登录ftp
[root@localhost pureftp]# ll /ftproot/
total 4
drwxr-xr-x 2 1000 1000 4096 May 4 17:05 user2