proftp + mysql 配置管理

時間 2021-01-19

標籤 mysql sql shell 數據庫 apache bash 服務器 session app less 欄目 MySQL 简体版

原文原文鏈接

1、下載安裝proftp mysqlmysql

下載 wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4d.tar.gzsql

tar zxf proftpd-1.3.4d.tar.gzshell

INSTALLATION Mod_Clamav數據庫

To install Mod_Clamav, download and unpack the Mod_Clamav source code.apache

wget http://www.thrallingpenguin.com/resources/mod_clamav-0.10.tar.gzbash

tar xzvf mod_clamav-0.10.tar.gz服務器

Download the latest proftpd source code, and prepare it for building Mod_Clamav.session

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.1.tar.gzapp

tar xzvf proftpd-1.3.1.tar.gzless

cp mod_clamav-0.10/mod_clamav.* proftpd-1.3.1/contrib

Apply the required patch:

cd proftpd-1.3.1

patch -p1 < ../mod_clamav-0.10/proftpd.patch

Now the usual steps for building ProFTPd, using third-party modules, apply. Additionally, you may change any configure arguments to meet your needs.

cd proftpd-1.3.4d

--prefix=/usr/local/proftpd-1.3.4d --enable-ctrls --with-mysql-config=/usr/local/mysql/bin/mysql_config --with-libraries=/usr/local/mysql/lib

--with-includes=/usr/local/mysql/include --enable-shadow --enable-autoshadow --enable-openssl --enable-pool-size --enable-dso

--with-modules=mod_ratio:mod_readme:mod_wrap2:mod_wrap2_sql:mod_ifsession:mod_sql:mod_sql_mysql:mod_sql_passwd:mod_quotatab:mod_quotatab_sql:mod_quotatab_file:mod_clamav

--with-include=/usr/local/lab/unixODBC-2.3.2/includes:/usr/local/mysql/include --with-libraries=/usr/local/lab/unixODBC-2.3.2/lib:/usr/local/mysql/lib

make && make install

說明：

--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql 這句是讓編譯ProFTPD 支持MySQL的模塊，並有磁盤限額支持；

--with-includes= 這是來指定MySQL服務器includes所在的位置；在這裏我設置的是/usr/include/mysql，由於個人MySQL服務器的includes的確在這個目錄；你能夠根據本身的機器環境來調整；

--with-libraries= 這是來指定MySQL服務器libraries所在的位置；在這裏我設置的是/usr/lib/mysql，由於個人MySQL服務器的libraries的確在這個目錄；你能夠根據本身的機器環境來調整；

到此proftp已安裝結束

主要配置文件以下:

[root@server:/usr/local/proftpd/etc]# cat proftpd.conf

# This is a basic ProFTPD configuration file (rename it to

# 'proftpd.conf' for actual use. It establishes a single server

# and a single anonymous login. It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD Default Installation"

ServerType standalone

DefaultServer on

# Port 21 is the standard FTP port.

Port 21

# Don't use IPv6 support by default.

UseIPv6 off

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask 022

TimeoutLogin 120

TimeoutIdle 600

TimeoutNoTransfer 900

TimeoutStalled 3600

# Where do we put the pid files?

#ScoreboardPath /var/run/proftpd

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances 30

MaxLoginAttempts 3

# Set the user and group under which the server will run.

User apache

Group users

# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

#DefaultRoot ~

# Normally, we want files to be overwriteable.

AllowOverwrite on

# 上傳斷點續傳

AllowRetrieveRestart on

AllowStoreRestart on

# Bar use of SITE CHMOD by default

DenyAll

</Limit>

# A basic anonymous configuration, no upload directories. If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

#<Anonymous ~ftp>

# User ftp

# Group ftp

# We want clients to be able to login with "anonymous" as well as "ftp"

# UserAlias anonymous ftp

# Limit the maximum number of anonymous logins

# MaxClients 10

# We want 'welcome.msg' displayed at login, and '.message' displayed

# in each newly chdired directory.

# DisplayLogin welcome.msg

# DisplayChdir .message

# Limit WRITE everywhere in the anonymous chroot

# <Limit WRITE>

# DenyAll

# </Limit>

#</Anonymous>

#設置MySQL認證：

#數據庫聯接的信息，DatabaseName是數據庫名， HostName是主機名，

#Port是端口號，UserName是鏈接數據庫的用戶名，Password是密碼。

SQLConnectInfo proftpd@192.168.1.1 proftpd 123456 #用戶名與密碼

#數據庫認證的類型：

SQLAuthTypes OpenSSL

#指定用來作用戶認證的表的有關信息。("FTPUSERS"和"FTPGRPS"是數據表名字，等一會而在下面創建)

SQLUserInfo FTPUSERS userid passwd uid gid home shell

SQLGroupInfo FTPGRPS grpname gid members

#設置若是shell爲空時容許用戶登陸：

RequireValidShell off

#數據庫的鑑別

SQLAuthenticate users groups usersetfast groupsetfast

#若是home目錄不存在，則系統會爲根據它的home項新建一個目錄：

CreateHome off

#判斷這個用戶是否容許登陸本機

#SQLUserWhereClause "accesshost like'%10.10.26.195%'" #這裏的%號ProFtp不識別, 媽的!因此用下面的方法.

SQLUserWhereClause "0 !=FIND_IN_SET('192.168.1.1',accesshost)"

#SQL驗證日誌

#SQLLog

SQLLogFile /usr/local/proftpd/var/sql.log

#SQL驗證用戶的UID和GID

SQLMinUserUID 500

SQLMinUserGID 100

SQLDefaultUID 500

SQLDefaultGID 100

##### #####

MaxClients 50

UseReverseDNS off

IdentLookups off

#QuotaLimitTable file:/usr/local/proftpd/etc/ftpquota.limittab

#QuotaTallyTable file:/usr/local/proftpd/etc/ftpquota.tallytab

QuotaDirectoryTally on

QuotaDisplayUnits Mb

QuotaEngine on

QuotaLog /usr/local/proftpd/var/quota.log

QuotaShowQuotas on

QuotaOptions ScanOnLogin

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies

QuotaLimitTable sql:/get-quota-limit

QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

DefaultRoot ~

DisplayLogin welcome to ftp server !

AllowStoreRestart on

############ Fixed Log Format #########

LogFormat awstats "%t %h %u %m %f %s %b"

ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats

TransferLog /usr/local/proftpd/var/transfer.log

ServerLog /usr/local/proftpd/var/server.log

#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's size is less than 250MB will be scanned.

ClamAV on

ClamServer localhost

ClamPort 3310

ClamMaxSize 250 Mb

</IfModule>

數據庫設置:

注：數據庫與proftpd 程序能夠位於不一樣的服務器上面．可實現須要部署proftpd 程序的服務器都統一使用數據庫用戶認證，便於ftp帳號的統一管理．一個ftp 帳號也能夠指定在多臺proftpd 部署的程序主要上面登陸．

例如：

mysql> select * from FTPUSERS;

+--------+--------------------------+-----+-----+-----------------------------+---------------+--------------------------+-------------------+

+--------+--------------------------+-----+-----+--------------------------------------------+---------------+--------------------------+-----------

| user01 | bog7BizRhTQS0p9qVroQ==yyyyyyy | 500 | 100 | /data/mysql | /sbin/nologin | 192.168.1.1,192.168.1.2 | |

| user02 | 6+CETb6sIYZfbVNt3sSIS4444rrrr | 500 | 100 | /opt | /sbin/nologin | 192.168.1.1 | |

用戶user01 在主機(192.168.1.1,192.168.1.2)部署好程序設置後,均可以使用FTP進行登陸.

建立用戶:

mysql>create database proftpd;

mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.* to proftpd@localhost Identified by "123456";

mysql>flush privileges;

導入如下數據庫表結構:

-- Current Database: `proftpd`

CREATE DATABASE /*!32312 IF NOT EXISTS*/ `ftp_db` /*!40100 DEFAULT CHARACTER SET latin1 */;

USE `proftpd`;

-- Table structure for table `FTPGRPS`

DROP TABLE IF EXISTS `FTPGRPS`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `FTPGRPS` (

`grpname` text NOT NULL,

`gid` smallint(6) NOT NULL,

`members` text NOT NULL

) ENGINE=InnoDB DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;

-- Table structure for table `FTPUSERS`

DROP TABLE IF EXISTS `FTPUSERS`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `FTPUSERS` (

`userid` text NOT NULL,

`passwd` text NOT NULL,

`uid` int(11) NOT NULL,

`gid` int(11) NOT NULL,

`home` text,

`shell` text,

`accesshost` text,

`coment` text

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;

-- Table structure for table `quotalimits`

DROP TABLE IF EXISTS `quotalimits`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `quotalimits` (

`name` varchar(30) DEFAULT NULL,

`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',

`per_session` enum('false','true') NOT NULL DEFAULT 'false',

`limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft',

`bytes_in_avail` float NOT NULL DEFAULT '0',

`bytes_out_avail` float NOT NULL DEFAULT '0',

`bytes_xfer_avail` float NOT NULL DEFAULT '0',

`files_in_avail` int(10) unsigned NOT NULL DEFAULT '0',

`files_out_avail` int(10) unsigned NOT NULL DEFAULT '0',

`files_xfer_avail` int(10) unsigned NOT NULL DEFAULT '0'

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;

-- Table structure for table `quotatallies`

DROP TABLE IF EXISTS `quotatallies`;

/*!40101 SET @saved_cs_client = @@character_set_client */;

/*!40101 SET character_set_client = utf8 */;

CREATE TABLE `quotatallies` (

`name` varchar(30) NOT NULL DEFAULT '',

`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',

`bytes_in_used` float NOT NULL DEFAULT '0',

`bytes_out_used` float NOT NULL DEFAULT '0',

`bytes_xfer_used` float NOT NULL DEFAULT '0',

`files_in_used` int(10) unsigned NOT NULL DEFAULT '0',

`files_out_used` int(10) unsigned NOT NULL DEFAULT '0',

`files_xfer_used` int(10) unsigned NOT NULL DEFAULT '0'

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

/*!40101 SET character_set_client = @saved_cs_client */;

/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;

proftpd 程序啓動文件配置:

ln -s /usr/local/proftpd/proftpd.sh /etc/init.d/proftpd

chkconfig --add proftpd

/etc/init.d/proftpd stop

啓動文件內容:

[root@server:/usr/local/proftpd]# cat proftpd.sh

#!/bin/sh

# Startup script for ProFTPD

# chkconfig: 345 85 15

# description: ProFTPD is an enhanced FTP server with \

# a focus toward simplicity, security, and ease of configuration. \

# It features a very Apache-like configuration syntax, \

# and a highly customizable server infrastructure, \

# including support for multiple 'virtual' FTP servers, \

# anonymous FTP, and permission-based directory visibility.

# processname: proftpd

# config: /usr/local/proftpd/etc/proftpd.conf

# By: Osman Elliyasa <osman@Cable.EU.org>

# $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $

# Source function library.

. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/proftpd ]; then

. /etc/sysconfig/proftpd

PATH="$PATH:/usr/local/proftpd/sbin"

# See how we were called.

case "$1" in

start)

echo -n "Starting proftpd: "

daemon proftpd $OPTIONS

echo

touch /var/lock/subsys/proftpd

;;

stop)

echo -n "Shutting down proftpd: "

killproc proftpd

echo

rm -f /var/lock/subsys/proftpd

;;

status)

status proftpd

;;

restart)

$0 stop

$0 start

;;

reread)

echo -n "Re-reading proftpd config: "

killproc proftpd -HUP

echo

;;

suspend)

hash ftpshut >/dev/null 2>&1

if [ $? = 0 ]; then

if [ $# -gt 1 ]; then

shift

echo -n "Suspending with '$*' "

ftpshut $*

else

echo -n "Suspending NOW "

ftpshut now "Maintanance in progress"

else

echo -n "No way to suspend "

echo

;;

resume)

if [ -f /etc/shutmsg ]; then

echo -n "Allowing sessions again "

rm -f /etc/shutmsg

else

echo -n "Was not suspended "

echo

;;

echo -n "Usage: $0 {start|stop|restart|status|reread|resume"

hash ftpshut

if [ $? = 1 ]; then

echo '}'

else

echo '|suspend}'

echo 'suspend accepts additional arguments which are passed to ftpshut(8)'

exit 1

esac

if [ $# -gt 1 ]; then

shift

$0 $*

exit 0

添加用戶相關腳本:

[root@server:/usr/local/proftpd]# cat adduser_dir.sh

#!/bin/bash

usage () {

echo ""

echo " Please Input Correct infomation!"

echo ""

echo " USAGE: `basename $0` username /dir ftp_server_ip"

echo " Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"

echo ""

echo " Result:"

echo " UserName: Lee"

echo " UserHome: /data/lee/home"

echo " PassWord: N1Jy3Fqol"

echo ""

}

if [[ $3 == "" ]];then

usage;

exit 1;

datetime=`date +%Y%m%d" "%H:%M:%S`

userid=$1

passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`

home=$2

dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`

shell='/sbin/nologin'

accesshost=$3

/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\

use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"

echo "UserName: $userid"

echo "PassWord: $passwd"

echo "userHome: $home"

echo "FTP IPs: $accesshost"

echo ""

[root@server:/usr/local/proftpd]# cat adduser_domain.sh

#!/bin/bash

usage () {

echo ""

echo " Please Input Correct infomation!"

echo ""

echo " USAGE: `basename $0` domainname ftp_server_ip"

echo " Exp: `basename $0` www.test.com 1.1.1.1,2.2.2.2"

echo ""

echo " Result:"

echo " UserName: www.test.com"

echo " PassWord: N1Jy3Fqol"

echo ""

}

if [[ $2 == "" ]];then

usage;

exit 1;

datetime=`date +%Y%m%d" "%H:%M:%S`

userid=$1

passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`

domain=$userid

if [[ $1 =~ ^www ]];then

domain=${1#www.}

dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`

home="/data/www/vhosts/$domain"

shell='/sbin/nologin'

accesshost=$2

/usr/local/mysql/bin/mysql -u ftp_user -p'ws&&**ftp' -h 192.168.254.101 -e "\

use proftpd;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"

echo "UserName: $userid"

echo "PassWord: $passwd"

echo "FTP IPs: $accesshost"

echo ""

關於用戶限額配置:

quotalimits

name - username

quota_type - user, group, class, all (we use user)

per_session - true or false (we use false)

limit_type - quota limit type - hard or soft (we use soft)

bytes_in_avail - upload limit in bytes - allowed bytes on disk (eg diskquota)

bytes_out_avail - download limit in bytes - allowed bytes a user can download

bytes_xfer_avail - allowed bytes a user can transfer in/out

files_in_avail - upload limit in files - allowed number of uploaded files

files_out_avail - allowed number of downloaded files

files_xfer_avail - allowed number of files a user can transfer in/out

name 應該這樣理解，既能表示單個用戶，也能表示用戶組名；若是咱們在quota_type（限額類型）中使用group來認證的話，那就得在這裏設置組名，這樣整組都具備統一的磁盤限額的特性；固然您要在ftpgroups表中插入組紀錄；而且在member字段中得把用戶一個一個的列進去，這是後話了；先本身研究一下，只是插入紀錄的事；咱們只說最簡單的單個用戶的磁盤限額；默認值能夠爲空NULL，若是爲空則針對所在有quota_type中設置的類型，好比在quota_type中設置爲user ，就是針對全部ftpusers 中的用戶起做用；若是是group名，也是對ftpgroups 全部組做用；

quota_type 磁盤限額類型，能夠設置爲用戶，也能夠設置爲用戶組group ；若是您的name寫的是用戶組，那在這裏就得設置爲group來認定；默認爲user認證；

per_session 默認爲false；

limit_type 默認爲soft；

bytes_in_avail 用戶佔用空間大小，也就是家目錄的空間最大可讓用戶佔用多少，單位是byte；默認爲0，0是不受限制，如下同理；

bytes_out_avail 注；全部下載文件的總和，默認爲0；

bytes_xfer_avail 注；一個用戶上傳下載流量總和，默認爲0

files_in_avail 注：限制上傳文件總數，默認爲0；

files_out_avail 注；限制下載文件個數總計，默認爲0

files_xfer_avail 注：容許下載和上傳的文件總和我，默認爲0；

由此看來，咱們好比想讓test用戶，約束空間大小爲100M，其它不受限制；則可用下面的mysql命令添加；

先讓咱們對照quotalimits表的結構，而後根據表的結構來添加；

mysql> describe quotalimits;