Proftpd MySQL
一、编译安装proftpd
要点是:设置正确的MySQL安装路径,我们的MySQL安装在/usr/local/mysql目录下
tar zxvf proftpd-1.3.0rc3.tar.gz cd proftpd-1.3.0rc3
cd进入contrib目录
vi mod_sql_mysql.c
设置我们正确的MySQL头文件
//#include <mysql.h> #include "/usr/local/mysql/include/mysql/mysql.h"
./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/include/mysql --with-libraries=/usr/lib/mysql --prefix=/usr/local/proftpd make make install
二、在MySQL建立proftpd验证用表结果
在到phpmyadmin执行以下语句
CREATE DATABASE proftpd;
这行是创建名为proftpd的数据库;
GRANT ALL privileges ON proftpd.* TO proftpd@localhost IDENTIFIED BY 'runproftpd'
Grant 这行是为proftpd 数据库授权,让用户名为proftpd,密码为runproftpd(这只是一个例子,密码自己定义)
-- 数据库: `proftpd` -- -- -------------------------------------------------------- -- -- 表的结构 `ftpgroups` -- USE proftpd CREATE TABLE `ftpgroups` ( `groupname` varchar(30) NOT NULL, `gid` int(11) NOT NULL DEFAULT '1000', `members` varchar(255) NOT NULL ); -- -------------------------------------------------------- -- -- 表的结构 `ftpusers` -- CREATE TABLE `ftpusers` ( `userid` varchar(30) NOT NULL, `passwd` varchar(80) NOT NULL, `uid` int(10) UNSIGNED NOT NULL DEFAULT '5501', `gid` int(10) UNSIGNED NOT NULL DEFAULT '5500', `homedir` varchar(255) NOT NULL, `shell` varchar(255) NOT NULL DEFAULT '/sbin/nologin', `count` int(10) UNSIGNED NOT NULL DEFAULT '0', `host` varchar(30) NOT NULL, `lastlogin` varchar(30) NOT NULL, UNIQUE KEY `userid` (`userid`) ); -- -- 导出表中的数据 `ftpusers` -- INSERT INTO `ftpusers` VALUES ('test', 'test', 5501, 5500, '/var/www', '/sbin/nologin',0,'',''); -- -------------------------------------------------------- -- -- 表的结构 `quotalimits` -- CREATE TABLE `quotalimits` ( `name` varchar(30) DEFAULT NULL, `quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user', `per_session` enum('false','true') NOT NULL DEFAULT 'false', `limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft', `bytes_in_avail` float NOT NULL DEFAULT '0', `bytes_out_avail` float NOT NULL DEFAULT '0', `bytes_xfer_avail` float NOT NULL DEFAULT '0', `files_in_avail` int(10) UNSIGNED NOT NULL DEFAULT '0', `files_out_avail` int(10) UNSIGNED NOT NULL DEFAULT '0', `files_xfer_avail` int(10) UNSIGNED NOT NULL DEFAULT '0' ); -- -------------------------------------------------------- -- -- 表的结构 `quotatallies` -- CREATE TABLE `quotatallies` ( `name` varchar(30) NOT NULL, `quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user', `bytes_in_used` float NOT NULL DEFAULT '0', `bytes_out_used` float NOT NULL DEFAULT '0', `bytes_xfer_used` float NOT NULL DEFAULT '0', `files_in_used` int(10) UNSIGNED NOT NULL DEFAULT '0', `files_out_used` int(10) UNSIGNED NOT NULL DEFAULT '0', `files_xfer_used` int(10) UNSIGNED NOT NULL DEFAULT '0' );
表中
`uid` int(10) UNSIGNED NOT NULL DEFAULT '5500', `gid` int(10) UNSIGNED NOT NULL DEFAULT '5501',
的5500和5501是根据运行proftpd进程用户的实际uid和gid进行修改,一个用户的uid和gid可以id命令获取
[root@www log]# id httpd uid=5501(httpd) gid=5500(proftpd) groups=5500(proftpd),48(apache) [root@www log]#
三、配置proftpd
ProFTPD的配置文件在/usr/local/proftpd/etc目录中,就是proftpd.conf文件;您可以把它改名备份;
cd /usr/local/proftpd/etc mv proftpd.conf proftpd.conf.bak
然后再新建一个 proftpd.conf 文件,内容如下;
ServerName "ShopEx FTP Server" ServerType standalone ServerAdmin xuni@zovatech.com DefaultServer On ServerIdent Off #Display message DisplayLogin /usr/local/proftpd/etc/ftplogin.msg #DisplayConnect /net/messages/ftp.pre #DisplayFirstChdir index.txt #Port 21 is the standard FTP port. Port 21 #Limit users to login by username <Limit LOGIN> AllowAll </Limit> #Umask 022 is a good standard umask to prevent new dirs and files #from being group and world writable. Umask 022 #Limit login attempts # MaxLoginAttempts 5 #Set the maximum number of seconds a data connection is allowed #to "stall" before being aborted. TimeoutStalled 600 TimeoutLogin 900 TimeoutIdle 600 TimeoutNoTransfer 600 #Set the user and group under which the server will run. User httpd Group apache #To cause every FTP user to be "jailed" (chrooted) into their home #directory, uncomment this line. DefaultRoot ~ #Users needs a valid shell # RequireValidShell off #Performance: skip DNS resolution when we process the logs... UseReverseDNS off #Turn off Ident lookups IdentLookups off #Restart session support # AllowStoreRestart on AllowRetrieveRestart on #-------- load sql.mod for mysql authoritative --------# SQLConnectInfo proftpd@localhost proftpd runproftpd SQLAuthTypes Plaintext SQLUserInfo ftpusers userid passwd uid gid homedir shell SQLGroupInfo ftpgroups groupname gid members SQLAuthenticate users groups SQLNegativeCache on SQLHomedirOnDemand on SQLLogFile /var/log/proftpd.sql.log SQLNamedQuery getcount SELECT "count from ftpusers where userid='%u'" SQLNamedQuery getlastlogin SELECT "lastlogin from ftpusers where userid='%u'" SQLNamedQuery updatelogininfo UPDATE "count=count+1,host='%h',lastlogin=current_timestamp() WHERE userid='%u'" ftpusers SQLShowInfo PASS "230" "You've logged on %{getcount} times,last login at %{getlastlogin}" SQLLog PASS updatelogininfo #-------- load sql.mod for mysql authoritative --------# #--------- load qudes.mod for Quota limit --------# QuotaDirectoryTally on QuotaDisplayUnits "Mb" QuotaEngine on #QuotaLog /var/log/proftpd.quota.log QuotaShowQuotas on SQLNamedQuery get-quota-limit SELECT "name,quota_type,per_session,limit_type,bytes_in_avail,bytes_out_avail,bytes_xfer_avail,files_in_avail,files_out_avail,files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type='%{1}'" SQLNamedQuery get-quota-tally SELECT "name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0},bytes_out_used = bytes_out_used + %{1},bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3},files_out_used = files_out_used + %{4},files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies SQLNamedQuery insert-quota-tally INSERT "%{0},%{1},%{2},%{3},%{4},%{5},%{6},%{7}" quotatallies QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally #--------- load qudes.mod for Quota limit --------# # Logging options # Debug Level # emerg,alert,crit (empfohlen),error,warn. notice,info,debug # SyslogLevel emerg SystemLog /var/log/proftpd.system.log TransferLog /var/log/proftpd.xferlog # Some logging formats # LogFormat default "%h %l %u %t "%r" %s %b" LogFormat auth "%v [%P] %h %t "%r" %s" LogFormat write "%h %l %u %t "%r" %s %b" # Log file/dir access # ExtendedLog /var/log/proftpd.access_log WRITE,READ write # Record all logins ExtendedLog /var/log/proftpd.auth_log AUTH auth # Paranoia logging level.... ExtendedLog /var/log/proftpd.paranoid_log ALL default #To prevent DoS attacks,set the maximum number of child processes #to 30. If you need to allow more than 30 concurrent connections #at once,simply increase this value. Note that this ONLY works #in standalone mode,in inetd mode you should use an inetd server #that allows you to limit maximum number of processes per service #(such as xinetd). MaxInstances 30 # Maximum clients with message #MaxClients 2 "Sorry,max %m users -- try again later" MaxClientsPerHost 2 "Sorry,only 2 session for one host" # Normally,we want files to be overwriteable. <Directory /> AllowOverwrite on </Directory> RootLogin off RequireValidShell off #alphanumeric characters for uploads (and not shell code...) #PathAllowFilter "^[a-zA-Z0-9_.-]()'+$" #PathAllowFilter "^[a-zA-Z0-9 _.-]()'+$" #We don't want .ftpaccess or .htaccess files to be uploaded #PathDenyFilter "(.ftp)|(.ht)[a-z]+$" #pathDenyFilter ".ftp[a-z]+$" #Do not allow to pass printf-Formats (security! see documentation!): #AllowFilter "^[a-zA-Z0-9@~ /,_.-]*$" #DenyFilter "%"
