分享:FreeBSD上Proftpd匿名登陆、Mysql用户认证、Quota磁盘限额

发布时间:2019-08-17编辑:脚本学堂
本文介绍下,在FreeBSD系统上配置proftpd匿名登录、mysql用户认证,以及Quota磁盘限额的方法,有需要的朋友参考下。

环境设置:Freebsd6.2mysql-1.1.7-betaproftpd-1.2.10
Mysql是自己编译安装,需要修改名叫"ld.so.conf"的文件:
 

#find / -name ld.so.conf -print
/usr/compat/linux/etc/ld.so.conf

加上一行:
 

复制代码 代码示例:
/usr/local/mysql/lib/mysql [Mysql的安装路径]

下载路径,1.2.10之前的版本都要加入mod-quotatab包。
ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.10.tar.gz
下载后,记得重命名加上.tar.gz

编译:
 

复制代码 代码示例:
tar zvxf proftpd-1.2.10.tar.gz
cd proftpd-1.2.10
./configure
--prefix=/usr/local/proftpd
--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql
--with-includes=/usr/local/mysql/include/mysql
--with-libraries=/usr/local/mysql/lib/mysql
make
make install

运行:
 

复制代码 代码示例:
/usr/local/proftpd/sbin/proftpd

查看进程:
 

复制代码 代码示例:
pgrep proftpd

杀死进程:
 

复制代码 代码示例:
pkill proftpd

终止活跃连接:
 

复制代码 代码示例:
/usr/local/proftpd/sbin/ftpshut now

新建管理数据库
 

复制代码 代码示例:
#cd /usr/local/mysql/bin
#./mysql -u root -p
Enter password:******
mysql>create database proftpd;
mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.* to proftpd@localhost Identified by "******";
mysql>quit

新建下表:
1.ftpgroups
 

复制代码 代码示例:
CREATE TABLE `ftpgroups` (
  `groupname` text NOT NULL,
  `gid` smallint(6) NOT NULL default '0',
  `members` text NOT NULL
) ENGINE=myisam;;

插入数据:(系统组,以后会建立)
 

复制代码 代码示例:
INSERT INTO `ftpgroups` VALUES ('ftpgrp', 2001, 'ftpusr');
INSERT INTO `ftpgroups` VALUES ('pubusers', 2002, 'ftp');

2.ftpusers
 

复制代码 代码示例:
CREATE TABLE `ftpusers` (
  `userid` text NOT NULL,
  `passwd` text NOT NULL,
  `uid` int(11) NOT NULL default '0',
  `gid` int(11) NOT NULL default '0',
  `homedir` text,
  `shell` text
) ENGINE=MyISAM;;

插入测试用户:
 

复制代码 代码示例:
INSERT INTO `ftpusers` VALUES ('test', '123', 2001, 2001, '/usr/ftp/incoming', '');
 

3.quotalimits
 

复制代码 代码示例:
CREATE TABLE `quotalimits` (
  `name` varchar(30) default NULL,
  `quota_type` enum('user','group','class','all') NOT NULL default 'user',
  `per_session` enum('false','true') NOT NULL default 'false',
  `limit_type` enum('soft','hard') NOT NULL default 'soft',
  `bytes_in_avail` float NOT NULL default '0',
  `bytes_out_avail` float NOT NULL default '0',
  `bytes_xfer_avail` float NOT NULL default '0',
  `files_in_avail` int(10) unsigned NOT NULL default '0',
  `files_out_avail` int(10) unsigned NOT NULL default '0',
  `files_xfer_avail` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM;;

设置用户磁盘配额:
 

复制代码 代码示例:
INSERT INTO `quotalimits` VALUES ('test', 'user', 'false', 'soft', 1.024e+09, 0, 2.048e+09, 10, 0, 0);
 

设置test用户,磁盘配额1G,可以上传下载流量2G,最多文件数10个

4.quotatallies
 

复制代码 代码示例:
CREATE TABLE `quotatallies` (
  `name` varchar(30) NOT NULL default '',
  `quota_type` enum('user','group','class','all') NOT NULL default 'user',
  `bytes_in_used` float NOT NULL default '0',
  `bytes_out_used` float NOT NULL default '0',
  `bytes_xfer_used` float NOT NULL default '0',
  `files_in_used` int(10) unsigned NOT NULL default '0',
  `files_out_used` int(10) unsigned NOT NULL default '0',
  `files_xfer_used` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM;;

设置quota,只要在ftpquotalimits表里设置一下就行了,这个表里的各个参数分别代表:
代码:
 

quotalimits表
name: - 用户帐号
quota type: - user, group, class, all (we use user)
per_session: - true or false (we use true)
limit_type: - 硬限制 or 软限制 (我们一般用硬限制)
bytes_in_avail: - 允许上传的字节数
bytes_out_avail: - 允许下载的字节数
bytes_xfer_avail: - 允许传输的字节数(包括上传/下载)
files_in_avail: - 允许上传的文件数
files_out_avail: - 允许下载的文件数
files_xfer_avail: - 允许传输的文件数(包括上传/下载)

建立系统相关用户或组:

1.创建proftpd服务运行的用户和用户组:
 

复制代码 代码示例:
#pw groupadd ftpgrp -g 2001
#pw adduser ftpusr -u 2001 -g 2001 -d /usr/ftp/incoming -s /sbin/nologin

2、创建匿名登陆用户映射的系统用户和用户组
 

复制代码 代码示例:
#pw groupadd pubusers -g 2002
#pw adduser ftp -u 2002 -g 2001 -d /usr/ftp/incoming -s /sbin/nologin

3、配置系统自启动proftpd服务
#ee /etc/rc.conf
加入一行
proftpd_enable=”YES”
这样系统启动的时候会调用/usr/local/etc/rc.d/proftpd.sh脚本启动proftpd服务

4、监控和调试proftpd服务
#/usr/local/sbin/proftpd proftpd -n -d 5 -c /usr/local/etc/proftpd.conf
这样在测试和连接ftp的时候,可以在主机上看到所有的proftpd运行信息

5、日志监控
可以使用下面的命令查看系统日志、传送日志等
 

复制代码 代码示例:
#tail -f /var/log/proftpd.syslog
#tail -f /var/log/proftpd.transferlog

6、用户登陆后运行quote SITE QUOTA命令查看设置的磁盘限额信息
最后运行时出现的问题:
匿名登陆时总出现验证,用测试用户登陆出现错误:
 

复制代码 代码示例:
FreeBSD# ftp 127.0.0.1
Connected to 127.0.0.1 (127.0.0.1).
500 FTP server shut down (going down at Tue Dec 19 20:00:00 2007) -- please try again later.
ftp>
 

解决方法:
#rm -rf /etc/shutmsg
 
相关问题:

Q:在本地ftp localhost输入用户名、密码回车后。等很久才进入FTP Server
A:ftp 127.0.0.1

Q:在远程服务器上ftp ip输入用户名、密码回车后。等很久才进入FTP Server
A:LDAPServer localhost 改为 LDAPServer 127.0.0.1

Q:登录Ftp Server 提示
530 Login incorrect.
Login failed.
我确认输入的用户、密码决对正确
A:在登录ProFTPD时加参数proftpd –d5 –n会输出调试信息。你可以在其中
找到答案。如果在调试信息中找到这一行no such user 'xxxx'
可能是与MySQL/OpenLDAP连接有问题。

Q:服务不能启动,显示主机名错误之类的提示。
A: ee /etc/hosts
加入一行:
本机IP地址 主机名

附: proftpd.conf
 

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName   "Home Download"
ServerType   standalone
DefaultServer   on
# Port 21 is the standard FTP port.
Port    21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask    022
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances   30
# Set the user and group under which the server will run.
User    ftpusr
Group    ftpgrp
requireValidShell off
AllowStoreRestart on
UseReverseDNS off  【解决反应慢问题】
IdentLookups off   【解决反应慢问题】
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite  on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>
----------------------------------------------------
TransferRate STOR 500 user upload       #[up-speed]
TransferRate RETR 500 user homedown     #[down-speed]
PassivePorts 20000 20010
#[被模式开放的端口,防火墙那边也记着开启,否则直接点击网页下载是不可能的,下载工具不关闭"被动模式"将不能下载]
<Directory />
AllowOverwrite on #[断点续UP]
AllowStoreRestart on #[断点续DOWN]
#AllowForeignAddress on
<Limit All>
AllowAll
</Limit>
</Directory>
---------------------------------------------------------
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous /usr/ftp>
  User    ftp
  Group    pubusers
  # We want clients to be able to login with "anonymous" as well as "ftp"
  Useralias   anonymous ftp
  # Limit the maximum number of anonymous logins
  MaxClients   10
  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin   welcome.msg
  DisplayFirstChdir  .message
  # Limit WRITE everywhere in the anonymous chroot
 
  AuthAliasOnly                on #[禁以用户名方式匿名登陆]

  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>
# 数据库联接的信息,proftpdb是数据库名,localhost是主机名,proftpd是连接数据库的用户名,
#proftpdb是密码
#(如果没有密码留空)
SQLConnectInfo proftpd@localhost proftpd ******
# 数据库认证的类型
SQLAuthTypes Backend Plaintext
# 数据库的鉴别
#SQLAuthenticate users* groups*
# 指定用来做用户认证的表的有关信息。
SQLUserInfo ftpusers userid passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
#数据库认证
SQLAuthenticate users groups usersetfast groupsetfast
# 如果home目录不存在,则系统会根据它的home项新建一个目录
 SQLHomedirOnDemand on
# 启用磁盘限额
 QuotaDirectoryTally on
# 磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
QuotaDisplayUnits "Mb"
QuotaEngine on
# 磁盘限额日志记录
 QuotaLog "/var/log/quota.log"
# 打开磁盘限额信息,当登陆FTP帐户后,使用命令 "quote SITE QUOTA" 后可显示当前用#户的磁盘限额

QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail,files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally