以前使用的proftpd,但是没有和mysql结合起来。导致用户管理上不方便。
这2天研究了一下proftpd的配置,做到了使ProFTPD 支持MySQL数据库,添加虚拟用户认证及Quotas(磁盘限额)。具体的如下:
1、安装proftpd带mysql支持
apt-get install proftpd-mysql
2、创建proftpd使用的mysql数据库
[[email protected] ~]# mysql -uroot -p
mysql>create database proftpd;
mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.* to [email protected] Identified by "password";
mysql>quit
3、导入数据库。这一步,可以使用phpmyaqmin进行
-- 数据库: proftpd
--
-- --------------------------------------------------------
--
-- 表的结构 ftpgroups
--
CREATE TABLE ftpgroups
(
groupname
varchar(30) NOT NULL default '',
gid
int(11) NOT NULL default '1000',
members
varchar(255) NOT NULL default ''
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 ftpusers
--
CREATE TABLE ftpusers
(
userid
varchar(30) NOT NULL default '',
passwd
varchar(80) NOT NULL default '',
uid
int(10) unsigned NOT NULL default '1000',
gid
int(10) unsigned NOT NULL default '1000',
homedir
varchar(255) NOT NULL default '',
shell
varchar(255) NOT NULL default '/sbin/nologin',
count
int(10) unsigned NOT NULL default '0',
host
varchar(30) NOT NULL default '',
lastlogin
varchar(30) NOT NULL default '',
UNIQUE KEY userid
(userid
)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--
-- 导出表中的数据 ftpusers
--
INSERT INTO ftpusers
VALUES ('test', 'test', 1000, 1000, '/home/test', '/sbin/nologin',0,'','');
-- --------------------------------------------------------
--
-- 表的结构 quotalimits
--
CREATE TABLE quotalimits
(
name
varchar(30) default NULL,
quota_type
enum('user','group','class','all') NOT NULL default 'user',
per_session
enum('false','true') NOT NULL default 'false',
limit_type
enum('soft','hard') NOT NULL default 'soft',
bytes_in_avail
float NOT NULL default '0',
bytes_out_avail
float NOT NULL default '0',
bytes_xfer_avail
float NOT NULL default '0',
files_in_avail
int(10) unsigned NOT NULL default '0',
files_out_avail
int(10) unsigned NOT NULL default '0',
files_xfer_avail
int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 quotatallies
--
CREATE TABLE quotatallies
(
name
varchar(30) NOT NULL default '',
quota_type
enum('user','group','class','all') NOT NULL default 'user',
bytes_in_used
float NOT NULL default '0',
bytes_out_used
float NOT NULL default '0',
bytes_xfer_used
float NOT NULL default '0',
files_in_used
int(10) unsigned NOT NULL default '0',
files_out_used
int(10) unsigned NOT NULL default '0',
files_xfer_used
int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
4、
修改proftpd的配置文件nano proftpd.conf
在其中增加下面几行(注意,下面的部分仅仅是mysql连接部分,关于proftpd的配置文件写法,参照我以前的文章把)
5、启动prfoftpd,测试#——– load sql.mod for mysql authoritative ——–#
SQLConnectInfo [email protected] proftpd proftpd
#注:上面这行是MySQL连接服务器部份,自己根据情况来改一改;
SQLAuthTypes Plaintext
SQLUserInfo ftpusers userid passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
SQLAuthenticate users groups
SQLNegativeCache on
SQLHomedirOnDemand on
SQLLogFile /var/log/proftpd.sql.log
SQLNamedQuery getcount SELECT "count from ftpusers where userid=’%u’"
SQLNamedQuery getlastlogin SELECT "lastlogin from ftpusers where userid=’%u’"
SQLNamedQuery updatelogininfo UPDATE "count=count+1,host=’%h’,lastlogin=current_timestamp() WHERE userid=’%u’" ftpusers
SQLShowInfo PASS "230" "You’ve logged on %{getcount} times, last login at %{getlastlogin}"
SQLLog PASS updatelogininfo
#——– load sql.mod for mysql authoritative ——–#
#——— load qudes.mod for Quota limit ——–#
QuotaDirectoryTally on
QuotaDisplayUnits "Mb"
QuotaEngine on
#QuotaLog /var/log/proftpd.quota.log
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail,
bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits
WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used,
bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies
WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0},
bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},
files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4},
files_xfer_used = files_xfer_used + %{5}
WHERE name = ‘%{6}’ AND quota_type = ‘%{7}’" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
#——— load qudes.mod for Quota limit ——–#
# Logging options
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
SyslogLevel emerg
SystemLog /var/log/proftpd.system.log
TransferLog /var/log/proftpd.xferlog
# Some logging formats
#
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"
# Log file/dir access
# ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level….
ExtendedLog /var/log/proftpd.paranoid_log ALL default
/etc/init.d/proftpd restart
需要注意的事情有:
注意检查添加的虚拟用户的主目录和shell设置是否正常,这2个是不能登陆的最常见的原因
另外,似乎proftpd启用了虚拟用户之后,和vsftpd一样,正常用户无法登陆。而且,虚拟用户的用户名,不能和系统用户的用户名相同,否则,不能正常登陆