以前使用的proftpd,但是没有和mysql结合起来。导致用户管理上不方便。
这2天研究了一下proftpd的配置,做到了使ProFTPD 支持MySQL数据库,添加虚拟用户认证及Quotas(磁盘限额)。具体的如下:
1、安装proftpd带mysql支持
apt-get install proftpd-mysql
2、创建proftpd使用的mysql数据库
[root@localhost ~]# mysql -uroot -p
mysql>create database proftpd;
mysql>Grant select,insert,update,delete,create,drop,index,alter,create temporary tables,lock tables on proftpd.* to proftpd@localhost Identified by "password";
mysql>quit
3、导入数据库。这一步,可以使用phpmyaqmin进行
-- 数据库: `proftpd`
--
-- --------------------------------------------------------
--
-- 表的结构 `ftpgroups`
--
CREATE TABLE `ftpgroups` (
`groupname` varchar(30) NOT NULL default '',
`gid` int(11) NOT NULL default '1000',
`members` varchar(255) NOT NULL default ''
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `ftpusers`
--
CREATE TABLE `ftpusers` (
`userid` varchar(30) NOT NULL default '',
`passwd` varchar(80) NOT NULL default '',
`uid` int(10) unsigned NOT NULL default '1000',
`gid` int(10) unsigned NOT NULL default '1000',
`homedir` varchar(255) NOT NULL default '',
`shell` varchar(255) NOT NULL default '/sbin/nologin',
`count` int(10) unsigned NOT NULL default '0',
`host` varchar(30) NOT NULL default '',
`lastlogin` varchar(30) NOT NULL default '',
UNIQUE KEY `userid` (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
--
-- 导出表中的数据 `ftpusers`
--
INSERT INTO `ftpusers` VALUES ('test', 'test', 1000, 1000, '/home/test', '/sbin/nologin',0,'','');
-- --------------------------------------------------------
--
-- 表的结构 `quotalimits`
--
CREATE TABLE `quotalimits` (
`name` varchar(30) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`per_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'soft',
`bytes_in_avail` float NOT NULL default '0',
`bytes_out_avail` float NOT NULL default '0',
`bytes_xfer_avail` float NOT NULL default '0',
`files_in_avail` int(10) unsigned NOT NULL default '0',
`files_out_avail` int(10) unsigned NOT NULL default '0',
`files_xfer_avail` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- --------------------------------------------------------
--
-- 表的结构 `quotatallies`
--
CREATE TABLE `quotatallies` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_in_used` float NOT NULL default '0',
`bytes_out_used` float NOT NULL default '0',
`bytes_xfer_used` float NOT NULL default '0',
`files_in_used` int(10) unsigned NOT NULL default '0',
`files_out_used` int(10) unsigned NOT NULL default '0',
`files_xfer_used` int(10) unsigned NOT NULL default '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
4、修改proftpd的配置文件nano proftpd.conf
在其中增加下面几行(注意,下面的部分仅仅是mysql连接部分,关于proftpd的配置文件写法,参照我以前的文章把)
5、启动prfoftpd,测试#——– load sql.mod for mysql authoritative ——–#
SQLConnectInfo proftpd@localhost proftpd proftpd
#注:上面这行是MySQL连接服务器部份,自己根据情况来改一改;
SQLAuthTypes Plaintext
SQLUserInfo ftpusers userid passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
SQLAuthenticate users groups
SQLNegativeCache on
SQLHomedirOnDemand on
SQLLogFile /var/log/proftpd.sql.log
SQLNamedQuery getcount SELECT "count from ftpusers where userid=’%u’"
SQLNamedQuery getlastlogin SELECT "lastlogin from ftpusers where userid=’%u’"
SQLNamedQuery updatelogininfo UPDATE "count=count+1,host=’%h’,lastlogin=current_timestamp() WHERE userid=’%u’" ftpusers
SQLShowInfo PASS "230" "You’ve logged on %{getcount} times, last login at %{getlastlogin}"
SQLLog PASS updatelogininfo
#——– load sql.mod for mysql authoritative ——–#
#——— load qudes.mod for Quota limit ——–#
QuotaDirectoryTally on
QuotaDisplayUnits "Mb"
QuotaEngine on
#QuotaLog /var/log/proftpd.quota.log
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail,
bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits
WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used,
bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies
WHERE name = ‘%{0}’ AND quota_type = ‘%{1}’"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0},
bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2},
files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4},
files_xfer_used = files_xfer_used + %{5}
WHERE name = ‘%{6}’ AND quota_type = ‘%{7}’" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
#——— load qudes.mod for Quota limit ——–#
# Logging options
# Debug Level
# emerg, alert, crit (empfohlen), error, warn. notice, info, debug
#
SyslogLevel emerg
SystemLog /var/log/proftpd.system.log
TransferLog /var/log/proftpd.xferlog
# Some logging formats
#
LogFormat default "%h %l %u %t "%r" %s %b"
LogFormat auth "%v [%P] %h %t "%r" %s"
LogFormat write "%h %l %u %t "%r" %s %b"
# Log file/dir access
# ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level….
ExtendedLog /var/log/proftpd.paranoid_log ALL default
/etc/init.d/proftpd restart
需要注意的事情有:
注意检查添加的虚拟用户的主目录和shell设置是否正常,这2个是不能登陆的最常见的原因
另外,似乎proftpd启用了虚拟用户之后,和vsftpd一样,正常用户无法登陆。而且,虚拟用户的用户名,不能和系统用户的用户名相同,否则,不能正常登陆