首页 > 系统应用 > proftpd 安装配置
2015
08-25

proftpd 安装配置

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.5a.tar.gz

一、编译安装proftpd

要点是:设置正确的MySQL安装路径,我的MySQL是rpm包安装的

tar xvf proftpd-1.3.5a.tar.gz
cd proftpd-1.3.5a
cd进入contrib目录
vi mod_sql_mysql.c
设置我们正确的MySQL头文件
//#include <mysql.h>
#include "/usr/include/mysql/mysql.h"
./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/include/mysql --with-libraries=/usr/lib64/mysql --prefix=/usr/local/proftpd
 
make
 
make install

如果是源代码安装的要注意下,容易提示

/usr/bin/ld: cannot find -lmysqlclient
collect2: ld returned 1 exit status
make: *** [proftpd] 错误 1

例子:
源代码安装mysql在/usr/local/mysql3306

vim contrib/mod_sql_mysql.c 
#include "/usr/local/mysql3306/include/mysql.h"
 
然后就是在/usr/local/mysql3306/lib/mysql 目录下面要有sode 的库,没有就要拷贝下
cp /usr/lib64/mysql/* /usr/local/mysql3306/lib/mysql/
cd /usr/local/mysql3306/lib/mysql
cp libmysqlclient_r.so.16.0.0 libmysqlclient_r.so
cp libmysqlclient.so.16.0.0 libmysqlclient.so
 
./configure --with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql  --with-includes=/usr/local/mysql3306/include/ --with-libraries=/usr/local/mysql3306/lib/mysql/  --prefix=/usr/local/proftpd 
make
make install


/usr/bin/ld: cannot find -lz
collect2: ld returned 1 exit status
make: *** [proftpd] Error 1
 
报这个错误是缺少zlib-devel 安装下就好了
yum -y install zlib-devel
二、在MySQL建立proftpd验证用表结果 在到phpmyadmin执行以下语句
CREATE DATABASE proftpd;

这行是创建名为proftpd的数据库;

GRANT ALL privileges ON proftpd.* TO proftpd@localhost IDENTIFIED BY 'runproftpd'

Grant 这行是为proftpd 数据库授权,让用户名为proftpd,密码为runproftpd(这只是一个例子,密码自己定义)

— 数据库: `proftpd`

— ——————————————————–

— 表的结构 `ftpgroups`

USE proftpd
 
CREATE TABLE `ftpgroups` (
`groupname` VARCHAR(30) NOT NULL,
`gid` INT(11) NOT NULL DEFAULT '1000',
`members` VARCHAR(255) NOT NULL
);
-- --------------------------------------------------------
--
-- 表的结构 `ftpusers`
--
CREATE TABLE `ftpusers` (
`userid` VARCHAR(30) NOT NULL,
`passwd` VARCHAR(80) NOT NULL,
`uid` INT(10) UNSIGNED NOT NULL DEFAULT '501',
`gid` INT(10) UNSIGNED NOT NULL DEFAULT '501',
`homedir` VARCHAR(255) NOT NULL,
`shell` VARCHAR(255) NOT NULL DEFAULT '/sbin/nologin',
`count` INT(10) UNSIGNED NOT NULL DEFAULT '0',
`host` VARCHAR(30) NOT NULL,
`lastlogin` VARCHAR(30) NOT NULL,
UNIQUE KEY `userid` (`userid`)
);


— 导出表中的数据 `ftpusers`

INSERT INTO `ftpusers` VALUES ('test', 'test', 501, 501, '/data/httpd/', '/sbin/nologin',0,'','');

— ——————————————————–

— 表的结构 `quotalimits`

CREATE TABLE `quotalimits` (
`name` VARCHAR(30) DEFAULT NULL,
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`per_session` enum('false','true') NOT NULL DEFAULT 'false',
`limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft',
`bytes_in_avail` FLOAT NOT NULL DEFAULT '0',
`bytes_out_avail` FLOAT NOT NULL DEFAULT '0',
`bytes_xfer_avail` FLOAT NOT NULL DEFAULT '0',
`files_in_avail` INT(10) UNSIGNED NOT NULL DEFAULT '0',
`files_out_avail` INT(10) UNSIGNED NOT NULL DEFAULT '0',
`files_xfer_avail` INT(10) UNSIGNED NOT NULL DEFAULT '0'
);
-- --------------------------------------------------------
--
-- 表的结构 `quotatallies`
--
CREATE TABLE `quotatallies` (
`name` VARCHAR(30) NOT NULL,
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT 'user',
`bytes_in_used` FLOAT NOT NULL DEFAULT '0',
`bytes_out_used` FLOAT NOT NULL DEFAULT '0',
`bytes_xfer_used` FLOAT NOT NULL DEFAULT '0',
`files_in_used` INT(10) UNSIGNED NOT NULL DEFAULT '0',
`files_out_used` INT(10) UNSIGNED NOT NULL DEFAULT '0',
`files_xfer_used` INT(10) UNSIGNED NOT NULL DEFAULT '0'
);

表中
`uid` int(10) UNSIGNED NOT NULL DEFAULT ‘501’,
`gid` int(10) UNSIGNED NOT NULL DEFAULT ‘501’,

的501和501是根据运行proftpd进程用户的实际uid和gid进行修改,一个用户的uid和gid可以id命令获取
[root@www log]# id www
uid=501(www) gid=501(www) groups=501(www)
[root@www log]#

三、配置proftpd

ProFTPD的配置文件在/usr/local/proftpd/etc目录中,就是proftpd.conf文件;您可以把它改名备份;
cd /usr/local/proftpd/etc
mv proftpd.conf proftpd.conf.bak
然后再新建一个 proftpd.conf 文件,内容如下;

ServerName “FTP Server”
ServerType standalone
ServerAdmin xxx@xx.com
DefaultServer On
ServerIdent Off
#Display message
DisplayLogin /usr/local/proftpd/etc/ftplogin.msg
#DisplayConnect /net/messages/ftp.pre
#DisplayFirstChdir index.txt
#Port 21 is the standard FTP port.
Port 21
#Limit users to login by username
<Limit LOGIN>
AllowAll
</Limit>
#Umask 022 is a good standard umask to prevent new dirs and files
#from being group and world writable.
Umask 022
#Limit login attempts
#
MaxLoginAttempts 5
#Set the maximum number of seconds a data connection is allowed
#to “stall” before being aborted.
TimeoutStalled 600
TimeoutLogin 900
TimeoutIdle 600
TimeoutNoTransfer 600
#Set the user and group under which the server will run.
User www
Group www
#To cause every FTP user to be “jailed” (chrooted) into their home
#directory, uncomment this line.
DefaultRoot ~
#Users needs a valid shell
#
RequireValidShell off
#Performance: skip DNS resolution when we process the logs…
UseReverseDNS off
#Turn off Ident lookups
IdentLookups off
#Restart session support
#
AllowStoreRestart on
AllowRetrieveRestart on

#——– load sql.mod for mysql authoritative ——–#
SQLConnectInfo proftpd@localhost proftpd runproftpd
SQLAuthTypes Plaintext
SQLUserInfo ftpusers userid passwd uid gid homedir shell
SQLGroupInfo ftpgroups groupname gid members
SQLAuthenticate users groups
SQLNegativeCache on
SQLHomedirOnDemand on
SQLMinUserGID 501
SQLMinUserUID 501
SQLLogFile /var/log/proftpd.sql.log
SQLNamedQuery getcount SELECT “count from ftpusers where userid=’%u'”
SQLNamedQuery getlastlogin SELECT “lastlogin from ftpusers where userid=’%u'”
SQLNamedQuery updatelogininfo UPDATE “count=count+1,host=’%h’,lastlogin=current_timestamp() WHERE userid=’%u'” ftpusers
SQLShowInfo PASS “230” “You’ve logged on %{getcount} times,last login at %{getlastlogin}”
SQLLog PASS updatelogininfo
#——– load sql.mod for mysql authoritative ——–#

#——— load qudes.mod for Quota limit ——–#
QuotaDirectoryTally on
QuotaDisplayUnits “Mb”
QuotaEngine on
#QuotaLog /var/log/proftpd.quota.log
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT “name,quota_type,per_session,limit_type,bytes_in_avail,bytes_out_avail,bytes_xfer_avail,files_in_avail,files_out_avail,files_xfer_avail FROM quotalimits WHERE name = ‘%{0}’ AND quota_type=’%{1}'”
SQLNamedQuery get-quota-tally SELECT “name,quota_type,bytes_in_used,bytes_out_used,bytes_xfer_used,files_in_used,files_out_used,files_xfer_used FROM quotatallies WHERE name = ‘%{0}’ AND quota_type = ‘%{1}'”
SQLNamedQuery update-quota-tally UPDATE “bytes_in_used = bytes_in_used + %{0},bytes_out_used = bytes_out_used + %{1},bytes_xfer_used = bytes_xfer_used + %{2},files_in_used = files_in_used + %{3},files_out_used = files_out_used + %{4},files_xfer_used = files_xfer_used + %{5} WHERE name = ‘%{6}’ AND quota_type = ‘%{7}'” quotatallies
SQLNamedQuery insert-quota-tally INSERT “%{0},%{1},%{2},%{3},%{4},%{5},%{6},%{7}” quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
#——— load qudes.mod for Quota limit ——–#

# Logging options
# Debug Level
# emerg,alert,crit (empfohlen),error,warn. notice,info,debug
#
SyslogLevel emerg
SystemLog /var/log/proftpd.system.log
TransferLog /var/log/proftpd.xferlog
# Some logging formats
#
LogFormat default “%h %l %u %t “%r” %s %b”
LogFormat auth “%v [%P] %h %t “%r” %s”
LogFormat write “%h %l %u %t “%r” %s %b”
# Log file/dir access
# ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level….
ExtendedLog /var/log/proftpd.paranoid_log ALL default

#To prevent DoS attacks,set the maximum number of child processes
#to 30. If you need to allow more than 30 concurrent connections
#at once,simply increase this value. Note that this ONLY works
#in standalone mode,in inetd mode you should use an inetd server
#that allows you to limit maximum number of processes per service
#(such as xinetd).
MaxInstances 30

# Maximum clients with message
#MaxClients 2 “Sorry,max %m users — try again later”
MaxClientsPerHost 2 “Sorry,only 2 session for one host”

# Normally,we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
RootLogin off
RequireValidShell off
#alphanumeric characters for uploads (and not shell code…)
#PathAllowFilter “^[a-zA-Z0-9_.-]()’+$”
#PathAllowFilter “^[a-zA-Z0-9 _.-]()’+$”
#We don’t want .ftpaccess or .htaccess files to be uploaded
#PathDenyFilter “(.ftp)|(.ht)[a-z]+$”
#pathDenyFilter “.ftp[a-z]+$”
#Do not allow to pass printf-Formats (security! see documentation!):
#AllowFilter “^[a-zA-Z0-9@~ /,_.-]*$”
#DenyFilter “%”

配置中列出了一堆log,实际应用中要根据实际情况进行取舍

配置文件里面一定要加上
SQLMinUserGID 501
SQLMinUserUID 501

不然会上传不了文件报
550 s: Permission denied

创建启动脚本
vim /etc/init.d/proftpd

#!/bin/sh
#
# Startup script for ProFTPD
#
# chkconfig: 345 85 15
# description: ProFTPD is an enhanced FTP server with \
# a focus toward simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple ‘virtual’ FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftpd.conf
#
# By: Osman Elliyasa <osman@Cable.EU.org>
# $Id: proftpd.init.d,v 1.7 2002/12/07 21:50:27 jwm Exp $

# Source function library.
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/proftpd ]; then
. /etc/sysconfig/proftpd
fi

PATH=”$PATH:/usr/local/proftpd/sbin”

# See how we were called.
case “$1” in
start)
echo -n “Starting proftpd: ”
daemon proftpd $OPTIONS
echo
touch /var/lock/subsys/proftpd
;;
stop)
echo -n “Shutting down proftpd: ”
killproc proftpd
echo
rm -f /var/lock/subsys/proftpd
;;
status)
status proftpd
;;
restart)
$0 stop
$0 start
;;
reread)
echo -n “Re-reading proftpd config: ”
killproc proftpd -HUP
echo
;;
suspend)
hash ftpshut >/dev/null 2>&1
if [ $? = 0 ]; then
if [ $# -gt 1 ]; then
shift
echo -n “Suspending with ‘$*’ ”
ftpshut $*
else
echo -n “Suspending NOW ”
ftpshut now “Maintanance in progress”
fi
else
echo -n “No way to suspend ”
fi
echo
;;
resume)
if [ -f /etc/shutmsg ]; then
echo -n “Allowing sessions again ”
rm -f /etc/shutmsg
else
echo -n “Was not suspended ”
fi
echo
;;
*)
echo -n “Usage: $0 {start|stop|restart|status|reread|resume”
hash ftpshut
if [ $? = 1 ]; then
echo ‘}’
else
echo ‘|suspend}’
echo ‘suspend accepts additional arguments which are passed to ftpshut(8)’
fi
exit 1
esac

if [ $# -gt 1 ]; then
shift
$0 $*
fi

exit 0

最后编辑:
作者:saunix
大型互联网公司linux系统运维攻城狮,专门担当消防员

留下一个回复