1、系统安装及前期准备工作
见《安装邮件服务器之一》,需要建立一个FTP目录,这里假设为/var/ftp,其下有一目录/var/ftp/any为匿名登录使用
2、安装ProFTPD
# cd /usr/ports/ftp/proftpd/
# make install clean
出现选项,根据需要自己选择:
[ ]
IPV6
[ ]
LDAP
[ ]
LDAP_TLS
[X]
MYSQL
[ ]
POSTGRESQL
[X]
OPENSSL
[X]
QUOTA
[X]
IFSESSION
[X]
README
[X]
RATIO
[ ]
CTRLS
[X]
REWRITE
[X]
WRAP
[ ]
WRAP_FILE
[ ]
WRAP_SQL
安装完毕会在系统中产生一对用户和组:nobody:nogroup,后面用它们来启动proftpd,并作为FTP超级用户,现在为它们分配/var/ftp的权限:
# chown nobody:nogroup /var/ftp
# chmod 701 /var/ftp
注意:某些情况下,安好proftpd,重起系统时,会出现如下情况:
1、警告:
Missed packet -- no receive buffer
如果您的系统是6.0以上的话,请尝试:
# sysctl net.isr.direct=1
2、警告:
- warning: unable to determine IP address of
'localhost.localdomain'
- error: no valid servers configured
- Fatal: error processing configuration file
'/usr/local/etc/proftpd.conf'
在/etc/hosts中加入“ip 主机名”。例如:服务器叫soft,ip是192.168.10.23,在hosts文件中加入下面一行:
192.168.10.23 soft
注意:如果主机名带有域名,也要将带域名的主机名加进去。如域名是aa.com,则加入:
192.168.10.23 soft soft.aa.com
3、添加匿名用户(如果不需要匿名登录,这一步可以省略)
# pw adduser ftp -u 3003 -s /sbin/nologin -d /dev/null
# mkdir /var/ftp/any
# chown ftp:ftp /var/ftp/any
# chmod 500 /var/ftp/any
4、修改配置文档使匿名用户生效
# ee /usr/local/etc/proftpd.conf
原始文档中并没有太多的条目,可以根据实际需要来添加。如下是我的配置文档:
#
# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a
user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName
#改为您服务器的名称
ServerType
#不推荐为inetd
DefaultServer
ScoreboardFile
ServerAdmin
#管理员邮箱设置
SyslogLevel
SystemLog
#日志设置为紧急事件记录,还有其他级别可选:emerg, alert, crit (empfohlen), error, warn.
notice, info, debug
ServerIdent
#用户登陆时不显示ftp服务器版本信息
# Port 21 is the standard FTP port.
Port
#改为您需要的端口
# Umask 022 is a good standard umask to prevent new dirs and
files
# from being group and world writable.
Umask
#改为您需要的权限,这里指的是上传上来的文件的权限
MaxLoginAttempts
TimeoutLogin
TimeoutIdle
TimeoutNoTransfer
TimeoutStalled
#超时设置,后面的是达到条件时的警告语
MaxClients
10
#最大客户端数,后面是达到条件时的警告语
MaxClientsPerHost 3
#设置每个客户端最多并发连接数
RequireValidShell
#如果是用上一节的办法建立的用户,这一句必须有,不然就不能登录
DisplayLogin
#手动建立welcome.msg文件,并放入每一个用户的ftp目录下才能起作用。文件里面的内容是登陆时的欢迎信息,可以自己编写。另外,把文件名前加个.使之隐藏是个不错的注意
# To prevent DoS attacks, set the maximum number of child
processes
# to 30. If you need to allow more than 30 concurrent
connections
# at once, simply increase this value. Note that this ONLY
works
# in standalone mode, in inetd mode you should use an inetd
server
# that allows you to limit maximum number of processes per
service
# (such as xinetd).
MaxInstances
CommandBufferSize
#根据自己需要改
# Set the user and group under which the server will run.
User
Group
#这里可以改为您想要的用户和组,但必须是系统中已经存在的
# To cause every FTP user to be "jailed" (chrooted) into their
home
# directory, uncomment this line.
#DefaultRoot ~
DefaultRoot ~
#锁定用户到自己的目录
# Normally, we want files to be overwriteable.
AllowOverwrite
# Bar use of SITE CHMOD by default
DenyAll
#如下是匿名登录的设置,如果不需要匿名登陆,把下面全部注释掉
# A basic anonymous configuration, no upload directories. If you
do not
# want anonymous users, simply delete this entire
#########################################################################
#
# Uncomment lines with only one # to allow basic anonymous
access
#
#########################################################################
#
#匿名用户的ftp目录
### We want clients to be able to login with "anonymous" as well
as "ftp"
### Limit WRITE everywhere in the anonymous chroot
5、试运行
修改完配置文件后启动proftpd:
# /usr/local/sbin/proftpd
如发现无法记录日志,请手动建立/var/log/proftpd.system.log,并授予相应权限:
# chown nobody:nogroup /var/log/proftpd.system.log
# chmod 700 /var/log/proftpd.system.log
这时就可以尝试登陆了,如果登陆没有问题就继续。如果有问题,请对照配置文件查找错误,察看日志也是不错的办法
再次打开profptd.conf,在最后加入如下代码:
SQLConnectInfo ProFTPD@localhost FtpUser 123456
#
数据库联接的信息,ProFTPD是数据库名,localhost是主机名,FtpUser是连接数据库的用户名,123456是密码(如果没有密码留空)
SQLAuthTypes Backend Plaintext
# 数据库认证的类型
SQLUserInfo FTPUSERS userid passwd uid gid homedir shell
SQLGroupInfo FTPGRPS groupname gid members
# 指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会在下面建立)
SQLAuthenticate users* groups*
# 数据库的鉴别
SQLHomedirOnDemand on
# 如果home目录不存在,则系统会根据它的home项新建一个目录
SQLDefaultGID 65534
SQLDefaultUID 65534
#目录所有者,这个很重要,所以我用nobody来做,在此我的nobody为65534
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE userid='%u'" FTPUSERS
SQLLog STOR,DELE modified
# Update modified everytime user uploads or deletes a file
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" FTPUSERS
QuotaDirectoryTally on
# 启用磁盘限额
QuotaDisplayUnits "Mb"
# 磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
QuotaEngine on
QuotaLog "/var/log"
# 磁盘限额日志记录
QuotaShowQuotas on
# 打开磁盘限额信息,当登陆FTP帐户后,使用命令 "quote SITE QUOTA" 后可显示当前用#户的磁盘限额
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail,bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}'AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
# SQL调用语句,不用修改
6、数据库设置
在MySQL里新建一个数据库ProFTPD,添加一个用户FtpUser和密码123456,并赋予它对数据库ProFTPD的操作权,然后在ProFTP里建立各种表,建议在phpmyadmin里做:
CREATE TABLE `FTPGRPS` (
`groupname` varchar(16) NOT NULL default '',
`gid` int(6) NOT NULL default '65534',
`members` varchar(16) NOT NULL default '',
KEY `groupname` (`groupname`)
) TYPE=MyISAM COMMENT='ProFTP group table';
INSERT INTO `FTPGRPS` VALUES ('nobody', 65534, 'nobody');
CREATE TABLE `ftpquotalimits` (
`name` varchar(30) default NULL,
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`per_session` enum('false','true') NOT NULL default 'false',
`limit_type` enum('soft','hard') NOT NULL default 'soft',
`bytes_in_avail` float NOT NULL default '0',
`bytes_out_avail` float NOT NULL default '0',
`bytes_xfer_avail` float NOT NULL default '0',
`files_in_avail` int(6) unsigned NOT NULL default '0',
`files_out_avail` int(6) unsigned NOT NULL default '0',
`files_xfer_avail` int(6) unsigned NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE `ftpquotatallies` (
`name` varchar(30) NOT NULL default '',
`quota_type` enum('user','group','class','all') NOT NULL default 'user',
`bytes_in_used` float NOT NULL default '0',
`bytes_out_used` float NOT NULL default '0',
`bytes_xfer_used` float NOT NULL default '0',
`files_in_used` int(6) unsigned NOT NULL default '0',
`files_out_used` int(6) unsigned NOT NULL default '0',
`files_xfer_used` int(6) unsigned NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE `FTPUSERS` (
`id` int(6) unsigned NOT NULL auto_increment,
`userid` varchar(32) NOT NULL default '',
`passwd` varchar(32) NOT NULL default '',
`uid` int(6) NOT NULL default '65534',
`gid` int(6) NOT NULL default '65534',
`homedir` varchar(255) NOT NULL default '',
`shell` varchar(16) NOT NULL default '/sbin/nologin',
`count` int(11) NOT NULL default '0',
`accessed` datetime NOT NULL default '0000-00-00 00:00:00',
`modified` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`)
) TYPE=MyISAM COMMENT='ProFTP user table';
7、测试
添加用户,建议在phpmyadmin下进行:
INSERT INTO FTPUSERS (userid, passwd, uid, gid, homedir,
shell)
valueS ('user1', '999999', '65534', '65534', '/var/FTP/user1', ''
);
设置磁盘限额:
将上面建立的user1帐号给予10M空间,最多能上传500个文件到服务器上,文件传输流量为20M,只能传输10个文件
INSERT INTO `ftpquotalimits` ( `name` , `quota_type` ,
`per_session` , `limit_type` , `bytes_in_avail` , `bytes_out_avail`
, `bytes_xfer_avail` , `files_in_avail` , `files_out_avail` ,
`files_xfer_avail` )
VALUES ('user1', 'user', 'false', 'soft', '10240000', '0',
'2048000', '500', '0', '10');
不需要设置的部分用0代替就可以了
测试磁盘限额:
尝试使用户名user1和密码999999来登陆,并运行quote SITE QUOTA显示当前用户的磁盘限额:
ftp> quote SITE QUOTA
200-The current quota for this session are [current/limit]:
Name: user1
Quota Type: User
Per Session: False
Limit Type: Soft
Uploaded Kb: 0.00/10000.00
Downloaded Kb: unlimited
Transferred Kb: 0.00/2000.00
Uploaded files: 0/500
Downloaded files: unlimited
Transferred files: 0/10
200 Please contact root@wwwx.3322.org if these entries are
inaccurate
出现上面的文字说明数据库用户验证和磁盘限额测试成功!
将proftpd加入/etc/rc.conf:
proftpd_enable="YES"
8、防火墙
防火墙安装及基本配置请参考《安装邮件服务器之一》,这里只说明有关FTP的内容。打开/etc/ipf.rules,添加如下内容:
pass in log quick on lnc0 proto tcp from any to any port=21
flags S/SA keep state
pass in log quick on lnc0 proto tcp from any to any port 45000
><5000 flags S/SA keep state
pass out log quick on lnc0 proto tcp from any to any flags S/SA
keep sate
为了使proftpd支持被动连接(pasv),需要修改proftpd.conf,在其中添加:
MasqueradeAddress x.x.x.x
PassivePorts 45000 50000
9、致谢
本文参照《[原创] 我的proftpd+mysql+quota @ debian 安装流水笔记》完成,感谢作者mb
本文参考了《FreeBSD网站平台建设全过程 第四步安装配置ftp服务器》和《ProFTPD Example Configurations》,感谢作者们
感谢《FreeBSD4.7环境下使用IPFILTER设置小型企业防火墙》的作者,很抱歉找不到原著和作者信息,这篇文章为本文提供了IP Filter防火墙的参考
第二节中的警告问题参考了《服务器出现Missed packet -- no receive buffer.怎么回事??》和《启动不了proftpd,显示 Name or service not known》,感谢提供解决方法的网友
京公网安备 11010802041100号 | 京ICP备19059560号-4 | PHP1.CN 第一PHP社区 版权所有