由 simon315 在 09-18-2003 10:31 发表:
APACHE+PHP+MYSQL+PHPMyAdmin+PROFTPD(mysql验证用户)
APACHE2.0.47+PHP4.3.3+MYSQL3.23.57+PHPMyAdmin2.5.3+PROFTPD(mysql验证用户)
在REDHAT LINUX 9环境下,得到Shine chinaunix与linuxsir社区的帮助下测试通过
APACHE
cd httpd-2.0.45
./configure --prefix=/usr/local/apache --enable-so
make
make install
httpd.conf
AddType application/x-httpd-php .php .php3 .htm .phtml .php4
DirectoryIndex index.htm index.html index.php3 index.php default.php
mysql:
#groupadd mysql
#useradd -g mysql mysql
#cd mysql-3.23.52
#./configure --prefix=/usr/local/mysql
#make
#make install
#cd /usr/local/mysql/bin
#./mysql_install_db(建var库)
#chown -R root /usr/local/mysql
#chown -R mysql /usr/local/mysql/var
#chgrp -R mysql /usr/local/mysql
#./safe_mysqld & (先以root启动)
#./mysql
安装mysql时,将mysql库所在的目录添加进配置文件中,例如
echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.conf
然后执行ldconfig -v|grep libmysqlclient ,再试试!
php:
./configure --with-mysql=/usr/local/mysql --with-apxs2=/usr/local/apache/bin/apxs --enable-track-vars --enable-force-cgi-redirect --enable-pic --enable-inline-optimiation --enable-memory-limit --enable-bcmath --enable-shmop --enable-versioning --enable-calendar --enable-dbx --enable-dio --enable-mcal --with-config-file-path=/usr/local/apache/conf
make
make install
cp php.ini-dist /usr/local/lib/php.ini
vi /usr/local/lib/php.ini 修改 mysql.default_socket =/tmp/mysql.sock
phpMyAdmin
vi config.inc.php
$cfg['PmaAbsoluteUri']
$cfg['Servers'][$i]['user']
$cfg['Servers'][$i]['password']
cp phpMyAdmin /user/local/apache/htdocs
proftpd-mod-quotatab
解压 proftpd-mod-quotatab目录,将此目录下的所有文件复制到解压后的proftpd目录下的modules目录中,接着到contrib目录中编辑mod_sql_mysql.c文件:
vi mod_sql_mysql.c
找到#include 这一行,将mysql.h改成你的系统中此文件所在的路径,如/usr/local/mysql/include/mysql/mysql.h
proftpd
然后在解压后的proftpd目录中执行:
./configure --prefix=/usr/local/proftpd -with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql --with-includes=/usr/local/mysql/include/mysql --with-libraries=/usr/local/mysql/lib/mysql
注意请根据自己的Linux系统找到MySQL的相应include和lib目录,以上例子中的相关路径是大多数Linux系统默认的,如果你的MySQL是通过源码编译安装的,则这两个目录一般在安装路径下。
如果configure ,make有错的话,可能是采用了mysql4.x以上,请用mysql3.x的版本
如果configure没有错误,接下来就可以make;make install了。
make
make install
创建一个FTP用户和组,以后所有的其它FTP用户实际上都是通过这个系统用户进行FTP的:
groupadd –g 2003 ftpgroup
useradd –u 2003 –g ftpgroup –d /home ftpuser
以上建立了一个名为ftpgroup的ftp组,组id为2003;建立了一个ftp用户,用户id为2003,并加入ftpgroup组,用户主目录为/home
因为在redhat linux下用大写不能建立用户,请用小写
接着修改/home的属主和访问权限:
chown –R ftpuser.ftpgroup /home
chmod 644 /home
644的具体含义请自查看相关文档。
再修改proftpd.conf文件,找到User 和 Group,将User指定为ftpuser,Group指定为ftpgroup,替换掉原默认值,否则如果系统中没有原默认值所指定的用户和组的话,proftpd是不能成功启动的。
/usr/local/mysql/bin/safe_mysqld &
启动mysql服务
/usr/local/mysql/bin/mysqladmin -u root -p password yourpassword
#更改root在mysql中的密码
用phpMyAdmin
添加一个mysql用户:ftp
添加一个数据库:proftpd
/usr/local/mysql/bin/mysqladmin -u ftp -p password yourpassword
/usr/local/mysql/bin/mysql -u ftp -p
建完用户和数据库后,以新建的用户登录MYSQL:
mysql>
mysql>use proftpd;
mysql>create table ftpUser (userid TEXT NOT NULL,passwd TEXT NOT NULL,uid INT NOT NULL,gid INT NOT NULL,homedir TEXT,shell TEXT);
userid是用户名,passwd是用户密码,uid是用户id,gid是用户所在组的id,homedir是用户主目录,shell是用户的系统shell。
mysql>create table ftpGroup (groupname TEXT NOT NULL,gid SMALLINT NOT NULL,members TEXT NOT NULL);
groupname是组名,gid是组id,members是组的成员,有多个成员时,要用逗号隔开。
以上建立了FTP用户和用户组的数据表。
mysql>CREATE TABLE quotalimits (
name VARCHAR(30),
quota_type ENUM("user", "group", "class", "all") NOT NULL,
per_session ENUM("false", "true") NOT NULL,
limit_type ENUM("soft", "hard") NOT NULL,
bytes_in_avail FLOAT NOT NULL,
bytes_out_avail FLOAT NOT NULL,
bytes_xfer_avail FLOAT NOT NULL,
files_in_avail INT UNSIGNED NOT NULL,
files_out_avail INT UNSIGNED NOT NULL,
files_xfer_avail INT UNSIGNED NOT NULL
);
mysql>CREATE TABLE quotatallies (
name VARCHAR(30) NOT NULL,
quota_type ENUM("user", "group", "class", "all") NOT NULL,
bytes_in_used FLOAT NOT NULL,
bytes_out_used FLOAT NOT NULL,
bytes_xfer_used FLOAT NOT NULL,
files_in_used INT UNSIGNED NOT NULL,
files_out_used INT UNSIGNED NOT NULL,
files_xfer_used INT UNSIGNED NOT NULL
);
以上quotalimits表是FTP用户的磁盘限额配置信息,quotatallies表存放的是用户磁盘限额变动的信息。
quotatallies表不需要作修改,由程序自动记录
下面是quotalimits 表中各字段的含意:
quota_type 磁盘限额的鉴别
bytes_in_avail 上传最大字节数,就是FTP用户空间容量
bytes_out_avail 下载最大字节数
bytes_xfer_avail 总共可传输的文件的最大字节数(上传和下载流量)
files_in_avail 总共能上传文件的数目
files_out_avail 能从服务器上下载文件的总数目
files_xfer_avail 总共可传输文件的数目(上传和下载)
表全部建完后,就可以创建FTP用户了,在ftpUser表中插入一条记录如下:
INSERT INTO ftpUser (userid, passwd, uid, gid, homedir, shell) values ('shine', password('yourpassword'), '2003', '2003', '/home/shine', '' );
以上建立了一个新的FTP用户,用户名为shine,密码为yourpassword,可以看到密码用mysql的系统函数password进行了加密,用户id和组id均为2003,这里随便填,我填了和系统用户ftpUser和系统组ftpGroup相同的id,不知道会不会有问题。 /home/shine为用户主目录,用户shell为空。
如果要想应用到更多的功能,且建立了组的数据表,你也要为此添加记录,不过一定要注意在members的字段多个成员一定要用逗号隔开。
INSERT INTO ftpGroup VALUES ('ftpgroup', 2003, 'ftpuser');
下面再来建立初始的用户磁盘限额信息:
将已经建立的shine帐号赋予50M空间,最多能上传500个文件,文件传输流量为512k,总共只能传输2000个文件,插入记录如下:
INSERT INTO quotalimits (name,quota_type,per_session,limit_type,bytes_in_avail,bytes_out_avail,bytes_xfer_avail,files_in_avail,files_out_avail,files_xfer_avail)VALUES ('shine','user', 'true','soft', '51200000', '0','512000','500','0','2000');
以下是我proftpd.conf的内容
This is a basic ProFTPD configuration file (rename it to
'proftpd.conf' for actual use. It establishes a single server
and a single anonymous login. It assumes that you have a user/group
"nobody" and "ftp" for normal operation and anon.
ServerName "3Rangers FTP"
ServerType standalone
DefaultServer on
Port 21 is the standard FTP port.
Port 21
Umask 022 is a good standard umask to prevent new dirs and files
from being group and world writable.
Umask 022
To prevent DoS attacks, set the maximum number of child processes
to 30. If you need to allow more than 30 concurrent connections
at once, simply increase this value. Note that this ONLY works
in standalone mode, in inetd mode you should use an inetd server
that allows you to limit maximum number of processes per service
(such as xinetd).
MaxInstances 30
TimeoutLogin 0
Set the user and group under which the server will run.
User ftpuser
Group ftpgroup
To cause every FTP user to be "jailed" (chrooted) into their home
directory, uncomment this line.
DefaultRoot ~
AllowLogSymlinks on
ShowSymlinks on
UseReverseDNS off
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
SQLConnectInfo proftpd@localhost:3306 root simon
#databaseName是为proftpd建立的MySQL数据库的名字
#hostName是MySQL数据库所在的服务器的名字或ip地址
#port是MySQL服务所使用的端口
#userName是数据库的用户名
#password是数据库用户密码
SQLAuthTypes Backend Plaintext
#Backend表示用户认证方式为MySQL数据库的认证方式
#Plaintext表示明文认证方式,排在最前面的为最先使用的方式
SQLUserInfo ftpUser userid passwd uid gid homedir shell
#指定ftp用户数据表的名字和其中的字段名,表名可自行定义,字段名不要改动。
SQLGroupInfo ftpGroup groupname gid members
#指定ftp用户组数据表的名字和其中的字段名,这个数据表是可选的,字段名不要改动。
RequireValidShell off
#指定是否必须为FTP用户指定一个系统shell,off表示不用指定,on表示必须指定。为了系统安全应该指定为off。
SQLAuthenticate users groups usersetfast groupsetfast
#校验数据表
SQLHomedirOnDemand on
#如果用户主目录不存在,则系统会根据此用户在用户数据表中的homedir字段的值新建一个目录
QuotaDirectoryTally on
#设置磁盘限额
QuotaDisplayUnits "Kb"
#设置磁盘容量显示时的单位
QuotaEngine on
#打开磁盘限额引擎
QuotaLog "/usr/local/proftpd/var/quota"
#设置磁盘限额日志文件
QuotaShowQuotas on
#允许显示磁盘限额信息,ftp登录后可执行quote site quota命令查看当前磁盘使用情况
#在proftpd.conf文件中加入以下配置:
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail,files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used,files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
Normally, we want files to be overwriteable.
AllowOverwrite on
A basic anonymous configuration, no upload directories. If you do not
want anonymous users, simply delete this entire section.
User ftp
Group ftp
We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
Limit the maximum number of anonymous logins
MaxClients 10