由 shihao 在 09-10-2003 22:18 发表:
[zt]proftpd+mysql用户认证+quota磁盘限额
将proftpd的源码包解压缩到某临时目录下:
bunzip2 proftpd-1.2.7.tar.bz2
tar -xvf proftpd-1.2.7.tar
gunzip proftpd-mod-quotatab-1.2.4.tar.gz
tar -xvf proftpd-mod-quotatab-1.2.4.tar
cd mod_quotatab
cp * ../proftpd-1.2.7/modules //把这个目录中的文件拷proftpd中的modules 目录中
cd ../proftpd-1.2.7/contrib
#vi mod_sql_mysql.c
修改#include
1<mysql mysql.h="">根据你的mysql 安装在哪里来决定:
2
3#include
4
5# cd ~/porftpd-1.2.7]
6
7#./configure --prefix=/usr/local/proftpd \
8
9\--with-modules=mod_sql:mod_sql_mysql:mod_quotatab:mod_quotatab_sql \
10
11\--with-includes=/usr/local/mysql/include/mysql \ // mysql 的includes 目录
12
13\--with-libraries=/usr/local/mysql/lib/mysql // mysql 的lib 目录
14
15# make
16
17# make install
18
19将/etc/passwd 和group 拷贝到/usr/local/proftpd/etc下
20
21并修成如下样子:
22
23proftpd/etc/passwd
24
25root❌0:1:Super-User:/:/sbin/sh
26
27daemon❌1:1::/:
28
29uucp❌5:5:uucp Admin:/usr/lib/uucp:
30
31FTPUSR❌1000:1000::/ftp:/bin/sh
32
33
34
35proftpd/etc/group
36
37root::0:root
38
39other::1:
40
41uucp::5:root,uucp
42
43FTPGRP::1000:
44
45
46
47修改proftpd/etc/proftpd.conf 文件配置 (我的配置文件,这是基本的功能)
48
49# This is a basic ProFTPD configuration file (rename it to
50
51# 'proftpd.conf' for actual use. It establishes a single server
52
53# and a single anonymous login. It assumes that you have a user/group
54
55# "nobody" and "ftp" for normal operation and anon.
56
57
58
59ServerName "WELCOME TO JLNU.EDU.CN "
60
61ServerType standalone
62
63DefaultServer on
64
65
66
67# Port 21 is the standard FTP port.
68
69Port 21
70
71
72
73# Umask 022 is a good standard umask to prevent new dirs and files
74
75# from being group and world writable.
76
77Umask 022
78
79
80
81# To prevent DoS attacks, set the maximum number of child processes
82
83# to 30. If you need to allow more than 30 concurrent connections
84
85# at once, simply increase this value. Note that this ONLY works
86
87# in standalone mode, in inetd mode you should use an inetd server
88
89# that allows you to limit maximum number of processes per service
90
91# (such as xinetd).
92
93MaxInstances 30
94
95
96
97DefaultRoot ~
98
99
100
101SystemLog /var/log/ftp.syslog
102
103
104
105TransferLog /var/log/ftp.transferlog
106
107
108
109MaxLoginAttempts 3
110
111
112
113RateReadBPS 8000
114
115
116
117RateWriteBPS 8000
118
119
120
121QuotaDirectoryTally on
122
123
124
125QuotaDisplayUnits Kb
126
127
128
129QuotaEngine on
130
131
132
133QuotaLog /var/ftp/Quota.log
134
135
136
137QuotaShowQuotas on
138
139
140
141<global>
142
143
144
145SQLConnectInfo ftp@localhost:3306 root mysql
146
147
148
149SQLAuthTypes Backend Plaintext
150
151
152
153SQLUserInfo ftpusers userid passwd uid gid home shell
154
155
156
157SQLGroupInfo ftpgrps groupname gid members
158
159
160
161RequireValidShell off
162
163
164
165SQLAuthenticate users
166
167
168
169SQLHomedirOnDemand on
170
171
172
173SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
174
175
176
177SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
178
179
180
181SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
182
183
184
185SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
186
187
188
189QuotaLimitTable sql:/get-quota-limit
190
191QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
192
193
194
195</global>
196
197
198
199
200
201# Set the user and group under which the server will run.
202
203User FTPUSR
204
205Group FTPGRP
206
207
208
209# Normally, we want files to be overwriteable.
210
211<directory></directory>
212
213AllowOverwrite on
214
215
216
217
218
219# A basic anonymous configuration, no upload directories.
220
221<anonymous ~ftp="">
222
223User ftp
224
225Group ftp
226
227
228
229# We want clients to be able to login with "anonymous" as well as "ftp"
230
231UserAlias anonymous ftp
232
233
234
235# Limit the maximum number of anonymous logins
236
237MaxClients 10
238
239
240
241# We want 'welcome.msg' displayed at login, and '.message' displayed
242
243# in each newly chdired directory.
244
245DisplayLogin welcome.msg
246
247DisplayFirstChdir .message
248
249
250
251# Limit WRITE everywhere in the anonymous chroot
252
253<limit write="">
254
255DenyAll
256
257</limit>
258</anonymous>
259
260
261
262#具体设置MySQL认证的一些解释:
263
264#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
265
266#Port是端口号,UserName是连接数据库的用户名,Password是密码。
267
268SQLConnectInfo DatabaseName@localhost  ort root Password
269
270
271
272#数据库认证的类型:
273
274SQLAuthTypes Backend Plaintext
275
276
277
278#指定用来做用户认证的表的有关信息。(需要在数据库中建立两张表用户和组"FTPUSERS""FTPGRPS"是数据表)
279
280SQLUserInfo FTPUSERS userid passwd uid gid homedir shell
281
282
283
284SQLGroupInfo FTPGRPS groupname gid members
285
286
287
288#设置如果shell为空时允许用户登录:
289
290RequireValidShell off
291
292
293
294#数据库的鉴别
295
296SQLAuthenticate users
297
298
299
300#如果home目录不存在,则系统会为根据它的home项新建一个目录:
301
302SQLHomedirOnDemand on
303
304
305
306然后在这个数据库中建立一个用户表FTPUSERS,FTPGRPS:
307
308#mysql –h localhost –u root –p 123
309
310mysql>create database FTP;
311
312mysql>use FTP;
313
314create table FTPUSERS (
315
316userid TEXT NOT NULL, // userid是用做FTP服务的用户名
317
318passwd TEXT NOT NULL, // passwd是指此用户的密码
319
320uid INT NOT NULL, // uid是系统用户的ID,(所映射的系统用户ID)
321
322gid INT NOT NULL, // gid是所属系统组的ID
323
324homedir TEXT, //用户的宿主目录
325
326shell TEXT //指定用户所用的shell ,(在具体应用时为安全做的)
327
328);
329
330
331
332create table FTPGRPS (
333
334grpname TEXT NOT NULL, //grpname是组的名称
335
336gid SMALLINT NOT NULL, // gid是系统组的ID
337
338members TEXT NOT NULL, // members是组的成员(多成员用逗号隔开)
339
340);
341
342插入记录:
343
344INSERT INTO FTPUSERS (userid, passwd, uid, gid, home, shell)
345
346values ('unixsr', '2219118', '1000', '1000', '/FTP/unixsr', '' );
347
348增加用户时按此格式你可以插入。
349
350INSERT INTO FTPGRPS VALUES ('FTPGRPS', 1000, 'FTPUSR');
351
352每当增加用户后,一定要在mysql更新FTPGRPS这个表的成员值
353
354做法:
355
356mysql>update FTPGRPS set members=’unixsr’,unixsr1,unixsr2’;
357
358为FTP用户建立相应的系统用户。
359
360# groupadd -g 1000 FTPGRP
361
362# adduser -g 1000 FTPUSR
363
364修改一下/etc/passwd
365
366主要是把uid 和 gid 都改成1000 并把用户目录改为/FTP (我是手工改的,因为我的系统是三个硬盘做了一个RAID,挂到了/FTP 下,有命令的)
367
368为FTPUSR建立HOME,unixsr 在此目录下:
369
370mkdir /FTP/unixsr
371
372chown FTPUSR /FTP/unixsr
373
374chgrp FTPGRP /FTP/unixsr
375
376当然在这里我仅做了一个用户,多个用户也是一样的,要注意目录属于系统的映射用户和组,
377
378
379
380磁盘限额部分的一些解释:
381
382
383
384#磁盘限额部分
385
386QuotaDirectoryTally on
387
388
389
390#磁盘限额单位 b"|"Kb"|"Mb"|"Gb"
391
392QuotaDisplayUnits "Kb"
393
394
395
396QuotaEngine on
397
398
399
400#磁盘限额日志记录
401
402QuotaLog /var/log/Quota.log
403
404
405
406# 打开磁盘限额信息.
407
408QuotaShowQuotas on
409
410
411
412#以下是SQL调用语句,不用修改直接拷贝过去 (这一部分拷贝网友)
413
414
415
416SQLNamedQuery get-quota-limit SELECT "name, quota_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits \
417
418WHERE name = '%{0}' AND quota_type = '%{1}'"
419
420
421
422SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, \
423
424bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies \
425
426WHERE name = '%{0}' AND quota_type = '%{1}'"
427
428
429
430SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, \
431
432bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, \
433
434files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, \
435
436files_xfer_used = files_xfer_used + %{5} \
437
438WHERE name = '%{6}'</mysql>