Configure the FTP server in MySQL + Proftpd

File Transfer Protocol is a common and important internet Protocol in the internet. It is widely used in the internet. However, accounts in traditional FTP services use system users on servers, this also leaves a hidden danger for system security. using MySQL for user authentication can effectively avoid this risk. It uses databases to provide users and their authentication, and maps FTP accounts to system users, thus avoiding the use of system users. This ensures security. 8 | uq
To configure the FTP server with MySQL + Proftpd, you need to have the tunnel mod_ SQL. As mentioned in this article, assume that MySQL has been installed on your server. The specific process is VR ~
1. obtain the required installation package (mod_ SQL, proftpd ). # &: R7Y
Proftpd installation package can be obtained through the http://www.proftpd.net, note to support MySQL authentication at least version 1.2.5 .. W @ 7N
Mod_ SQL installation package can be through http://www.lastditcheffort.org /~ Aah/proftpd/mod_ SQL. Zphv. ^
Ii. Package Installation. '
Unmount the installation package: Copy proftpd-1.2.8.tar.gz to the/usr/local/src directory and run the command: 7 p: YMe.
Tar zvxf proftpd-1.2.8.tar.gz5r1
Undo, then generate a proftpd-1.2.8 directory. Then enter the contrib directory in the directory: o ^ 7_8
Cd proftpd-1.2.8/contrib /."
Copy the "mod_ SQL" in the "medium" directory and unbind it: B] Pf
Tar zvxf Co., mod_sql-4.0.8.tar.gz ^
Configure to make Proftpd support MySQL authentication: NgO * t |
. /Configure -- prefix =/usr/local/proftpd -- with-modules = mod_ SQL: mod_ SQL _mysql -- with-supported des =/usr/include/mysql -- with-libraries =/usr/lib/mysql ^ J
Note: The -- with-related des option refers to the directory where the MySQL header file is located; the -- with-libraries option refers to the directory where the MySQL library file is located. Different environments may be different directories. U $ %
Compile:>
Make red sweetheart Forum-red sweetheart Forum q
Installation: Y-e
Make installEvw
After installation, perform the following steps to test whether Proftpd works properly: 7_Sd [/
Sh sample-deployments/PFTEST. install &!? J
The temporary files required for the test are placed in the/tmp/PFTEST directory and run the command: FZ5eN.
./Proftpd-n-d 5-c/tmp/PFTEST. conf! J M2T
If it works properly, you can find a lot of information and the last line will show:, v ^ I
ProFTPD 1.2.8 (built ***) standalone mode STARTUP (Li 'C
It indicates that the service is started. The port number is 2021. You can use the user proftpd and password proftpd to perform a logon test. If it is normal, you can make the following preparations; otherwise, check whether the installation is correct. H *~ V ~
3. Create a database and its tables for the FTP service. W
1. You can create a dedicated database for this service or store it in other databases. Here I create a dedicated database FTP: Nj8Rt
Red sweetheart Forum-red sweetheart Forum 0/+> G'
Create database FTP; ffP + D
Red sweetheart Forum-red sweetheart Forum C
2. Create a user table FTPUSERS in this database. This table is required:. <F)
Red sweetheart Forum-red sweetheart Forum =} S
Use FTP; hl
Create table FTPUSERS (|
Userid text not null, Uyy
Passwd text not null, 3qF [
Uid int not null, le/@ W
Gid int not null,] ~ Uw
Home TEXT, Szw
Shell TEXTH
);> Jbb
This table is required for user authentication. userid and passwd are essential, and userid is the username used for FTP service; passwd is the password of this user; uid is the ID of the System user, that is, the mapped system user; gid is the ID of the system group to which the user belongs; home is the HOME directory of the user; you can specify a shell for this user. Of course, you can create more fields, such as the count used to record the number of user logins, or the date of the date. If you are familiar with the configuration, you can add more features as you like. I will not talk about it here .!
3. If you want to use all the functions, you can add another required table: FTPGRPS, that is, the table for determining the group. Of course, you can skip this, the format is Y> Bp_X.
Create table FTPGRPS (stR
Pagername text not null, H
Gid smallint not null, Gk
Members text not null, E
); N
In this example, the value of "kgname" indicates the group name, "gid" indicates the system group ID, and "members" indicates the group members. Note: multiple members must be separated by commas (,). spaces are not allowed. Y
Red sweetheart Forum-red sweetheart Forum ~
4. empty table insert record: 'dl3 [
Insert into ftpusers (userid, passwd, uid, GID, home, shell) $ + [
Values ('user1', '000000', '000000', '000000', '/home/FTP/user1', "");]
Red sweetheart Forum-red sweetheart Forum = W -! * 3
In this format, you can insert a record for each user. ZC & 7%
If you want to apply more features and create a group table, you also need to add records for it. However, you must note that multiple members in the Members field must be separated by commas. 'Cow
Red sweetheart Forum-red sweetheart Forum BV
4. Create system users for FTP users .; C {
In this example, only one valid system user ftpusr and a group ftpgrp are provided for the entire FTP service. Of course, you can also set multiple system users. For the sake of security, I only set one, use it to start FTP daemon, and map all ftp users to this user. Z
Red sweetheart Forum-red sweetheart Forum & pzy2j
Create an ftpgrp group:> 4; n
Groupadd-G 1000-r ftpgrp"
Create ftpusr User: T
Adduser-u 1000-G 1000-D/home/ftp-S/bin/bash-r ftpusr = H
Red sweetheart Forum-red sweetheart Forum 6L & U) 5
Create a HOME for FTPUSR and store all the FTP user active spaces in this directory: VeRi =/
Mkdir/home/FTPU
Chown FTPUSR/home/FTPJ;
Chgrp FTPGRP/home/FTPp7!
Red sweetheart Forum-red sweetheart Forum I
5. Set the configuration file. /
The Proftpd configuration file proftpd. conf is in the/usr/local/etc/directory. You can use different configuration files for unnecessary authentication. Using MySQL authentication, you can copy the sample-configurations/mod_ SQL .conf to/usr/local/etc and rename it proftpd. confCMx
Modify the proftpd. conf file as follows :*[
Red sweetheart Forum-red sweetheart Forum Pc K
# Set the FTP server name: l,
ServerName "My FTP Server" O "'
# Set the FTP server type: r ~ Dhi <
ServerType standaloneEk) ya
DefaultServer on2:
# Set the root to restrict user activity somewhere and enhance server security. 1
DefaultRoot ~ E
# Set the FTP service port number. The standard FTP service port is 21. LNf) p3
Port 21Jo) U:
# Set the permission mask when creating a new file or directory: B (eSy
Umask 022c0n ~ T
# Set the System Log File: G
Systemlog/var/log/ftp. syslogu %!
# Set the log file for recording file transfer: e'
Transferlog/var/log/ftp. transferlog ^
# Set the maximum number of logon attempts. If the maximum number of logon attempts is exceeded, disconnect automatically: 6z
Maxloginattempts 3 (
Red sweetheart Forum-red sweetheart Forum MCJ)
# Set MySQL authentication: [HDP/
<Global> As; P5
# Database connection information. databasename indicates the Database Name and hostname indicates the host name ,? F
# Port indicates the port number, username indicates the username used to connect to the database, and password indicates the password. XT-
Sqlconnectinfo databasename @ hostname: Port username passwordv. N. % J
# For example, sqlconnectinfo ProFTPD @ localhost root 123456j
# Database Authentication Type: 8 kg/] =
Sqlauthtypes backend plaintextgj '^>
# Specify information about the table used for user authentication. Ar
Sqluserinfo ftpusers userid passwd uid gid home shellhom4
# Set to allow users to log on to: HSV y + If shell is empty
Requirevalidshell off7yz
# Database Authentication. Here is the method used for users: "rrj
Sqlauthenticate users? 'Vu '!
# If the home directory does not exist, the system creates a directory named E3 & Cy based on its home item.
Sqlhomedirondemand on =: 8 -*
</Global> 5 K ~ Y
# To prevent DoS attacks, set the maximum process: tn0} =]
Maxinstances 30 ~ ID
# Set system users and groups for normal services: a = % ZCL
User ftpusr0/Kag *
Group ftpgrp = & 7u
# Set the information displayed during user logon and the information in each subdirectory: J
Displaylogin welcome. MSG/@ zofu
Displayfirst chdir. message2 {PJ'
# Set the maximum number of logins: u7s> P
Maxclients 10db]-
# Supports resumable upload: 0i
Allowretrieverestart ono
Red sweetheart Forum-red sweetheart Forum (L & V
6. Test. Q
After the file configuration is completed, you can start the ProFTPd service to test whether it is successful: DPO K
/Usr/local/sbin/ProFTPD-n u
In this case, you can find that the service has been started. You can log on elsewhere. If you follow the above configuration, you can use the FTP service, but it took me a lot of time to test. It doesn't matter if it doesn't work. Check the problem in that place carefully. If the preceding test succeeds, the problems in the configuration file may be large. Of course, the ftpusers table in the database cannot contain errors. Eg
Red sweetheart Forum-red sweetheart Forum 7 ~
7. Compile the script. 3z
All right, everything is successful. Next we will write a script to start the FTP service. If the server type you are using is "servertype inetd", if you are using the inetd service, you need to modify the/etc/inetd. conf file and add a line: YG! ^ 2
FTP streamtcpnowaitroot/usr/local/sbin/ProFTPD proftpdg
If xinetd is used, add a file: ProFTPD $ +. O in the/etc/xinetd. d/directory.
The specific content is as follows: C
Service ftp5m't
{Red sweetheart Forum-red sweetheart Forum #
Flags = reuse0
Socket_type = stream8bp
Instances = 30)
Wait = no_lk
User = rootp
Server =/usr/local/sbin/proftpd1 :'&
Log_on_success = Host PID & sdp9/
Log_on_failure = Host record @ cpeti
} Red sweetheart Forum-red sweetheart Forum pggdl
If "servertype standalone" is selected, add a ProFTPD script under the/etc/rc. d/init. d/directory. The specific content is as follows: & M
#! /Bin/bashqm
# Red sweetheart Forum-red sweetheart Forum * v6
# Startup script for the proftpd FTP server | mf
./Etc/rc. d/init. d/functionsq %
Proftpd =/usr/local/sbin/proftpdF & 3
Prog = proftpdLD) 7G
RETVAL = 0C
Start () {|
Echo-n $ "Starting $ prog:" 8 aaPtp
Daemon $ proftpdwz)
RETVAL =$? G * x
Echo red sweetheart Forum-red sweetheart Forum ^ re
[$ RETVAL-eq 0] & touch/var/lock/subsys/proftpdtA6zij
Return $ RETVALyU0)
} Red sweetheart Forum-red sweetheart Forum R
Red sweetheart Forum-red sweetheart Forum 3
Stop () {<qc7}
Echo-n $ "Stopping $ prog :"? _
Killproc proftpd-# [h %
RETVAL =$? W:
Echo red sweetheart Forum-red sweetheart Forum M
[$ RETVAL-eq 0] & rm-f/var/lock/subsys/proftpdI
Return $ RETVAL ^ 4o/
} Red sweetheart Forum-red sweetheart Forum 7
Red sweetheart Forum-red sweetheart Forum/= c *
Red sweetheart Forum-red sweetheart Forum AE
# See how we were callede
Case "$1" in
Start) QG &}
Start red sweetheart Forum-red sweetheart Forum M? V _
; 4u; TK
Stop) Red sweetheart Forum-red sweetheart Forum; II
Stop red sweetheart Forum-red sweetheart Forum cefk
; '98-| @
Status); 6
Status $ ProFTPD) 8 ~ /
Retval =$? Xgio }{
;;_
Restart) F3] Hu
Stop red sweetheart Forum-red sweetheart Forum SM 'nn
Start red sweetheart Forum-red sweetheart Forum ^
; Snq
*) Red sweetheart Forum-red sweetheart Forum! C
Echo $ "Usage: $ prog {START | stop | status | restart}" 3 = Ro
Exit 1 'kw |
Esac red sweetheart Forum-red sweetheart Forum GP:
Red sweetheart Forum-red sweetheart Forum t? GS
Exit $ retvaljb2?
Red sweetheart Forum-red sweetheart Forum b0v
VIII. Summary of hmuc
Finally, all the steps are completed. ProFTP + MySQL is good to use, and many functions can be achieved through the database. For example, it is used to record the number of user logins, the setting is not very complex. You can simply add field count to the ftpusers table. However, the above steps are only a basic function. For details about how to expand other functions, refer to the instructions in the installation package. J
Introduction to other common setting parameters: H
Red sweetheart Forum-red sweetheart Forum {SZ %
Maxclients 100; Max number of users m
Maxclientsperhost 2; Maximum number of connections per client gr | 5z
Maxclientsperuser 1; Maximum number of connections per user 2) w ^ | Q
Maxhostsperuser 1; number of simultaneous client connections per user _ 4og
Transferrate RETR 100.0: 102400; speed limit 100 Kbyte/s) & Q
Timeoutidle 150; daze time (seconds) // ^ =
Timeoutlogin 50; login timeout (seconds )}? {K
Timeoutnotransfer 150; transmission timeout (seconds) _ L
Usereversedns off; IP Reverse Domain Name interpretation is not allowed for YG6
<Limit write>; write permission setting F #
Denyall; ZW is not allowed
</Limit> 9i3. Gd
<Directory ~ /Incoming>; perform permission control on the incoming directory, and set kvr.
Allowoverwrite on; allow overwriting M [C
Allowretrieverestart on; allows you to download and resume O0 and elw
AllowStoreRestart on; allow upload resume/
<Limit WRITE>; ENR & z can be written to the incomming directory.
Allowall 'tbhdu
</Limit> x
<Limit DELE SITE_CHMOD RETR>; controls A) E for ftp commands such as dele, chmod, and retr.
Denyall; the user is not allowed to operate on the controlled object @ A4
</Limit> 7Yb
Red sweetheart Forum-red sweetheart Forum IrQx
Red sweetheart Forum-red sweetheart Forum
Appendix: ftp command n? H )@
Commands with asterisks are rarely used, so they are often not supported in specific implementations. E
ABOR discard transfer G
* Some ACCT systems associate accounts and users with the file system 4GG =; y
* ALLO allocates space for the files to be transferred. The following parameter is used to determine the number of bytes w.
* APPE attaches the file to the 2A behind the existing file {&
CDUP switches the current directory to the parent directory Tdar in a remote system.) E
CWD changes the working directory of the remote system x
DELE deletes the remote system file'm
HELP reads HELP information from the server, such as: list of supported commands} y = g> X
LIST sends the file name LIST under the current working directory on a newly established data connection + I
MKD create directory Vryq1
MODE specifies the transmission MODE. Portable parameters are S, B, or C. nNR} J @
NLST sends a "full" directory list BG ~ in the current directory on a newly established data connection ~ 7R
NOOP is null to prevent connection disconnection ~ = FQn
PASS provides a USER logon password, which must be followed immediately after the USER command xoIb4o
* PASV specifies that the server's data transmission process listener waits for the client's data connection to establish a request "5r,
PORT: Specifies the PORT number of the client listening waiting for the connection established by the server. eA |
PWD: displays the current working directory name c on the server.
QUIT, log out, and terminate the connection. a =
* REIN reinitialization. log out but the connection is not closed. A new USER command '5hhwz must be issued later.
* REST re-transmission from a server ID} w!
RETR retrieves a file from the remote system: k ^ Tl
RMD deletes a directory PcB (
* RNFR specifies the old path name of the file to be named, followed by an RNTO command ='
* RNTO specifies the new path name of the file to be named.
* Services provided by SITE-specific servers [
* SMNT structure loading: Provides the remote system path name of a file system structure #
* STAT status information h) # ^ AM
STOR uploads a file to the server. If the file already exists, it overwrites
* STOU uploads a file to the server and does not overwrite the existing file 3 w
STRU specifies the file structure. The parameter can be F, R, or P. T) _ YN>
* SYST reports the remote system operating system type 8-
TYPE specifies the file TYPE, the parameter can be A, E, I, L only type a and type I commonly used AF
Red sweetheart Forum-red sweetheart Forum kGu1 + 6
Proftpd configuration command classification: w [zI
Http://www.castaglia.org/proftpd/doc/contrib/functional-directive-index.html