PROFTP configuration full power slightly FTP

Domestic about the ProFTP set of documents is too few, can only look at the official document slowly learning, special to share the learning experience.

Proftp+mysql+quota.

Install proftp before, you must do a job, if your MySQL is compiled by itself, it must first modify the/etc/ld.so.conf, otherwise run PROFTP will be an error.
Vi/etc/ld.so.conf

Add the following line:

/usr/local/mysql/lib/mysql

Note that if the MySQL installation path is not the same as mine, then fill in the appropriate path, the compilation of MySQL installation please refer to the "linux+apache+mysql+php typical configuration."

1, download the relevant software

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.9.tar.gz

Download the latest version of ProFTP 1.2.9

wget http://www.castaglia.org/proftpd ... tatab-1.2.11.tar.gz

This is the module that fits the PROFTP disk quota.

2, decompression compilation

Tar zvxf proftpd-1.2.9.tar.gz

Tar zvxf proftpd-mod-quotatab-1.2.11.tar.gz

CP mod_quotatab/*.c proftpd-1.2.9/contrib/

CP Mod_quotatab/*.h proftpd-1.2.9/contrib/

VI proftpd-1.2.9/contrib/mod_sql_mysql.c

Find the #include line and change the mysql.h to the path of this file on your system, such as/usr/local/mysql/include/mysql/mysql.h

Compile:

The following are the referenced contents: ./configure \ --PREFIX=/USR/LOCAL/PROFTPD \ --with-modules=mod_sql:mod_sql_mysql:mod_quotatab\ : Mod_quotatab_sql \ --with-includes=/usr/local/mysql/include/mysql \ --with-libraries=/usr/local/mysql/lib/mysql Make Make install

OK, now we can start the proftp, as long as

/usr/local/proftpd/sbin/proftpd

Use your FTP client to test the following, should be able to log on normally, including anonymous and Linux username can be.

In fact, the default ProFTP to meet the day-to-day management of the server or more than enough, there is a place to modify, is the default ProFTP profile does not support FTP, so we just vi/usr/local/proftpd/etc/proftpd.conf

Add the following two lines

The following are the referenced contents: Allowretrieverestart on Allowstorerestart on

After restarting the following proftp, the file can be resumed normally.

Creating PROFTPD Scripts

Just in the ProFTP source directory

CP PROFTPD-1.2.9/CONTRIB/DIST/RPM/PROFTPD.INIT.D/ETC/RC.D/INIT.D/PROFTPD

Remember to modify the proftpd file, generally to modify the actual path of the PROFTPD

chmod 755/etc/rc.d/init.d/proftpd

Ok

Then you can use this to start, stop, reboot proftp

Oh, today to say these, tomorrow to talk about some of the basic configuration of ProFTP

Last time we talked about the basic installation of proftp, because we have a MySQL and quota behind the settings, so compile the corresponding modules are compiled, if you do not need MySQL and disk quota function, you can not need to compile.

Here's a very practical order,/usr/local/proftpd/sbin/ftpshut.

This command is still more practical, because you may need to constantly adjust your server, and this command is very flexible, you can not stop the PROFTPD process, the premise of the time to stop the FTP connection, here will be detailed to say how it is used.

Ftpshut [-L min] [D-min] time [warning-message ...]

-L min: Attempts to establish a new FTP connection are not accepted within minutes of the FTP shutdown service

-D min: The FTP connection that has been established will be aborted within minutes of the FTP shutdown service

Time: After how long, the server will shut down the FTP service, in two different formats

+number is closed after number minutes.

MMHH today MM:HH server will shut down

Note, here we use this command is to stop the FTP service, but the actual PROFTPD process has not stopped, so the general debugging FTP will use this command.

Example:

After another 30 minutes, the FTP service will shut down, not to accept any new FTP connections for the first 20 minutes, the established forced disconnection for 10 minutes before the service is closed, and the client to display "FTP Server will shutdown in time"

Ftpshut-l 20-d +30 "FTP Server would shutdown at time"

In fact Ftpshut is to produce/etc/shutmsg, you just delete this file FTP can again service, or directly ftpshut-r

Well, start talking about the basic configuration of some proftpd, in fact, if you are familiar with the configuration of Apache, you will find that the PROFTPD settings are basically similar, its configuration basic format is

# Global Settings Setting item 1 parameter 1 Setting item 2 Parameter 2 # The setting of a directory <directory ' pathname ' ... ... </Directory> # about anonymous user settings <anonymous "Anonymous login directory" ... ... <limit restriction Action ... ... </limit> </Anonymous> We use more likely to use Limit, Limit has the following actions, basically can cover all the permissions, we use it flexibly. Cmd:change Working directory to change directory Mkd:make directory permissions rnfr:rename from changing directory names Dele:delete Permissions to delete files Rmd:remove directory permissions Retr:retrieve the permissions that are downloaded from the server to the client Stor:store permissions to the server from the client read: Readable permissions, Permissions that do not include the column directory are equivalent to write: Write files or directory permissions, including MKD and RMD Dirs: Whether to allow a column directory, equivalent to List,nlst, or more practical All: All Permissions Retr,stat. Login: Permission to log on is allowed For the object that is applied to the above limit, and includes the following range Allowuser for a user-allowed limit Denyuser limit for a user Allowgroup allowed for a user group limit Denygroup limit Allowall for a user group limit Denyall for all user groups limit

The parameters for the throttling rate are:

Transferrate stor| RETR speed (kbytes/s) user consumer

Let's use an example to illustrate the configuration of proftp, so that you can make it easier to understand.

The following are the referenced contents: 1, FTP server support breakpoint continued transmission, and the largest support at the same time 10 people online, each IP allows only one connection; 2, allow Ftpusers user group can only access their own directory, and can not access the superior or other directory; 3, users log on to the server does not display FTP server version information to increase security; 4, the establishment of a Kaoyan FTP account, belonging to the Ftpusers group, Kaoyan users only allowed to download, there is no permission to write. Download rate is limited to 50kbytes/s. 5, establish a upload user, also belong to Ftpusers group, same as Kaoyan user's host directory, allow upload user upload files and create directory permissions, but not allow download, and do not allow the deletion of directory and file permissions, upload rate control in the 100KBYTES/S

First early user and group additions and directory permissions settings

The following are the referenced contents: Group Add Ftpusers useradd-d/home/kaoyan-g ftpusers-s/bin/fales Kaoyan useradd-d/home/kaoyan-g ftpusers-s/bin/fales upload Chown-r Kaoyan:upload/home/kaoyan Chmod-r 775/home/kaoyan

If you only want to access the Ftpusers group, you can set it to 770.

Set/usr/local/proftpd/etc/proftpd.conf

Note # indicates comments, no effect on settings, can not write

The following are the referenced contents: ServerName "Frank ' s FTP Server" ServerType Standalone Defaultserver on Port 21 Umask 022 Maxinstances #最多有30个proftpd的PID User Nobody Group Nobody Timeoutstalled 10 MaxClients #最多允许10个用户在线 Maxclientsperhost 1 "Sorry, one IP allows only one connection" Allowstorerestart on #允许断点续传 (upload), the breakpoint continued (download) is supported by default, do not set Displaylogin welcome.msg #欢迎词文件 Serverident off #屏蔽服务器版本信息 Defaultroot ~ ftpusers #设置ftpusers组只能访问自己的目录 <directory/> AllowOverwrite on </Directory> <Directory/home/kaoyan> <limit write> #不允许写 Denyuser Kaoyan </Limit> <limit RMD rnfr DELE retr> #不允许删除, renamed, download Denyuser Upload </Limit> Transferrate RETR User Kaoyan Transferrate STOR User Upload </Directory>

The way I do it here is also done by

The following are the referenced contents: <anonymous ~kaoyan> ... ... </Anonymous> <><anonymous ~upload> ... ... </Anonymous>

And more flexible, specifically in that way, see everyone, I just give everyone into a door

The front of the two, I think we have a proftp of the setting should have some understanding, is not the configuration of Apache with the same. I would like to configure the Serv_u server, and then a little look at the proftp configuration rules, should be able to immediately configure a powerful proftp server.

Here we'll talk about some of the other parameter configurations for PROFTP:

Maxhostsperuser 1 "I'm sorry, each account allows a maximum of 1 source IP"

#MaxHostsPerUser to prevent FTP account is still more useful.

Maxclientsperuser 1 "Sorry, each account can log in at the same time 1 times per client"

#这个参数可以防止多线程软件下载对服务器的破坏

Maxclientsperhost 1 "I'm sorry, the same client can only have up to 1 accounts to log in"

#比如ftp服务端有好多帐户你都有, but you can only log in with 1 accounts.

Oh, these three max parameters are more prone to dizzy, we have to understand what they mean

Wtmplog on

#是否要把ftp记录在日志中, if you do not want to be set off to block log logs.

Timeoutidle 600

#客户端idel时间设置, the default is 600 seconds.

Displaylogin welcome.msg

#设置ftp登陆欢迎信息文件

The settings for the welcome file include the following parameters

%T the present time

%F the remaining capacity of the hard drive

The directory in which%c is currently located

%R client-side host name

%l server-side host name

%u user account name

%m Maximum allowable number of connections

%N current number of server connections

%E FTP server Administrator's email

%i the number of files uploaded this time

%o Number of files downloaded this time

%t this upload + download the number of files

Knowing these parameters, we can write a friendly welcome.

Vi/home/kaoyan/welcome.msg

You are welcome to%u, this is Frank's test FTP server;

The current time is:%T;

The maximum number of user connections allowed on this server is%m;

The current number of%n user connections is already on the server;

The directory you are currently in is%c;

%f bytes are left on the hard drive where the directory resides.

Let ProFTP support the current popular FXP transmission mode, the default is not supported.

Just set on the server side

Allowforeignaddress on

Passiveports 49152 65534 #端口也可自己指定喜欢的

Do not forget in the client also set to support FXP Oh, otherwise I tried several times, always thought that the server did not set up, in fact, the client is not set, hehe.

How to allow root to log in, the default proftp is not support root login, we can set up so that the root can also log on FTP, but I am here or suggest that you should not let the root can log on FTP, set the following

Rootlogin on

How to prevent an address from accessing FTP

such as prohibit 10.1.1 network segment of the machine access FTP, you can set this

The following are the referenced contents: <limit login> Order Deny,allow Deny from 10.1.1. Allow from all </Limit>

The establishment of virtual FTP, generally used for an FTP server has a lot of IP address, or FTP with different ports, basic settings syntax is:

For example, we're going to do an FTP server with a port of 5555:

The following are the referenced contents: <virtualhost 210.51.0.124> ServerName "Frank FTP Server" Port 5555 ... <directory directory > ... <limit Action > ... </Limit> ... </Directory> </VirtualHost>

As for the other settings in the virtual host, that's pretty much what I used to say.

Upload/download ratio settings, I want to use Serv_u friend must know the use of this feature, we let proftp also realize this function.

To implement the function note compile time to join the ratio module, otherwise proftp is not supported by default, assuming that there is an account FTP1 FTP directory in/home/kaoyan, and then we set the FTP1 upload/download ratio is 1:2 (that is, upload 1M, you can download 2M)

The following are the referenced contents: Touch/home/kaoyan/ratio.dat Touch/home/kaoyan/ratio.tmp Chmod-r 666/home/kaoyan

Set the following in proftpd.conf

The following are the referenced contents: Ratios on Saveratios on Ratiofile/home/kaoyan/ratio.dat Ratiotempfile/home/kaoyan/ratio.tmp

Add in the appropriate settings item

The following are the referenced contents: Userratio FTP1 0 0 2 1000 #UserRatio "Consumer account" Fileratio Filequota byteratio Bytequota # Fileratio: A document based ratio, usually not limited, so it is 0 # Filequota: Pre-Setup can download how many files, unlimited time for 0 # Byteratio: Is the ratio of upload/download, if the number is 2, indicating 1:2 # Bytequota: Pre-Setup can download how many kbytes files #上面设置的就是1:2 ratio, default is only allowed to download 1M files

Restart, FTP1 can enable upload/download ratio

Today we talk about the application of Proftp+mysql+quota, I think we are most looking forward to this is the

1, first we set up the corresponding users and user groups

The following are the referenced contents: Groupadd-g 5500 Ftpgroup Adduser-u 5500-s/bin/false-d/bin/null-c "proftpd user"-G ftpgroup Ftpuser

2. Operation Database

The following are the referenced contents: MySQL Mysql-uroot-ppassword Create DATABASE Ftpdb Grant SELECT, update on ftpdb.* to proftpd@localhost identified by ' password ' Use ftpdb CREATE TABLE ' Ftpgroup ' ( ' groupname ' varchar not NULL default ', ' GID ' smallint (6) Not NULL default ' 5500 ', ' Members ' varchar is not NULL default ', KEY ' groupname ' (' groupname ') ) Type=myisam comment= ' ProFTP Group table '; INSERT into ' ftpgroup ' VALUES (' Ftpgroup ', 5500, ' Ftpuser '); CREATE TABLE ' ftpquotalimits ' ( ' name ' varchar () default NULL, ' Quota_type ' enum (' user ', ' Group ', ' class ', ' All ') is not null default ' user ', the ' Per_session ' enum (' false ', ' true ') NOT null default ' false ', ' Limit_type ' enum (' Soft ', ' hard ') not null default ' soft ', ' bytes_in_avail ' float not null default ' 0 ', ' bytes_out_avail ' float not null Default ' 0 ', ' bytes_xfer_avail ' float not null default ' 0 ', ' files_in_avail ' int (a) unsigned NOT null default ' 0 ', ' files_out_avail ' int (a) unsigned NOT null default ' 0 ', ' files_xfer_avail ' int (a) unsigned NOT null default ' 0 ' ) Type=myisam; CREATE TABLE ' ftpquotatallies ' ( ' name ' varchar ' not NULL default ', ' Quota_type ' enum (' user ', ' group ', ' Class ', ' all ') is not null default ' user ', ' bytes_in_used ' float not null default ' 0 ', ' bytes_out_used ' float not null D Efault ' 0 ', ' bytes_xfer_used ' float not null default ' 0 ', ' files_in_used ' int (a) unsigned NOT null default ' 0 ', ' files_out_used ' int (a) unsigned NOT null default ' 0 ', ' files_xfer_used ' int (a) unsigned NOT null default ' 0 ' ) TY Pe=myisam; CREATE TABLE ' Ftpuser ' ( ' ID ' int (a) unsigned not NULL auto_increment, ' userid ' varchar not NULL default ', ' passwd ' varchar not NULL default ', ' UID ' smallint (6) Not NULL default ' 5500 ', ' GID ' smallint (6) Not NULL default ' 5500 ', ' Homedir ' varchar (255) Not NULL default ', ' Shell ' varchar not NULL default '/sbin/nologin ', ' Count ' int (one) not NULL default ' 0 ', ' Accessed ' datetime not NULL default ' 0000-00-00 00:00:00 ', ' Modified ' datetime not NULL default ' 0000-00-00 00:00:00 ', PRIMARY KEY (' id ') ) Type=myisam comment= ' ProFTP user table ';

Note here everyone according to the actual situation to fill out their own database username and password, if you are not familiar with the database operation, you may wish to use phpMyAdmin to operate.

3. Configure PROFTP Files

The following are the referenced contents: ServerName "Frank ' s FTP Server" ServerType standalone defaultserver on Port 21 Umask 022 Maxinstances 30 Maxloginattempts 3 User Nobody Group Nobody Maxhostsperuser 1 "Sorry, you could not connect more than one time." Maxclientsperuser 2 "Only one such user in a time." Maxclientsperhost 3 "Sorry, you could not connect more than one time." Rootlogin off Requirevalidshell off Timeoutstalled 10 MaxClients 10 Allowforeignaddress on Allowstorerestart on Serverident off Defaultroot ~ Ftpgroup Sqlauthtypes Backend PlainText #Backend表示用户认证方式为MySQL数据库的认证方式 #Plaintext表示明文认证方式, top of the line for the first use of the way Sqlauthenticate users* groups* # databasename@host Database_user user_password sqlconnectinfo ftpdb@localhost proftpd password Sqluserinfo Ftpuser userid passwd uid gid homedir shell Sqlgroupinfo ftpgroup groupname GID members Sqlhomedirondemand on #如 If the user's home directory does not exist, the system creates a new directory # Update count every time user logs in , based on the value of the user's Homedir field in the user's datasheet sqllog pass Updatecount Sqlnamedquery updatecount Update "Count=count+1,accessed=now () WHERE userid= '%u '" Ftpuser # Update modified Everytime user uploads or deletes a file Sqllog Stor,dele modified Sqlnamedquery modified UPDATE "Modified=now () whe RE userid= '%u ' ftpuser Quotaengine on Quotadirectorytally on Quotadisplayunits Mb Quotashowquotas on Quotalog "/var/log/quota" Sqlnamedquery Get-quota-limit Select "Name, Quota_type, Per_session, Limit_type, Bytes_in_avail, Bytes_out_avai L, Bytes_xfer_avail, Files_in_avail, Files_out_avail, files_xfer_avail from ftpquotalimits WHERE name = '%{0} ' and Quota_type = '%{1} ' Sqlnamedquery get-quota-tally Select "Name, Quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_i n_used, files_out_used, files_xfer_used from ftpquotatallies WHERE name = '%{0} ' and Quota_type = '%{1} ' Sqlnamedquery update-quota-tally Update "bytes_in_used = bytes_in_used +%{0}, bytes_out_used = bytes_out_used +%{1}, bytes_xfer_used = bytes_xfer_used +%{2}, files_in_used = files_in_used +%{3}, files_out_used = Files_ Out_used +%{4}, files_xfer_used = files_xfer_used +%{5} WHERE name = '%{6} ' and Quota_type = '%{7} ' ' Ftpquota Tallies Sqlnamedquery insert-quota-tally Insert "%{0},%{1},%{2},%{3},%{4},%{5},%{6},%{7}" ftpquotatallies Quotalimittable Sql:/get-quota-limit Quotatallytable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

OK, that's simple, restart the ProFTP service is already able to use the Proftp+mysql+quota function

We can add a virtual user to the database Ftpuser

INSERT into ' Ftpuser ' VALUES (1, ' Test ', ' ftppasswd ', 5500, 5500, '/home/test ', '/sbin/nologin ');

We can add a user directly in the phpMyAdmin, I believe I have to teach you how to add it.

If you want to set quota, just set it in the Ftpquotalimits table, the parameters of this table are respectively:

The following are the referenced contents: Quotalimits table Name:-User account Quota type:-User, Group, class, all (we use user) Per_session:-True or False (we use true) Limit_type:-Hard limit or soft limit (we generally use hard limit) Bytes_in_avail:-Number of bytes allowed to upload Bytes_out_avail:-Number of bytes allowed to download Bytes_xfer_avail:-Number of bytes allowed to transmit (including upload/download) Files_in_avail:-Number of files allowed to upload Files_out_avail:-Number of files allowed to download Files_xfer_avail:-Number of files allowed to be transferred (including upload/download)

To be honest, use MySQL and quota modules to authenticate users and set disk quotas, but I always think is not perfect, because in this method, the database table does not have the corresponding permissions of the field, so that the corresponding user's permissions or to use the actual user that MySQL corresponds to the UID and GID to control permissions, It would be nice if the MySQL database could have full control of the permissions that day.