PROFTP configuration full power slightly FTP

Source: Internet
Author: User
Tags ftp ftp connection connect sql mysql version touch file permissions

Domestic about the ProFTP set of documents is too few, can only look at the official document slowly learning, special to share the learning experience.

Proftp+mysql+quota.

Install proftp before, you must do a job, if your MySQL is compiled by itself, it must first modify the/etc/ld.so.conf, otherwise run PROFTP will be an error.
Vi/etc/ld.so.conf

Add the following line:

/usr/local/mysql/lib/mysql

Note that if the MySQL installation path is not the same as mine, then fill in the appropriate path, the compilation of MySQL installation please refer to the "linux+apache+mysql+php typical configuration."

1, download the relevant software

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.2.9.tar.gz

Download the latest version of ProFTP 1.2.9

wget http://www.castaglia.org/proftpd ... tatab-1.2.11.tar.gz

This is the module that fits the PROFTP disk quota.

2, decompression compilation

Tar zvxf proftpd-1.2.9.tar.gz

Tar zvxf proftpd-mod-quotatab-1.2.11.tar.gz

CP mod_quotatab/*.c proftpd-1.2.9/contrib/

CP Mod_quotatab/*.h proftpd-1.2.9/contrib/

VI proftpd-1.2.9/contrib/mod_sql_mysql.c

Find the #include line and change the mysql.h to the path of this file on your system, such as/usr/local/mysql/include/mysql/mysql.h

Compile:

The following are the referenced contents:
./configure \
--PREFIX=/USR/LOCAL/PROFTPD \
--with-modules=mod_sql:mod_sql_mysql:mod_quotatab\
: Mod_quotatab_sql \
--with-includes=/usr/local/mysql/include/mysql \
--with-libraries=/usr/local/mysql/lib/mysql
Make
Make install

OK, now we can start the proftp, as long as

/usr/local/proftpd/sbin/proftpd

Use your FTP client to test the following, should be able to log on normally, including anonymous and Linux username can be.

In fact, the default ProFTP to meet the day-to-day management of the server or more than enough, there is a place to modify, is the default ProFTP profile does not support FTP, so we just vi/usr/local/proftpd/etc/proftpd.conf

Add the following two lines

The following are the referenced contents:
Allowretrieverestart on
Allowstorerestart on

After restarting the following proftp, the file can be resumed normally.

Creating PROFTPD Scripts

Just in the ProFTP source directory

CP PROFTPD-1.2.9/CONTRIB/DIST/RPM/PROFTPD.INIT.D/ETC/RC.D/INIT.D/PROFTPD

Remember to modify the proftpd file, generally to modify the actual path of the PROFTPD

chmod 755/etc/rc.d/init.d/proftpd

Ok

Then you can use this to start, stop, reboot proftp

Oh, today to say these, tomorrow to talk about some of the basic configuration of ProFTP

Last time we talked about the basic installation of proftp, because we have a MySQL and quota behind the settings, so compile the corresponding modules are compiled, if you do not need MySQL and disk quota function, you can not need to compile.

Here's a very practical order,/usr/local/proftpd/sbin/ftpshut.

This command is still more practical, because you may need to constantly adjust your server, and this command is very flexible, you can not stop the PROFTPD process, the premise of the time to stop the FTP connection, here will be detailed to say how it is used.

Ftpshut [-L min] [D-min] time [warning-message ...]

-L min: Attempts to establish a new FTP connection are not accepted within minutes of the FTP shutdown service

-D min: The FTP connection that has been established will be aborted within minutes of the FTP shutdown service

Time: After how long, the server will shut down the FTP service, in two different formats

+number is closed after number minutes.

MMHH today MM:HH server will shut down

Note, here we use this command is to stop the FTP service, but the actual PROFTPD process has not stopped, so the general debugging FTP will use this command.

Example:

After another 30 minutes, the FTP service will shut down, not to accept any new FTP connections for the first 20 minutes, the established forced disconnection for 10 minutes before the service is closed, and the client to display "FTP Server will shutdown in time"

Ftpshut-l 20-d +30 "FTP Server would shutdown at time"

In fact Ftpshut is to produce/etc/shutmsg, you just delete this file FTP can again service, or directly ftpshut-r

Well, start talking about the basic configuration of some proftpd, in fact, if you are familiar with the configuration of Apache, you will find that the PROFTPD settings are basically similar, its configuration basic format is


# Global Settings
Setting item 1 parameter 1
Setting item 2 Parameter 2

# The setting of a directory
<directory ' pathname '
...
...
</Directory>

# about anonymous user settings
<anonymous "Anonymous login directory"
...
...
<limit restriction Action
...
...
</limit>
</Anonymous>

We use more likely to use Limit, Limit has the following actions, basically can cover all the permissions, we use it flexibly.

Cmd:change Working directory to change directory
Mkd:make directory permissions
rnfr:rename from changing directory names
Dele:delete Permissions to delete files
Rmd:remove directory permissions
Retr:retrieve the permissions that are downloaded from the server to the client
Stor:store permissions to the server from the client
read: Readable permissions, Permissions that do not include the column directory are equivalent to
write: Write files or directory permissions, including MKD and RMD
Dirs: Whether to allow a column directory, equivalent to List,nlst, or more practical
All: All Permissions
Retr,stat. Login: Permission to log on is allowed

For the object that is applied to the above limit, and includes the following range

Allowuser for a user-allowed limit
Denyuser limit for a user
Allowgroup allowed for a user group limit
Denygroup limit
Allowall for a user group limit
Denyall for all user groups limit

The parameters for the throttling rate are:

Transferrate stor| RETR speed (kbytes/s) user consumer

Let's use an example to illustrate the configuration of proftp, so that you can make it easier to understand.

The following are the referenced contents:
1, FTP server support breakpoint continued transmission, and the largest support at the same time 10 people online, each IP allows only one connection;
2, allow Ftpusers user group can only access their own directory, and can not access the superior or other directory;
3, users log on to the server does not display FTP server version information to increase security;
4, the establishment of a Kaoyan FTP account, belonging to the Ftpusers group, Kaoyan users only allowed to download, there is no permission to write. Download rate is limited to 50kbytes/s.
5, establish a upload user, also belong to Ftpusers group, same as Kaoyan user's host directory, allow upload user upload files and create directory permissions, but not allow download, and do not allow the deletion of directory and file permissions, upload rate control in the 100KBYTES/S

First early user and group additions and directory permissions settings

The following are the referenced contents:
Group Add Ftpusers
useradd-d/home/kaoyan-g ftpusers-s/bin/fales Kaoyan
useradd-d/home/kaoyan-g ftpusers-s/bin/fales upload
Chown-r Kaoyan:upload/home/kaoyan
Chmod-r 775/home/kaoyan

If you only want to access the Ftpusers group, you can set it to 770.

Set/usr/local/proftpd/etc/proftpd.conf

Note # indicates comments, no effect on settings, can not write

The following are the referenced contents:

ServerName "Frank ' s FTP Server"
ServerType Standalone
Defaultserver on
Port 21
Umask 022
Maxinstances #最多有30个proftpd的PID
User Nobody
Group Nobody
Timeoutstalled 10
MaxClients #最多允许10个用户在线
Maxclientsperhost 1 "Sorry, one IP allows only one connection"
Allowstorerestart on
#允许断点续传 (upload), the breakpoint continued (download) is supported by default, do not set
Displaylogin welcome.msg #欢迎词文件
Serverident off #屏蔽服务器版本信息
Defaultroot ~ ftpusers #设置ftpusers组只能访问自己的目录

<directory/>
AllowOverwrite on
</Directory>
<Directory/home/kaoyan>
<limit write> #不允许写
Denyuser Kaoyan
</Limit>
<limit RMD rnfr DELE retr> #不允许删除, renamed, download
Denyuser Upload
</Limit>
Transferrate RETR User Kaoyan
Transferrate STOR User Upload
</Directory>

The way I do it here is also done by

The following are the referenced contents:

<anonymous ~kaoyan>

...

...

</Anonymous>

<><anonymous ~upload>

...

...

</Anonymous>

And more flexible, specifically in that way, see everyone, I just give everyone into a door

The front of the two, I think we have a proftp of the setting should have some understanding, is not the configuration of Apache with the same. I would like to configure the Serv_u server, and then a little look at the proftp configuration rules, should be able to immediately configure a powerful proftp server.

Here we'll talk about some of the other parameter configurations for PROFTP:

Maxhostsperuser 1 "I'm sorry, each account allows a maximum of 1 source IP"

#MaxHostsPerUser to prevent FTP account is still more useful.

Maxclientsperuser 1 "Sorry, each account can log in at the same time 1 times per client"

#这个参数可以防止多线程软件下载对服务器的破坏

Maxclientsperhost 1 "I'm sorry, the same client can only have up to 1 accounts to log in"

#比如ftp服务端有好多帐户你都有, but you can only log in with 1 accounts.

Oh, these three max parameters are more prone to dizzy, we have to understand what they mean

Wtmplog on

#是否要把ftp记录在日志中, if you do not want to be set off to block log logs.

Timeoutidle 600

#客户端idel时间设置, the default is 600 seconds.

Displaylogin welcome.msg

#设置ftp登陆欢迎信息文件

The settings for the welcome file include the following parameters

%T the present time

%F the remaining capacity of the hard drive

The directory in which%c is currently located

%R client-side host name

%l server-side host name

%u user account name

%m Maximum allowable number of connections

%N current number of server connections

%E FTP server Administrator's email

%i the number of files uploaded this time

%o Number of files downloaded this time

%t this upload + download the number of files

Knowing these parameters, we can write a friendly welcome.

Vi/home/kaoyan/welcome.msg

You are welcome to%u, this is Frank's test FTP server;

The current time is:%T;

The maximum number of user connections allowed on this server is%m;

The current number of%n user connections is already on the server;

The directory you are currently in is%c;

%f bytes are left on the hard drive where the directory resides.

Let ProFTP support the current popular FXP transmission mode, the default is not supported.

Just set on the server side

Allowforeignaddress on

Passiveports 49152 65534 #端口也可自己指定喜欢的

Do not forget in the client also set to support FXP Oh, otherwise I tried several times, always thought that the server did not set up, in fact, the client is not set, hehe.

How to allow root to log in, the default proftp is not support root login, we can set up so that the root can also log on FTP, but I am here or suggest that you should not let the root can log on FTP, set the following

Rootlogin on

How to prevent an address from accessing FTP

such as prohibit 10.1.1 network segment of the machine access FTP, you can set this

The following are the referenced contents:
<limit login>
Order Deny,allow
Deny from 10.1.1.
Allow from all
</Limit>

The establishment of virtual FTP, generally used for an FTP server has a lot of IP address, or FTP with different ports, basic settings syntax is:

For example, we're going to do an FTP server with a port of 5555:

The following are the referenced contents:
<virtualhost 210.51.0.124>
ServerName "Frank FTP Server"
Port 5555
...
<directory directory >
...
<limit Action >
...
</Limit>
...
</Directory>
</VirtualHost>

As for the other settings in the virtual host, that's pretty much what I used to say.

Upload/download ratio settings, I want to use Serv_u friend must know the use of this feature, we let proftp also realize this function.

To implement the function note compile time to join the ratio module, otherwise proftp is not supported by default, assuming that there is an account FTP1 FTP directory in/home/kaoyan, and then we set the FTP1 upload/download ratio is 1:2 (that is, upload 1M, you can download 2M)

The following are the referenced contents:
Touch/home/kaoyan/ratio.dat
Touch/home/kaoyan/ratio.tmp
Chmod-r 666/home/kaoyan

Set the following in proftpd.conf

The following are the referenced contents:
Ratios on
Saveratios on
Ratiofile/home/kaoyan/ratio.dat
Ratiotempfile/home/kaoyan/ratio.tmp

Add in the appropriate settings item

The following are the referenced contents:
Userratio FTP1 0 0 2 1000
#UserRatio "Consumer account" Fileratio Filequota byteratio Bytequota
# Fileratio: A document based ratio, usually not limited, so it is 0
# Filequota: Pre-Setup can download how many files, unlimited time for 0
# Byteratio: Is the ratio of upload/download, if the number is 2, indicating 1:2
# Bytequota: Pre-Setup can download how many kbytes files
#上面设置的就是1:2 ratio, default is only allowed to download 1M files

Restart, FTP1 can enable upload/download ratio

Today we talk about the application of Proftp+mysql+quota, I think we are most looking forward to this is the

1, first we set up the corresponding users and user groups

The following are the referenced contents:
Groupadd-g 5500 Ftpgroup
Adduser-u 5500-s/bin/false-d/bin/null-c "proftpd user"-G ftpgroup Ftpuser

2. Operation Database

The following are the referenced contents:

MySQL Mysql-uroot-ppassword
Create DATABASE Ftpdb
Grant SELECT, update on ftpdb.* to proftpd@localhost identified by ' password '
Use ftpdb


CREATE TABLE ' Ftpgroup ' (
' groupname ' varchar not NULL default ',
' GID ' smallint (6) Not NULL default ' 5500 ',
' Members ' varchar is not NULL default ',
KEY ' groupname ' (' groupname ')
) Type=myisam comment= ' ProFTP Group table ';

INSERT into ' ftpgroup ' VALUES (' Ftpgroup ', 5500, ' Ftpuser ');

CREATE TABLE ' ftpquotalimits ' (
' name ' varchar () default NULL,
' Quota_type ' enum (' user ', ' Group ', ' class ', ' All ') is not null default ' user ', the
' Per_session ' enum (' false ', ' true ') NOT null default ' false ',
' Limit_type ' enum (' Soft ', ' hard ') not null default ' soft ',
' bytes_in_avail ' float not null default ' 0 ',
' bytes_out_avail ' float not null Default ' 0 ',
' bytes_xfer_avail ' float not null default ' 0 ',
' files_in_avail ' int (a) unsigned NOT null default ' 0 ',
' files_out_avail ' int (a) unsigned NOT null default ' 0 ',
' files_xfer_avail ' int (a) unsigned NOT null default ' 0 ' ) Type=myisam;

CREATE TABLE ' ftpquotatallies ' (
' name ' varchar ' not NULL default ',
' Quota_type ' enum (' user ', ' group ', ' Class ', ' all ') is not null default ' user ',
' bytes_in_used ' float not null default ' 0 ',
' bytes_out_used ' float not null D Efault ' 0 ',
' bytes_xfer_used ' float not null default ' 0 ',
' files_in_used ' int (a) unsigned NOT null default ' 0 ',
' files_out_used ' int (a) unsigned NOT null default ' 0 ',
' files_xfer_used ' int (a) unsigned NOT null default ' 0 '
) TY Pe=myisam;

CREATE TABLE ' Ftpuser ' (
' ID ' int (a) unsigned not NULL auto_increment,
' userid ' varchar not NULL default ',
' passwd ' varchar not NULL default ',
' UID ' smallint (6) Not NULL default ' 5500 ',
' GID ' smallint (6) Not NULL default ' 5500 ',
' Homedir ' varchar (255) Not NULL default ',
' Shell ' varchar not NULL default '/sbin/nologin ',
' Count ' int (one) not NULL default ' 0 ',
' Accessed ' datetime not NULL default ' 0000-00-00 00:00:00 ',
' Modified ' datetime not NULL default ' 0000-00-00 00:00:00 ',
PRIMARY KEY (' id ')
) Type=myisam comment= ' ProFTP user table ';

Note here everyone according to the actual situation to fill out their own database username and password, if you are not familiar with the database operation, you may wish to use phpMyAdmin to operate.

3. Configure PROFTP Files

The following are the referenced contents:

ServerName "Frank ' s FTP Server" ServerType standalone defaultserver on
Port 21

Umask 022

Maxinstances 30
Maxloginattempts 3

User Nobody
Group Nobody

Maxhostsperuser 1 "Sorry, you could not connect more than one time."
Maxclientsperuser 2 "Only one such user in a time."
Maxclientsperhost 3 "Sorry, you could not connect more than one time."

Rootlogin off
Requirevalidshell off
Timeoutstalled 10
MaxClients 10
Allowforeignaddress on
Allowstorerestart on
Serverident off
Defaultroot ~ Ftpgroup

Sqlauthtypes Backend PlainText
#Backend表示用户认证方式为MySQL数据库的认证方式
#Plaintext表示明文认证方式, top of the line for the first use of the way
Sqlauthenticate users* groups*

# databasename@host Database_user user_password
sqlconnectinfo ftpdb@localhost proftpd password
Sqluserinfo Ftpuser userid passwd uid gid homedir shell
Sqlgroupinfo ftpgroup groupname GID members
Sqlhomedirondemand on
#如 If the user's home directory does not exist, the system creates a new directory
# Update count every time user logs in
, based on the value of the user's Homedir field in the user's datasheet sqllog pass Updatecount
Sqlnamedquery updatecount Update "Count=count+1,accessed=now () WHERE userid= '%u '" Ftpuser
# Update modified Everytime user uploads or deletes a file
Sqllog Stor,dele modified
Sqlnamedquery modified UPDATE "Modified=now () whe RE userid= '%u ' ftpuser

Quotaengine on
Quotadirectorytally on
Quotadisplayunits Mb
Quotashowquotas on
Quotalog "/var/log/quota"
Sqlnamedquery Get-quota-limit Select "Name, Quota_type, Per_session, Limit_type, Bytes_in_avail, Bytes_out_avai
L, Bytes_xfer_avail, Files_in_avail, Files_out_avail, files_xfer_avail from ftpquotalimits WHERE name = '%{0} '
and Quota_type = '%{1} '

Sqlnamedquery get-quota-tally Select "Name, Quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_i
n_used, files_out_used, files_xfer_used from ftpquotatallies WHERE name = '%{0} ' and Quota_type = '%{1} '

Sqlnamedquery update-quota-tally Update "bytes_in_used = bytes_in_used +%{0}, bytes_out_used = bytes_out_used
+%{1}, bytes_xfer_used = bytes_xfer_used +%{2}, files_in_used = files_in_used +%{3}, files_out_used = Files_
Out_used +%{4}, files_xfer_used = files_xfer_used +%{5} WHERE name = '%{6} ' and Quota_type = '%{7} ' ' Ftpquota
Tallies

Sqlnamedquery insert-quota-tally Insert "%{0},%{1},%{2},%{3},%{4},%{5},%{6},%{7}" ftpquotatallies

Quotalimittable Sql:/get-quota-limit
Quotatallytable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

OK, that's simple, restart the ProFTP service is already able to use the Proftp+mysql+quota function

We can add a virtual user to the database Ftpuser

INSERT into ' Ftpuser ' VALUES (1, ' Test ', ' ftppasswd ', 5500, 5500, '/home/test ', '/sbin/nologin ');

We can add a user directly in the phpMyAdmin, I believe I have to teach you how to add it.

If you want to set quota, just set it in the Ftpquotalimits table, the parameters of this table are respectively:

The following are the referenced contents:
Quotalimits table
Name:-User account
Quota type:-User, Group, class, all (we use user)
Per_session:-True or False (we use true)
Limit_type:-Hard limit or soft limit (we generally use hard limit)
Bytes_in_avail:-Number of bytes allowed to upload
Bytes_out_avail:-Number of bytes allowed to download
Bytes_xfer_avail:-Number of bytes allowed to transmit (including upload/download)
Files_in_avail:-Number of files allowed to upload
Files_out_avail:-Number of files allowed to download
Files_xfer_avail:-Number of files allowed to be transferred (including upload/download)

To be honest, use MySQL and quota modules to authenticate users and set disk quotas, but I always think is not perfect, because in this method, the database table does not have the corresponding permissions of the field, so that the corresponding user's permissions or to use the actual user that MySQL corresponds to the UID and GID to control permissions, It would be nice if the MySQL database could have full control of the permissions that day.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.