Use MySQL + Proftpd to configure the FTP server

Source: Internet
Author: User
Tags ftp commands
Use MySQL + Proftpd to configure the FTP server-Linux Enterprise Application-Linux server application information. The following is a detailed description. Use MySQL + Proftpd to configure the FTP server

File Transfer Protocol is a common and important internet Protocol in the internet. It is widely used in the internet. However, accounts in traditional FTP services use system users on servers, this also leaves a hidden danger for system security. using MySQL for user authentication can effectively avoid this risk. It uses databases to provide users and their authentication, and maps FTP accounts to system users, thus avoiding the use of system users. This ensures security.
To use MySQL + Proftpd to configure the FTP server, you need to have the tunnel mod_ SQL. As mentioned in this article, assume that MySQL has been installed on your server. The specific process is as follows:
1. obtain the required installation package (mod_ SQL, proftpd ).
The Proftpd installation package can be obtained through the http://www.proftpd.net, note that the minimum version to support MySQL authentication is 1.2.5.
Mod_ SQL installation package can be through http://www.lastditcheffort.org /~ Aah/proftpd/mod_ SQL.
Ii. Package Installation.
Unmount the installation package: Copy proftpd-1.2.8.tar.gz to the/usr/local/src directory and run the following command:
Tar-gzvf proftpd-1.2.8.tar.gz
Undo, then generate a proftpd-1.2.8 directory. Then enter the contrib directory in the directory:
Cd proftpd-1.2.8/contrib/
Copy the "mod_ SQL" statements in the middle of the template to this directory and unbind them:
Tar-gzvf mod_sql-4.0.8.tar.gz
Configure to make Proftpd support MySQL authentication:
./Configure-with-modules = mod_ SQL: mod_ SQL _mysql-with-includes =/usr/includes/mysql with-libraries =/usr/lib/mysql
Note: The-with-starts des option refers to the directory where the MySQL header file is located; the-with-libraries option refers to the directory where the MySQL library file is located. Different environments may be different directories.
Compile:
Make
Installation:
Make install
After installation, perform the following steps to test whether Proftpd works properly:
Sh sample-deployments/PFTEST. install
The temporary files required for the test are placed in the/tmp/PFTEST directory. Run the following command:
./Proftpd-n-d 5-c/tmp/PFTEST. conf
If it works properly, you can find a lot of information and the last line will show:
ProFTPD 1.2.8 (built ***) standalone mode STARTUP
It indicates that the service is started. The port number is 2021. You can use the user proftpd and password proftpd to perform a logon test. If it is normal, you can make the following preparations; otherwise, check whether the installation is correct.
3. Create a database and its tables for the FTP service.
1. You can create a dedicated database for this service or store it in other databases. Here I create a dedicated database FTP:

Create database FTP;

2. Create a user table FTPUSERS in this database. This table is required:

Use FTP;
Create table FTPUSERS (
Userid text not null,
Passwd text not null,
Uid int not null,
Gid int not null,
Home TEXT,
Shell TEXT
);
This table is required for user authentication. userid and passwd are essential, and userid is the username used for FTP service; passwd is the password of this user; uid is the ID of the System user, that is, the mapped system user; gid is the ID of the system group to which the user belongs; home is the HOME directory of the user; you can specify a shell for this user. Of course, you can create more fields, such as the count used to record the number of user logins, or the date of the date. If you are familiar with the configuration, you can add more features as you like. I will not talk about it here.
3. If you want to use all the functions, you can add another required table: FTPGRPS, that is, the table for determining the group. Of course, you can skip this, here is a format:
Create table FTPGRPS (
Pagername text not null,
Gid smallint not null,
Members text not null,
);
In this example, the value of "kgname" indicates the group name, "gid" indicates the system group ID, and "members" indicates the group members. Note: multiple members must be separated by commas (,). spaces are not allowed.

4. empty table insert records:
Insert into ftpusers (userid, passwd, uid, gid, home, shell)
VALUES ('user1', '000000', '000000', '000000', '/home/ftp/user1 ',"");

In this format, you can insert a record for each user.
If you want to apply more features and create a group table, you also need to add records for it. However, you must note that multiple members in the members field must be separated by commas.

4. Create system users for FTP users.
In this example, only one valid system user FTPUSR and a group FTPGRP are provided for the entire FTP service. Of course, you can also set multiple system users. For the sake of security, I only set one, use it to start FTP daemon, and map all FTP users to this user.

Create an FTPGRP group first:
Groupadd-g 1000-r FTPGRP
Create an FTPUSR User:
Adduser-u 1000-g 1000-d/home/FTP-s/bin/bash-r FTPUSR

Create a HOME for FTPUSR and store all the FTP user active spaces in this directory:
Mkdir/home/FTP
Chown FTPUSR/home/FTP
Chgrp FTPGRP/home/FTP

5. Set the configuration file.
The Proftpd configuration file proftpd. conf is in the/usr/local/etc/directory. You can use different configuration files for unnecessary authentication. With MySQL authentication, you can copy sample-configurations/mod_ SQL .conf to/usr/local/etc and change it to proftpd. conf.
Modify the proftpd. conf file as follows:

# Set the FTP server name:
ServerName "My FTP Server"
# Set the FTP server type:
ServerType standalone
DefaultServer on
# Set the root to restrict user activity somewhere and enhance server security.
DefaultRoot ~
# Set the FTP service port number. The standard FTP service port is 21.
Port 21
# Set the permission mask when creating a new file or directory:
Umask 022
# Set the system log file:
SystemLog/var/log/ftp. syslog
# Set the log file for recording file transfer:
TransferLog/var/log/ftp. transferlog
# Set the maximum number of logon attempts. If the maximum number of logon attempts is exceeded, the connection is automatically disconnected:
MaxLoginAttempts 3

# Set MySQL authentication:

# Database connection information. DatabaseName indicates the Database Name and HostName indicates the host name,
# Port indicates the Port number, UserName indicates the UserName used to connect to the database, and Password indicates the Password.
SQLConnectInfo DatabaseName @ HostName: Port UserName Password
# For example, SQLConnectInfo proftpd @ localhost root 123456.
# Database Authentication Type:
SQLAuthTypes Backend Plaintext
# Specify information about the table used for user authentication.
SQLUserInfo FTPUSERS userid passwd uid gid home shell
# Set to allow users to log on If shell is empty:
RequireValidShell off
# Database Authentication. Here is the method used for users:
SQLAuthenticate users
# If the home directory does not exist, the system creates a directory based on its home item:
SQLHomedirOnDemand on

# To prevent DoS attacks, set the maximum process:
MaxInstances 30
# Set system users and groups for normal services:
User FTPUSR
Group FTPGRP
# Set the information displayed during user logon and the information in each subdirectory:
DisplayLogin welcome. msg
DisplayFirst Chdir. message
# Set the maximum number of logins:
MaxClients 10
# Resumable upload:
AllowRetrieveRestart on

6. Test.
After the file configuration is completed, you can start the Proftpd service to test whether it is successful:
/Usr/local/sbin/proftpd-n
Here you can find that the service has been started, and you can log on elsewhere. If you follow the above configuration, you can use the FTP service, but it took me a lot of time to test. It doesn't matter if it doesn't work. Check the problem in that place carefully. If the preceding test is successful, the problems in the configuration file may be large. Of course, the FTPUSERS table in the database cannot contain errors.

7. Compile the script.
All right, everything is successful. Next we will write a script to start the FTP service. If the server type you are using is "ServerType inetd", if you are using the inetd service, you need to modify the/etc/inetd. conf file and add a line:
Ftp streamtcpnowaitroot/usr/local/sbin/proftpd
If xinetd is used, add a file: proftpd in the/etc/xinetd. d/directory.
The specific content is as follows:
Service ftp
{
Flags = REUSE
Socket_type = stream
Instances = 30
Wait = no
User = root
Server =/usr/local/sbin/proftpd
Log_on_success = HOST PID
Log_on_failure = HOST RECORD
}
If "ServerType standalone" is selected, add a proftpd script under the/etc/rc. d/init. d/directory. The specific content is as follows:
#! /Bin/bash
#
# Startup script for the proftpd FTP server
./Etc/rc. d/init. d/functions
Proftpd =/usr/local/sbin/proftpd
Prog = proftpd
RETVAL = 0
Start (){
Echo-n $ "Starting $ prog :"
Daemon $ proftpd
RETVAL =$?
Echo
[$ RETVAL-eq 0] & touch/var/lock/subsys/proftpd
Return $ RETVAL
}

Stop (){
Echo-n $ "Stopping $ prog :"
Killproc proftpd
RETVAL =$?
Echo
[$ RETVAL-eq 0] & rm-f/var/lock/subsys/proftpd
Return $ RETVAL
}


# See how we were called
Case "$1" in
Start)
Start
;;
Stop)
Stop
;;
Status)
Status $ proftpd
RETVAL =$?
;;
Restart)
Stop
Start
;;
*)
Echo $ "Usage: $ prog {start | stop | status | restart }"
Exit 1
Esac

Exit $ RETVAL

VIII. Summary
Finally, all the steps are completed. Proftp + MySQL is good to use, and many functions can be achieved through the database. For example, it is used to record the number of user logins, the setting is not very complex. You can simply add field count to the FTPUSERS table. However, the above steps are only a basic function. For details about how to expand other functions, refer to the instructions in the installation package.
Other common parameters:

MaxClients 100; Maximum number of users
MaxClientsPerHost 2; Maximum number of connections per client
MaxClientsPerUser 1; Maximum number of connections per user
MaxHostsPerUser 1; number of concurrent client connections per user
TransferRate RETR 100.0: 102400; speed limit 100 KByte/S
TimeoutIdle 150; daze time (seconds)
TimeoutLogin 50; login timeout (seconds)
TimeoutNoTransfer 150; transmission timeout (seconds)
UseReverseDNS off; ip Reverse Domain Name interpretation not allowed
; Write permission settings
Denyall; Not Allowed

; Permission control settings for the incoming directory
AllowOverwrite on; Overwrite
AllowRetrieveRestart on; allows download and resume
AllowStoreRestart on; allow upload resume
; Allow writable incomming Directories
Allowall

; Control over ftp commands such as dele, chmod, and retr
Denyall; users are not allowed to operate on controlled objects.



Appendix: ftp commands
Commands with asterisks are rarely used, so they are often not supported in specific implementations.
ABOR discard Transfer
* Some ACCT systems associate accounts and users with file systems
* ALLO allocates space for the files to be transferred. The following parameters are used to determine the number of bytes.
* Append an existing file to APPE.
CDUP switches the current directory to the parent directory in a remote system.
CWD changes the working directory of the remote system
DELE deletes files from a remote system.
HELP reads HELP information from the server, such as the list of supported commands.
LIST send the file name LIST in the current working directory on a newly established data connection
Create a directory for MKD
MODE specifies the transmission MODE. Portable parameters include S, B, and C.
NLST sends a "full" directory list under the current directory on a newly established data connection.
NOOP is null to prevent connection disconnection
PASS provides a USER logon password, which must be followed immediately after the USER command
* PASV specifies that the server's data transmission process listener waits for the client's data connection to establish a request
PORT specifies the PORT number of the client listening waiting for the connection established by the server.
PWD displays the current working directory name on the server.
QUIT log out and terminate the connection
* REIN reinitialization. log out but the connection is not closed. A new USER command must be issued later.
* REST transmission starts again from a server ID.
RETR retrieves a file from the remote system
RMD deletes a directory
* RNFR specifies the old path name of the file to be named, followed by an RNTO command
* RNTO specifies the new path name of the file to be named
* Services provided by SITE-specific servers
* SMNT structure loading: Provides the remote system path name of a file system structure
* STAT status information
STOR uploads a file to the server. If the file already exists, it overwrites
* STOU uploads a file to the server and does not overwrite the existing file
STRU specifies the file structure. The parameter can be F, R, or P.
* SYST reports the operating system type of the remote system
TYPE specifies the file TYPE. The parameters can be A, E, I, and L. Only type a and type I are commonly used.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.