虚拟主机与Proftpd和MySQL(包括配额)在Fedora 9上
版本1.0
作者:Falko Timme
本文档介绍如何安装使用MySQL数据库而不是真实系统用户的虚拟用户的Proftpd服务器。 这是更好的性能,并允许在单个机器上有成千上万的ftp用户。 除此之外,我将使用此设置显示使用配额。
对于MySQL数据库的管理,您可以使用基于Web的工具,如phpMyAdmin,它也将安装在此howto中。 phpMyAdmin是一个舒适的图形界面,这意味着您不必乱用命令行。
本教程基于Fedora 9.您应该已经设置了基本的Fedora 9系统,例如本教程前七章所述: http : //www.youcl.com/perfect-server-fedora9
这是一个实践指南; 它不包括理论背景。 他们在网络上的许多其他文档中被处理。
本文档不附带任何形式的保证! 我想说,这不是设立这样一个制度的唯一办法。 实现这一目标有很多方法,但这是我所采取的方式。 我不会保证这将为您工作!
1初步说明
在本教程中,我使用IP地址为192.168.0.100的hostname server1.example.com 。 这些设置可能会有所不同,因此您必须在适当的情况下更换它们。
2安装MySQL和phpMyAdmin
这一切都可以通过一个命令安装:
yum install mysql mysql-server phpMyAdmin httpd
之后,我们必须编辑文件/etc/httpd/conf.d/phpMyAdmin.conf ,以使所有IP地址都可以访问phpMyAdmin。 默认情况下,它只能从127.0.0.1访问 。 评论此部分:
<Directory /usr/share/phpMyAdmin/>
order deny,allow
deny from all
allow from 127.0.0.1
</Directory>
使文件看起来像这样:
vi /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php
#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin
#<Directory /usr/share/phpMyAdmin/>
# order deny,allow
# deny from all
# allow from 127.0.0.1
#</Directory>
# This directory does not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries>
Order Deny,Allow
Deny from All
Allow from None
</Directory>
# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc. This may break your mod_security implementation.
#
#<IfModule mod_security.c>
# <LocationMatch "/phpMyAdmin/(.+)">
# SecRuleInheritance Off
# </LocationMatch>
#</IfModule> |
然后我们为MySQL和Apache创建系统启动链接(这样每当系统启动时都会自动启动)并启动这两个服务:
chkconfig --levels 235 mysqld on
/etc/init.d/mysqld start
chkconfig --levels 235 httpd on
/etc/init.d/httpd start
为MySQL用户root创建密码(将yourrootsql密码替换为您要使用的密码):
mysqladmin -u root password yourrootsqlpassword
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
3使用MySQL支持安装Proftpd
对于Fedora,有一个预配置的proftpd-mysql包可用。 安装如下:
yum install proftpd-mysql
然后我们创建一个ftp组( ftpgroup )和用户( ftpuser ),我们所有的虚拟用户将被映射到。 将group-and userid 2001替换为系统上免费的数字:
groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser
4为Proftpd创建MySQL数据库
现在我们创建一个名为ftp的数据库和名为proftpd的MySQL用户,proftpd守护程序稍后将使用它来连接到ftp数据库:
mysql -u root -p
create database ftp;
GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost.localdomain' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
将字符串密码替换为要用于MySQL用户proftpd的任何密码。 仍然在MySQL shell上,我们创建了我们需要的数据库表:
USE ftp;
CREATE TABLE ftpgroup (
groupname varchar(16) NOT NULL default '',
gid smallint(6) NOT NULL default '5500',
members varchar(16) NOT NULL default '',
KEY groupname (groupname)
) TYPE=MyISAM COMMENT='ProFTP group table';
CREATE TABLE ftpquotalimits (
name varchar(30) default NULL,
quota_type enum('user','group','class','all') NOT NULL default 'user',
per_session enum('false','true') NOT NULL default 'false',
limit_type enum('soft','hard') NOT NULL default 'soft',
bytes_in_avail int(10) unsigned NOT NULL default '0',
bytes_out_avail int(10) unsigned NOT NULL default '0',
bytes_xfer_avail int(10) unsigned NOT NULL default '0',
files_in_avail int(10) unsigned NOT NULL default '0',
files_out_avail int(10) unsigned NOT NULL default '0',
files_xfer_avail int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE ftpquotatallies (
name varchar(30) NOT NULL default '',
quota_type enum('user','group','class','all') NOT NULL default 'user',
bytes_in_used int(10) unsigned NOT NULL default '0',
bytes_out_used int(10) unsigned NOT NULL default '0',
bytes_xfer_used int(10) unsigned NOT NULL default '0',
files_in_used int(10) unsigned NOT NULL default '0',
files_out_used int(10) unsigned NOT NULL default '0',
files_xfer_used int(10) unsigned NOT NULL default '0'
) TYPE=MyISAM;
CREATE TABLE ftpuser (
id int(10) unsigned NOT NULL auto_increment,
userid varchar(32) NOT NULL default '',
passwd varchar(32) NOT NULL default '',
uid smallint(6) NOT NULL default '5500',
gid smallint(6) NOT NULL default '5500',
homedir varchar(255) NOT NULL default '',
shell varchar(16) NOT NULL default '/sbin/nologin',
count int(11) NOT NULL default '0',
accessed datetime NOT NULL default '0000-00-00 00:00:00',
modified datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (id),
UNIQUE KEY userid (userid)
) TYPE=MyISAM COMMENT='ProFTP user table';
quit;
你可能已经注意到,随着戒烟; 命令我们已经离开了MySQL shell,并回到了Linux shell。
BTW,(我假设您的ftp服务器系统的主机名是server1.example.com ),您可以访问http://server1.example.com/phpMyAdmin/下的phpMyAdmin (您可以使用IP地址而不是server1。 example.com ),并以proftpd身份登录。 那么你可以看看数据库。 以后可以使用phpMyAdmin管理您的Proftpd服务器。
5配置Proftpd
打开/etc/proftpd.conf并注释掉AuthPAMConfig和AuthOrder行:
vi /etc/proftpd.conf
[...] # Use pam to authenticate (default) and be authoritative #AuthPAMConfig proftpd #AuthOrder mod_auth_pam.c* mod_auth_unix.c [...] |
在同一文件中,在<IfModule mod_dso.c> ... </ IfModule>节之下添加以下行:
[...]
# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
# LoadModule mod_sql.c
# LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
#</IfModule>
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_sql.c
# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users groups
# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost proftpd password
# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell
# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members
# set min UID and GID - otherwise these are 999 each
SQLMinID 500
# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
RootLogin off
RequireValidShell off
[...] |
确保将字符串密码替换为SQLConnectInfo行中的MySQL用户proftpd的真实密码!
然后我们为Proftpd创建系统启动链接并启动它:
chkconfig --levels 235 proftpd on
/etc/init.d/proftpd start
