ProFTPd FTP Server 除了一般系統帳號之外,也支援 MySQL / LDAP 的虛擬帳號,底下是安裝及設定
安裝 MySQL
# yum install mysql mysql-server
安裝 ProFTPd FTP Server
# yum install proftpd proftpd-mysql –enablerepo=rpmforge
建立資料庫 proftpdb
# /usr/bin/mysqladmin -u root -p create proftpdb
建立虛擬群組 virtualgrp GID 501
# groupadd -g 501 virtualgrp
建立虛擬帳號 virtualuser UID 501
# useradd -g 501 -u 501 virtualuser
[@more@]
proftpd 資料庫的 ftpuser 資料表
# cat /root/users.sql
CREATE TABLE IF NOT EXISTS `ftpuser` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`userid` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT ”,
`passwd` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT ”,
`uid` smallint(6) NOT NULL DEFAULT ‘501’,
`gid` smallint(6) NOT NULL DEFAULT ‘501’,
`homedir` varchar(255) COLLATE utf8_general_ci NOT NULL DEFAULT ”,
`shell` varchar(16) COLLATE utf8_general_ci NOT NULL DEFAULT ‘/sbin/nologin’,
PRIMARY KEY (`id`),
UNIQUE KEY `userid` (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT=’ProFTP user table’;
insert into ftpuser values (‘1′,’s0990001’,encrypt(‘123456′),’501′,’501′,’/home/virtualuser/s0990001′,’/sbin/nologin’);
insert into ftpuser values (‘2′,’s0990002’,encrypt(‘123456′),’501′,’501′,’/home/virtualuser/s0990002′,’/sbin/nologin’);
proftpd 資料庫的 ftpgroup 資料表
# cat /root/groups.sql
CREATE TABLE IF NOT EXISTS `ftpgroup` (
`groupname` varchar(16) COLLATE utf8_general_ci NOT NULL,
`gid` smallint(6) NOT NULL DEFAULT ‘5500’,
`members` varchar(16) COLLATE utf8_general_ci NOT NULL,
KEY `groupname` (`groupname`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT=’ProFTP group table’;
insert into ftpgroup values (‘virtualgrp’,’501′,’s0990001′);
insert into ftpgroup values (‘virtualgrp’,’501′,’s0990002′);
匯入資料表 ftpuser
# /usr/bin/mysql -u root -p proftpdb < /root/users.sql
匯入資料表 ftpgroup
# /usr/bin/mysql -u root -p proftpdb < /root/groups.sql
指定 proftpdb 的管理 proftpd 密碼是 proftpdpass
# /usr/bin/mysql -u root -p -e “GRANT ALL PRIVILEGES ON proftpdb.* TO ‘proftpd’@’localhost’ IDENTIFIED BY ‘proftpdpass’;”
修改 ProFTPd FTP Server 設定檔 /etc/proftpd.conf
# vim /etc/proftpd.conf
AuthOrder mod_sql.c
<IfModule mod_dso.c>
LoadModule mod_sql.c
LoadModule mod_sql_mysql.c
# LoadModule mod_sql_postgres.c
</IfModule>
<IfModule mod_sql.c>
# We need our “default” connection to the userdb database
SQLConnectInfo proftpdb@localhost proftpd proftpdpass
SQLBackend mysql
SQLAuthTypes Backend Plaintext Crypt
SQLAuthenticate on
SQLMinUserUID 500
SQLMinUserGID 500
RequireValidShell off
CreateHome on
# Point mod_sql at our users/groups tables
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLGroupInfo ftpgroup groupname gid members
</IfModule>
測試設定檔語法是否正確
# proftpd -t
Checking syntax of configuration file
Syntax check complete.
重新啟動 ProFTPd FTP Server
# service proftpd restart
正在關閉 proftpd: [ 確定 ]
正在啟動 proftpd: [ 確定 ]
進行測試
# lftp -u s0990001 192.168.1.20
密碼:
lftp s0990001@192.168.1.20:~> ls
lftp s0990001@192.168.1.20:/>
在 Log 檔也可以看到相關記錄
# tail -f /var/log/proftpd/proftpd.log
Jan 04 13:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): FTP session opened.
Jan 04 05:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): Preparing to chroot to directory ‘/home/virtualuser/s0990001’
Jan 04 05:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): USER s0990001: Login successful.
Jan 04 05:35:25 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): FTP session closed.
虛擬使用者的目錄也會自行建立
# ls -ld /home/virtualuser/*
drwx—— 2 virtualuser virtualgrp 4096 2014-01-04 13:33 /home/virtualuser/s0990001
drwx—— 2 virtualuser virtualgrp 4096 2014-01-04 13:35 /home/virtualuser/s0990002