分類: MySQL

利用 awk 的功能方便可以大批產生 PureFTPd FTP Server 的 MySQL 帳號的 MySQL 語法和自動建立使用者目錄及改變目錄群組及擁有者的語法。

虛擬使用者的 UID 500
# grep virtualuser /etc/passwd
virtualuser:x:500:500::/home/virtualuser:/sbin/nologin

虛擬群組的 GID 500
# grep virtualgrp /etc/group
virtualgrp:x:500:

虛擬使用者的帳號及密碼資料
# cat 102_class41.lst
四忠 01 蔡中火 s0990499 123456 s0990
四忠 02 陳大水 s0990999 234567 s0990
[@more@]建立 MySQL 虛擬使用者的 SQL 資料
# vim mksql.awk
# 帳號密碼檔格式
# 四忠 01 蔡中火 s0990499 123456 s0990
{print “insert into users values (‘”$4″‘,'”$5″‘,’500′,’500’,’/home/”$6″/”$4″‘);”

測試
# awk -f mksql.awk 102_class41.lst > 102_class41.sql
insert into users values (‘s0990499′,’123456′,’500′,’500′,’/home/s0990/s0990499’);
insert into users values (‘s0990999′,’234567′,’500′,’500′,’/home/s0990/s0990999’);

使用方式
# /usr/bin/mysql -u root -p pure-ftpd < 102_class41.sql

建立使用者虛擬目錄
# vim mkuserdir.awk
# 建立使用者目錄
{print “mkdir -p /home/”$6″/”$4 }
# 更改檔案目錄的所屬擁有者及群組
{print “chown -R  500:500  /home/”$6″/”$4″ ” }

測試
# awk -f mkuserdir.awk 102_class41.lst
mkdir -p /home/s0990/s0990499
chown -R  500:500  /home/s0990/s0990499
mkdir -p /home/s0990/s0990999
chown -R  500:500  /home/s0990/s0990999

使用方式
# awk -f mkuserdir.awk 102_class41.lst  | sh

驗證目錄是否有建立
# ls -l /home/s0990/
drwxr-xr-x. 2 virtualuser virtualgrp 4096 2014-01-02 10:58 s0990499/
drwxr-xr-x. 2 virtualuser virtualgrp 4096 2014-01-02 10:58 s0990999/

Pure-FTPd FTP Server 也可以搭配 MySQL 的虛擬帳號來登入
首先安裝 MySQL Server
# yum install mysql mysql-server

啟動 MySQL Server
# service mysqld start

設定 MySQL Server
# /usr/bin/mysql_secure_installation[@more@]設定 Pure-FTPd FTP Server
# vim /etc/pure-ftpd/pure-ftpd.conf
# MySQL configuration file (see README.MySQL)
MySQLConfigFile               /etc/pure-ftpd/pureftpd-mysql.conf

設定 Pure-FTPd FTP Server 的 MySQL 設定檔
# vim /etc/pure-ftpd/pureftpd-mysql.conf
# Optional : define the location of mysql.sock if the server runs on this host.
# MySQL Socket 檔路徑
MYSQLSocket     /var/lib/mysql/mysql.sock

# Mandatory : user to bind the server as.
# MySQL 管理者
MYSQLUser       root

# Mandatory : user password. You must have a password.
# MySQL 管理者密碼
MYSQLPassword   rootpw

# Mandatory : database to open.
# Pure-FTPd 要用的資料庫檔名
MYSQLDatabase   pureftpd

# Mandatory : how passwords are stored
# Valid values are : “cleartext”, “crypt”, “md5” and “password”
# (“password” = MySQL password() function)
# You can also use “any” to try “crypt”, “md5” *and* “password”
# 密碼編碼的方式，可以使用 cleartext 明碼 / md5 使用 MD5 編碼加密  / crypt 用 DES 編碼加密 / password MySQL 的編碼加密
MYSQLCrypt      cleartext

# Query to execute in order to fetch the password
# 虛擬帳號符合 User 欄位時，選取登入者的密碼欄位
MYSQLGetPW      SELECT Password FROM users WHERE User=’L’

# Query to execute in order to fetch the system user name or uid
# 當虛擬帳號符合 User 欄位時，選取登入者的使用者 ID
MYSQLGetUID     SELECT Uid FROM users WHERE User=’L’

# Optional : default UID – if set this overrides MYSQLGetUID

#MYSQLDefaultUID 500

# Query to execute in order to fetch the system user group or gid
# 當虛擬帳號符合 User 欄位時，選取登入者的群組 ID
MYSQLGetGID     SELECT Gid FROM users WHERE User=’L’

# Optional : default GID – if set this overrides MYSQLGetGID
# 內定的群組 GID
#MYSQLDefaultGID 500

# Query to execute in order to fetch the home directory
# 當虛擬帳號符合 User 欄位時，選取登入者的家目錄
MYSQLGetDir     SELECT Dir FROM users WHERE User=’L’

重新啟動 Pure-FTPd FTP Server
# /etc/init.d/pure-ftpd restart

建立資料庫
# vim  /root/pureftpd.sql
CREATE TABLE users (
  User VARCHAR(16) BINARY NOT NULL,
  Password VARCHAR(64) BINARY NOT NULL,
  Uid INT(11) NOT NULL default ‘-1’,
  Gid INT(11) NOT NULL default ‘-1’,
  Dir VARCHAR(128) BINARY NOT NULL,
  PRIMARY KEY  (User)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
insert into users values (‘u0910001′,’abCxyZ’,’500′,’500′,’/home/virtualuser/u0910001′);
insert into users values (‘u0910002′,’QazXsw’,’500′,’500′,’/home/virtualuser/u0910002′);

# /usr/bin/mysqladmin -u root -p create pureftpd
# /usr/bin/mysql -u root -p pureftpd < /root/pureftpd.sql

測試
# mkdir -p /home/virtualuser/{u0910001,u0910002}
# chown -R virtualuser:virtualgrp /home/virtualuser/{u0910001,u0910002}

# lftp -u u0910001 192.168.154.167
密碼：
lftp u0910001@192.168.154.167:~> ls -l
drwxr-xr-x    2 500        virtualgrp       4096 Jan  2 10:17 .
drwxr-xr-x    2 500        virtualgrp       4096 Jan  2 10:17 ..
lftp u0910001@192.168.154.167:/>

如果系統有使用 SELinux，要記得把家目錄的功能打開
# setsebool -P ftp_home_dir 1
# setsebool -P allow_ftpd_full_access=1

更複雜的設定
CREATE DATABASE pure-ftpd;
CREATE TABLE `users` (
`id` int(32) unsigned NOT NULL auto_increment,
`User` varchar(16) NOT NULL default ”,
`Password` varchar(64) NOT NULL default ”,
`Uid` varchar(11) NOT NULL default ‘-1’,
`Gid` varchar(11) NOT NULL default ‘-1’,
`Dir` varchar(128) NOT NULL default ”,
`QuotaSize` smallint(5) NOT NULL default ‘0’,
`QuotaFiles` int(11) NOT NULL default ‘0’,
`ULBandwidth` smallint(5) NOT NULL default ‘0’,
`DLBandwidth` smallint(5) NOT NULL default ‘0’,
`ULRatio` smallint(6) NOT NULL default ‘0’,
`DLRatio` smallint(6) NOT NULL default ‘0’,
`comment` tinytext NOT NULL,
`ipaccess` varchar(15) NOT NULL default ‘*’,
`status` enum(‘0′,’1’) NOT NULL default ‘0’,
`create_date` datetime NOT NULL default ‘0000-00-00 00:00:00’,
`modify_date` datetime NOT NULL default ‘0000-00-00 00:00:00’,
PRIMARY KEY (`id`,`User`),
UNIQUE KEY `User` (`User`)
) TYPE=MyISAM AUTO_INCREMENT=5 ;

MySQL Server 安裝之後，除了要設定管理者 root 的密碼外，最好也要把一些用不到的資料庫 / 表加以移除，並加上一些權限的設定，這些繁雜的設定，可以使用 mysql_secure_installation 來解決。[@more@]# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MySQL to secure it, we’ll need the current
password for the root user.  If you’ve just installed MySQL, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

# 輸入 root 的密碼，如果沒有設定過，直接按 Enter 鍵即可
Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

# 設定 root 的密碼
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 … Success!

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

# 移除 anonymous 使用者
Remove anonymous users? [Y/n] y
 … Success!

Normally, root should only be allowed to connect from ‘localhost’.  This
ensures that someone cannot guess at the root password from the network.

# 取消 root 遠端登入
Disallow root login remotely? [Y/n] y
 … Success!

By default, MySQL comes with a database named ‘test’ that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

# 移除 test 資料表
Remove test database and access to it? [Y/n] y
 – Dropping test database…
 … Success!
 – Removing privileges on test database…
 … Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

# 重新載入資料表權限
Reload privilege tables now? [Y/n] y
 … Success!

Cleaning up…

All done!  If you’ve completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!