宜蘭縣教育支援平台 會員登入 會員註冊 我的i教書

« 上一篇 | 下一篇 »

ProFTPd FTP Server 除了一般系統帳號之外,也支援 MySQL / LDAP 的虛擬帳號,底下是安裝及設定

安裝 MySQL
# yum install mysql mysql-server
安裝 ProFTPd FTP Server
# yum install proftpd proftpd-mysql --enablerepo=rpmforge

建立資料庫 proftpdb
# /usr/bin/mysqladmin -u root -p create proftpdb
建立虛擬群組 virtualgrp GID 501
# groupadd -g 501 virtualgrp
建立虛擬帳號 virtualuser UID 501
# useradd -g 501 -u 501 virtualuser


proftpd 資料庫的 ftpuser 資料表
# cat /root/users.sql
CREATE TABLE IF NOT EXISTS `ftpuser` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `userid` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT '',
  `passwd` varchar(32) COLLATE utf8_general_ci NOT NULL DEFAULT '',
  `uid` smallint(6) NOT NULL DEFAULT '501',
  `gid` smallint(6) NOT NULL DEFAULT '501',
  `homedir` varchar(255) COLLATE utf8_general_ci NOT NULL DEFAULT '',
  `shell` varchar(16) COLLATE utf8_general_ci NOT NULL DEFAULT '/sbin/nologin',
  PRIMARY KEY (`id`),
  UNIQUE KEY `userid` (`userid`)
) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT='ProFTP user table';
insert into ftpuser values ('1','s0990001',encrypt('123456'),'501','501','/home/virtualuser/s0990001','/sbin/nologin');
insert into ftpuser values ('2','s0990002',encrypt('123456'),'501','501','/home/virtualuser/s0990002','/sbin/nologin');

proftpd 資料庫的 ftpgroup 資料表
# cat /root/groups.sql
CREATE TABLE IF NOT EXISTS `ftpgroup` (
  `groupname` varchar(16) COLLATE utf8_general_ci NOT NULL,
  `gid` smallint(6) NOT NULL DEFAULT '5500',
  `members` varchar(16) COLLATE utf8_general_ci NOT NULL,
  KEY `groupname` (`groupname`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci COMMENT='ProFTP group table';
insert into ftpgroup values ('virtualgrp','501','s0990001');
insert into ftpgroup values ('virtualgrp','501','s0990002');

匯入資料表 ftpuser
# /usr/bin/mysql -u root -p proftpdb < /root/users.sql
匯入資料表 ftpgroup
# /usr/bin/mysql -u root -p proftpdb < /root/groups.sql
指定 proftpdb 的管理 proftpd 密碼是 proftpdpass
# /usr/bin/mysql -u root -p -e "GRANT ALL PRIVILEGES ON proftpdb.* TO 'proftpd'@'localhost' IDENTIFIED BY 'proftpdpass';"

修改 ProFTPd FTP Server 設定檔 /etc/proftpd.conf
# vim /etc/proftpd.conf

AuthOrder                       mod_sql.c

<IfModule mod_dso.c>
   LoadModule mod_sql.c
   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
</IfModule>

  <IfModule mod_sql.c>

    # We need our "default" connection to the userdb database
    SQLConnectInfo proftpdb@localhost proftpd proftpdpass
    SQLBackend mysql
    SQLAuthTypes Backend Plaintext Crypt

    SQLAuthenticate on
    SQLMinUserUID 500
    SQLMinUserGID 500
    RequireValidShell off
    CreateHome on

    # Point mod_sql at our users/groups tables
    SQLUserInfo ftpuser userid passwd uid gid homedir shell
    SQLGroupInfo ftpgroup groupname gid members

  </IfModule>

測試設定檔語法是否正確
# proftpd -t
Checking syntax of configuration file
Syntax check complete.

重新啟動 ProFTPd FTP Server
# service proftpd restart
正在關閉 proftpd:                                         [  確定  ]
正在啟動 proftpd:                                         [  確定  ]

進行測試
# lftp -u s0990001 192.168.1.20
密碼:
lftp s0990001@192.168.1.20:~> ls
lftp s0990001@192.168.1.20:/>

在 Log 檔也可以看到相關記錄
# tail -f /var/log/proftpd/proftpd.log
Jan 04 13:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): FTP session opened.
Jan 04 05:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): Preparing to chroot to directory '/home/virtualuser/s0990001'
Jan 04 05:35:15 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): USER s0990001: Login successful.
Jan 04 05:35:25 . proftpd[3875] 192.168.1.20 (192.168.1.20[192.168.1.20]): FTP session closed.

虛擬使用者的目錄也會自行建立
# ls -ld /home/virtualuser/*
drwx------ 2 virtualuser virtualgrp 4096 2014-01-04 13:33 /home/virtualuser/s0990001
drwx------ 2 virtualuser virtualgrp 4096 2014-01-04 13:35 /home/virtualuser/s0990002




 
 
 
用LINE傳送

發表迴響

 暱稱 (必填)

 悄悄話

 標題

 個人網頁

 電子郵件

authimage 
 認證碼 (必填)