ProFTPd配置通过数据库方式的虚拟用户认证登录
一、安装proftpd + postgresql数据库方式认证
./configure
--prefix=/usr/local/proftpd
--with-modules=mod_sql:mod_sql_postgres
--with-includes=/usr/include
--with-libraries=/usr/lib/postgresql/8.4/lib
make
make install
./configure
--prefix=/usr/local/proftpd
--with-modules=mod_sql:mod_sql_mysql
--with-includes=/usr/include/mysql
--with-libraries=/usr/lib/mysql
make
make install
注:--with-includes和--with-libraries需要正确填写机器中所安装的mysql头文件和库文件路径,如不知道可使用locate mysql查找,Ubuntu中使用apt-get install方式安装mysql的默认路径如上
三、proftpd数据库配置文件(/usr/local/proftpd/etc/proftpd.conf)
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single
server
# and a single anonymous login. It assumes that you have a
user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Server LZG"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and
files
# from being group and world writable.
Umask 022
MaxLoginAttempts 3
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
MaxClients 100
MaxClientsPerHost 5
RequireValidShell off
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their
home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Bar use of SITE CHMOD by default
DenyAll
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo proftpd@10.253.102.12 postgres 123
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLMinID 500
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 where userid='%u'" users
SQLLog STOR,DELE modified
-- DROP TABLE users;
CREATE TABLE users
(
userid character varying(256) NOT NULL,
passwd character varying(256),
uid integer DEFAULT (1000)::numeric,
gid integer DEFAULT (1000)::numeric,
homedir character varying(256),
shell character varying(256),
count integer DEFAULT (0)::numeric,
used double precision DEFAULT 0.0,
quote double precision DEFAULT 0.0,
CONSTRAINT ftpusers_pkey PRIMARY KEY (userid)
)
WITH (
OIDS=FALSE
);
ALTER TABLE users
OWNER TO postgres;
-- Table: groups
-- DROP TABLE groups;
CREATE TABLE groups
(
groupname character varying(256) NOT NULL,
gid integer DEFAULT (1000)::numeric,
members character varying(256),
CONSTRAINT ftpgroups_pkey PRIMARY KEY (groupname)
)
WITH (
OIDS=FALSE
);
ALTER TABLE groups
OWNER TO postgres;
数据表创建完成后,配置文件修改后,重启proftpd进程,在数据库中创建一个用户然后登录就可以了。
五、可能遇到的问题root@liuzhigong-Vostro-230:~# ftp 127.0.0.1
Connected to 127.0.0.1.
220 ProFTPD 1.3.5rc2 Server (ProFTPD Server LZG) [127.0.0.1]
Name (127.0.0.1:root): lzgtest
331 Password required for lzgtest
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory
可能会遇到下面这个问题,我google和baidu了好久,查了好多方法不行,最后才发现是配置文件后面sql语句写错导致,可供大家参考,如果大家创建的表名不是users,是ftpusers,则配置文件中的对应sql语句的地方要做相应修改才行
SQLGroupInfo groups(根据实际情况修改表名) groupname gid members
SQLMinID 500
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 where userid='%u'" users(根据实际情况修改表名)
SQLLog STOR,DELE modified
还有一个问题是可能直接使用IP连接proftpd服务器时感觉连接速度非常慢,要等很久服务器才会返回信息,经常导致ftp连接超时,这时可在配置文件中关闭proftpd的域名反向解析以加快服务器响应时间:
# 不显示服务器相关信息, 如proftpd版本
ServerIdent off
# 禁用反向域名解析
UseReverseDNS off