proftpd 通过 mysql 和 FTP 用户的 Web 管理

proftpd 通过 mysql 和 FTP 用户的 Web 管理

我已经在 Linux 机器上安装了 prftpd 和 proftpd-mysql rpm。目的是通过网络对 ftpusers 进行用户管理。

所以我已经安装了proftpadmin这里

现在,当我在 /etc/proftpd.conf 文件中添加以下行时

SQLConnectInfo                  proftpd@localhost root root
 SQLAuthenticate                 users   groups
 SQLAuthTypes                    Crypt   Backend
 SQLUserInfo                     users userid passwd uid gid homedir shell
 SQLGroupInfo                    groups groupid gid members

 SQLLog                          PASS logincount
 SQLNamedQuery                   logincount UPDATE "login_count=login_count+1 WHERE userid='%u'" users
 SQLLog                          PASS lastlogin
 SQLNamedQuery                   lastlogin UPDATE "last_login=now() WHERE userid='%u'" users
 SQLLog RETR                     dlbytescount
 SQLNamedQuery                   dlbytescount UPDATE "dl_bytes=dl_bytes+%b WHERE userid='%u'" users
 SQLLog RETR                     dlcount
 SQLNamedQuery                   dlcount UPDATE "dl_count=dl_count+1 WHERE userid='%u'" users
 SQLLog STOR                     ulbytescount
 SQLNamedQuery                   ulbytescount UPDATE "ul_bytes=ul_bytes+%b WHERE userid='%u'" users
 SQLLog STOR                     ulcount
 SQLNamedQuery                   ulcount UPDATE "ul_count=ul_count+1 WHERE userid='%u'" users
 SQLUserWhereClause              "disabled!=1"

服务 proftpd 启动失败。

如果我删除这些行服务启动,我将无法通过 mysql 管理用户,因为上面的行是强制性的。

谁能建议我哪里出错了

请找到我的下面的 /etc/proftpd.conf 文件

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName                      "ProFTPD server"
ServerIdent                     on "FTP Server ready."
ServerAdmin                     root@localhost
ServerType                      standalone
#ServerType                     inetd
DefaultServer                   on
AccessGrantMsg                  "User %u logged in."
#DisplayConnect                 /etc/ftpissue
#DisplayLogin                   /etc/ftpmotd
#DisplayGoAway                  /etc/ftpgoaway
DeferWelcome                    off

# Use this to excude users from the chroot
DefaultRoot                     ~ !adm

# Use pam to authenticate (default) and be authoritative
#AuthPAMConfig                  proftpd
AuthOrder                       mod_auth_pam.c* mod_auth_unix.c

# Do not perform ident nor DNS lookups (hangs when the port is filtered)
IdentLookups                    off
UseReverseDNS                   off

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Default to show dot files in directory listings
ListOptions                     "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228               off
#RootLogin                      off
#LoginPasswordPrompt            on
#MaxLoginAttempts               3
#MaxClientsPerHost              none
#AllowForeignAddress            off     # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart            on
AllowStoreRestart               on

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    20

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nobody

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile                     no

# This is where we want to put the pid file
ScoreboardFile                  /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite                yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

# Define the log formats
LogFormat                       default "%h %l %u %t \"%r\" %s %b"
LogFormat                       auth    "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine                      on
#TLSRequired                    on
#TLSRSACertificateFile          /etc/pki/tls/certs/proftpd.pem
#TLSRSACertificateKeyFile       /etc/pki/tls/certs/proftpd.pem
#TLSCipherSuite                 ALL:!ADH:!DES
#TLSOptions                     NoCertRequest
#TLSVerifyClient                off
##TLSRenegotiate                ctrl 3600 data 512000 required off timeout 300
#TLSLog                         /var/log/proftpd/tls.log

# SQL authentication Dynamic Shared Object (DSO) loading
# See README.DSO and howto/DSO.html for more details.
#<IfModule mod_dso.c>
#   LoadModule mod_sql.c
#   LoadModule mod_sql_mysql.c
#   LoadModule mod_sql_postgres.c
#</IfModule>

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp
#  AccessGrantMsg               "Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients                   10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir                        /pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files.
#  DisplayLogin                 /welcome.msg
#  DisplayFirstChdir            .message
#  DisplayReadme                        README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser                  on ftp
#  DirFakeGroup                 on ftp
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite             no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog                      off
#
#  # Logging for the anonymous transfers
#  ExtendedLog          /var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog          /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

SQLConnectInfo                  proftpd@localhost root root
 SQLAuthenticate                 users   groups
 SQLAuthTypes                    Crypt   Backend
 SQLUserInfo                     users userid passwd uid gid homedir shell
 SQLGroupInfo                    groups groupid gid members

 SQLLog                          PASS logincount
 SQLNamedQuery                   logincount UPDATE "login_count=login_count+1 WHERE 

userid='%u'" users
 SQLLog                          PASS lastlogin
 SQLNamedQuery                   lastlogin UPDATE "last_login=now() WHERE userid='%u'" 

users
 SQLLog RETR                     dlbytescount
 SQLNamedQuery                   dlbytescount UPDATE "dl_bytes=dl_bytes+%b WHERE 

userid='%u'" users
 SQLLog RETR                     dlcount
 SQLNamedQuery                   dlcount UPDATE "dl_count=dl_count+1 WHERE userid='%u'" 

users
 SQLLog STOR                     ulbytescount
 SQLNamedQuery                   ulbytescount UPDATE "ul_bytes=ul_bytes+%b WHERE 

userid='%u'" users
 SQLLog STOR                     ulcount
 SQLNamedQuery                   ulcount UPDATE "ul_count=ul_count+1 WHERE userid='%u'" 

users
 SQLUserWhereClause              "disabled!=1"

SQL 脚本如下所示,在各自的数据库上更新

#
# Table structure for table `groups`
#

CREATE TABLE `groups` (
  `groupid` varchar(10) NOT NULL default '',
  `gid` int(10) unsigned NOT NULL auto_increment,
  `members` varchar(255) NOT NULL default '',
  PRIMARY KEY  (`gid`)
) TYPE=InnoDB ;

#
# Table structure for table `users`
#

CREATE TABLE `users` (
  `id` smallint(2) NOT NULL auto_increment,
  `userid` varchar(10) NOT NULL default '',
  `uid` int(10) unsigned NOT NULL default '',
  `gid` int(10) unsigned NOT NULL default '',
  `passwd` varchar(255) NOT NULL default '',
  `homedir` varchar(255) NOT NULL default '',
  `comment` varchar(255) NOT NULL default '',
  `disabled` int(10) unsigned NOT NULL default '0',
  `shell` varchar(20) NOT NULL default '/sbin/nologin',
  `email` varchar(255) NOT NULL default '',
  `name` varchar(255) NOT NULL default '',
  `ul_bytes` bigint(20) NOT NULL default '0',
  `dl_bytes` bigint(20) NOT NULL default '0',
  `login_count` bigint(20) NOT NULL default '0',
  `dl_count` bigint(20) NOT NULL default '0',
  `ul_count` bigint(20) NOT NULL default '0',
  `last_login` datetime default NULL,
  PRIMARY KEY  (`id`)
) TYPE=InnoDB ;

答案1

这是我已经可以识别的几个问题:

#AuthOrder does not mention mod_sql.c so it will never use mysql to identify your users.
AuthOrder   mod_sql.c mod_auth_pam.c mod_auth_unix.c

#this code shouldn't be commented in your config file and should look like this or you will never enable sql_mod
<IfModule mod_dso.c>
   LoadModule mod_sql.c
   LoadModule mod_sql_mysql.c
    #   LoadModule mod_sql_postgres.c
</IfModule>

#Mysql is not used without a port, you should verify this parameter (also the password is weak but lets keep that for another moment)
SQLConnectInfo                  proftpd@localhost:PORT root root

#are you sure to use the correct password encryption  (but that would be a problem to deal with later)
SQLAuthTypes  Crypt Backend

另请记住,该虚拟用户需要绑定到具有正确权限的真实用户。
最后,如果您需要调试守护进程,您只需添加这两个指令即可在最顶部你的配置文件:

Trace DEFAULT:10
TraceLog /var/ftpd/trace.log

相关内容