Gentoo安装配置pure-ftpd结合Mysql权限验证全过程
一、安装pure-ftpd服务端
# echo 'net-ftp/pure-ftpd mysql'>>/etc/portage/package.use
Gentoo会自动把本机的mysql装上。
# emerge pure-ftpd
配置mysql数据库root的密码,以及安装初始化目录。 我配置的root密码为root,如果设置为其它的则下面的密码也需要跟着改
# ebuild /var/db/pkg/dev-db/mysql-5.5.28/mysql-5.5.28.ebuild config
把client这个段的内容修改成如下 ,这是为了方便我们进入mysql数据库
# vim /etc/mysql/my.cnf
[client]
user = root
password = root
host = 127.0.0.1
port = 3306
socket = /var/run/mysqld/mysqld.sock
[mysqld]
server-id = 220
skip-name-resolve
# /etc/init.d/mysql start
二、在Mysql中创建相应的库和表来存储用户权限
# mysql –A (之前配置my.cnf里的用户和密码就是为了这儿)
mysql> CREATE DATABASE IF NOT EXISTS pureftpd;
mysql> USE pureftpd;
mysql>
CREATE TABLE IF NOT EXISTS `ftpd` (
`User` varchar(16) NOT NULL DEFAULT '' COMMENT '用户名',
`status` enum('0','1') NOT NULL DEFAULT '0' COMMENT '可用状态:0 - 不可用;1 - 正在使用',
`Password` varchar(64) NOT NULL DEFAULT '' COMMENT '密码',
`Uid` varchar(11) NOT NULL DEFAULT '-1' COMMENT '用户ID',
`Gid` varchar(11) NOT NULL DEFAULT '-1' COMMENT '组ID',
`Dir` varchar(128) NOT NULL DEFAULT '' COMMENT '拥有的权限路径',
`ULBandwidth` smallint(5) NOT NULL DEFAULT '0' COMMENT '上传带宽',
`DLBandwidth` smallint(5) NOT NULL DEFAULT '0' COMMENT '下载带宽',
`comment` tinytext NOT NULL COMMENT '备注',
`ipaccess` varchar(15) NOT NULL DEFAULT '*' COMMENT 'IP地址',
`QuotaSize` smallint(5) NOT NULL DEFAULT '0' COMMENT '大小配额',
`QuotaFiles` int(11) NOT NULL DEFAULT '0' COMMENT '文件类型配额',
PRIMARY KEY (`User`)
) ENGINE=MyISAM DEFAULT CHARSET=gbk COMMENT='ftp用户名密码表';
mysql > 添加用户ftpduser让它对pureftpd下面的库有select权限
grant select on pureftpd.* to ftpduser@'%' identified by 'ftpdpassword';
mysql > 添加一条测试数据,等会儿用来登录
INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ('testuser', '1', md5('testpassword'), '1002', '81', '/var/www', 0, 0, '备注', '*', 0, 0);
三、修改配置文件,使用MYSQL进行权限验证
# vim /etc/conf.d/pure-ftpd
IS_CONFIGURED="yes"
SERVER="-S 10.36.32.220,21"
MAX_CONN="-c 50"
MAX_CONN_IP="-C 20"
AUTH="-l mysql:/etc/pureftpd-mysql.conf"
MISC_OTHER="-A -H -x -j -R -Z -E -p 50001:59999 -O clf:/var/log/pureftpd/pureftpd.log"
# mkdir –p /var/log/pureftpd/
这里的MYSQL配置与我们PHP连接MYSQL雷同,需要注意的是MYSQLCrypt 这是指的咱们对用户密码的加密方式。
# vim /etc/pureftpd-mysql.conf
MYSQLServer 127.0.0.1
MYSQLPort 3306
MYSQLUser ftpduser
MYSQLPassword ftpdpassword
MYSQLDatabase pureftpd
MYSQLCrypt md5
MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
四、添加nfsuser用户,并修改web目录的权限,如果没有就先创建吧
# groupadd apache; useradd nfsuser -u 1002 -g apache -d /dev/null -s /sbin/nologin
# mkdir -p /var/www
# chown -R nfsuser:apache /var/www
五、启动pureftpd并用客户端连接测试
# /etc/init.d/pure-ftpd start