文件服务器安装配置说明手册,FreeBSD全能服务器安装手册之文件服务器篇之A安装配置篇...

FreeBSD全能服务器安装手册FTP篇之A安装配置篇

cd /usr/ports/ftp/pure-ftpd

make WITH_WELCOMESG=yes WITH_UPLOADSCRIPT=yes WITH_COOKIE=yes \

WITH_VIRTUALHOSTS=yes WITH_VIRTUALROOT=yes WITH_DIRALIASES=yes \

WITH_QUOTAS=yes WITH_SYSQUOTAS=yes WITH_RATIOS=yes \

WITH_RATIOS=yes WITH_THROTTLING=yes \

WITH_MYSQL=1 WITH_LANG=simplified-chinese \

WITH_EVERYHING=yes WITH_PARANOIDMSG=yes \

WITH_VIRTUALCHROOT=yes WITH_TLS=yes \

WITH_LARGEFILE=yes

lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

xOptions for pure-ftpd 1.0.21x

x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x

x x[ ] LDAPSupport for users in LDAP directoriesx x

x x[X] MYSQLSupport for users in MySQL databasex x

x x[X] PAMSupport for PAM authenticationx x

x x[ ] PGSQLSupport for users in PostgreSQL databasex x

x x[ ] PRIVSEPEnable privilege separationx x

x x[ ] PERUSERLIMITSPer-user concurrency limitsx x

x x[X] THROTTLINGBandwidth throttlingx x

x x[X] BANNERShow pure-ftpd welcome upon session startx x

x x[X] UPLOADSCRIPTSupport uploadscript daemonx x

x x[ ] UTF8Support for charset conversion (expreimental)x x

x xx x

x xx x

x xx x

x xx x

x xx x

tqmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqjqu

x[OK]Cancelx

mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj

make install

make clean

make rmconfig

cd /usr/local/etc

cp pureftpd-mysql.conf.sample pureftpd-mysql.conf

cp pure-ftpd.conf.sample pure-ftpd.conf

####################################建立ftp用户组##############################

pw groupadd ftpusers -g 2000

pw useradd ftp -u 2000 -g ftpusers -s /sbin/nologin

###############################################################################

#################将以下代码保存成文本文件并命名成script.mysql####################

INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv,

Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv,

Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv,

Index_priv, Alter_priv) VALUES

('localhost','ftp',PASSWORD('passwd'),'Y','Y','Y','Y','N','N','N','N',

'N','N','N','N','N','N');

FLUSH PRIVILEGES;

CREATE DATABASE ftpusers;

USE ftpusers;

CREATE TABLE admin (

Username varchar(35) NOT NULL default '',

Password char(32) binary NOT NULL default '',

PRIMARY KEY (Username)

) TYPE=MyISAM;

INSERT INTO admin VALUES ('Administrator',MD5('passwd'));

CREATE TABLE users (

User char(16) NOT NULL default '',

Password char(32) binary NOT NULL default '',

Uid int(11) NOT NULL default '2000',

Gid int(11) NOT NULL default '2000',

Dir char(128) NOT NULL default '',

QuotaFiles int(10) NOT NULL default '500',

QuotaSize int(10) NOT NULL default '30',

ULBandwidth int(10) NOT NULL default '80',

DLBandwidth int(10) NOT NULL default '80',

status enum('0','1') NOT NULL default '1',

ipaccess varchar(15) NOT NULL default '*',

comment tinytext NOT NULL,

PRIMARY KEY (User),

UNIQUE KEY User (User)

) TYPE=MyISAM;

INSERT INTO `users` VALUES ('test1',MD5('123456'),2001,2000,'/home/test1',500,30,80,5,1,'*','*');

##############################################################################################################################################################

#################################添加ftp用户数据库#############################

mysql -u root -ppassword < script.mysql

###############################################################################

################################设置pureftpd-mysql.conf##########################

ee /usr/local/etc/pureftpd-mysql.conf

###############################################################################

##############################################

##

# Sample Pure-FTPd Mysql configuration file. #

# See README.MySQL for explanations.#

##

##############################################

# Optional : MySQL server name or IP. Don't define this for unix sockets.

#选择：MySQL服务器的名字或IP地址。没有对unix套接字作出详细定义

# MYSQLServer127.0.0.1

#MYSQL服务器的IP

# Optional : MySQL port. Don't define this if a local unix socket is used.

#选择：MySQL服务器对外服务的端口。如果本地UNIX端口已经被使用，则这个连接不能#被使用

# MYSQLPort3306

#MYSQL端口号

# Optional : define the location of mysql.sock if the server runs on this host.

MYSQLSocket/tmp/mysql.sock

#使用UNIX.sock本地连接

# Mandatory : user to bind the server as.

MYSQLUserroot

#MYSQL中存放FTP用户的数据库的用户名

# Mandatory : user password. You must have a password.

MYSQLPasswordrootpw

#MYSQL中存放FTP用户的数据库的密码

# Mandatory : database to open.

MYSQLDatabasepureftpd

#MYSQL中存放FTP用户的数据库的名字

# Mandatory : how passwords are stored

# Valid values are : "cleartext", "crypt", "md5" and "password"

# ("password" = MySQL password() function)

# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCryptcleartext

#密码加密方式"cleartext", "crypt", "md5" and "password"

# cleartext明文，crypt，md5,password是Backend password(‘your-passwd’)函数(MYSQL

#数据库所使用的password()函数)

# In the following directives, parts of the strings are replaced at

# run-time before performing queries :

#

# \L is replaced by the login of the user trying to authenticate.

# \I is replaced by the IP address the user connected to.

# \P is replaced by the port number the user connected to.

# \R is replaced by the IP address the user connected from.

# \D is replaced by the remote IP address, as a long decimal number.

#

# Very complex queries can be performed using these substitution strings,

# especially for virtual hosting.

# Query to execute in order to fetch the password

MYSQLGetPWSELECT Password FROM users WHERE User="\L"

#密码字段，我使用users表中的Password做为密码字段

# Query to execute in order to fetch the system user name or uid

MYSQLGetUIDSELECT Uid FROM users WHERE User="\L"

#UID用户ID字段

# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000

#默认的UID(注：如何开启该选项，MYSQLGetUID将失去作用)

# Query to execute in order to fetch the system user group or gid

MYSQLGetGIDSELECT Gid FROM users WHERE User="\L"

#GID组ID字段

# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000

#默认的GID(注：如何开启该选项，MYSQLGetGID将失去作用)

# Query to execute in order to fetch the home directory

MYSQLGetDirSELECT Dir FROM users WHERE User="\L"

#从数据库中获取FTP用户目录如/home/web/www-9812-net

# Optional : query to get the maximal number of files

# Pure-FTPd must have been compiled with virtual quotas support.

# MySQLGetQTAFSSELECT QuotaFiles FROM users WHERE User="\L"

#磁盘限额，文件数限制。如1000，允许用户上传1千个文件

# Optional : query to get the maximal disk usage (virtual quotas)

# The number should be in Megabytes.

# Pure-FTPd must have been compiled with virtual quotas support.

# MySQLGetQTASZSELECT QuotaSize FROM users WHERE User="\L"

#磁盘限额，FTP用户空间限制(单位为M)，如：100M

# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"

# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"

#上传/下载比率。MySQLGetRatioUL为上传比，MySQLGetRatioDL下载比。如：1：5

# Optional : bandwidth throttling.

# The server has to be compiled with throttling support.

# Values are in KB/s .

# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"

# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

#下传/下载带宽(单位KB/s)。MySQLGetBandwidthUL上传带宽，MySQLGetBandwidthDL3

#下载带宽。如上传500KB/s,下载50KB/s

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :

# 1) You know what you are doing.

# 1)你知道你正在做什么？

# 2) Real and virtual users match.

# 2)真实的和虚拟的用户相匹配

# MySQLForceTildeExpansion 1

# If you upgraded your tables to transactionnal tables (Gemini,

# BerkeleyDB, Innobase...), you can enable SQL transactions to

# avoid races. Leave this commented if you are using the

# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

# MySQLTransactions On

#此文的配置文件可以根据个人的实际需要来配置完成

#############################################################################################################################################################################################################################################

###############################################################################

#################################设置pure-ftpd.conf##############################

ee /usr/local/etc/pure-ftpd.conf

############################################################

##

#Configuration file for pure-ftpd wrappers#

##

############################################################

# If you want to run Pure-FTPd with this configuration

# instead of command-line options, please run the

# following command :

#

# /usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

#

# Please don't forget to have a look at documentation at

# http://www.pureftpd.org/documentation.shtml for a complete list of

# options.

# Cage in every user in his home directory

ChrootEveryoneyes

# chroot每一个用户,等同于Proftpd中的DefaultRoot~ ,可以限制用户在某个地方活动，增

#强服务器的安全性。使用户不能通过cd命令进入上一级目录。

# If the previous option is set to "no", members of the following group

# won't be caged. Others will be. If you don't want chroot()ing anyone,

# just comment out ChrootEveryone and TrustedGID.

# TrustedGID100

#以上两者要一起用

# Turn on compatibility hacks for broken clients

BrokenClientsCompatibilityno

# Maximum number of simultaneous users

MaxClientsNumber50

#最大链接数

# Fork in background

Daemonizeyes

#Fork in background以守护进程方式在后台运行

# Maximum number of sim clients with the same IP address

MaxClientsPerIP8

#每个ip最多链接数，最好设小点。

# If you want to log all client commands, set this to "yes".

# This directive can be duplicated to also log server responses.

VerboseLogno

#是否要把所有client端的指令都log下来

# List dot-files even when the client doesn't send "-a".

DisplayDotFilesyes

#显示开头的文件

# Don't allow authenticated users - have a public anonymous FTP only.

AnonymousOnlyno

#是否只让匿名登录

# Disallow anonymous connections. Only allow authenticated users.

NoAnonymousno

#不开放匿名登入

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)

# The default facility is "ftp". "none" disables logging.

SyslogFacilityftp

#应该是对日志做一下过滤(auth, authpriv, daemon, ftp, security, user, local*)可以让日志只

#记录想要的信息

# Display fortune cookies

# FortunesFile/usr/share/fortune/zippy

# Don't resolve host names in log files. Logs are less verbose, but

# it uses less bandwidth. Set this to "yes" on very busy servers or

# if you don't have a working DNS.

DontResolveyes

#不反向解释客户端的ip

# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime15

#最大闲置时间(分钟)

# LDAP configuration file (see README.LDAP)

# LDAPConfigFile/etc/pureftpd-ldap.conf

#使用LDAP认证

# MySQL configuration file (see README.MySQL)

# MySQLConfigFile/etc/pureftpd-mysql.conf

#使用MySQL认证注意：配置文件的正确路径

# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile/etc/pureftpd-pgsql.conf

#使用PGSQL认证

# PureDB user database (see README.Virtual-Users)

# PureDB/etc/pureftpd.pdb

#使用者资料的DB存放地点[由于我是用PureFTPD的內建DB.固有此选项

# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth/var/run/ftpd.sock

#pure-authd socket路径(详细请看README.Authentication-Modules)

# If you want to enable PAM authentication, uncomment the following line

# PAMAuthenticationyes

#开启PAM认证

# If you want simple Unix (/etc/passwd) authentication, uncomment this

# UnixAuthenticationyes

#如果你想要有简单的Unix(/etc/passwd)的认证

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and

# UnixAuthentication can be used only once, but they can be combined

# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,

# the SQL server will be asked. If the SQL authentication fails because the

# user wasn't found, another try # will be done with /etc/passwd and

# /etc/shadow. If the SQL authentication fails because the password was wrong,

# the authentication chain stops here. Authentication methods are chained in

# the order they are given.

# 'ls' recursion limits. The first argument is the maximum number of

# files to be displayed. The second one is the max subdirectories depth

LimitRecursion2000 8

#ls最多列出2000个文件.最深8层

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirsno

#匿名用户可以创建目录

# If the system is more loaded than the following value,

# anonymous users aren't allowed to download.

MaxLoad4

#当system load超过4時.使用者将不能再下载

# Port range for passive connections replies. - for firewalling.

# PassivePortRange30000 50000

#被动连接应答范围

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.

# Symbolic host names are also accepted for gateways with dynamic IP

# addresses.

# ForcePassiveIP192.168.0.1

# Upload/download ratio for anonymous users.

# AnonymousRatio1 10

# Anonymous连接上传/下载比率

# Upload/download ratio for all users.

# This directive superscedes the previous one.

# UserRatio1 10

#用户上传/下载比率(注：如果使用ldap,mysql,pgsql,pam不要启用该功能，否则你在ldap

#等中设置的Ratio无校)

# Disallow downloading of files owned by "ftp", ie.

# files that were uploaded but not validated by a local admin.

AntiWarezyes

#上传的文件不能被下载(owner is ftp).等到local admin确认

# IP address/port to listen to (default=all IP and port 21).

# Bind127.0.0.1,21

#要绑定和ip/port，在你的系统中有两个FTP Server这样你其中一个FTP就要使用其它端口。

#格式-> 127.0.0.1,21如果只写port表All ip,port

# Maximum bandwidth for anonymous users in KB/s

# AnonymousBandwidth8

#Anonymous带宽，单位KB/s

# Maximum bandwidth for *all* users (including anonymous) in KB/s

# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

# UserBandwidth8

#用户带宽，单位KB/s

# File creation mask. :.

# 177:077 if you feel paranoid.

Umask133:022

#上传文件的Umask.(:)

# Minimum UID for an authenticated user to log in.

MinUID100

# UID至少多少才能登录

# Allow FXP transfers for authenticated users.

AllowUserFXPno

#支不支持FXP

# Allow anonymous FXP for anonymous and non-anonymous users.

AllowAnonymousFXPno

#Anonymous支不支持FXP

# Users can't delete/write files beginning with a dot ('.')

# even if they own them. If TrustedGID is enabled, this group

# will have access to dot-files, though.

ProhibitDotFilesWriteno

#(”.”)开头的文件能不能被读/写,UNIX Like下以点开头的文件是隐藏文件ls–a才能列出

#Pureftpd Quota模式下做产生”.ftpquota”文件。

# Prohibit *reading* of files beginning with a dot (.history, .ssh...)

ProhibitDotFilesReadno

#(”.”)开头的文件能不能被读/写,UNIX Like下以点开头的文件是隐藏文件ls–a才能列出

#Pureftpd Quota模式下做产生”.ftpquota”文件。

# Never overwrite files. When a file whoose name already exist is uploaded,

# it get automatically renamed to file.1, file.2, file.3, ...

AutoRenameno

#上传文件若有相同文件名自动改名(file.1,file.2...)

# Disallow anonymous users to upload new files (no = upload is allowed)

AnonymousCantUploadno

#匿名用户上传文件

# Only connections to this specific IP address are allowed to be

# non-anonymous. You can use this directive to open several public IPs for

# anonymous FTP, and keep a private firewalled IP for remote administration.

# You can also only allow a non-routable local IP (like 10.x.x.x) to

# authenticate, and keep a public anon-only FTP server on another IP.

#TrustedIP10.1.1.1

#锁IP

# If you want to add the PID to every logged line, uncomment the following

# line.

#LogPIDyes

#Log文件添加PID

# Create an additional log file with transfers logged in a Apache-like format :

# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338

# This log file can then be processed by www traffic analyzers.

# AltLogclf:/var/log/pureftpd.log

#log存放地点，注日志有几种常用的格式

#clf类似apache格式，stats UNIX log格式，w3c标准W3C格式，可能是HTML格式

# Create an additional log file with transfers logged in a format optimized

# for statistic reports.

# AltLogstats:/var/log/pureftpd.log

#log存放地点，注日志有几种常用的格式

#clf类似apache格式，stats UNIX log格式，w3c标准W3C格式，可能是HTML格式

# Create an additional log file with transfers logged in the standard W3C

# format (compatible with most commercial log analyzers)

# AltLogw3c:/var/log/pureftpd.log

#log存放地点，注日志有几种常用的格式

#clf类似apache格式，stats UNIX log格式，w3c标准W3C格式，可能是HTML格式

# Disallow the CHMOD command. Users can't change perms of their files.

#NoChmodyes

#不给chmod指令的权限

# Allow users to resume and upload files, but *NOT* to delete them.

#KeepAllFilesyes

#使用者可续传.但不可刪除文件

# Automatically create home directories if they are missing

#CreateHomeDiryes

#如果user的home不存在自动建立(我把这个设为YES)

# Enable virtual quotas. The first number is the max number of files.

# The second number is the max size of megabytes.

# So 1000:10 limits every user to 1000 files and 10 Mb.

#Quota1000:10

#Quota :，FTP限制10M空间，可以上传1000个文件(注：如

#果使用ldap,mysql,pgsql,pam不要启用该功能，否则你在ldap等中设置的Quota无校)

# If your pure-ftpd has been compiled with standalone support, you can change

# the location of the pid file. The default is /var/run/pure-ftpd.pid

#PIDFile/var/run/pure-ftpd.pid

#记录pure-ftpd的PID文件

# If your pure-ftpd has been compiled with pure-uploadscript support,

# this will make pure-ftpd write info about new uploads to

# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and

# spawn a script to handle the upload.

#CallUploadScript yes

#呼叫UploadScript

# This option is useful with servers where anonymous upload is

# allowed. As /var/ftp is in /var, it save some space and protect

# the log files. When the partition is more that X percent full,

# new uploads are disallowed.

MaxDiskUsage99

#当硬盘使用率到多少時将停止上传

# Set to 'yes' if you don't want your users to rename files.

#NoRenameyes

#用户不能重命名文件名

# Be 'customer proof' : workaround against common customer mistakes like

# 'chmod 0 public_html', that are valid, but that could cause ignorant

# customers to lock their files, and then keep your technical support busy

# with silly issues. If you're sure all your users have some basic Unix

# knowledge, this feature is useless. If you're a hosting service, enable it.

CustomerProofyes

# Per-user concurrency limits. It will only work if the FTP server has

# been compiled with --with-peruserlimits (and this is the case on

# most binary distributions) .

# The format is : :

# For instance, 3:20 means that the same authenticated user can have 3 active

# sessions max. And there are 20 anonymous sessions max.

# PerUserLimits3:20

#

# When a file is uploaded and there is already a previous version of the file

# with the same name, the old file will neither get removed nor truncated.

# Upload will take place in a temporary file and once the upload is complete,

# the switch to the new version will be atomic. For instance, when a large PHP

# script is being uploaded, the web server will still serve the old version and

# immediatly switch to the new one as soon as the full file will have been

# transfered. This option is incompatible with virtual quotas.

# NoTruncateyes

# This option can accept three values :

# 0 : disable SSL/TLS encryption layer (default).

# 1 : accept both traditional and encrypted sessions.

# 2 : refuse connections that don't use SSL/TLS security mechanisms,

#including anonymous sessions.

# Do _not_ uncomment this blindly. Be sure that :

# 1) Your server has been compiled with SSL/TLS support (--with-tls),

# 2) A valid certificate is in place,

# 3) Only compatible clients will log in.

# TLS1

# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)

# By default, both IPv4 and IPv6 are enabled.

# IPV4Onlyyes

# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)

# By default, both IPv4 and IPv6 are enabled.

# IPV6Onlyyes

# UTF-8 support for file names (RFC 2640)

# Define charset of the server filesystem and optionnally the default charset

# for remote clients if they don't use UTF-8.

# Works only if pure-ftpd has been compiled with --with-rfc2640

# FileSystemCharsetbig5

# ClientCharsetbig5

#############################################################################################################################################################################################################################################

#################################启动pure-ftpd##################################

/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf

也可以通过

/usr/local/etc/rc.d/pure-ftpd.sh start

提示一下信息证明pure-ftpd已经工作

Running: /usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -E -fftp -H -I15

-lmysql:/usr/local/etc/pureftpd-mysql.conf -L2000:8 -m4 -Q1:10 -s -U133:022

-u100 -Ow3c:/var/log/pureftpd.log -j -k99 -Z

#################################测试pureftp####################################

ftp 192.168.0.205

Connected to 192.168.0.205.

220----------欢迎来到Pure-FTPd [TLS] ----------

220-您是第1个使用者，最多可达50个连接

220-现在本地时间是13:17。服务器端口：21。

220-这是私人系统-不开放匿名登录

220-这部主机也欢迎IPv6的连接

220在15分钟内没有活动，您被会断线。

Name (192.168.0.205:chb):

输入用户名、密码

##############################设置ftp管理的虚拟主机############################

ee /usr/local/etc/apache/httpd.conf

添加

DocumentRoot "/home/chb/ftp"

ServerName

allow from all

Options +Indexes

#######################增加二级登陆密码以增强安全性############################

ee /web/ftp/.htaccess

添加以下内容

AuthType Basic

AuthUserFile /usr/local/etc/pureftpd.passwd

AuthNameFTP服务器后台管理登陆界面

require valid-user

satisfy any

cd /web/chinaPHP_Manager/ftp

chown www .htaccess

chmod 644 .htaccess

touch pureftpd.passwd

htpasswd -bc /usr/local/etc/pureftpd.passwd name password

chmod 644 /usr/local/etc/pureftpd.passwd

###################################增加ftp启动项###############################

ee /etc/rc.conf

添加

pureftpd_enable="YES"