一、简介:
Pure-FTPd 是一款免费(BSD)的,安全的,高质量和符合标准的FTP服务器。 侧重于运行效率和易用性。 它提供了简单的答案,他满足了大众化的需求,包括普通用户以及主机供应商们
Pure-FTPd 的运行环境
同样的源代码被编译并运行于 Linux, OpenBSD, NetBSD, DragonflyBSD FreeBSD, Solaris, Tru64, Darwin, Irix, HPUX, AIX 以及 iPhone上。
Pure-FTPd 安全性
pure - ftpd 得到了充分的支持,它是始终以安全设计为理念,其代码总是作为有漏洞的来进行讨论,并重新审核。该服务可以适应严格的安全需要做到权限分离。 甚至在不需要Root权限的情况下通过其内建的chroot()仿真以及虚拟帐户100%正常运行。避免密码作为明文传输:pure - ftpd的OpenSSL库支持可选的 SSL / TLS加密层使用。
二、架构图
三、具体配置:
1. 搭建lamp环境
[root@gjp99 ~]# yum -y install httpd php php-mysql mysql mysql-server mysql-devel
Installed:
httpd.i386 0:2.2.3-31.el5 mysql.i386 0:5.0.77-3.el5
mysql-devel.i386 0:5.0.77-3.el5 mysql-server.i386 0:5.0.77-3.el5
php.i386 0:5.1.6-23.2.el5_3 php-mysql.i386 0:5.1.6-23.2.el5_3
Dependency Installed:
perl-DBD-MySQL.i386 0:3.0007-2.el5 perl-DBI.i386 0:1.52-2.el5
php-cli.i386 0:5.1.6-23.2.el5_3 php-common.i386 0:5.1.6-23.2.el5_3
php-pdo.i386 0:5.1.6-23.2.el5_3
Complete!
2.相应服务重启
[root@gjp99 ~]# service httpd start
Starting httpd: httpd: apr_sockaddr_info_get() failed for gjp99.baidu.com
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@gjp99 ~]# chkconfig httpd on 开机自启动
[root@gjp99 ~]# service mysqld start
The latest information about MySQL is available on the web at
http://www.mysql.com
Support MySQL by buying support/licenses at http://shop.mysql.com
[ OK ]
Starting MySQL: [ OK ]
[root@gjp99 ~]# chkconfig mysqld on
为mysql数据库设置 用户名:root 口令:123456
[root@gjp99 ~]# mysqladmin -u root -p password '123456'
Enter password: 这里指旧密码,因为旧密码为空,所以这里直接回车
访问数据库时:
[root@gjp99 ~]# mysql -u root -p
Enter password: 密码:123456
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
3上传pureftp所需的软件包:
[root@gjp99 ~]# ll
total 64
drwxr-xr-x 2 root root 4096 Aug 2 21:41 Desktop
-rw------- 1 root root 960 Aug 2 21:30 anaconda-ks.cfg
-rw-r--r-- 1 root root 35556 Aug 2 21:30 install.log
-rw-r--r-- 1 root root 4062 Aug 2 21:30 install.log.syslog
drwxr-xr-x 2 root root 4096 Aug 3 14:16 pureftp
[root@gjp99 ~]# cd pureftp
[root@gjp99 pureftp]# ll
total 10804
-rw-r--r-- 1 root root 29148 Aug 3 14:16 PureAdmin-0.3.tar.gz 管理工具
-rw-r--r-- 1 root root 10208541 Aug 3 14:16 ZendOptimizer-3.3.3-linux-hicode.tar.gz 加速器
-rw-r--r-- 1 root root 578781 Aug 3 14:16 pure-ftpd-1.0.36.tar.gz 主程序
-rw-r--r-- 1 root root 2105 Aug 3 14:16 pureftp.sql
-rw-r--r-- 1 root root 4718 Aug 3 14:16 pureftpd-mysql.conf
-rw-r--r-- 1 root root 196917 Aug 3 14:16 webpureftp0.1.tar.gz
4.解压缩
[root@gjp99 pureftp]# tar zxvf pure-ftpd-1.0.36.tar.gz -C /usr/local/src/
[root@gjp99 pureftp]# cd /usr/local/src/
[root@gjp99 src]# ll
total 4
drwxr-xr-x 10 root root 4096 Aug 3 14:20 pure-ftpd-1.0.36
[root@gjp99 src]# cd pure-ftpd-1.0.36/
[root@gjp99 pure-ftpd-1.0.36]# ls
5.源码安装须具备以下条件:
注意:遇到configure文件,要保证四个开发工具要具备:
[root@gjp99 pure-ftpd-1.0.36]# yum grouplist |less
Development Libraries
Development Tools
X Software Development
Legacy Software Development (发现这个竟然没有安装)
手动安装传统软件开发:
[root@gjp99 pure-ftpd-1.0.36]# yum groupinstall "Legacy Software Development"
6.预编译-----编译-----整理文件
./configure \
--prefix=/usr/local/pureftpd \ 安装目录
--with-mysql \ 服务器支持mysql
--with-shadow \ 支持本地的 /etc/shadow
--with-pam \ 支持pam验证
--with-welcomemsg \ 支持比较友好的欢迎信息
--with-uploadscript \ 上传完成之后可以执行的脚本
--with-cookie \ 缓存
--with-virtualchroot \ 软连接跳转到其他目录
--with-virtualhosts \ 虚拟主机
--with-diraliases \ 目录的别名
--with-quotas \ 配额
--with-puredb \ 虚拟账号与本地账号的映射文件
--with-sysquotas \
--with-ratios \
--with-ftpwho \
--with-throttling \ 高于或低于某个门槛儿警报一下
--with-language=simplified-chinese 简体中文
make
make install
发现配置文件丢了
[root@gjp99 pure-ftpd-1.0.36]# ./configure --help |less 帮助信息
[root@gjp99 pure-ftpd-1.0.36]# ll /usr/local/pureftpd/
total 12
drwxr-xr-x 2 root root 4096 Aug 3 14:50 bin
drwxr-xr-x 2 root root 4096 Aug 3 14:50 sbin
drwxr-xr-x 3 root root 4096 Aug 3 14:50 share
发现该目录下也没有 etc目录,手动创建
[root@gjp99 pure-ftpd-1.0.36]# mkdir /usr/local/pureftpd/etc
[root@gjp99 pure-ftpd-1.0.36]# cd configuration-file/
[root@gjp99 configuration-file]# ll
total 84
-rw-r--r-- 1 root root 11073 Aug 3 14:43 Makefile
-rw-r--r-- 1 1000 games 67 Mar 16 09:01 Makefile.am
-rw-r--r-- 1 1000 games 9982 Mar 22 04:17 Makefile.in
-rw-r--r-- 1 root root 4696 Aug 3 14:43 pure-config.pl 编译时需要的可执行文件
-rw-r--r-- 1 1000 games 4689 Mar 16 09:01 pure-config.pl.in
-rw-r--r-- 1 root root 7717 Aug 3 14:43 pure-config.py
-rw-r--r-- 1 1000 games 7679 Apr 17 2011 pure-config.py.in
-rw-r--r-- 1 root root 11211 Aug 3 14:43 pure-ftpd.conf 配置文件
-rw-r--r-- 1 1000 games 11189 Mar 16 09:01 pure-ftpd.conf.in
[root@gjp99 configuration-file]# cp pure-ftpd.conf /usr/local/pureftpd/etc/
[root@gjp99 configuration-file]# chmod 755 pure-config.pl
[root@gjp99 configuration-file]# cp pure-config.pl /usr/local/pureftpd/sbin/
7 .pureftp的服务控制脚本
[root@gjp99 pure-ftpd-1.0.36]# pwd
/usr/local/src/pure-ftpd-1.0.36
[root@gjp99 pure-ftpd-1.0.36]# cd contrib/
[root@gjp99 contrib]# ls
Makefile Makefile.in pure-vpopauth.pl suse.init
Makefile.am pure-stat.pl redhat.init xml_python_processors.txt
[root@gjp99 contrib]# cp redhat.init /etc/init.d/pureftpd
[root@gjp99 contrib]# chmod 755 /etc/init.d/pureftpd 给它执行权限
[root@gjp99 contrib]# ll /etc/init.d/pureftpd
-rwxr-xr-x 1 root root 1211 Aug 3 15:07 /etc/init.d/pureftpd
[root@gjp99 contrib]# vim /etc/init.d/pureftpd
[root@gjp99 contrib]# service pureftpd start
Starting pure-config.pl: Running: /usr/local/pureftpd/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -k99 -Z
[root@gjp99 contrib]# service pureftpd restart
Stopping pure-config.pl:
Starting pure-config.pl: Running: /usr/local/pureftpd/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -fftp -H -I15 -L10000:8 -m4 -s -U133:022 -u100 -k99 -Z
[root@gjp99 contrib]# netstat -tupln |grep 21
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 26331/pure-ftpd (SE
tcp 0 0 :::21 :::* LISTEN 26331/pure-ftpd (SE
[root@gjp99 contrib]# chkconfig --list |grep pureftpd 无法控制
[root@gjp99 contrib]# chkconfig --add pureftpd //添加该服务
[root@gjp99 contrib]# chkconfig pureftpd on
[root@gjp99 contrib]# chkconfig --list |grep pureftpd
pureftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
8. 配置虚拟用户登录环境
[root@gjp99 contrib]# mkdir /ftproot
[root@gjp99 contrib]# chmod -R 777 /ftproot <这不不做可以能会引起登录时报421错误>
[root@gjp99 contrib]# useradd virtualftp -d /ftproot -s /sbin/nologin -M
<创建接下来的虚拟用户对应的系统用户>
[root@gjp99 contrib]# chown virtualftp:virtualftp /ftproot
[root@gjp99 contrib]# ll -d /ftproot/
drwxrwxrwx 2 virtualftp virtualftp 4096 Aug 3 15:40 /ftproot/
[root@gjp99 contrib]# vim /usr/local/pureftpd/etc/pure-ftpd.conf
20 ChrootEveryone yes // 每个人进去,只能禁锢在自己的家目录下!
40 MaxClientsNumber 50 //同时在线的最大连接数
52 MaxClientsPerIP 8 //每一个ip的最大连接数
71 AnonymousOnly no //不光是匿名账号
77 NoAnonymous yes //不允许匿名
336 CreateHomeDir yes // 打开此行
允许用户登录后自动创建家目录 <必须>
9. 用mysql验证
- 设置调用mysql的插件路径
[root@gjp99 ~]# vim /usr/local/pureftpd/etc/pure-ftpd.conf
116 MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
[root@gjp99 ~]# cd /usr/local/pureftpd/etc
[root@gjp99 etc]# ll
total 12
-rw-r--r-- 1 root root 11228 Sep 27 09:24 pure-ftpd.conf
发现该目录下没有pureftpd-mysql.conf的文件!上传过来的软件包存在!
[root@gjp99 etc]# cd
[root@gjp99 ~]# cd pureftp/
[root@gjp99 pureftp]# ll
total 10804
-rw-r--r-- 1 root root 29148 Aug 3 14:16 PureAdmin-0.3.tar.gz
-rw-r--r-- 1 root root 10208541 Aug 3 14:16 ZendOptimizer-3.3.3-linux-hicode.tar.gz
-rw-r--r-- 1 root root 578781 Aug 3 14:16 pure-ftpd-1.0.36.tar.gz
-rw-r--r-- 1 root root 2105 Aug 3 14:16 pureftp.sql
-rw-r--r-- 1 root root 4718 Aug 3 14:16 pureftpd-mysql.conf
-rw-r--r-- 1 root root 196917 Aug 3 14:16 webpureftp0.1.tar.gz
[root@gjp99 pureftp]# cp pureftpd-mysql.conf /usr/local/pureftpd/etc/
[root@gjp99 pureftp]# cd /usr/local/pureftpd/etc
[root@gjp99 etc]# ll
total 20
-rw-r--r-- 1 root root 11228 Sep 27 09:24 pure-ftpd.conf
-rw-r--r-- 1 root root 4718 Sep 27 09:26 pureftpd-mysql.conf
[root@gjp99 etc]# vim pureftpd-mysql.conf
27 MYSQLUser ftp
30 # Mandatory : user password. You must have a password.
32 MYSQLPassword tmppasswd
35 # Mandatory : database to open.
37 MYSQLDatabase ftpusers 数据库都还没有创建
40 # Mandatory : how passwords are stored
41 # Valid values are : "cleartext", "crypt", "md5" and "password"
42 # ("password" = MySQL password() function)
43 # You can also use "any" to try "crypt", "md5" *and* "password"
44
45 MYSQLCrypt md5
- 导入需要的数据库及表格
[root@gjp99 ~]# cd pureftp/
[root@gjp99 pureftp]# ll
total 10804
-rw-r--r-- 1 root root 29148 Aug 3 14:16 PureAdmin-0.3.tar.gz
-rw-r--r-- 1 root root 10208541 Aug 3 14:16 ZendOptimizer-3.3.3-linux-hicode.tar.gz
-rw-r--r-- 1 root root 578781 Aug 3 14:16 pure-ftpd-1.0.36.tar.gz
-rw-r--r-- 1 root root 2105 Aug 3 14:16 pureftp.sql
-rw-r--r-- 1 root root 4718 Aug 3 14:16 pureftpd-mysql.conf
-rw-r--r-- 1 root root 196917 Aug 3 14:16 webpureftp0.1.tar.gz
[root@gjp99 pureftp]# vim pureftp.sql
14 -- Host: localhost Database: ftpusers
15 -- ---------------------------------------------------前面也空一格,否则会报错
50 INSERT INTO admin VALUES ('admin',MD5('123')); 后台管理时输入的用户名和密码!
[root@gjp99 pureftp]# mysql -u root -p < pureftp.sql 导入pureftp.sql
Enter password: 输入密码:123456
[root@gjp99 pureftp]# mysql -u root -p
Enter password: 输入密码:123456
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.0.77 Source distribution
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| ftpusers |
| mysql |
| test |
+--------------------+
4 rows in set (0.03 sec)
mysql> use ftpusers;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+--------------------+
| Tables_in_ftpusers |
+--------------------+
| admin |
| users |
+--------------------+
2 rows in set (0.00 sec)
mysql> select * from admin;
+----------+----------------------------------+
| Username | Password |
+----------+----------------------------------+
| admin | 202cb962ac59075b964b07152d234b70 | 密码已用MD5加密
+----------+----------------------------------+
1 row in set (0.00 sec)
mysql> \q
Bye
- 添加连接mysql用户
注意:以下命令必须执行,否则,后台管理登陆不进去!
先用root登录mysql,执行
mysql>grant all privileges on ftpusers.* to ftp@localhost identified by 'tmppasswd';
mysql>flush privileges;
mysql>quit;
如果配置成功可用: useradd –u ftp –p passwd 输入密码:tmppasswd
- web的管理页面----PureAdmin-0.3.tar.gz
修改pureadmin的配置文件
[root@gjp99 pureftp]# ll
total 10804
-rw-r--r-- 1 root root 29148 Aug 3 14:16 PureAdmin-0.3.tar.gz
[root@gjp99 pureftp]# tar zxvf PureAdmin-0.3.tar.gz -C /var/www/html
[root@gjp99 pureftp]# cd /var/www/html
[root@gjp99 html]# ll
total 4
drwxr-xr-x 4 root 80 4096 Mar 22 2009 PureAdmin-0.3
[root@gjp99 html]# mv PureAdmin-0.3 pureadmin
[root@gjp99 html]# ll
total 4
drwxr-xr-x 4 root 80 4096 Mar 22 2009 pureadmin
[root@gjp99 html]# cd pureadmin/
[root@gjp99 pureadmin]# ll
total 56
-rw-r--r-- 1 root 80 3612 Oct 6 2008 adduser.php
-rw-r--r-- 1 root 80 1903 Oct 6 2008 admin.php
-rw-r--r-- 1 root 80 273 Oct 6 2008 chkuser.php
-rw-r--r-- 1 root 80 581 Oct 6 2008 code.php
-rw-r--r-- 1 root 80 577 Mar 22 2009 config.php
-rw-r--r-- 1 root 80 3927 Oct 6 2008 edit.php
drwxr-xr-x 2 root 80 4096 Apr 19 2009 images
-rw-r--r-- 1 root 80 2279 Mar 22 2009 index.php
-rw-r--r-- 1 root 80 366 Mar 22 2009 lib.php
drwxr-xr-x 2 root 80 4096 Apr 19 2009 libs
-rw-r--r-- 1 root 80 1997 Oct 6 2008 list.php
-rw-r--r-- 1 root 80 491 Oct 6 2008 lock.php
-rw-r--r-- 1 root 80 5411 Oct 6 2008 main.php
[root@gjp99 pureadmin]# vim config.php
[root@gjp99 pureadmin]# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: httpd: apr_sockaddr_info_get() failed for gjp99.baidu.com
httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
[ OK ]
[root@gjp99 pureadmin]# service pureftpd restart
Stopping pure-config.pl:
Starting pure-config.pl: Running: /usr/local/pureftpd/sbin/pure-ftpd --daemonize -A -c50 -B -C8 -D -E -fftp -H -I15 -lmysql:/usr/local/pureftpd/etc/pureftpd-mysql.conf -L10000:8 -m4 -s -U133:022 -u100 -j -k99 -Z
测试:
创建用户:
刚创建的用户保存在mysql数据库中!
[root@gjp99 etc]# mysql -u root -p 进入查看
Enter password: 123456
mysql> show databases;
mysql> use ftpusers;
mysql> show tables;
mysql> select * from users;
+------+----------------------------------+------+------+--------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| User | Password | Uid | Gid | Dir | QuotaFiles | QuotaSize | ULBandwidth | DLBandwidth | Ipaddress | Comment | Status | ULRatio | DLRatio |
+------+----------------------------------+------+------+--------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
| gjp | 202cb962ac59075b964b07152d234b70 | 1000 | 1000 | /ftproot/gjp | 0 | 100 | 0 | 200 | * | | 1 | 0 | 0 |
+------+----------------------------------+------+------+--------------+------------+-----------+-------------+-------------+-----------+---------+--------+---------+---------+
1 row in set (0.00 sec)
[root@gjp99 etc]# cd /ftproot/
[root@gjp99 ftproot]# ll 发现该目录下并不存在gjp账号
total 0 访问时,才产生相应的目录 但是,用创建的虚拟账号登录不成功
- 用pureDB认证
打开虚拟账号与物理账号之间的映射文件
[root@gjp99 ftproot]# vim /usr/local/pureftpd/etc/pure-ftpd.conf
126 PureDB /usr/local/pureftpd/pureftpd.pdb
[root@gjp99 ftproot]# cd /usr/local/pureftpd/
[root@gjp99 pureftpd]# ll 目录
total 16
drwxr-xr-x 2 root root 4096 Aug 3 14:50 bin
drwxr-xr-x 2 root root 4096 Sep 27 11:19 etc
drwxr-xr-x 2 root root 4096 Aug 3 14:55 sbin
drwxr-xr-x 3 root root 4096 Aug 3 14:50 share
[root@gjp99 pureftpd]# ll bin/ 这下面是指令
total 112
-rwxr-xr-x 1 root root 76969 Aug 3 14:50 pure-pw
-rwxr-xr-x 1 root root 14468 Aug 3 14:50 pure-pwconvert
-rwxr-xr-x 1 root root 14462 Aug 3 14:50 pure-statsdecod
如果用./pure-pw 只能在当前目录下执行
配置环境变量,让其在任何地方都可以执行!
[root@gjp99 pureftpd]# echo PATH=$PATH:/usr/local/pureftpd/bin >>/etc/profile
[root@gjp99 pureftpd]# . /etc/profile 立即生效,点代表source
[root@gjp99 pureftpd]# cd 切换到任意目录
[root@gjp99 ~]# pure-pw 按tab键,则这个命令已可以出现,表明已可以正常使用
[root@gjp99 ~]# pure-pw useradd lzw -u virtualftp -g virtualftp -d /ftproot/lzw -m
Password: 123
Enter it again:
说明:
lzw是用户名,-u virtualftp是其实际的linux用户,-d指定起始目录,并锁定于该目录。如果不锁定,则用-D;如果需要不同的权限,可以建立新的linux用户与组
如果用的系统自带的ftp用户,这样的话还需修改配置文件pure-ftpd.conf中的MinUID为ftp用户的UID 14,否则登录时会出现530错误;所以这里建议创建另一个非系统自带的用户做映射
[root@gjp99 ftproot]# pure-pw mkdb /usr/local/pureftpd/pureftpd.pdb
注意如果该命令不执行,则l无法用lzw账号登录!
[root@gjp99 ~]# cd /ftproot/
[root@gjp99 ftproot]# ll
total 4
drwxr-xr-x 2 1000 1000 4096 Sep 27 11:40 gjp
[root@gjp99 ftproot]# ll
total 8
drwxr-xr-x 2 1000 1000 4096 Sep 27 11:40 gjp
drwxr-xr-x 2 virtualftp virtualftp 4096 Sep 27 11:54 lzw
用网页访问!
[root@gjp99 ftproot]# cd gjp
[root@gjp99 gjp]# echo "welcome " >>gjp
点开gjp 则看到: