date: 2020-09-13title: Pure-ftp使用MySQL进行用户认证 #标题
tags: Pureftp #标签
categories: linux大杂烩 # 分类
记录下Pure-ftp使用MySQL实现用户认证登录的配置过程。
安装MySQL
如果不需要基于MySQL做用户鉴权,则可以跳过此步骤,不安装MySQL。
这里写下二进制部署msyql的方法,同时我的网盘上(提取码:wny3)提供了一个MySQL离线安装的脚本,解压后直接执行install-mysql-5.7.23.sh脚本安装即可(可编辑install-mysql-5.7.23.sh文件中的mysql_home变量,指定mysql的安装目录)
$ wget https://downloads.mysql.com/archives/get/p/23/file/mysql-5.7.30-linux-glibc2.12-x86_64.tar.gz# 定义MySQL安装目录$ mysql_home=/opt/mysql-5.7.30/# 3306实例目录$ mysql_3306=${mysql_home}mysql-3306/# 数据存放目录$ mysql_data=${mysql_3306}data# MySQL运行用户$ mysql_user=mysql# 定义MySQL数据库的root密码$ mysql_pwd='cF!TSadGT6y'# 开始安装yum -y install libaiomkdir -p ${mysql_3306}/{data,logs}useradd -M -s /sbin/nologin ${mysql_user}tar zxf mysql-5.7.30-linux-glibc2.12-x86_64.tar.gz -C ${mysql_home} --strip-components=1# 定义配置文件cat > ${mysql_3306}/my.cnf << EOF[client]port=3306socket=/tmp/mysql.sockdefault-character-set=utf8[mysql]port=3306socket=/tmp/mysql.sockdefault-character-set=utf8[mysqld]port=3306character-set-server=utf8socket=/tmp/mysql.sockbasedir=${mysql_home}datadir=${mysql_data}explicit_defaults_for_timestamp=truefederatedlower_case_table_names=1secure_file_priv =${mysql_3306}back_log=150max_connections=3000max_connect_errors=10table_open_cache=2048external-locking=FALSEsecure_file_priv =max_allowed_packet=32Msort_buffer_size=8Mjoin_buffer_size=8Mthread_cache_size=8query_cache_size=512Mquery_cache_limit=4Mtransaction_isolation=REPEATABLE-READtmp_table_size=96Mmax_heap_table_size=96M###***slow query parameterslong_query_time=1slow_query_log = 1slow_query_log_file=${mysql_3306}logs/slow.log###***binlog parameterslog-bin=mysql-binbinlog_cache_size=4Mmax_binlog_cache_size=8Mmax_binlog_size=1024Mbinlog_format=rowlog_timestamps=systemexpire_logs_days=15wait_timeout = 1200interactive_timeout = 1200log_slave_updates=1gtid_mode=ONenforce-gtid-consistencylog_timestamps = SYSTEM#***MyISAM parameterskey_buffer_size=32Mread_buffer_size=2Mread_rnd_buffer_size=16Mbulk_insert_buffer_size=64Mmyisam_sort_buffer_size = 16Mmyisam_max_sort_file_size = 16Mmyisam_repair_threads = 1skip-name-resolve###***master-slave replication parametersserver-id=1#slave-skip-errors=all#***Innodb storage engine parametersinnodb_buffer_pool_size=8192Minnodb_temp_data_file_path = ibtmp1:12M:autoextend:max:5Ginnodb_data_file_path=ibdata1:10M:autoextend#innodb_file_io_threads=8#innodb_thread_concurrency=16innodb_flush_log_at_trx_commit=1innodb_log_buffer_size=16Minnodb_log_file_size=128Minnodb_log_files_in_group=3innodb_max_dirty_pages_pct=90innodb_buffer_pool_dump_pct=90innodb_lock_wait_timeout=2innodb_file_per_table=on[mysqldump]quickmax_allowed_packet=32M[myisamchk]key_buffer=16Msort_buffer_size=16Mread_buffer=8Mwrite_buffer=8M[mysqld_safe]open-files-limit=8192EOF# 配置环境变量$ cat >> /etc/profile <<EOFPATH=${mysql_home}bin/:\$PATHEOFsource /etc/profile# 初始化MySQL$ chown -R ${mysql_user} ${mysql_home}$ su -s /bin/bash -c "mysqld --initialize --user=mysql --datadir=${mysql_data} --basedir=${mysql_home}" ${mysql_user} &> init_db.log# 获取MySQL初始化密码$ tmp_passwd=$(grep root@localhost init_db.log | awk -F 'root@localhost: ' '{print $2}')# 后台启动MySQLsu -s /bin/bash -c "mysqld_safe --defaults-file=${mysql_3306}my.cnf" ${mysql_user} &$ ss -lnput | grep 3306 # 确定端口在监听tcp LISTEN 0 128 :::3306 :::* users:(("mysqld",pid=22074,fd=24))# 修改MySQL的root密码$ mysqladmin -uroot -p''${tmp_passwd}'' password ''${mysql_pwd}''# 测试登录数据库正常$ mysql -uroot -p'cF!TSadGT6y'
至此,数据库部署完成。
安装pure-ftpd
编译pure-ftp
$ yum -y install gcc pam-devel
$ wget https://github.com/jedisct1/pure-ftpd/releases/download/1.0.49/pure-ftpd-1.0.49.tar.gz
$ tar zxf pure-ftpd-1.0.49.tar.gz -C /tmp/
cd /tmp/pure-ftpd-1.0.49/
$ ./configure \
--prefix=/opt/pureftpd \
--with-mysql \
--with-shadow \
--with-pam \
--with-welcomemsg \
--with-uploadscript \
--with-cookie \
--with-virtualchroot \
--with-virtualhosts \
--with-diraliases \
--with-quotas \
--with-puredb \
--with-sysquotas \
--with-tls \
--with-ratios \
--with-ftpwho \
--with-throttling \
--with-language=simplified-chinese \
--with-rfc2640
make
make install
配置环境变量
$ cat >> /etc/profile << EOF
PATH=/opt/pureftpd/bin:/opt/pureftpd/sbin:\$PATH
EOF
source /etc/profile
配置基于MySQL的用户鉴权
配置pureftp
$ cd /opt/pureftpd/etc
mv pure-ftpd.conf{,.default}
$ cat > pure-ftpd.conf << EOF
ChrootEveryone yes
Bind 192.168.20.10,21
BrokenClientsCompatibility no
MaxClientsNumber 500
Daemonize yes
MaxClientsPerIP 8
VerboseLog yes
CreateHomeDir yes
DisplayDotFiles yes
AnonymousOnly no
NoAnonymous yes
SyslogFacility ftp
DontResolve yes
MaxIdleTime 10
#PureDB /opt/pureftpd/etc/pureftpd.pdb
MySQLConfigFile /opt/pureftpd/etc/pureftpd-mysql.conf
LimitRecursion 10000 80
AnonymousCanCreateDirs no
#MaxLoad 4
AntiWarez yes
Umask 133:022
MinUID 1000
AllowUserFXP no
AllowAnonymousFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
AnonymousCantUpload yes
MaxDiskUsage 95
CustomerProof yes
EOF
配置MySQL
创建库及表
# 以下操作属于MySQL相关知识,自行琢磨,不解释太多,主要是将IP及授权网段改为你自己即可
$ mysql -uroot -p'cF!TSadGT6y'
mysql> CREATE DATABASE pureftpd;
mysql> use pureftpd
mysql> CREATE TABLE `users` ( `id` int(32) unsigned NOT NULL auto_increment,
`User` varchar(16) NOT NULL default '',
`Password` varchar(64) NOT NULL default 'Qaz!wsx',
`Uid` varchar(11) NOT NULL default '6000',
`Gid` varchar(11) NOT NULL default '6000',
`Dir` varchar(128) NOT NULL default '/tmp/',
`QuotaSize` smallint(5) NOT NULL default '0',
`QuotaFiles` int(11) NOT NULL default '0',
`ULBandwidth` smallint(5) NOT NULL default '0',
`DLBandwidth` smallint(5) NOT NULL default '0',
`ULRatio` smallint(6) NOT NULL default '0',
`DLRatio` smallint(6) NOT NULL default '0',
`comment` tinytext NOT NULL,
`ipaccess` varchar(15) NOT NULL default '*',
`status` enum('0','1') NOT NULL default '0',
`create_date` datetime NOT NULL default '2020-01-01 00:00:00',
`modify_date` datetime NOT NULL default '2020-01-01 00:00:00',
PRIMARY KEY (`id`,`User`), UNIQUE KEY `User` (`User`) );
mysql> INSERT INTO `users` VALUES (3, 'wangwu','jianzhao87', '6000', '6000', '/data/ftp/wangwu', 0, 0, 0, 0, 0, 0, '','*', '1', '2020-09-12 16:10:00', '2020-09-12 16:10:00');
mysql> grant all on pureftpd.* to pureftpd@"192.168.20.10" identified by 'XPnk@a77b2';
mysql> flush privileges;
定义MySQL连接及查询相关信息
cat > /opt/pureftpd/etc/pureftpd-mysql.conf << EOF
MYSQLServer 192.168.20.10
MYSQLPort 3306
#MYSQLSocket /tmp/mysql.sock
MYSQLUser pureftpd
MYSQLPassword XPnk@a77b2
MYSQLDatabase pureftpd
MYSQLCrypt cleartext
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
#MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
#MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
MySQLTransactions On
MYSQLDefaultUID 6000
MYSQLDefaultGID 6000
EOF
创建用户和组
需要创建uid/gid为6000的用户和组,因为数据库中指定的uid和gid必须是系统上存在的。
groupadd -g 6000 ftpgroup
useradd -M -g 6000 -u 6000 ftpuser -s /sbin/nologin
# 创建目录
$ mkdir /data/ftp/wangwu -p
$ chown 6000.6000 /data/ftp/ -R
启动pureftp并验证
# pure-ftpd启动去/lib64/tls/目录下找libmysqlclient.so.20文件
$ ln -sf /opt/mysql-5.7.30/lib/libmysqlclient.so.20 /lib64/tls/
# 启动pure-ftpd
$ pure-ftpd /opt/pureftpd/etc/pure-ftpd.conf
# 确定端口在监听
$ ss -lnput | grep 21
tcp LISTEN 0 65 *:21 *:* users:(("pure-ftpd",pid=44231,fd=4))
tcp LISTEN 0 65 :::21 :::* users:(("pure-ftpd",pid=44231,fd=5))
至此,即可使用数据库中的wangwu用户进行登录到ftp服务器。
若有收获,就点个赞吧
0 人点赞
