Pure-FTPd (FTP сервер с авторизацией в MySQL)
http://www.pureftpd.org/project/pure-ftpd/doc
http://download.pureftpd.org/pub/pure-ftpd/doc/README
http://download.pureftpd.org/pub/pure-ftpd/doc/README.MySQL
http://download.pureftpd.org/pub/pure-ftpd/doc/FAQ
sh# fetch http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.22.tar.bz2
------------------------------------------------------------------------------
pure-ftpd-1.0.22.tar.bz2 100% of 485 kB 14 kBps 00m00s
------------------------------------------------------------------------------
sh# tar xvf pure-ftpd-1.0.22.tar.bz2
sh# cd pure-ftpd-1.0.22
sh# ./configure --help
sh# ./configure
-------------------------------------------------------------------------------
--without-standalone Don't compile the standalone server code
--without-inetd Don't support super-servers (like inetd)
--without-capabilities Don't use Linux capabilities (default=detect)
--without-shadow Don't use shadow passwords (default=detect)
--without-usernames Use only numerical UIDs/GIDs
--without-iplogging Never log remote IP addresses (privacy)
--without-humor Disable humor (enabled by default)
--without-longoptions Ignored - just for backward compatibility
--without-ascii Don't support 7-bits (ASCII) transfers
--without-banner Don't display any initial banner
--without-globbing Don't include globbing code
--without-nonalnum Only allow basic alphanumeric characters in file
names
--without-unicode Disable non-latin characters in file names
--without-sendfile Don't use zero-copy optimizations (for network FS)
--without-cork Don't use TCP_CORK optimization
--with-boring Display only boring messages
--with-brokenrealpath If your libc has a broken realpath() call
--with-probe-random-dev If you want to probe for /dev/*random at run-time
--with-minimal Build only a small minimal server
--with-paranoidmsg Use paranoid but not admin-friendly messages
--with-sysquotas Use system (not virtual) quotas
--with-altlog Support alternative log format (Apache-like)
--with-puredb Support virtual (FTP-only) users
--with-extauth Support external authentication modules
--with-pam Enable PAM support (default=disabled)
--with-cookie Support 'fortune' cookies (-F option)
--with-throttling Support bandwidth throttling (disabled by default)
--with-ratios Support for upload/download ratios
--with-quotas Support .ftpquota files
--with-ftpwho Support for pure-ftpwho
--with-welcomemsg Support welcome.msg backward compatibility
(deprecated)
--with-uploadscript Allow running an external script after an upload
(experimental)
--with-virtualhosts Handle virtual servers on different IP addresses
--with-virtualchroot Enable the ability to follow symlinks outside a
chroot jail
--with-diraliases Enable directory aliases
--with-nonroot Unprivileged, limited mode. Only enable this option
if you really don't have root privileges on the
server host.
--with-peruserlimits Support per-user concurrency limits
--with-debug For maintainers only - please do not use
--with-everything Build a big server with almost everything
--with-language= < english | german | romanian | french |
french-funny | polish | spanish | danish | dutch |
italian | brazilian-portuguese | slovak | korean |
swedish | norwegian | russian | traditional-chinese
| simplified-chinese | czech | turkish | hungarian |
catalan>
--with-ldap Users database is an LDAP directory (see doc)
--with-mysql Users database is a MySQL database (see doc)
--with-pgsql Users database is a PostgreSQL database (see doc)
--with-privsep Enable privilege separation
--with-tls Enable SSL/TLS support (experimental, needs OpenSSL)
--with-certfile= certificate file (default:
/etc/ssl/private/pure-ftpd.pem)
--with-rfc2640 Enable RFC 2640 (UTF-8 encoding for file names)
support (experimental, needs iconv)
--with-bonjour Enable Bonjour support on MacOS X
-------------------------------------------------------------------------------
sh# ./configure --without-inetd --with-sysquotas --with-diraliases \
--with-peruserlimits --with-language=russian --with-mysql
sh# make install && rehash
sh# which pure-ftpd
-------------------------
/usr/local/sbin/pure-ftpd
-------------------------
sh# mkdir -pv /conf/pure-ftpd
sh# cd /conf/pure-ftpd
sh# ee pure-ftpd.sql
----------------------------------------------------------------------------------
DROP DATABASE IF EXISTS pureftpd;
CREATE DATABASE pureftpd;
USE pureftpd;
CREATE TABLE accounts (
User VARCHAR(16) BINARY NOT NULL,
Pass VARCHAR(32) BINARY NOT NULL,
Dir VARCHAR(128) BINARY NOT NULL,
Uid INT(10) NOT NULL default '-1',
Gid INT(10) NOT NULL default '-1',
PRIMARY KEY (User)
);
CREATE USER pureftpd@localhost IDENTIFIED BY 'dptferup';
GRANT ALL PRIVILEGES ON pureftpd.* TO pureftpd@localhost IDENTIFIED BY 'dptferup';
FLUSH PRIVILEGES;
----------------------------------------------------------------------------------
sh# ee add_users.sql
----------------------------------------------------------------------------------------
INSERT INTO pureftpd.accounts VALUES ('admin','admin123','/hlam/admin','10000','10000');
----------------------------------------------------------------------------------------
sh# which mysql
--------------------
/usr/local/bin/mysql
--------------------
sh# /usr/local/bin/mysql --user=xxxxxx --password=xxxxxx < pure-ftpd.sql
sh# /usr/local/bin/mysql --user=xxxxxx --password=xxxxxx < add_users.sql
sh# ee pure-ftpd-mysql.conf
--------------------------------------------------------------------
MYSQLServer 127.0.0.1
MYSQLPort 3306
MYSQLSocket /tmp/mysql.sock
MYSQLUser pureftpd
MYSQLPassword dptferup
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt cleartext
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
MYSQLGetPW SELECT Pass FROM accounts WHERE User="\L"
MYSQLGetDir SELECT Dir FROM accounts WHERE User="\L"
MYSQLGetUID SELECT Uid FROM accounts WHERE User="\L"
MYSQLGetGID SELECT Gid FROM accounts WHERE User="\L"
--------------------------------------------------------------------
sh# ee pure-ftpd.conf
---------------------------------------------------------------------------------
ChrootEveryone yes
BrokenClientsCompatibility no
MaxClientsNumber 5
Daemonize yes
MaxClientsPerIP 1
VerboseLog yes
DisplayDotFiles yes
NoAnonymous no
SyslogFacility ftp
DontResolve yes
MaxIdleTime 5
MySQLConfigFile /conf/pure-ftpd/pure-ftpd-mysql.conf
LimitRecursion 2000 8
MaxLoad 4
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 30000 50000
# Upload/download ratio for all users.
# UserRatio 1 10
AntiWarez yes
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
# File creation mask. : .
# 177:077 if you feel paranoid.
Umask 133:022
MinUID 10000
AllowUserFXP no
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
AutoRename no
# Only connections to this specific IP address
#TrustedIP 10.1.1.1
#NoChmod yes
#KeepAllFiles yes
#CreateHomeDir yes
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
#PIDFile /var/run/pure-ftpd.pid
MaxDiskUsage 80
NoRename yes
CustomerProof yes
IPV4Only yes
# Works only if pure-ftpd has been compiled with --with-rfc2640
# FileSystemCharset koi8-r
# ClientCharset cp1251
---------------------------------------------------------------------------------
# После парсинга perl'овым скриптом получаем выходящую строуку:
sh# /usr/local/sbin/pure-config.pl /conf/pure-ftpd/pure-ftpd.conf
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Running: /usr/local/sbin/pure-ftpd -A -c5 -B -C1 -d -D -fftp -H -I5 -lmysql:/conf/pure-ftpd/pure-ftpd-mysql.conf -L2000:8 -m4 -s -U133:022 -u10000 -k80 -G -Z -4
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
C этими опциями нам и нужно запускать сервер!
sh# ee /etc/syslog.conf
--------------------------------------
!ftp
*.* /var/log/pure-ftpd.log
--------------------------------------
sh# touch /var/log/pure-ftpd.log
sh# /etc/rc.d/syslogd restart
sh# cat /var/log/pure-ftpd.log
sh# pw group add -n ftp -g 1000
sh# pw user add -n ftp -u 1000 -s /usr/sbin/nologin -d /dev/null -g ftp
sh# chown ftp:ftp /work