文章分类浏览

INSERT INTO `users` VALUES (5, 'test', encrypt('test'), '505', '505', '/tmp', 0, 0, 0, 0, 0, 0, '', '*', '1', '2003-06-26 18:04:33', '2003-06-26 18:04:33');

5.2 配置pureftpd-mysql.conf

# Mandatory : user to bind the server as.

MYSQLUser pureftpd

# Mandatory : user password. You must have a password.

MYSQLPassword qKiscCbwbXAkWp.

# Mandatory : database to open.

MYSQLDatabase pureftpd

# Mandatory : how passwords are stored

# Valid values are : "cleartext", "crypt", "md5" and "password"

# ("password" = MySQL password() function)

# You can also use "any" to try "crypt", "md5" *and* "password"

#MYSQLCrypt cleartext

MYSQLCrypt crypt

# Query to execute in order to fetch the password

MYSQLGetPW SELECT Password FROM users WHERE User="\L"

# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT Uid FROM users WHERE User="\L"

# Query to execute in order to fetch the system user group or gid

MYSQLGetGID SELECT Gid FROM users WHERE User="\L"

# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT Dir FROM users WHERE User="\L"

# Optional : query to get the maximal number of files

# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"

# Optional : query to get the maximal disk usage (virtual quotas)

# The number should be in Megabytes.

# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"

# Optional : ratios. The server has to be compiled with ratio support.

MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"

MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"

# Optional : bandwidth throttling.

# The server has to be compiled with throttling support.

# Values are in KB/s .

MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"

MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

5.3 测试pureftpd

启动pureftpd

[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

测试pureftpd

[root@linux root]ncftp ftp://test:test@localhost:21

6 PGSQL模块

6.1 配置PostgreSQL 数据库

6.1.1 postgresql.conf

[root@linux root]# vi /var/lib/pgsql/data/postgresql.conf

tcpip_socket = true

6.1.2 pg_hba.conf

[root@linux root]# vi /var/lib/pgsql/data/pg_hba.conf

host all all 127.0.0.1 255.255.255.255 md5

local all all trust

加入上面几行

6.1.3 Restart PostgreSQL

[root@linux root]# service postgresql restart

Starting postgresql service: [ OK ]

6.2 创建PostgreSQL 数据库

[root@linux root]# su postgres

bash-2.05$ createdb

bash-2.05$ psql -l

List of databases

Name | Owner | Encoding

-----------+----------+-----------

postgres | postgres | SQL_ASCII

template0 | postgres | SQL_ASCII

template1 | postgres | SQL_ASCII

(5 rows)

bash-2.05$ psql

postgres=# CREATE USER pureftpd WITH PASSWORD ' pureftpd ';

CREATE USER

postgres=# CREATE DATABASE pureftpd WITH OWNER = pureftpd TEMPLATE = template0 ENCODING = 'EUC_CN';

CREATE DATABASE

postgres=# \q

bash-2.05$

bash-2.05$ psql -l

List of databases

Name | Owner | Encoding

-----------+----------+-----------

postgres | postgres | SQL_ASCII

pureftpd | pureftpd | EUC_CN

template0 | postgres | SQL_ASCII

template1 | postgres | SQL_ASCII

(5 rows)

bash-2.05$ createlang plpgsql pureftpd

bash-2.05$ psql -u pureftpd

psql: Warning: The -u option is deprecated. Use -U.

User name: pureftpd

Password:

Welcome to psql 7.3.2, the PostgreSQL interactive terminal.

Type: \copyright for distribution terms

\h for help with SQL commands

\? for help on internal slash commands

\g or terminate with semicolon to execute query

\q to quit

pureftpd=>

DROP TABLE users CASCADE;

DROP SEQUENCE users_id_seq CASCADE;

CREATE TABLE "users" (

id integer DEFAULT nextval('users_id_seq'::text) NOT NULL,

"User" character varying(16) NOT NULL default '',

status smallint default 0,

"Password" character varying(64) NOT NULL default '',

"Uid" character varying(11) DEFAULT -1 NOT NULL,

"Gid" character varying(11) DEFAULT -1 NOT NULL,

"Dir" character varying(128) NOT NULL,

"comment" text,

ipaccess character varying(15) DEFAULT '*' NOT NULL,

"ULBandwidth" smallint default 0,

"DLBandwidth" smallint default 0,

"QuotaSize" integer DEFAULT 0,

"QuotaFiles" integer DEFAULT 0,

ULRatio smallint default 0,

DLRatio smallint default 0,

create_date timestamp with time zone DEFAULT now() NOT NULL,

modify_date timestamp without time zone DEFAULT now() NOT NULL

);

CREATE SEQUENCE users_id_seq;

CREATE INDEX users_index ON users (id,"User");

ALTER TABLE ONLY users ADD CONSTRAINT users_pkey PRIMARY KEY (id);

ALTER TABLE ONLY users ADD CONSTRAINT users_id_key UNIQUE (id, "User");

pureftpd=> \d

List of relations

Schema | Name | Type | Owner

--------+--------------+----------+----------

public | users | table | pureftpd

public | users_id_seq | sequence | pureftpd

(2 rows)

pureftpd=>

6.3 配置pureftpd-pgsql.conf

# If PostgreSQL listens to a TCP socket

PGSQLServer localhost

# *or* if PostgreSQL can only be reached through a local Unix socket

# PGSQLServer /tmp

# PGSQLPort .s.PGSQL.5432

# Mandatory : user to bind the server as.

PGSQLUser pureftpd

# Mandatory : user password. You *must* have a password.

PGSQLPassword pureftpd

# Mandatory : database to open.

PGSQLDatabase pureftpd

# Mandatory : how passwords are stored

# Valid values are : "cleartext", "crypt", "md5" or "any"

#PGSQLCrypt cleartext

PGSQLCrypt crypt

PGSQLGetPW SELECT Password FROM users WHERE User='\L'

# Query to execute in order to fetch the system user name or uid

PGSQLGetUID SELECT Uid FROM users WHERE User='\L'

# Query to execute in order to fetch the system user group or gid

PGSQLGetGID SELECT Gid FROM users WHERE User='\L'

# Query to execute in order to fetch the home directory

PGSQLGetDir SELECT Dir FROM users WHERE User='\L'

# Optional : query to get the maximal number of files

# Pure-FTPd must have been compiled with virtual quotas support.

PGSQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L'

# Optional : query to get the maximal disk usage (virtual quotas)

# The number should be in Megabytes.

# Pure-FTPd must have been compiled with virtual quotas support.

PGSQLGetQTASZ SELECT QuotaSize FROM users WHERE User='\L'

# Optional : ratios. The server has to be compiled with ratio support.

PGSQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L'

PGSQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L'

# Optional : bandwidth throttling.

# The server has to be compiled with throttling support.

# Values are in KB/s .

PGSQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L'

PGSQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L'

6.4 测试pureftpd

启动pureftpd

[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

测试pureftpd

[root@linux root]ncftp ftp://test:test@localhost:21

7 LDAP模块

OpenLDAP 使用 Berkeley DB (一个层次型数据库，注意：与RDBMS不同) 存储数据

7.1 配置OpenLDAP

[root@linux root]vi /etc/openldap/slapd.conf

include /etc/openldap/schema/pureftpd.schema

suffix "dc=gdfz,dc=com"

rootdn "cn=Manager,dc=gdfz,dc=com"

rootpw {crypt}sa0hRW/W3DLvQ

[root@linux root]service ldap restart

7.2 rootdn的结构

rootdn:dc=gdfz,dc=com

|-----cn=one, dc=gdfz,dc=com

| |--- objectClass: posixAccount

| |---cn: joe

| |---uid: joe

| |---uidNumber: 500

| |---gidNumber: 500

| |---homeDirectory: /home/joe

| |---userPassword: {crypt}saO3qRXM8wjUE

|---- cn=xxx-1, dc=gdfz,dc=com

| |--- …………………………

|---- cn=xxx-n, dc=gdfz,dc=com

|---- ou=two, dc=gdfz,dc=com

| |---- cn=one,ou=two, dc=gdfz,dc=com

| | |--- objectClass: posixAccount

| | |---cn: joe

| | |---uid: joe

| | |---uidNumber: 500

| | |---gidNumber: 500

| | |---homeDirectory: /home/joe

| | |---userPassword: {crypt}saO3qRXM8wjUE

| |---- cn=two,ou=two, dc=gdfz,dc=com

| | |--- …………………………

| |---- cn=there,ou=two, dc=gdfz,dc=com

|---- ou=other, dc=gdfz,dc=com

|---- cn=one,ou=other, dc=gdfz,dc=com

|---- cn=two,ou=other, dc=gdfz,dc=com

7.3 创建dn

[root@linux root]# cat base-dn.ldif

dn: dc=gdfz,dc=com

objectClass: person

cn: gdfz

sn: gdfz

ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f base-dn.ldif

[root@linux etc]# cat pureftpd.ldif

dn: cn=joe,dc=gdfz,dc=com

objectClass: posixAccount

cn: joe

uid: joe

uidNumber: 500

gidNumber: 500

homeDirectory: /home/joe

userPassword: {crypt}saO3qRXM8wjUE

[root@linux root]#ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif

[root@linux root]# cat pureftpd.ldif

dn: uid=chen,dc=gdfz,dc=com

objectClass: posixAccount

cn: chen

uid:chen

uidnumber:501

gidNumber:501

homeDirectory: /home/chen

userPassword: {crypt}$1$chen$y13/Ao8O3O/9jhSSCPFZg0

objectClass: PureFTPdUser

FTPStatus: enabled

FTPQuotaFiles: 50

FTPQuotaMBytes: 10

FTPDownloadBandwidth: 50

FTPUploadBandwidth: 50

FTPDownloadRatio: 5

FTPUploadRatio: 1

[root@linux root]# ldapadd -x -D "cn=manager,dc=gdfz,dc=com" -w [你的rootpw密码] -f pureftpd.ldif

7.4 pureftpd-ldap.conf

LDAPServer localhost

# Optional : server port. Default : 389

LDAPPort 389

# Mandatory : the base DN to search accounts from. No default.

LDAPBaseDN dc=gdfz,dc=com

# Optional : who we should bind the server as.

# Default : binds anonymously

LDAPBindDN cn=Manager,dc=gdfz,dc=com

# Password if we don't bind anonymously

# This configuration file should be only readable by root

LDAPBindPW chen

7.5 测试pureftpd

启动pureftpd

[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

测试pureftpd

[root@linux root]ncftp ftp://chen:passwd@localhost:21

8 Virtual-Users

pure-pw 使用方法

[root@linux bin]# ./pure-pw

Usage :

pure-pw useradd <login> [-f <passwd file>] -u <uid> [-g <gid>]

-D/-d <home directory> [-c <gecos>]

[-t <download bandwidth>] [-T <upload bandwidth>]

[-n <max number of files>] [-N <max Mbytes>]

[-q <upload ratio>] [-Q <download ratio>]

[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]

[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]

[-y <max number of concurrent sessions>]

[-z <hhmm>-<hhmm>] [-m]

pure-pw usermod <login> -f <passwd file> -u <uid> [-g <gid>]

-D/-d <home directory> -[c <gecos>]

[-t <download bandwidth>] [-T <upload bandwidth>]

[-n <max number of files>] [-N <max Mbytes>]

[-q <upload ratio>] [-Q <download ratio>]

[-r <allow client ip>/<mask>] [-R <deny client ip>/<mask>]

[-i <allow local ip>/<mask>] [-I <deny local ip>/<mask>]

[-y <max number of concurrent sessions>]

[-z <hhmm>-<hhmm>] [-m]

pure-pw userdel <login> [-f <passwd file>] [-m]

pure-pw passwd <login> [-f <passwd file>] [-m]

pure-pw show <login> [-f <passwd file>]

pure-pw mkdb [<puredb database file> [-f <passwd file>]]

pure-pw list [-f <passwd file>]

-d <home directory> : chroot user (recommended)

-D <home directory> : don't chroot user

-<option> '' : set this option to unlimited

-m : also update the /usr/local/pureftpd/etc/pureftpd.pdb database

For a 1:10 ratio, use -q 1 -Q 10

To allow access only between 9 am and 6 pm, use -z 0900-1800

*WARNING* : that pure-ftpd server hasn't been compiled with puredb support

添加9812用户，用户目录/home/www/9812.net/,使用web用户的uid与gid

[root@linux bin]# ./pure-pw useradd 9812 -u web -d /home/www/9812.net/

Password:

Enter it again:

[root@linux bin]#

[root@linux etc]# cat pureftpd.passwd

qqqq:$1$suA.WBZ0$Uu/05AtMi/4cNdhg9gKjP/:505:505::/home/web/./::::::::::::

9812:$1$4.iPvGE0$lY5CEVYLde.Mb9QWNu.so0:505:505::/home/www/9812.net/./::::::::::::

生成pureftpd.pdb

[root@linux etc]# ../bin/pure-pw mkdb

[root@linux etc]# ls

pure-config.pl pure-ftpd.conf pureftpd-ldap.conf pureftpd-mysql.conf pureftpd.passwd pureftpd.pdb pureftpd-pgsql.conf

启动pureftpd

[root@linux root]# /usr/local/pureftpd/bin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

测试pureftpd

[root@linux root]ncftp ftp://9812:passwd@localhost:21

9 配置文件实例

9.1 pure-ftpd.conf

############################################################

# #

# Configuration file for pure-ftpd wrappers #

# #

############################################################

# If you want to run Pure-FTPd with this configuration

# instead of command-line options, please run the

# following command :

# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf

# RPM binary files use another configuration file by default :

# /etc/sysconfig/pure-ftpd

# Please don't forget to have a look at documentation at

# http://www.pureftpd.org/documentation.html for a complete list of

# options.

# Cage in every user in his home directory

ChrootEveryone yes

# If the previous option is set to "no", members of the following group

# won't be caged. Others will be. If you don't want chroot()ing anyone,

# just comment out ChrootEveryone and TrustedGID.

# TrustedGID 100

# Turn on compatibility hacks for broken clients

BrokenClientsCompatibility no

# Maximum number of simultaneous users

MaxClientsNumber 50

# Fork in background

Daemonize yes

# Maximum number of sim clients with the same IP address

MaxClientsPerIP 8

# If you want to log all client commands, set this to "yes".

# This directive can be duplicated to also log server responses.

VerboseLog no

# List dot-files even when the client doesn't send "-a".

DisplayDotFiles yes

# Don't allow authenticated users - have a public anonymous FTP only.

AnonymousOnly no

# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous no

# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)

# The default facility is "ftp". "none" disables logging.

SyslogFacility ftp

# Display fortune cookies

# FortunesFile /usr/share/fortune/zippy

# Don't resolve host names in log files. Logs are less verbose, but

# it uses less bandwidth. Set this to "yes" on very busy servers or

# if you don't have a working DNS.

DontResolve yes

# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime 15

# LDAP configuration file (see README.LDAP)

# LDAPConfigFile /etc/pureftpd-ldap.conf

LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf

# MySQL configuration file (see README.MySQL)

# MySQLConfigFile /etc/pureftpd-mysql.conf

MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf

# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile /etc/pureftpd-pgsql.conf

PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf

# PureDB user database (see README.Virtual-Users)

# PureDB /etc/pureftpd.pdb

PureDB /usr/local/pureftpd/etc/pureftpd.pdb

# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth /var/run/ftpd.sock

# If you want to enable PAM authentication, uncomment the following line

# PAMAuthentication yes

# If you want simple Unix (/etc/passwd) authentication, uncomment this

# UnixAuthentication yes

# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and

# UnixAuthentication can be used only once, but they can be combined

# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,

# the SQL server will be asked. If the SQL authentication fails because the

# user wasn't found, another try # will be done with /etc/passwd and

# /etc/shadow. If the SQL authentication fails because the password was wrong,

# the authentication chain stops here. Authentication methods are chained in

# the order they are given.

# 'ls' recursion limits. The first argument is the maximum number of

# files to be displayed. The second one is the max subdirectories depth

LimitRecursion 2000 8

# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs no

# If the system is more loaded than the following value,

# anonymous users aren't allowed to download.

MaxLoad 4

# Port range for passive connections replies. - for firewalling.

# PassivePortRange 30000 50000

# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.

# Symbolic host names are also accepted for gateways with dynamic IP

# addresses.

# ForcePassiveIP 192.168.0.1

# Upload/download ratio for anonymous users.

# AnonymousRatio 1 10

# Upload/download ratio for all users.

# This directive superscedes the previous one.

# UserRatio 1 10

# Disallow downloading of files owned by "ftp", ie.

# files that were uploaded but not validated by a local admin.

AntiWarez yes

# IP address/port to listen to (default=all IP and port 21).

# Bind 127.0.0.1,21

Bind 127.0.0.1,8021

# Maximum bandwidth for anonymous users in KB/s

# AnonymousBandwidth 8

# Maximum bandwidth for *all* users (including anonymous) in KB/s

# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

# UserBandwidth 8

# File creation mask. <umask for files>:<umask for dirs> .

# 177:077 if you feel paranoid.

Umask 133:022

# Minimum UID for an authenticated user to log in.

MinUID 100

# Allow FXP transfers for authenticated users only.

AllowUserFXP yes

# Allow anonymous FXP for anonymous and non-anonymous users.

AllowAnonymousFXP no

# Users can't delete/write files beginning with a dot ('.')

# even if they own them. If TrustedGID is enabled, this group

# will have access to dot-files, though.

ProhibitDotFilesWrite no

# Prohibit *reading* of files beginning with a dot (.history, .ssh...)

ProhibitDotFilesRead no

# Never overwrite files. When a file whoose name already exist is uploaded,

# it get automatically renamed to file.1, file.2, file.3, ...

AutoRename no

# Disallow anonymous users to upload new files (no = upload is allowed)

AnonymousCantUpload no

# Only connections to this specific IP address are allowed to be

# non-anonymous. You can use this directive to open several public IPs for

# anonymous FTP, and keep a private firewalled IP for remote administration.

# You can also only allow a non-routable local IP (like 10.x.x.x) to

# authenticate, and keep a public anon-only FTP server on another IP.

#TrustedIP 10.1.1.1

# If you want to add the PID to every logged line, uncomment the following

# line.

#LogPID yes

# Create an additional log file with transfers logged in a Apache-like format :

# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338

# This log file can then be processed by www traffic analyzers.

# AltLog clf:/var/log/pureftpd.log

# Create an additional log file with transfers logged in a format optimized

# for statistic reports.

# AltLog stats:/var/log/pureftpd.log

#AltLog stats:/var/log/pureftpd.log

# Create an additional log file with transfers logged in the standard W3C

# format (compatible with most commercial log analyzers)

# AltLog w3c:/var/log/pureftpd.log

# Disallow the CHMOD command. Users can't change perms of their files.

#NoChmod yes

# Allow users to resume and upload files, but *NOT* to delete them.

#KeepAllFiles yes

# Automatically create home directories if they are missing

#CreateHomeDir yes

# Enable virtual quotas. The first number is the max number of files.

# The second number is the max size of megabytes.

# So 1000:10 limits every user to 1000 files and 10 Mb.

#Quota 1000:10

# If your pure-ftpd has been compiled with standalone support, you can change

# the location of the pid file. The default is /var/run/pure-ftpd.pid

#PIDFile /var/run/pure-ftpd.pid

# If your pure-ftpd has been compiled with pure-uploadscript support,

# this will make pure-ftpd write info about new uploads to

# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and

# spawn a script to handle the upload.

#CallUploadScript yes

# This option is useful with servers where anonymous upload is

# allowed. As /var/ftp is in /var, it save some space and protect

# the log files. When the partition is more that X percent full,

# new uploads are disallowed.

MaxDiskUsage 99

# Set to 'yes' if you don't want your users to rename files.

#NoRename yes

# Be 'customer proof' : workaround against common customer mistakes like

# 'chmod 0 public_html', that are valid, but that could cause ignorant

# customers to lock their files, and then keep your technical support busy

# with silly issues. If you're sure all your users have some basic Unix

# knowledge, this feature is useless. If you're a hosting service, enable it.

CustomerProof yes

# Per-user concurrency limits. It will only work if the FTP server has

# been compiled with --with-peruserlimits (and this is the case on

# most binary distributions) .

# The format is : <max sessions per user>:<max anonymous sessions>

# For instance, 3:20 means that the same authenticated user can have 3 active

# sessions max. And there are 20 anonymous sessions max.

# PerUserLimits 3:20

9.2 pureftpd-ldap.conf

#############################################

# #

# Sample Pure-FTPd LDAP configuration file. #

# See README.LDAP for explanations. #

# #

#############################################

# Optional : name of the LDAP server. Default : localhost

#LDAPServer ldap.c9x.org

LDAPServer localhost

# Optional : server port. Default : 389

LDAPPort 389

# Mandatory : the base DN to search accounts from. No default.

#LDAPBaseDN cn=Users,dc=c9x,dc=org

LDAPBaseDN dc=gdfz,dc=com

# Optional : who we should bind the server as.

# Default : binds anonymously

#LDAPBindDN cn=Manager,dc=c9x,dc=org

LDAPBindDN cn=Manager,dc=gdfz,dc=com

# Password if we don't bind anonymously

# This configuration file should be only readable by root

#LDAPBindPW r00tPaSsw0rD

LDAPBindPW chen

# Optional : default UID, when there's no entry in an user object

# LDAPDefaultUID 500

# Optional : default GID, when there's no entry in an user object

# LDAPDefaultGID 100

# Filter to use to find the object that contains user info

# \L is replaced by the login the user is trying to log in as

# The default filter is (&(objectClass=posixAccount)(uid=\L))

# LDAPFilter (&(objectClass=posixAccount)(uid=\L))

# Attribute to get the home directory

# Default is homeDirectory (the standard attribute from posixAccount)

# LDAPHomeDir homeDirectory

# LDAP protocol version to use

# Version 3 (default) is mandatory with recent releases of OpenLDAP.

# LDAPVersion 3

9.3 pureftpd-mysql.conf

##############################################

# #

# Sample Pure-FTPd Mysql configuration file. #

# See README.MySQL for explanations. #

# #

##############################################

# Optional : MySQL server name or IP. Don't define this for unix sockets.

#MYSQLServer 127.0.0.1

# Optional : MySQL port. Don't define this if a local unix socket is used.

#MYSQLPort 3306

# Optional : define the location of mysql.sock if the server runs on this host.

MYSQLSocket /var/lib/mysql/mysql.sock

# Mandatory : user to bind the server as.

MYSQLUser pureftpd

# Mandatory : user password. You must have a password.

MYSQLPassword qKiscCbwbXAkWp.

# Mandatory : database to open.

MYSQLDatabase pureftpd

# Mandatory : how passwords are stored

# Valid values are : "cleartext", "crypt", "md5" and "password"

# ("password" = MySQL password() function)

# You can also use "any" to try "crypt", "md5" *and* "password"

#MYSQLCrypt cleartext

MYSQLCrypt crypt

# In the following directives, parts of the strings are replaced at

# run-time before performing queries :

# \L is replaced by the login of the user trying to authenticate.

# \I is replaced by the IP address the user connected to.

# \P is replaced by the port number the user connected to.

# \R is replaced by the IP address the user connected from.

# \D is replaced by the remote IP address, as a long decimal number.

# Very complex queries can be performed using these substitution strings,

# especially for virtual hosting.

# Query to execute in order to fetch the password

MYSQLGetPW SELECT Password FROM users WHERE User="\L"

# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT Uid FROM users WHERE User="\L"

# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000

# Query to execute in order to fetch the system user group or gid

MYSQLGetGID SELECT Gid FROM users WHERE User="\L"

# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000

# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT Dir FROM users WHERE User="\L"

# Optional : query to get the maximal number of files

# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"

# Optional : query to get the maximal disk usage (virtual quotas)

# The number should be in Megabytes.

# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"

# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"

# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"

# Optional : bandwidth throttling.

# The server has to be compiled with throttling support.

# Values are in KB/s .

MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"

MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :

# 1) You know what you are doing.

# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1

# If you upgraded your tables to transactionnal tables (Gemini,

# BerkeleyDB, Innobase...), you can enable SQL transactions to

# avoid races. Leave this commented if you are using the

# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

# MySQLTransactions On

9.4 pureftpd-pgsql.conf

###################################################

# #

# Sample Pure-FTPd PostgreSQL configuration file. #

# See README.PGSQL for explanations. #

# #

###################################################

# If PostgreSQL listens to a TCP socket

#PGSQLServer localhost

PGSQLServer localhost

#PGSQLPort 5432

PGSQLPort 5432

# *or* if PostgreSQL can only be reached through a local Unix socket

# PGSQLServer /tmp

# PGSQLPort .s.PGSQL.5432

# Mandatory : user to bind the server as.

#PGSQLUser postgres

PGSQLUser pureftpd

# Mandatory : user password. You *must* have a password.

#PGSQLPassword rootpw

PGSQLPassword pureftpd

# Mandatory : database to open.

#PGSQLDatabase pureftpd

PGSQLDatabase pureftpd

# Mandatory : how passwords are stored

# Valid values are : "cleartext", "crypt", "md5" or "any"

#PGSQLCrypt cleartext

PGSQLCrypt crypt

# In the following directives, parts of the strings are replaced at

# run-time before performing queries :

# \L is replaced by the login of the user trying to authenticate.

# \I is replaced by the IP address the user connected to.

# \P is replaced by the port number the user connected to.

# \R is replaced by the IP address the user connected from.

# \D is replaced by the remote IP address, as a long decimal number.

# Very complex queries can be performed using these substitution strings,

# especially for virtual hosting.

# Query to execute in order to fetch the password

PGSQLGetPW SELECT Password FROM users WHERE User='\L'

# Query to execute in order to fetch the system user name or uid

PGSQLGetUID SELECT Uid FROM users WHERE User='\L'

# Optional : default UID - if set this overrides PGSQLGetUID

#PGSQLDefaultUID 1000

# Query to execute in order to fetch the system user group or gid

PGSQLGetGID SELECT Gid FROM users WHERE User='\L'

# Optional : default GID - if set this overrides PGSQLGetGID

#PGSQLDefaultGID 1000

# Query to execute in order to fetch the home directory

PGSQLGetDir SELECT Dir FROM users WHERE User='\L'

# Optional : query to get the maximal number of files

# Pure-FTPd must have been compiled with virtual quotas support.

# PGSQLGetQTAFS SELECT QuotaFiles FROM users WHERE User='\L'

# Optional : query to get the maximal disk usage (virtual quotas)

# The number should be in Megabytes.

# Pure-FTPd must have been compiled with virtual quotas support.

# PGSQLGetQTASZ SELECT QuotaSize FROM users WHERE User='\L'

# Optional : ratios. The server has to be compiled with ratio support.

# PGSQLGetRatioUL SELECT ULRatio FROM users WHERE User='\L'

# PGSQLGetRatioDL SELECT DLRatio FROM users WHERE User='\L'

# Optional : bandwidth throttling.

# The server has to be compiled with throttling support.

# Values are in KB/s .

# PGSQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User='\L'

# PGSQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User='\L'

9.5 pureftpd.passwd

[root@linux etc]# cat pureftpd.passwd

qqqq:$1$suA.WBZ0$Uu/05AtMi/4cNdhg9gKjP/:505:505::/home/web/./::::::::::::

9812:$1$4.iPvGE0$lY5CEVYLde.Mb9QWNu.so0:505:505::/home/www.9812.net/./::::::::::::

10 FAQ

10.1 不能访问 http://www.pureftpd.org/

http://www.pureftpd.org/ 网站被我们政府封了，你可以使用代理服务器

代理服务器列表：http://www.salala.com/proxy_index.htm

10.2 目录与OpenSource RDBMS比较

性能：

读速度：OpenLDAP > MySQL > PostgreSQL

写入/修改：MySQL > PostgreSQL > OpenLDAP

集群：OpenLDAP > PostgreSQL> MySQL（不支持集群）

海量存储：PostgreSQL > OpenLDAP（分布式存储）> MySQL

10.3 产生Crypt密码

10.3.1 使用C产生

[root@linux root]# cat crypt.c

Netkiller 2003-06-27 crypt.c

char *crypt(const char *key, const char *salt);

#include <unistd.h>

main(){

char key[256];

char salt[64];

char passwd[256];

printf("key:");

scanf("%s",&key);

printf("salt:");

scanf("%s",&salt);

sprintf(passwd,"passwd:%s\n",crypt(key,salt));

printf(passwd);

}

[root@linux root]# gcc -o crypt -s crypt.c –lcrypt

[root@linux root]# ./crypt

key:chen

salt:salt

passwd:sa0hRW/W3DLvQ

[root@linux root]#

10.3.2 使用PHP产生

# cat des.php

<html>

<p>DES 密码产生器</p>

<p>password:<input name=passwd type=text size=20></p>

</form>

$enpw=crypt($passwd);

echo "password is: $enpw";

[root@linux root]# wget http://home.9812.net/linux/download/myphp/site-2.1.0.tar.gz

[root@linux root]#tar zxvf site-2.1.0.tar.gz

[root@linux root]#cp –r site /usr/local/apache/htdocs

[root@linux root]#lynx http://localhost/site

10.3.3 使用perl产生

perl -e 'print("userPassword: ".crypt("secret","salt")."\n");'

产生的DES密码，同样也可以用于OpenLDAP的管理员密码

# vi /etc/openldap/slapd.conf

rootpw {crypt}ijFYNcSNctBYg

10.3.4 使用SQL语句产生

select encrypt('password');

mysql> select encrypt('password');

+---------------------+

| encrypt('password') |

+---------------------+

| WXvvG0CWY7v5I |

+---------------------+

1 row in set (0.00 sec)

mysql>

10.3.5 使用Java产生

Crypt.java

Import netkiller. Security;

Crypt pw = new Crypt();

String passwd = pw.crypt(“passwd”,”salt”);

System.out.println(passwd);

请与我联系

11 参考资料

LDAP Schema:　http://ldap.akbkhome.com/

PostgreSQL: http://www.pgsqldb.org

12 声明

转载请保持此文档完整

主页地址：

http://www.kdeopen.com

http://home.9812.net/linux

OICQ:13721218

ICQ:101888222

AIM:xnetkiller

Yahoo:snetkiller

MSN:netkiller@msn.com

作者：Netkiller(陈景峰)

《Pure-FTPd + LDAP + MySQL + PGSQL + Virtual-Users + Quota How To》

2003年6月27日星期五第一版

如有问题E-Mail: netkiller@9812.net

文中所用的相关文件请到：http://home.9812.net/linux/article/pureftpd/下载。

网友评论　　以下本论与CNFUG(China FreeBSD User Group)立场无关

我也说几句

文章下载

本功能正在开发中，目前不能使用，敬请原谅。

√ 期刊在线投稿： /journal/contribute.html

√ 本文打印于《CNFUG期刊》，欢迎访问 http://www.cnfug.net 获取更多技术文章。

文章分类浏览

按期刊期号浏览

相关文章

热门文章

Pure-FTPd + LDAP + MySQL + PGSQL + Virtual-Users + Quota How To

1.1 安装MySQL数据库

1.2 安装PostgreSQL 数据库

5 MySQL模块

5.1 创建MySQL数据库

6 PGSQL模块

6.1 配置PostgreSQL 数据库

6.2 创建PostgreSQL 数据库

7 LDAP模块

7.2 rootdn的结构

9.2 pureftpd-ldap.conf

10.2 目录与OpenSource RDBMS比较

10.3 产生Crypt密码

10.3.1 使用C产生

10.3.2 使用PHP产生

10.3.3 使用perl产生

10.3.4 使用SQL语句产生

10.3.5 使用Java产生

网友评论 以下本论与CNFUG(China FreeBSD User Group)立场无关

我也说几句

推荐给好友

文章下载

网友评论　　以下本论与CNFUG(China FreeBSD User Group)立场无关