注意:qmail部分暫停公布
改版聲明:此次改版主要增加了相應的說明文字特別是在ftp伺服器方面
版權聲明:本著開源的思想,大家盡可以轉載也希望大家不要壟斷技術
作者:曹海波(b.s.d)
強烈建議:安裝系統時安裝src和ports
理由:經過試驗可以提升同步src和ports的速度
setenv PACKAGEROOT "ftp://ftp.jp.freebsd.org"
設置環境變數使pkg_addr 源代碼安裝方式選擇較快的伺服器下載二進位軟體安裝
pkg_add -r cvsup-without-gui
下載並安裝二進位代碼程序cvsup-without-gui(cvsup-without-gui無圖形支持在文本方式下工作的軟體,用來同步代碼及ports用。)
編輯/etc/rc.conf
ee /etc/rc.conf
增加以下(用來停止sendmail)
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
mkdir /usr/home/chb/pkg_info
reboot
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_cvsup-without-gui.txt
(主要是記錄安裝的軟體,用來以後分析軟體包的關聯性)
####同步系統代碼#######
cvsup -g -L 2 -h cvsup.jp.FreeBSD.org /usr/share/examples/cvsup/standard-supfile
(注意:standard-supfile這個文件同步前一定要查看裡面內容是否正確!即:[*default release=cvs tag= ]
默認的情況下可能會把代碼同步到當前的最新版本,當然這個最新版本可能是current版!所以一定要指定!
我的寫法是:
*default release=cvs tag=RELENG_5_4 意思是同步到FreeBSD5.4的當前穩定版代碼
還有就是值得注意的是:
目前同步代碼可以選擇兩個文件
一是:stable-supfile
二是:standard-supfile
stable-supfile 一般已經指定了同步代碼的版本,一般也不需要設定!但是用FreeBSD5.2.1的朋友們就需要注意了因為FreeBSD5.2.1會把代碼同步到4系的最新版,我一直沒明白FreeBSD開發小組為什麼會這麼做!一旦沒有修改就同步的話,輕則造成部分軟體無法使用重則造成內核錯誤根本就無法進入系統!我可親身經歷過
standard-supfile 我認為同步前最好核對一下裡面關於同步代碼版本的部分。
至於為什麼選擇standard-supfile而不選擇stable-supfile我可是經過N次的重做才確定用standard-supfile
登陸系統后運行uname �v查看系統版本號你會發現
以standard -supfile同步的系統顯示的是FreeBSD 5.4-RELEASE-p4 #0: Sat Jul 16 09:29:22 CST 2005 chb@ns1.tjhaina.net:/usr/obj/usr/src/sys/GENERIC
注意這裡的5.4-RELEASE-p4用stable-supfile是不會出現p4的!
當然這只是我個人的做法!
)
reboot
####編譯系統內核#######
cd /usr/src
make -j4 buildworld
多線程支持加快編譯速度(注意:cpu的佔用率會升高)
cd /usr/src/sys/i386/conf
cp GENERIC /root/GENERIC.OLD
ee NS1
編輯內核
cd /usr/src
make buildkernel
建立內核
make installkernel
安裝內核
shutdown -r now
mergemaster -p
更新系統配置文件。這個命令後會跟隨多個提示問題建議仔細閱讀後做出選擇,如果是安裝系統后第一次同步代碼,並是在沒有安裝任何軟體的情況下,可以考慮執行mergemaster �ai
跳過詢問信息選擇全部跟新
cd /usr/src
make installworld
mergemaster
shutdown -r now
delete
刪除/usr/obj(以防影響下一次編譯內核)
/usr/obj
cd /usr/obj
chflags -R noschg *
rm -rf *
##同步ports軟體包######
cvsup -g -L 2 -h cvsup.jp.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
reboot
DNS伺服器
####設置bind9.3.1######
%%%%%%%%%%%%%%%%%建立正反向解析目錄%%%%%%%%%%%%%%
mkdir /etc/namedb/rev
mkdir /etc/namedb/hosts
%%%%%%%%%%%%%%%改變正反向解析目錄屬性%%%%%%%%%%%%%%
chown bind:bind /etc/namedb/rev
chown bind:bind /etc/namedb/hosts
chmod 750 /etc/namedb/rev
chmod 750 /etc/namedb/hosts
%%%%%%%%%%%%%生成正反向解析文件的例子文件%%%%%%%%%%%%
cd /etc/namedb
sh make-localhost
%%%%%%%%%%%%%%%%生成這正反向解析文件%%%%%%%%%%%%%%
cp /etc/namedb/master/localhost.rev /etc/namedb/rev/192.168.0.rev
cp /etc/namedb/master/localhost.rev /etc/namedb/hosts/tjhaina.net.hosts
%%%%%%%%%%%%%%%%設置DNS伺服器的主域%%%%%%%%%%%%%%%
ee /etc/namedb/named.conf
zone "0.168.192.IN-ADDR.ARPA" {
type master;
file "/etc/namedb/rev/192.168.0.rev";
};
zone "tjhaina.net" {
type master;
file "/etc/namedb/hosts/tjhaina.net.hosts";
};
%%%%%%%%%%%%%設置DNS伺服器反向解析文件%%%%%%%
ee /etc/namedb/rev/192.168.0.rev
$TTL 3600
@ IN SOA ns1.tjhaina.net. root.ns1.tjhaina.net. (
20050430 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.tjhaina.net.
205 IN PTR ns1.tjhaina.net.
205 IN PTR www.tjhaina.net.
205是你的IP地址
(增加反向解析PTR記錄 注意:不建議全部的域名及二級域名增加PTR記錄)
%%%%%%%%%%%%%設置DNS伺服器的正向擊文件%%%%%%%
ee /etc/namedb/hosts/tjhaina.net.hosts
$TTL 3600
@ IN SOA ns1.tjhaina.net. root.ns1.tjhaina.net. (
20050621 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.tjhaina.net.
ns1 IN A 192.168.0.205
www IN A 192.168.0.205
mail IN A 192.168.0.205
tjhaina.net. IN MX 10 mail.tjhaina.net
(注意:MX記錄的添加要先做一個mail的A記錄再做MX記錄。MX記錄添加的原則是用你的域名指向你的mail的二級域名。不過還有其他的添加方法大家自己可以找一下相關資料)
%%%%%%%%%%%%%生成DNS伺服器的key文件%%%%%%%%%%%%%%%
/usr/sbin/rndc-confgen > /etc/namedb/rndc.conf
%%%%%%%%%%%%%將key文件導入named.conf文件%%%%%%%%%%%%%
cd /etc/namedb
tail -n10 rndc.conf | head -n9 | sed -e s/#\ //g >> named.conf
(這個命令我也不知道為什麼這麼寫!希望大家一起討論)
%%%%%%%%%%%%%啟動DNS伺服器%%%%%%%%%%%%%%%%%%%%%
/usr/sbin/named -gc /etc/namedb/named.conf &
(& 表示後台運行)
/usr/sbin/rndc status
(查看DNS的啟動情況)
%%%%%%%%%%%%%設置本機DNS伺服器地址%%%% %%%%%%%%%%%%
ee /etc/resolv.conf
添加
nameserver 127.0.0.1
nameserver 211.98.2.4
nameserver 202.99.104.68
nameserver 202.99.96.68
nameserver 202.102.128.68
nameserver 202.103.0.117
nameserver 202.103.44.5
(所以選這麼多DNS是考慮到了冗餘設計防止萬一出錯)
%%%%%%%%%%%%刪除或註釋掉DNS伺服器的監聽地址%%%%%%
ee /etc/namedb/named.conf
刪除
20 listen-on { 127.0.0.1; };
註釋掉
// listen-on { 127.0.0.1; };
rndc reload
(由於bind9在默認的情況下只是給自己,所以要去除監聽地址listen-on { 127.0.0.1; };)
%%%%%%%%%%%%使DNS伺服器和系統一起啟動%%%%%%%%
ee /etc/rc.conf
添加
named_enable="YES"
###################安裝perl5.8.X################
cd /usr/ports/lang/perl5.8
make WITH_DEBUGGING=yes \
WITH_GDBM=yes \
WITHOUT_PERL_MALLOC=yes \
WITHOUT_PERL_64BITINT=yes \
WITH_THREADS=yes \
ENABLE_SUIDPERL=yes
(注意:以上命令及參數是按行輸入)
make test
make install
make clean
make rmconfig
shutdown -r now
perl -v
ps auwx|grep perl
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_perl5.8.txt
###############更改ports軟體包的默認下載路徑(因為只有安裝了perl后才會有/etc/make.conf)##############
ee /etc/make.conf
添加
MASTER_SITE_OVERRIDE=ftp://ftp3.jp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}
(更改ports默認的下載路徑,可以根據自己的實際情況進行設置)
####安裝openssl########
cd /usr/ports/security/openssl
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_openssl.txt
#####安裝web管理系統##
cd /usr/ports/sysutils/webmin
make
make install
make clean
make rmconfig
/usr/local/lib/webmin/setup.sh
ee /etc/rc.conf
添加
webmin_enable="YES"
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_webmin.txt
#####安裝資料庫mysql4.0
cd /usr/ports/databases/mysql40-server
make WITH_CHARSET=gbk \
WITH_XCHARSET=all \
SKIP_DNS_CHECK=yes \
BUILD_OPTIMIZED=yes \
BUILD_STATIC=yes
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_mysql40-server.txt
%%%%%%%%%%%%安裝mysql40組件%%%%%%%%%%%%%%
cd /usr/ports/databases/p5-DBD-mysql40
make
make install
make clean
make rmconfig
%%%%%%%%%%%使mysql40和系統一起啟動%%%%%%%%%%%
ee /etc/rc.conf
mysql_enable="YES"
%%%%%%%%%%%設置mysql40的密碼%%%%%%%%%%%%%%
/usr/local/bin/mysqladmin -u root password 'password'
mysql -u root -ppassword
%%%%%%%%%%啟動mysql40%%%%%%%%%%%%%%%%%%%
start mysql
#/usr/local/share/mysql/mysql.server start
/usr/local/etc/rc.d/mysql-server.sh start
如果以上兩條命令不能啟動mysql
那麼請reboot系統來啟動mysql
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_mysql40.txt
###安裝expat2#########
cd /usr/ports/textproc/expat2
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_expat2.txt
###安裝web伺服器apache1.33######################
cd /usr/ports/www/apache13
make
make install
make clean
make rmconfig
%%%%%%%%%%%使apache和系統一起啟動%%%%%%%%%%%
ee /etc/rc.conf
添加
apache_enable="YES"
%%%%%%%%%%%%更改apache的相應設置%%%%%%%%%%%
ee /usr/local/etc/apache/httpd.conf
change 330
ServerAdmin you@your.address ==>ServerAdmin b.s.d@163.com
change 348
#ServerName www.example.com==>ServerName www.tjhaina.net
添加 794
添加Language zh-cn .zh-cn
添加 822
添加charset GB2312 .gb2312
添加 977
NameVirtualHost 192.168.0.205 (your hosts ip)
%%%%%%%%%%%%啟動apache%%%%%%%%%%%%%%%%%
start apache
/usr/local/sbin/apachectl start
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_apache.txt
########安裝php#######
cd /usr/ports/lang/php4
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_php4.txt
#######安裝php擴展####
cd /usr/ports/lang/php4-extensions
make (+ bz2)
make install
make clean
make rmconfig
cd /usr/local/etc
cp php.ini-recommended php.ini
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_php4-extensions.txt
########################安裝phpSysInfo基於php的系統監測#######################
cd /usr/ports/www/phpSysInfo/
make
make install
make clean
make rmconfig
cd /usr/local/www/data/phpSysInfo/
cp config.php.new config.php
chown www:www config.php
(改變config.php的所屬組和用戶)
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_phpSysInfo.txt
####################安裝phpmyadmin基於php的資料庫web管理系統################
cd /usr/ports/databases/phpmyadmin/
make
make install
make clean
make rmconfig
%%%%%%%%%%%%%更改phpMyAdmin的配置%%%%%%%%%%%%
cd /usr/local/www/phpMyAdmin
chmod 755 config.inc.php
ee /usr/local/www/phpMyAdmin/config.inc.php
將84行
$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (config, http or cookie based)?
改成
$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
[#將39行
#$cfg['PmaAbsoluteUri'] = ' ';
#改成
#$cfg['PmaAbsoluteUri'] = 'http://192.168.0.205/phpMyAdmin/';
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_phpmyadmin.txt ]
(我現在不建議更改39行的內容雖然phpMyAdmin提示更改!但並沒有發現39行對phpMyAdmin有影響!改不好反而使phpMyAdmin不能正常顯示)
安裝FTP伺服器
#安裝ftp伺服器pure-ftpd#
cd /usr/ports/ftp/pure-ftpd
ee /usr/ports/ftp/pure-ftpd/Makefile
添加
--with-everything \
--with-paranoidmsg \
--with-virtualchroot \
--with-tls \
--with-largefile \
--with-welcomemsg \
--with-uploadscript \
--with-cookie \
--with-virtualhosts \
--with-virtualroot \
--with-diraliases \
--with-quotas \
--with-sysquotas \
--with-ratios \
--with-ftpwho \
--with-throttling \
--sysconfdir=${PREFIX}/etc
make WITH_MYSQL=1 \
WITH_LANG=simplified-chinese
make install
make clean
make rmconfig
cd /usr/local/etc
cp pureftpd-mysql.conf.sample pureftpd-mysql.conf
cp pure-ftpd.conf.sample pure-ftpd.conf
ee /usr/local/etc/pure-ftpd.conf
安裝參數詳解
--with-everything: 編譯一個幾乎所有特性都開啟的「大」伺服器。
--with-paranoidmsg: 當該參數被開啟,不論何種原因登錄失敗都將顯示同樣的信息給用戶。不開啟該參數是,密碼問題將顯示「驗證失敗」,被禁止用戶將顯示「對不起,我不信任你」。
-- with-virtualchroot:通常一個用戶使用chrooted(使用-A 和 -a 參數)命令不會轉出他的home目錄。開啟該功能之後將使其成為可能:符號連接總是一起作用,甚至他們指向的目錄不在用戶的home目錄內。這對於共享路徑是一個非常擁有的功能(例如,每一個home目錄下都有一個符號連接到/var/incoming)。該功能默認不開啟。
--with-tls \
--with-largefile: 支持在32位架構下下載大於2 gigabytes 的文件。通過FTP傳輸一個如此之大的文件是一個較為奇怪的主意。並且你的文件系統,你的系統內核、你的FTP客戶端也需要支持才行。並且當該功能被開啟后,下載將會比不開啟變慢(或需要耗費更多的CPU)。簡單的說,不要應為好玩而開啟該功能,除非你真的計劃下載大於gigabytes的文件。
--with-welcomemsg: (為兼容)其它FTP伺服器pure-ftp可以閱讀 'welcome.msg' 。這是一個安全的缺陷(匿名用戶可以上載'welcome.msg'文件到隨機顯示)。Pure-ftpd 默認使用 '.banner'文件。
--with-uploadscript: 自從0.98版開始, Pure-FTPd 開始關註上傳。當一個上傳成功完成之後,任何額外的程序或腳本可以被自動啟動。該功能需要一個稱為「pure-uploadscript」的程序安裝在Pure-FTPd包內。
--with-cookie: 在用戶登錄的時候顯示隨機或定製的信息。
--with-virtualhosts: 支持虛擬主機。這意味著每個IP地址可以有不同的匿名FPT區域。如果伺服器只有一個IP地址,就不需要該功能。但是如果有多個IP地址,並且需要一個客戶端連接到IP xxx 去獲得/etc/pure-ftpd/xxx/而不是~ftp/,就可以開啟該功能。
--with-virtualroot \ //虛擬root支持
--with-diraliases: 支持路徑的別名。
--with-quotas: 開啟虛擬限額,可以限制一個用戶可以在他的帳號下存儲的最大數字,也可以限制總的大小。
--with-sysquotas: 支持系統限額(非Pure-ftpd的虛擬限額)。只有在計劃使用系統限額的時候啟用。
--with-ratios: 支持上傳/下載比。
--with-ftpwho: 支持'pure-ftpwho' 命令。開啟這個功能需要額外的內存。當pure-ftp運行在standalone模式時比較好,在inetd模式下啟用較慢。
--with-throttling: 支持帶寬限制。
其它參數
--with-altlog: 除了系統輸出,還支持一些特殊的文件格式,目前已實現了:CLF, Stats, W3C 和 xferlog 格式
CLF (通用日誌格式)是Apache, WebFS, Roxen以及其它最常用 web 伺服器的基本格式;該日誌文件僅僅記錄文件傳輸,可以被web流量統計軟體(Analog, Webalizer, etc.) 所分析。Stats格式是一種專門為日誌文件分析軟體設計的特殊輸出格式。W3C格式是一種商業日誌分析軟體(所有支持IIS日誌的分析器)的標準格式。 Xferlog 是一種源於wu-ftpd的格式。
--with-brokenrealpath: 一些 Solaris 版本中realpath()運行不可靠。如果altlog和(或)pure-uploadscript沒有很好的運行,請用這個參數重新編譯。
--with-certfile=: 該file用來做SSL認證,默認為 /etc/ssl/private/pure-ftpd.pem .
--with-extauth: 支持額外的校驗模塊。大多數用戶不需要此參數。.
所支持語言
--with-language=english
--with-language=german
--with-language=romanian
--with-language=french
--with-language=polish
--with-language=spanish
--with-language=danish
--with-language=italian
--with-language=brazilian-portuguese
--with-language=slovak
--with-language=dutch
--with-language=korean
--with-language=swedish
--with-language=norwegian
--with-language=russian
--with-language=traditional-chinese
--with-language=simplified-chinese
--with-language=hungarian
--with-language=catalan
--with-language=czech: change the language of server messages.
默認為英語。
--with-ldap: 支持原始的LDAP路徑。當該功能被開啟,系統帳號將被忽略。你同時需要使用OpenLDAP。如果OpenLDAP被安裝在一個特定的位置,你可以使用--with-ldap= 的參數。
--with-minimal: 為了有效運用現代FTP客戶端的功能,Pure-FTPd採用基本的FTP協議加擴展(SITE IDLE,SITE CHMOD, MLSD, ...)的方式 。使用 --with-minimal 參數,這些擴展間不會被編譯。同樣的,也就不會有standalone server, 不會有lookup for user/group names, 不會有 humor也不會有 ASCII 的支持。但是執行文件將會比默認安裝更小。該參數你至少需要GCC 3.3 以上來編譯。如果你還想減少(執行)文件大小,可以採用--without-globbing 關聯--with-minimal參數。如果你建立一個嵌入系統,可以這樣使用;在其它場合,為了避免客戶的抱怨(特別是使用windows客戶端的客戶),請忘記它吧
--with-mysql: 使用MySQL來提供用戶資料庫。當開啟該參數,系統帳號被忽略。使用該功能MySQL 客戶端的庫文件將被安裝。如果MySQL安裝在特殊位置,可以使用--with-mysql= 語法。
--with-nonroot: 設置服務以非root特權用戶啟動。任何普通用戶都可以運行服務。這對於在伺服器上只有一個受限帳號的情況非常有用。但是一些特性將不能使用,而且密碼只能通過LDAP,SQL或PureDB進行校驗。當虛擬 chroot 被開啟,用戶將被限制在服務啟動的目錄。這是一種不安全的模式,一般用於普通(非root)用戶建立臨時性的伺服器。在standalone模式下, 2121埠將被偵聽。如果想採用nonroot模式,需要編譯並安裝該軟體(./configure --prefix=... && make install-strip) . /sbin, /bin and /man 目錄需要被寫入 prefix,同時還需要增加運行pure-ftpd用戶在 /etc 目錄的讀寫許可權。
--with-pam: 使用緊密校驗模式。Don't use this option if your login/passwd pairs are always refused (but the real fix would be to
fix your PAM configuration). 需要創建一個 /etc/pam.d/pure-ftpd 文件來運用PAM校驗。'pam' 路徑中包含該文件的一個樣本。
--with-peruserlimits: 開啟每用戶同時在線限制,在繁忙的伺服器上避免該參數。
--with-pgsql: 使用 Postgres 提供用戶資料庫。當開啟該參數,系統帳號將被忽略,Postgres客戶端庫將被安裝。如果Postgres安裝與特殊位置,可以使用--with-pgsql= 語法。
--with-probe-random-dev: Pure-FTPd 使用 /dev/arandom, /dev/urandom 或者/dev/random 設備來提供嚴格的隨機數字。這些設備通常在編譯時被探測。如果想編譯一個二進位包在其它主機上運行,該參數將在運行時被探測。該參數在Linux和BSD 系統上無效,但可以使用在Solaris 和 QNX上。
--with-puredb: 支持虛擬用戶,一個本地的用戶資料庫,不用於系統帳號。
--with-boring: 顯示 "professionnal-looking" 信息。
--with-privsep: 開啟許可權分離。
--withrendez-vous: 允許在MacOS X上支持Rendezvous。
--without-ascii: 不支持 7-bits 傳輸 (ASCII)。如果有客戶使用windows客戶端程序發送腳本和HTML文件,不要使用 該參數或讓他們對你大叫。
--without-banner: 不使用初始標語,這是一種通過隱瞞獲得的愚蠢的安全。
--without-capabilities: 如果性能庫 (libcap) 被找到,Pure-FTPd 將使用其提供安全性。該參數不測試這個庫是否存在。如果性能庫沒有正常工作,可以到ftp: //ftp.kernel.org/pub/linux/libs/security/linux-privs/ 下載。
--without-globbing: 不包括全局代碼。能夠減少內存消耗但經常不能工作。大多數用戶不需要使用--without-globbing。Globbing是一個不錯的功能。
--without-humor: 如果你沒有查看過源代碼而使用這個參數,就只好祝你幸運了。
--without-inetd: 如果Pure-FTPd總是運行在standalone模式下,這個參數可以節約一些代碼位元組。不要同時使用 --without-inetd和
--without-standalone參數,可能會導致服務不能運行。這些參數在Pure-FTPd的二進位分發包上都沒有使用,所以inetd和standalone都被支持。
--without-iplogging: 為了保守機密而不記錄任何IP地址,除非是政治敏感的伺服器。
--without-nonalnum: 非法文件名檢查。只支持基本的字元。不要盲目的使用這個參數,或者接受用戶的抱怨。
--without-unicode: 不接受非拉丁字元。如果伺服器文件名不含特殊字元則推薦使用。
--without-sendfile: 在Linux, Solaris, HPUX 和 FreeBSD 內核, Pure-FTPd採用特殊系統調用(sendfile)嘗試減少CPU和內存的使用。在大多數文件系統中該方式運行良好,但該優化並不能在所有文件系統中正常工作。用戶曾經報告過SMBFS(Samba)在FreeBSD以及TmpFS和NTFS在Linux(伺服器報告錯誤為「broken pipe」或「Error during write to data connection」)上通過Pure-FTPd下載文件失敗。如果計劃在上述文件系統中運行服務,就不得不使用--without-sendfile 參數來定義一個工作區。同樣來自PA-Risc Linux 的系統也需要這個參數。
--without-shadow: 忽略shadow密碼,即使他們被自動探測到。這通常是一個壞主意,除非使用的是PAM, LDAP 或 SQL。Pure-FTPd 支持shadow密碼有效期 (包括帳號和密碼)。.
--without-standalone: FTP 伺服器能夠正常地以 standalone 模式運行(沒有任何超級服務)。如果不需要該功能並且想要節省一些代碼位元組的話,就可以開啟該參數。一個類似於g2s, xinetd或tcpserver 的超級服務將強制運行該服務,但是推薦使用standalone模式。
--without-usernames: 從不在在路徑列表裡輸出用戶和組名,而代之以UIDs和GIDs。這將提高安全和性能,但會有用戶覺得不夠友好。
--without-capabilities: 如果性能庫 (libcap) 被找到,Pure-FTPd 將使用其提供安全性。該參數不測試這個庫是否存在。如果性能庫沒有正常工作,可以到ftp: //ftp.kernel.org/pub/linux/libs/security/linux-privs/ 下載。
--without-usernames: 從不在在路徑列表裡輸出用戶和組名,而代之以UIDs和GIDs。這將提高安全和性能,但會有用戶覺得不夠友好。
"--prefix=" 改變安裝路徑,默認為 "/usr/local/".
配置文件詳解
pure-ftpd.conf
ChrootEveryone yes
chroot每一個用戶,等同於Proftpd 中的DefaultRoot~ , 可以限制用戶在某個地方活動,增強伺服器的安全性。使用戶不能通過cd命令進入上一級目錄。
TrustedGID 50
#以上兩者要一起用
BrokenClientsCompatibility no
MaxClientsNumber 50
#最大鏈接數
Daemonize yes
#Fork in background 以守護進程方式在後台運行
MaxClientsPerIP 5
#每個ip最多鏈接數,最好設小點。
VerboseLog no
#是否要把所有client端的指令都log下來
DisplayDotFiles no
#顯示開頭的文件
AnonymousOnly no
#是否只讓匿名登錄
NoAnonymous no
#不開放匿名登入
SyslogFacility ftp
#應該是對日誌做一下過濾 (auth, authpriv, daemon, ftp, security, user, local*)可以讓日誌只記錄想要的信息
DontResolve yes
#不反向解釋客戶端的ip
MaxIdleTime 5
#最大閑置fB??
#LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
#使用LDAP認證,
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
#使用MySQL認證
#PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
#使用PGSQL認證
#PureDB /ftp/etc/pureftpd.pdb
#使用者資料的DB存放地點 [由於我是用PureFTPD的Qg建DB.固有此選項]
#ExtAuth /var/run/ftpd.sock
#pure-authd socket 路徑 (詳細請看 README.Authentication-Modules)
#PAMAuthentication yes
#開啟PAM認證
#UnixAuthentication yes
#如果你想要有簡單的Unix(/etc/passwd)的認證的?q
FortunesFile /usr/local/pureftpd/etc/.welcome
#顯示的歡迎信息文件,你可以創建該文件,輸入一些文字,然後你重啟你的FTP服務,就會有意外的發現。
LimitRecursion 2000 8
#ls最多列出3000個文件.最深8層
AnonymousCanCreateDirs no
#匿名用戶可以創建目錄
MaxLoad 4
#當system load超過4fB.使用者將不能再下載
PassivePortRange 30000 50000
#被動連接應答範圍
ForcePassiveIP 192.168.0.1
#
AnonymousRatio 1 10
#Anonymous連接上傳/下載比率
UserRatio 1 10
#用戶上傳/下載比率(註:如果使用ldap,mysql,pgsql,pam不要啟用該功能,否則你在ldap等中設置的Ratio無校)
AntiWarez no
#上傳的文件不能被下載(owner is ftp).等到local admin確認
Bind 127.0.0.1,8021
#要綁定和ip/port,在你的系統中有兩個FTP Server這樣你其中一個FTP就要使用其它埠。
#格式-> 127.0.0.1,21 如果只寫port表All ip,port
AnonymousBandwidth 8
#Anonymous 帶寬,單位KB/s
UserBandwidth 8
#用戶帶寬,單位KB/s
Umask 133:022
#上傳文件的Umask.(: )
MinUID 1000
# UID至少多少才能登錄
AllowUserFXP yes
#支不支持FXP
AllowAnonymousFXP no
#Anonymous支不支持FXP
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
#(」.」)開頭的文件能不能被讀/寫,UNIX Like下以點開頭的文件是隱藏文件ls �a才能列出
#Pureftpd Quota模式下做產生」 .ftpquota」文件。
AutoRename no
#上傳文件若有相同文件名自動改名(file.1,file.2...)
AnonymousCantUpload no
#匿名用戶上傳文件
TrustedIP 10.1.1.1
#鎖IP.
LogPID
#Log文件添加PID
AltLog stats:/ftp/etc/log/pureftpd.log
#log存放地點,注日誌有幾種常用的格式
#clf 類似apache格式,stats UNIX log格式,w3c 標準W3C格式,可能是HTML格式
NoChmod yes
#不給Chmod指令的許可權
KeepAllFiles no
#使用者可續傳.但不可R*除文件
CreateHomeDir yes
#如果user的home不存在自動建立(我把這個設為YES)
Quota 1000:10
#Quota <文件數>:<容量Megabytes >,FTP限制10M空間,可以上傳1000個文件(註:如果使用ldap,mysql,pgsql,pam不要啟用該功能,否則你在ldap等中設置的Quota無校)
PIDFile /ftp/etc/log/pure-ftpd.pid
#記錄pure-ftpd的PID文件
CallUploadScript yes
#呼叫UploadScript
MaxDiskUsage 99
#當硬碟使用率到多少fB將停止上傳
NoRename yes
#用戶不能重命名文件名
CustomerProof yes
PerUserLimits 3:20
#<每個賬號最多可登入幾次:Anonymous最多可同fB登入幾次>
pureftpd-mysql.conf
MYSQLServer 127.0.0.1
#MYSQL伺服器的IP
MYSQLPort 3306
#MYSQL 埠號
MYSQLSocket /var/lib/mysql/mysql.sock
#使用UNIX.sock本地連接
註:MYSQLServer 與 MYSQLSocket 選擇一種即可
MYSQLUser ftp
#MYSQLUser 數據用戶名
MYSQLPassword 123456
#MYSQL資料庫用戶的密碼
MYSQLDatabase ftpusers
#FTP數據資料庫
MYSQLCrypt md5
#密碼加密方式"cleartext", "crypt", "md5" and "password"
# cleartext 明文,crypt,md5,password是Backend password(『your-passwd』)函數(MYSQL資料庫所使用的password()函數)
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
# 密碼欄位,我使用users表中的Password做為密碼欄位
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
#UID用戶ID欄位
MYSQLDefaultUID 1000
#默認的UID (註:如何開啟該選項,MYSQLGetUID將失去作用)
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
#GID組ID欄位
MYSQLDefaultGID 1000
#默認的GID (註:如何開啟該選項,MYSQLGetGID將失去作用)
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
#FTP用戶目錄如/home/web/www-9812-net
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
#磁碟限額,文件數限制。如1000,允許用戶上傳1千個文件
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
#磁碟限額,FTP用戶空間限制(單位為M),如:100M
MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
#上傳/下載比率。MySQLGetRatioUL為上傳比,MySQLGetRatioDL下載比。如:1:5
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
#下傳/下載帶寬(單位KB/s)。MySQLGetBandwidthUL上傳帶寬,MySQLGetBandwidthDL下載帶寬。如上傳500KB/s,下載50KB/s
MySQLForceTildeExpansion 1
MySQLTransactions On
配置文件實例
pure-ftpd.conf配置文件
#######################
# #
# Configuration file for pure-ftpd wrappers #
# #
####
# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
#
# RPM binary files use another configuration file by default :
# /etc/sysconfig/pure-ftpd
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.html for a complete list of
# options.
# Cage in every user in his home directory
ChrootEveryone yes
# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
# TrustedGID 100
# Turn on compatibility hacks for broken clients
BrokenClientsCompatibility no
# Maximum number of simultaneous users
MaxClientsNumber 50
# Fork in background
Daemonize yes
# Maximum number of sim clients with the same IP address
MaxClientsPerIP 8
# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
VerboseLog no
# List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
# Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
# Disallow anonymous connections. Only allow authenticated users.
NoAnonymous no
# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
# Display fortune cookies
# FortunesFile /usr/share/fortune/zippy
# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
DontResolve yes
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 15
# LDAP configuration file (see README.LDAP)
# LDAPConfigFile /etc/pureftpd-ldap.conf
LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
# MySQLConfigFile /etc/pureftpd-mysql.conf
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
# Postgres configuration file (see README.PGSQL)
# PGSQLConfigFile /etc/pureftpd-pgsql.conf
PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
# PureDB /etc/pureftpd.pdb
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
# Path to pure-authd socket (see README.Authentication-Modules)
# ExtAuth /var/run/ftpd.sock
# If you want to enable PAM authentication, uncomment the following line
# PAMAuthentication yes
# If you want simple Unix (/etc/passwd) authentication, uncomment this
# UnixAuthentication yes
# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.
# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
LimitRecursion 2000 8
# Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
MaxLoad 4
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 30000 50000
# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio for anonymous users.
# AnonymousRatio 1 10
# Upload/download ratio for all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
AntiWarez yes
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
Bind 127.0.0.1,8021
# Maximum bandwidth for anonymous users in KB/s
# AnonymousBandwidth 8
# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
# UserBandwidth 8
# File creation mask. : .
# 177:077 if you feel paranoid.
Umask 133:022
# Minimum UID for an authenticated user to log in.
MinUID 100
# Allow FXP transfers for authenticated users only.
AllowUserFXP yes
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
ProhibitDotFilesWrite no
# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
# Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload no
# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
# If you want to add the PID to every logged line, uncomment the following
# line.
#LogPID yes
# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
# AltLog clf:/var/log/pureftpd.log
# Create an additional log file with transfers logged in a format optimized
# for statistic reports.
# AltLog stats:/var/log/pureftpd.log
#AltLog stats:/var/log/pureftpd.log
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)
# AltLog w3c:/var/log/pureftpd.log
# Disallow the CHMOD command. Users can't change perms of their files.
#NoChmod yes
# Allow users to resume and upload files, but *NOT* to delete them.
#KeepAllFiles yes
# Automatically create home directories if they are missing
#CreateHomeDir yes
# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
#PIDFile /var/run/pure-ftpd.pid
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
#CallUploadScript yes
# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
MaxDiskUsage 99
# Set to 'yes' if you don't want your users to rename files.
#NoRename yes
# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : :
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
# PerUserLimits 3:20
pureftpd-mysql.conf配置文件
##################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
#MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/lib/mysql/mysql.sock
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword qKiscCbwbXAkWp.
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
#MYSQLCrypt leartext
MYSQLCrypt crypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
########建立ftp用戶組##
pw groupadd ftpusers -g 2000
pw useradd ftp -u 2000 -g ftpusers -s /sbin/nologin
#################將以下代碼保存成文本文件並命名成script.mysql####################
INSERT INTO mysql.user (Host, User, Password, Select_priv, Insert_priv,
Update_priv, Delete_priv, Create_priv, Drop_priv, Reload_priv,
Shutdown_priv, Process_priv, File_priv, Grant_priv, References_priv,
Index_priv, Alter_priv) VALUES
('localhost','ftp',PASSWORD('password'),'Y','Y','Y','Y','N','N','N','N',
'N','N','N','N','N','N');
FLUSH PRIVILEGES;
CREATE DATABASE ftpusers;
USE ftpusers;
CREATE TABLE admin (
Username varchar(35) NOT NULL default '',
Password char(32) binary NOT NULL default '',
PRIMARY KEY (Username)
) TYPE=MyISAM;
INSERT INTO admin VALUES ('Administrator',MD5('password'));
CREATE TABLE users (
User char(16) NOT NULL default '',
Password char(32) binary NOT NULL default '',
Uid int(11) NOT NULL default '2000',
Gid int(11) NOT NULL default '2000',
Dir char(128) NOT NULL default '',
QuotaFiles int(10) NOT NULL default '500',
QuotaSize int(10) NOT NULL default '30',
ULBandwidth int(10) NOT NULL default '80',
DLBandwidth int(10) NOT NULL default '80',
status enum('0','1') NOT NULL default '1',
ipaccess varchar(15) NOT NULL default '*',
comment tinytext NOT NULL,
PRIMARY KEY (User),
UNIQUE KEY User (User)
) TYPE=MyISAM;
INSERT INTO `users` VALUES ('test1',MD5('123456'),2001,2000,'/home/test1',500,30,80,5,1,'*','*');
##################
#####添加ftp用戶資料庫#
upload
script.mysql
mysql -u root -ppassword < script.mysql
#####啟動pure-ftpd######
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
也可以通過
/usr/local/etc/rc.d/pure-ftpd.sh start
提示一下信息證明pure-ftpd已經工作
Running: /usr/local/sbin/pure-ftpd -A -c50 -B -C8 -D -E -fftp -H -I15
-lmysql:/usr/local/etc/pureftpd-mysql.conf -L2000:8 -m4 -Q1:10 -s -U133:022
-u100 -Ow3c:/var/log/pureftpd.log -j -k99 -Z
#####測試pureftp########
ftp 192.168.0.205
Connected to 192.168.0.205.
220---------- 歡迎來到 Pure-FTPd [TLS] ----------
220-您是第 1 個使用者,最多可達 50 個連接
220-現在本地時間是 13:17。伺服器埠: 21。
220-這是私人系統 - 不開放匿名登錄
220-這部主機也歡迎IPv6的連接
220 在 15 分鐘內沒有活動,您被會斷線。
Name (192.168.0.205:chb):
輸入用戶名、密碼
######設置ftp管理界面##
upload
chinaPHP_Manager
ee config.php
require 'language.php';
$LANG = $ZH_CN; //Language (Options are $DUTCH, $ENGLISH, $PT_BR, $RUSSIAN
//$SPANISH, $COREAN, $FRENCH, $HUNGARIAN, $GERMAN
// $TURKISH, $DANISH , $NORWEGIAN or $ZH_CN)
$LocationImages = "images"; // Location of images
$DBHost = "localhost"; // Ip-adres of MySQL server
// (Dont change this if you are using the default database)
$DBLogin = "ftp"; // Username of MySQL user
$DBPassword = "password"; // Password of MySQL user
$DBDatabase = "ftpusers"; // Name of database
$FTPaddress = "192.168.0.205:21"; // Domain name or ip-address of your ftp server
$DEFUserID = "2000"; // nobody // Default user id of virtual ftp user.
$DEFGroupID = "2000"; // guest // Default group is of virtual ftp user.
##設置ftp管理的虛擬主機
ee /usr/local/etc/apache/httpd.conf
添加
DocumentRoot "/home/chb/ftp"
ServerName www.chb.com
allow from all
Options +Indexes
#######增加ftp啟動項###
ee /etc/rc.conf
添加
pureftpd_enable="YES"
