solaris10下proftpd+postgresql9(SMF)
一.安裝postgresql
1.安裝
見sol10安裝postgresql
http://blog.chinaunix.net/space.php?uid=45057&do=blog&id=125597
2.修改配製
#postgresql.conf
vi $PGDATA/postgresql.conf
修改
listen_addresses = '*'
#pg_hba.conf添加
host mdcftp ftp 192.168.195.0/24 md5
3.創建用戶
postgres=# create role ftp login password 'mdcftp';
4.建表空間
shell>su - postgres
shell>mkdir $PGDATA/mdcftp
shell>chmod 700 mdcftp
postgres=# create tablespace ftp_data owner ftp location
5.建庫
postgres=# create database ftp owner=ftp tablespace ftp_data;
6.建模式--模式(schema)是對資料庫(database)邏輯分割
用ftp用戶登錄建schema
ftp=> create schema ftp authorization ftp;
7.建表和數據
-- 資料庫: `ftp`
--
-- --------------------------------------------------------
--
-- 表的結構 `groups`
--
CREATE TABLE groups (
groupname VARCHAR(30) NOT NULL,
gid INTEGER NOT NULL,
members VARCHAR(255)
)
INSERT INTO groups VALUES ('mdc', 1000, 'feifan');
-- --------------------------------------------------------
--
-- 表的結構 `users`
--
CREATE TABLE users(
username varchar(20) NOT NULL primary key,
passwd varchar(80) NOT NULL,
uid integer NOT NULL,
gid integer NOT NULL,
homedir varchar(255) NOT NULL default '',
shell varchar(255) NOT NULL default '/bin/false',
count integer NOT NULL default '0',
host varchar(30) NOT NULL,
accessed timestamp NOT NULL default now(),
modified timestamp NOT NULL default now()
)
INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('feifan', 'hades', 1000, 1000, '/export/home/feifan', 'chen');
INSERT INTO users(username,passwd,uid,gid,homedir,host) VALUES ('mdc', 'down', 1001, 1000, '/export/home/mdcshare', 'chen');
注:數據中的UID和GID分別表示映射為系統中的用戶ID和組ID.
二.安裝proftpd
1.編譯安裝proftpd
我這裡有的sun cc,你也可以使用gcc
CC=cc;export CC
./configure --prefix=/usr/local/proftpd \
--with-modules=mod_sql:mod_sql_postgres \
--with-includes=/export/home/postgres/pgsql/include \
--with-libraries=/export/home/postgres/pgsql/lib
make
make install
2.把postgres的lib文件加入系統變數
#crle -u -l /export/home/postgres/pgsql/lib
3.配製proftpd
bash-3.00# more proftpd.conf
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "MDC FTP server"
ServerType standalone
DefaultServer on
# Display message
DisplayLogin /usr/local/proftpd/etc/ftplogin.msg
# Port 21 is the standard FTP port.
Port 21
# Don't use IPv6 support by default.
UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Sets how many password attempts are allowed before disconnection
MaxLoginAttempts 5
# Users needs a valid shell
#
RequireValidShell off
# Performance: skip DNS resolution when we process the logs...
UseReverseDNS off
# Restart session support
#
AllowStoreRestart on
AllowRetrieveRestart on
# Client config
MaxClientsPerHost 3 "Sorry, the maximum number clients (%m) from your host are already connected."
MaxClientsPerUser 5 "Sorry, the maximum number of clients (%m) for this user already connected."
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
#Logfile
Systemlog /var/log/proftpd.log
TransferLog /var/log/proftpd.xferlog
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH
ExtendedLog /var/log/proftpd.log ALL
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~mdcftp>
# User mdcftp
# Group staff
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous mdcftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE>
# DenyAll
# </Limit>
#</Anonymous>
# For SQL Postgresql
#
SQLAuthTypes Crypt Plaintext
#Backend表示用戶認證方式為MySQL資料庫的認證方式
#Plaintext表示明文認證方式,排在最前面的為最先使用的方式
SQLAuthenticate users
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost ftp mdcftp
SQLUserInfo users username passwd uid gid homedir shell host
SQLGroupInfo groups groupname gid members
#SQLHomedirOnDemand如果用戶主目錄不存在,則系統會根據此用戶在用戶數據表中的homedir欄位的值新建一個目錄
CreateHome on
SQLNegativeCache on
SQLLogFile /var/log/proftpd.sql.log
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1,accessed=now() WHERE username='%u'" users
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE username='%u'" users
SQLNamedQuery getcount SELECT "count from users where username='%u'"
4.把proftpd加入SMF
vi /var/svc/manifest/network/proftpd.xml
<?xml version="1.0"?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
ident "@(#)proftpd.xml 1.3.3d 11/02/15 SMI"
By Feifan@CU
-->
<service_bundle type='manifest' name='Proftpd'>
<service
name='network/proftpd'
type='service'
version='1'>
<!--
Because we may have multiple instances of network/proftpd
provided by different implementations, we keep dependencies
and methods within the instance.
-->
<instance name='default' enabled='false'>
<!--
Wait for network interfaces to be initialized.
-->
<dependency name='network'
grouping='require_all'
restart_on='error'
type='service'>
<service_fmri value='svc:/milestone/network:default' />
</dependency>
<!--
Wait for all local filesystems to be mounted.
-->
<dependency name='filesystem-local'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri
value='svc:/system/filesystem/local:default' />
</dependency>
<!--
Wait for automounting to be available, as we may be
serving data from home directories or other remote
filesystems.
-->
<dependency name='autofs'
grouping='optional_all'
restart_on='error'
type='service'>
<service_fmri
value='svc:/system/filesystem/autofs:default' />
</dependency>
<exec_method
type='method'
name='start'
exec='/usr/local/proftpd/sbin/in.proftpd'
timeout_seconds='30' />
<exec_method
type='method'
name='stop'
exec='/usr/bin/kill `cat /usr/local/proftpd/var/proftpd.pid`'
timeout_seconds='30' />
<exec_method
type='method'
name='refresh'
exec='/usr/bin/kill -HUP `cat /usr/local/proftpd/var/proftpd.pid`'
timeout_seconds='30' />
<property_group name='proftpd' type='application'>
<stability value='Evolving' />
<propval name='ssl' type='boolean' value='false' />
</property_group>
<property_group name='startd' type='framework'>
<!-- sub-process core dumps shouldn't restart
session -->
<propval name='ignore_error' type='astring'
value='core,signal' />
</property_group>
</instance>
<stability value='Evolving' />
<template>
<common_name>
<loctext xml:lang='C'>
ProFTPD server
</loctext>
</common_name>
<documentation>
<manpage title='proftpd' section='8'
manpath='/usr/local/proftpd/share/man' />
<doc_link name='proftpd.org'
uri='http://www.proftpd.org' />
</documentation>
</template>
</service>
</service_bundle>
5.導入並啟動服務
cd /var/svc/manifest/network
svccfg -v validate proftpd.xml
svccfg -v import proftpd.xml
svcs -l proftpd
svcadm enable proftpd
目前存在的問題:
密碼只能明文的方式驗證.
參考文檔
819-5150.pdf
solaris-smf-manifest-wp-167902.pdf
httpd-apache2.xml
原文見:http://blog.chinaunix.net/space.php?uid=45057&do=blog&id=125738
