недеља, 7. октобар 2012.

proFTPd

proFTPd je naravno otvorenog koda i besplatan FTP server. Za razliku kod vsFTPd koji teži da je jednostavan. proFTPd teži da ima puno funkcionalnosti koje korisnik može po svojoj potrebi koristi.
Konfiguracija se vrši putem jedne konfiguracione datoteke i konfiguraciona datoteka dosta potseća na apache2 konfiguracionu datoteku što korisnicima apache2 http servera omoguća lakše konfigurisanje. Neke od značajnih karakteristika po kojima se proFTPd izdvaja u odnosu na druge FTP servere su:
  • Višestruki virtuelni FTP serveri a anonimni FTP servisi
  • Podrška za naloge koji imaju datum isticanja
  • IPv6 podrška
  • Radi kao neprivilegovani korisnik da bi smanjio šansu za napad i preuzimanje root mogućnosti FTP servera
  • Modularan dizajn, omogućavajući lako proširivanje modulima (LDAP, SQL, SSL/TLS)

Da ne bi ste svaki put kreirali fizičkog korisnika na računaru, najbolje je podesiti virtuelni server. Na Arch-u se to radi na sledeći način.

Instalacija proFTPd

[root@mojracunar-pc ~]# pacman -S proftpd

Dodajte grupu i korisnika (izaberite id koji nije zauzet, ja sam izabrao 3333)

[root@mojracunar-pc ~]# groupadd -g 3333 ftpgroup
[root@mojracunar-pc ~]# useradd -u 3333 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser

U phpmyadminu izvršite sledeći kod za kreiranje baze (password zapamtite trebaće vam u daljem podešavanju)
_______________________________________________________
create database ftp;
GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE ON ftp.* TO 'proftpd'@'localhost.localdomain' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;

use ftp;

CREATE TABLE `ftpgroup` ( `groupname` varchar(16) NOT NULL DEFAULT '',
`gid` smallint(6) NOT NULL DEFAULT '9001',
`members` varchar(16) NOT NULL DEFAULT '',
KEY `groupname` (`groupname`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='ProFTP group table';

CREATE TABLE `ftpquotalimits` ( `name` varchar(30) NOT NULL DEFAULT '',
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT
'user', `per_session` enum('false','true') NOT NULL DEFAULT 'false',
`limit_type` enum('soft','hard') NOT NULL DEFAULT 'soft',
`bytes_in_avail` bigint(10) unsigned NOT NULL DEFAULT '0',
`bytes_out_avail` bigint(10) unsigned NOT NULL DEFAULT '0',
`bytes_xfer_avail` bigint(10) unsigned NOT NULL DEFAULT '0',
`files_in_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_avail` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_avail` int(10) unsigned NOT NULL DEFAULT '0', PRIMARY KEY (`name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE `ftpquotatallies` ( `name` varchar(30) NOT NULL DEFAULT '',
`quota_type` enum('user','group','class','all') NOT NULL DEFAULT
'user', `bytes_in_used` bigint(10) unsigned NOT NULL DEFAULT '0',
`bytes_out_used` bigint(10) unsigned NOT NULL DEFAULT '0',
`bytes_xfer_used` bigint(10) unsigned NOT NULL DEFAULT '0',
`files_in_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_out_used` int(10) unsigned NOT NULL DEFAULT '0',
`files_xfer_used` int(10) unsigned NOT NULL DEFAULT '0'
) ENGINE=MyISAM DEFAULT CHARSET=utf8;

CREATE TABLE `ftpuser` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`userid` varchar(32) NOT NULL DEFAULT '', `passwd` varchar(32) NOT NULL DEFAULT '',
`uid` smallint(6) NOT NULL DEFAULT '9001',
`gid`smallint(6) NOT NULL DEFAULT '9001',
`homedir` varchar(255) NOT NULL DEFAULT '',
`shell` varchar(16) NOT NULL DEFAULT '/sbin/nologin',
`count` int(11) NOT NULL DEFAULT '0',
`accessed` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`modified` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
`email` varchar(64) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `userid` (`userid`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='ProFTP user table';

INSERT INTO `ftpgroup` (`groupname`, `gid`, `members`) VALUES ('ftpgroup', 3333, 'ftpuser');
_______________________________________________________

Napravite backup od konfiguracione datoteke

[root@mojracunar-pc ~]# cp /etc/proftpd.conf /etc/proftpd.conf.bak

Konfiguraciona datoteka treba da izgleda ovako (obratite pažnju na password)
_______________________________________________________
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# Don't use IPv6 support by default.
UseIPv6 off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30

# Set the user and group under which the server will run.
User nobody
Group nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
  User ftp
  Group ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients 10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin welcome.msg
  DisplayChdir .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

DefaultRoot ~

# The passwords in MySQL are encrypted using CRYPT

SQLAuthTypes            Crypt
SQLAuthenticate         users* groups*

# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost proftpd password PERCONNECTION

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        500

# create a user's home directory on demand if it doesn't exist
CreateHome on 770 dirmode 770

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Gb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off

RequireValidShell off

SQLNamedQuery gettally  SELECT "ROUND((bytes_in_used/1073741824),2) FROM ftpquotatallies WHERE name='%u'"

SQLNamedQuery getlimit  SELECT "ROUND((bytes_in_avail/1073741824),2) FROM ftpquotalimits WHERE name='%u'"
SQLNamedQuery getfree   SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1073741824),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'"
SQLShowInfo   LIST    "226" "Used %{gettally}GB from %{getlimit}GB. You have %{getfree}GB available space."
_______________________________________________________

Da bi ste dodali korisnike otvorite phpmyadmin izvršite sledeće upite
_______________________________________________________
INSERT INTO `ftpquotalimits` (`name`, `quota_type`, `per_session`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`, `bytes_xfer_avail`, `files_in_avail`, `files_out_avail`, `files_xfer_avail`) VALUES ('korisnik', 'user', 'false', 'hard', 1073741824, 0, 0, 0, 0, 0);

INSERT INTO `ftpuser` (`userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`, `modified`, `email`) VALUES ('korisnik', encrypt('korisnikovalozinka'), 3333, 3333, '/var/ftp/korisnik', '/sbin/nologin', 0, '0000-00-00 00:00:00', '0000-00-00 00:00:00', 'korisnik@mail.com');
_______________________________________________________

U prvom SQL upitu je bitno da obratite pažnju na

  • name => 'korisnik' #to je korisničko ime za virtuelnog ftp korisnika
  • bytes_in_avail => '1073741824' #raspoloživo mesto u bajtovima, ovo je 1GB

U drugom SQL upitu je bitno da obratite pažnju na

  • userid => 'korisnik' #to je korisničko ime, trebalo bi da bude isto kao i u prvom upitu
  • passwd => encrypt('korisnikovalozinka') #lozinka korisnika
  • uid i gid => 3333 #id koji je biran prilikom kreiranja grupe i korisnika
  • homedir => /var/ftp/korisnik #home direktorijum korisnika, tj. u ovaj direktorijum će se nalaziti podaci koje korisnik bude uploadovano na server
  • email => korisnik@mail.com #mejl adresa korisnika

Namestite da se proFTPd automatksi pali sa sistemom

[root@mojracunar-pc ~]# systemctl enable proftpd.service

Startuje proFTPd

[root@mojracunar-pc ~]# systemctl start proftpd

Obavezno postavite da root direktorijum proFTPd ima dozvole 775

[root@mojracunar-pc ~]# chmod 775 /var/ftp

Takođe se pobrinite da pod istim nazivom postoje direktorijumi kao i korisnici. I dodelite im dozvole 755 i vlasništvo ftpuser ftpgroup

[root@mojracunar-pc ~]# mkdir /var/ftp/korisnik
[root@mojracunar-pc ~]# chmod 755 /var/ftp/korisnik
[root@mojracunar-pc ~]# chown ftpuser:ftpgroup /var/ftp/korisnik

Нема коментара:

Постави коментар