ProFTPd配置通过数据库方式的虚拟用户认证登录

一、安装proftpd + postgresql数据库方式认证

./configure \
--prefix=/usr/local/proftpd \
--with-modules=mod_sql:mod_sql_postgres \
--with-includes=/usr/include \
--with-libraries=/usr/lib/postgresql/8.4/lib

make
make install

注：安装postgresql时编译时可能会出现错误，主要可能缺少libpq-fe.h/postgres_ext.h头文件和libpq.so.5.2库文件，我已将其重新打包到proftpd-1.3.5rc2安装包中的postgres目录中，可供下载参考

二、安装proftpd + mysql数据库方式认证
./configure \
--prefix=/usr/local/proftpd  \
--with-modules=mod_sql:mod_sql_mysql  \
--with-includes=/usr/include/mysql  \
--with-libraries=/usr/lib/mysql

make
make install

注：--with-includes和--with-libraries需要正确填写机器中所安装的mysql头文件和库文件路径，如不知道可使用locate mysql查找，Ubuntu中使用apt-get install方式安装mysql的默认路径如上

三、proftpd数据库配置文件(/usr/local/proftpd/etc/proftpd.conf)

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName   "ProFTPD Server LZG"
ServerType   standalone
DefaultServer   on

# Port 21 is the standard FTP port.
Port    21

# Don't use IPv6 support by default.
UseIPv6    off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask    022
MaxLoginAttempts  3
TimeoutLogin   120
TimeoutIdle   600
TimeoutNoTransfer  900
MaxClients   100
MaxClientsPerHost  5

RequireValidShell  off

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances   30

# Set the user and group under which the server will run.
User    nobody
Group    nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite  on

# Bar use of SITE CHMOD by default

  DenyAll

DefaultRoot ~
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo proftpd@10.253.102.12 postgres 123
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members
SQLMinID 500
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 where userid='%u'" users
SQLLog STOR,DELE modified

四、这里就不介绍数据库表的详细创建步骤了，网上一大堆，我创建了一个users和groups表，下面为postgres的proftpd表创建语句，mysql更简单不再介绍

-- Table: users
-- DROP TABLE users;
CREATE TABLE users
(
  userid character varying(256) NOT NULL,
  passwd character varying(256),
  uid integer DEFAULT (1000)::numeric,
  gid integer DEFAULT (1000)::numeric,
  homedir character varying(256),
  shell character varying(256),
  count integer DEFAULT (0)::numeric,
  used double precision DEFAULT 0.0,
  quote double precision DEFAULT 0.0,
  CONSTRAINT ftpusers_pkey PRIMARY KEY (userid)
)
WITH (
  OIDS=FALSE
);
ALTER TABLE users
  OWNER TO postgres;
-- Table: groups
-- DROP TABLE groups;
CREATE TABLE groups
(
  groupname character varying(256) NOT NULL,
  gid integer DEFAULT (1000)::numeric,
  members character varying(256),
  CONSTRAINT ftpgroups_pkey PRIMARY KEY (groupname)
)
WITH (
  OIDS=FALSE
);
ALTER TABLE groups
  OWNER TO postgres;

数据表创建完成后，配置文件修改后，重启proftpd进程，在数据库中创建一个用户然后登录就可以了。

五、可能遇到的问题
root@liuzhigong-Vostro-230:~# ftp 127.0.0.1
Connected to 127.0.0.1.
220 ProFTPD 1.3.5rc2 Server (ProFTPD Server LZG) [127.0.0.1]
Name (127.0.0.1:root): lzgtest
331 Password required for lzgtest
Password:
421 Service not available, remote server has closed connection
Login failed.
No control connection for command: No such file or directory

可能会遇到下面这个问题，我google和baidu了好久，查了好多方法不行，最后才发现是配置文件后面sql语句写错导致，可供大家参考，如果大家创建的表名不是users，是ftpusers，则配置文件中的对应sql语句的地方要做相应修改才行

SQLUserInfo users(根据实际情况修改表名) userid passwd uid gid homedir shell
SQLGroupInfo groups(根据实际情况修改表名) groupname gid members
SQLMinID 500
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 where userid='%u'" users(根据实际情况修改表名)
SQLLog STOR,DELE modified

还有一个问题是可能直接使用IP连接proftpd服务器时感觉连接速度非常慢，要等很久服务器才会返回信息，经常导致ftp连接超时，这时可在配置文件中关闭proftpd的域名反向解析以加快服务器响应时间：

# 不显示服务器相关信息, 如proftpd版本
ServerIdent off
# 禁用反向域名解析
UseReverseDNS off