问题描述: 看下 1.1.1.1 的ftp为什么连不上 报错的信息: 'ftpServer' => '1.1.1.1', // FTP服务器地址 'ftpPort' => '21', 'ftpUsername' => 'admin.was.chinasoft.com', // FTP账号 'ftpPassword' => 'ftp_pass', 报错信息: FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com 处理过程: 首先登录 1.1.1.1_server01_was_web01 这台网宿的服务器 1.查看进程是否正常 [root@server01:/usr/local/proftpd-1.3.6rc2]# ps -ef|grep ftp apache 44339 1 0 19:21 ? 00:00:00 proftpd: (accepting connections) apache 48010 44339 0 20:03 ? 00:00:00 proftpd: admin.was.chinasoft.com - 3.3.3.3: IDLE 2.连接21端口,看服务是否能够正常通讯 C:\Users\ws>telnet 2.2.2.2 21 3.找到/usr/local/proftpd-1.3.6rc2/的程序运行目录 [root@server01:/usr/local/proftpd-1.3.6rc2]# cd /usr/local/proftpd-1.3.6rc2/ [root@server01:/usr/local/proftpd-1.3.6rc2]# ll total 44 -rwxr-xr-x 1 root root 1053 Apr 6 2017 adduser_domain.sh -rwx------ 1 root root 1034 Apr 6 2017 adduser.sh drwxr-xr-x 2 root root 4096 Apr 11 2016 bin drwxr-xr-x 2 root root 4096 Jul 5 19:36 etc drwxr-xr-x 3 root root 4096 Apr 11 2016 include drwxr-xr-x 4 root root 4096 Apr 11 2016 lib drwxr-xr-x 2 root root 4096 Apr 11 2016 libexec -rwxr-xr-x 1 root root 2367 Mar 11 2013 proftpd.sh drwxr-xr-x 2 root root 4096 Apr 11 2016 sbin drwxr-xr-x 4 root root 4096 Apr 11 2016 share drwxr-xr-x 2 root root 4096 Jul 5 19:54 var # 添加用户的脚本(作废) [root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser.sh #!/bin/bash usage () { echo "" echo " Please Input Correct infomation!" echo "" echo " USAGE: `basename $0` username /dir ftp_server_ip" echo " Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2" echo "" echo " Result:" echo " UserName: Lee" echo " UserHome: /data/lee/home" echo " PassWord: N1Jy3Fqol" echo "" } if [[ $3 == "" ]];then usage; exit 1; fi datetime=`date +%Y%m%d" "%H:%M:%S` userid=$1 passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0` home=$2 dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64` shell='/sbin/nologin' accesshost=$3 /usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\ use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');" echo "UserName: $userid" echo "PassWord: $passwd" echo "userHome: $home" echo "FTP IPs: $accesshost" echo "" # 添加用户和域名对应关系的脚本 [root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser_domain.sh #!/bin/bash usage () { echo "" echo " Please Input Correct infomation!" echo "" echo " USAGE: `basename $0` domainname ftp_server_ip" echo " Exp: `basename $0` www.test.com Server1,Server2" echo "" echo " Result:" echo " UserName: www.test.com" echo " PassWord: N1Jy3Fqol" echo "" } if [[ $2 == "" ]];then usage; exit 1; fi datetime=`date +%Y%m%d" "%H:%M:%S` userid=$1 passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0` domain=$userid if [[ $1 =~ ^www ]];then domain=${1#www.} fi dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64` home="/data/www/vhosts/$domain" shell='/sbin/nologin' accesshost=$2 /usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\ use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');" echo "UserName: $userid" echo "PassWord: $passwd" echo "FTP IPs: $accesshost" echo "" ***192.168.1.189这个mysql不存在 ③继续查看配置文件 [root@server01:/usr/local/proftpd-1.3.6rc2/etc]# cat /usr/local/proftpd-1.3.6rc2/etc/proftpd.conf # This is a basic ProFTPD configuration file (rename it to # 'proftpd.conf' for actual use. It establishes a single server # and a single anonymous login. It assumes that you have a user/group # "nobody" and "ftp" for normal operation and anon. ServerName "ProFTPD Default Installation" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 21 # Don't use IPv6 support by default. UseIPv6 off # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable. Umask 022 TimeoutLogin 120 TimeoutIdle 600 TimeoutNoTransfer 900 TimeoutStalled 3600 # Where do we put the pid files? #ScoreboardPath /var/run/proftpd # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd). MaxInstances 30 MaxLoginAttempts 3 # Set the user and group under which the server will run. User apache Group users # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on # 上传断点续传 AllowRetrieveRestart on AllowStoreRestart on # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> # A basic anonymous configuration, no upload directories. If you do not # want anonymous users, simply delete this entire <Anonymous> section. #<Anonymous ~ftp> # User ftp # Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # Limit the maximum number of anonymous logins # MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayChdir .message # Limit WRITE everywhere in the anonymous chroot # <Limit WRITE> # DenyAll # </Limit> #</Anonymous> #设置MySQL认证: #数据库联接的信息,DatabaseName是数据库名, HostName是主机名, #Port是端口号,UserName是连接数据库的用户名,Password是密码。 SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass #数据库认证的类型: SQLAuthTypes OpenSSL #指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立) SQLUserInfo FTPUSERS userid passwd uid gid home shell SQLGroupInfo FTPGRPS grpname gid members #设置如果shell为空时允许用户登录: RequireValidShell off #数据库的鉴别 SQLAuthenticate users groups usersetfast groupsetfast #如果home目录不存在,则系统会为根据它的home项新建一个目录: CreateHome off #判断这个用户是否允许登录本机 #SQLUserWhereClause "accesshost like'%10.10.26.195%'" #这里的%号ProFtp不识别, 妈的!所以用下面的方法. SQLUserWhereClause "0 !=FIND_IN_SET('2.2.2.2',accesshost)" #SQL验证日志 #SQLLog SQLLogFile /usr/local/proftpd/var/sql.log #SQL验证用户的UID和GID SQLMinUserUID 500 SQLMinUserGID 100 SQLDefaultUID 500 SQLDefaultGID 100 ##### ##### MaxClients 50 UseReverseDNS off IdentLookups off #QuotaLimitTable file:/usr/local/proftpd1.3/etc/ftpquota.limittab #QuotaTallyTable file:/usr/local/proftpd1.3/etc/ftpquota.tallytab QuotaDirectoryTally on QuotaDisplayUnits Mb QuotaEngine on QuotaLog /usr/local/proftpd/var/quota.log QuotaShowQuotas on QuotaOptions ScanOnLogin DefaultRoot ~ DisplayLogin welcome.msg AllowStoreRestart on ############ Fixed Log Format ######### LogFormat awstats "%t %h %u %m %f %s %b" ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats TransferLog /usr/local/proftpd/var/transfer.log ServerLog /usr/local/proftpd/var/server.log #Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's size is less than 250MB will be scanned. ④找到关键信息 SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass 连接数据库,查看表FTPUSERS查看表,猜想这个表就是用户名密码和权限的控制表 [root@server01:/usr/local/proftpd-1.3.6rc2]# mysql -h192.168.1.148 -uftp_user -p'pass' Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 55843792 Server version: 5.7.14-7-log Source distribution Copyright (c) 2009-2014 Percona LLC and/or its affiliates Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | ftp_db | +--------------------+ 2 rows in set (0.00 sec) mysql> use ftp_db; Database changed mysql> show tables; +------------------+ | Tables_in_ftp_db | +------------------+ | FTPGRPS | | FTPUSERS | | quotalimits | | quotatallies | +------------------+ 4 rows in set (0.00 sec) mysql> select * from FTPUSERS; +---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+ | userid | passwd | uid | gid | home | shell | accesshost | coment | +---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+ | pay_com | {md5}MCbog7BadfaroQ== | 500 | 100 | /data/www/vhosts/platform.chinasoft.com | /sbin/nologin | web3 | | 通过本地登录ftp报错: root@server01:/usr/local/proftpd-1.3.6rc2]# tail -f /usr/local/proftpd/var/server.log 2018-07-05 19:50:28,817 server01 proftpd[46981] 2.2.2.2 (3.3.3.3[3.3.3.3]): USER admin.was.chinasoft.com: no such user found from 3.3.3.3 [3.3.3.3] to 1.1.1.1:21 结合客户端报错: FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com 数据库中有 1.1.1.1 这个授权 INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}eddddd==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', 'web3', '20150306 17:30:57'); INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afda==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '1.1.1.1', '20150818 23:29:30'); 报错提到了2.2.2.2刚好是这个服务器的两个IP,于是添加2.2.2.2授权 INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afdfdadfa==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '2.2.2.2', '20180706 10:58:00'); 重新登录发现可以正常获取ftp家目录,至此问题解决