ftp和mysql数据库结合使用

问题描述:
看下 1.1.1.1 的ftp为什么连不上

报错的信息:
'ftpServer'     =>      '1.1.1.1', //      FTP服务器地址
'ftpPort'       =>      '21',
'ftpUsername'   =>      'admin.was.chinasoft.com',    // FTP账号
'ftpPassword'   =>      'ftp_pass', 
报错信息:
FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com 

处理过程:
首先登录 1.1.1.1_server01_was_web01 这台网宿的服务器

1.查看进程是否正常
[root@server01:/usr/local/proftpd-1.3.6rc2]# ps -ef|grep ftp
apache   44339     1  0 19:21 ?        00:00:00 proftpd: (accepting connections)
apache   48010 44339  0 20:03 ?        00:00:00 proftpd: admin.was.chinasoft.com - 3.3.3.3: IDLE

2.连接21端口,看服务是否能够正常通讯
C:\Users\ws>telnet 2.2.2.2 21

3.找到/usr/local/proftpd-1.3.6rc2/的程序运行目录

[root@server01:/usr/local/proftpd-1.3.6rc2]# cd /usr/local/proftpd-1.3.6rc2/
[root@server01:/usr/local/proftpd-1.3.6rc2]# ll
total 44
-rwxr-xr-x 1 root root 1053 Apr  6  2017 adduser_domain.sh
-rwx------ 1 root root 1034 Apr  6  2017 adduser.sh
drwxr-xr-x 2 root root 4096 Apr 11  2016 bin
drwxr-xr-x 2 root root 4096 Jul  5 19:36 etc
drwxr-xr-x 3 root root 4096 Apr 11  2016 include
drwxr-xr-x 4 root root 4096 Apr 11  2016 lib
drwxr-xr-x 2 root root 4096 Apr 11  2016 libexec
-rwxr-xr-x 1 root root 2367 Mar 11  2013 proftpd.sh
drwxr-xr-x 2 root root 4096 Apr 11  2016 sbin
drwxr-xr-x 4 root root 4096 Apr 11  2016 share
drwxr-xr-x 2 root root 4096 Jul  5 19:54 var

# 添加用户的脚本(作废)
[root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser.sh 
#!/bin/bash
usage () {
        echo ""
        echo "  Please Input Correct infomation!"
        echo ""
        echo "  USAGE: `basename $0` username /dir ftp_server_ip"
        echo "  Exp: `basename $0` Lee /data/lee/home 1.1.1.1,2.2.2.2"
        echo ""
        echo "  Result:"
        echo "          UserName: Lee"
        echo "          UserHome: /data/lee/home"
        echo "          PassWord: N1Jy3Fqol"
        echo ""
}

if [[ $3 == ""  ]];then
        usage;
        exit 1;
fi

datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
home=$2
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
shell='/sbin/nologin'
accesshost=$3
/usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\
use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "userHome: $home"
echo "FTP  IPs: $accesshost"
echo ""

# 添加用户和域名对应关系的脚本
[root@server01:/usr/local/proftpd-1.3.6rc2]# cat adduser_domain.sh 
#!/bin/bash

usage () {
        echo ""
        echo "  Please Input Correct infomation!"
        echo ""
        echo "  USAGE: `basename $0` domainname ftp_server_ip"
        echo "  Exp: `basename $0` www.test.com Server1,Server2"
        echo ""
        echo "  Result:"
        echo "          UserName: www.test.com"
        echo "          PassWord: N1Jy3Fqol"
        echo ""
}

if [[ $2 == ""  ]];then
        usage;
        exit 1;
fi

datetime=`date +%Y%m%d" "%H:%M:%S`
userid=$1
passwd=`mkpasswd -l 9 -d 2 -c 3 -C 3 -s 0`
domain=$userid
if [[ $1 =~ ^www ]];then
        domain=${1#www.}
fi
dst_passwd='{md5}'`/bin/echo -n "$passwd" | openssl dgst -binary -md5 | openssl enc -base64`
home="/data/www/vhosts/$domain"
shell='/sbin/nologin'
accesshost=$2
/usr/local/mysql/bin/mysql -u ftp_user -p'pass' -h 192.168.1.189 -e "\
use ftp_db;insert into FTPUSERS VALUES('$userid','$dst_passwd',500,100,'$home','/sbin/nologin','$accesshost','$datetime');"
echo "UserName: $userid"
echo "PassWord: $passwd"
echo "FTP  IPs: $accesshost"
echo ""

***192.168.1.189这个mysql不存在

③继续查看配置文件

[root@server01:/usr/local/proftpd-1.3.6rc2/etc]# cat /usr/local/proftpd-1.3.6rc2/etc/proftpd.conf 
# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Don't use IPv6 support by default.
UseIPv6                         off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    900
TimeoutStalled      3600
# Where do we put the pid files?
#ScoreboardPath    /var/run/proftpd
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    30
MaxLoginAttempts        3
# Set the user and group under which the server will run.
User                            apache
Group                           users

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite          on
# 上传断点续传
AllowRetrieveRestart    on
AllowStoreRestart       on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
#  User                         ftp
#  Group                                ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias                    anonymous ftp

  # Limit the maximum number of anonymous logins
#  MaxClients                   10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
#  DisplayLogin                 welcome.msg
#  DisplayChdir                 .message

  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#</Anonymous>
#设置MySQL认证:
#数据库联接的信息,DatabaseName是数据库名, HostName是主机名,
#Port是端口号,UserName是连接数据库的用户名,Password是密码。
SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass

#数据库认证的类型:
SQLAuthTypes OpenSSL

#指定用来做用户认证的表的有关信息。("FTPUSERS"和"FTPGRPS"是数据表名字,等一会而在下面建立)
SQLUserInfo FTPUSERS userid passwd uid gid home shell
SQLGroupInfo FTPGRPS grpname gid members

#设置如果shell为空时允许用户登录:
RequireValidShell off

#数据库的鉴别
SQLAuthenticate users groups usersetfast groupsetfast

#如果home目录不存在,则系统会为根据它的home项新建一个目录:
CreateHome off

#判断这个用户是否允许登录本机
#SQLUserWhereClause "accesshost like'%10.10.26.195%'" #这里的%号ProFtp不识别, 妈的!所以用下面的方法.
SQLUserWhereClause "0 !=FIND_IN_SET('2.2.2.2',accesshost)"

#SQL验证日志
#SQLLog
SQLLogFile /usr/local/proftpd/var/sql.log

#SQL验证用户的UID和GID
SQLMinUserUID 500
SQLMinUserGID 100
SQLDefaultUID 500
SQLDefaultGID 100

#####  #####
MaxClients      50
UseReverseDNS   off
IdentLookups  off
#QuotaLimitTable file:/usr/local/proftpd1.3/etc/ftpquota.limittab
#QuotaTallyTable file:/usr/local/proftpd1.3/etc/ftpquota.tallytab
QuotaDirectoryTally  on
QuotaDisplayUnits Mb
QuotaEngine on
QuotaLog /usr/local/proftpd/var/quota.log
QuotaShowQuotas on
QuotaOptions ScanOnLogin
DefaultRoot ~
DisplayLogin welcome.msg
AllowStoreRestart on

############ Fixed Log Format #########
LogFormat awstats "%t   %h      %u      %m      %f      %s      %b"
ExtendedLog /usr/local/proftpd/var/transfer.log read,write awstats
TransferLog /usr/local/proftpd/var/transfer.log
ServerLog /usr/local/proftpd/var/server.log
#Single system with both ProFTPd and Clamd utilizing TCP sockets. Additionally, only files who's size is less than 250MB will be scanned.


④找到关键信息
SQLConnectInfo ftp_db@192.168.1.148 ftp_user pass

连接数据库,查看表FTPUSERS查看表,猜想这个表就是用户名密码和权限的控制表

[root@server01:/usr/local/proftpd-1.3.6rc2]# mysql -h192.168.1.148 -uftp_user -p'pass'
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 55843792
Server version: 5.7.14-7-log Source distribution

Copyright (c) 2009-2014 Percona LLC and/or its affiliates
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| ftp_db             |
+--------------------+
2 rows in set (0.00 sec)

mysql> use ftp_db;
Database changed
mysql> show tables;
+------------------+
| Tables_in_ftp_db |
+------------------+
| FTPGRPS          |
| FTPUSERS         |
| quotalimits      |
| quotatallies     |
+------------------+
4 rows in set (0.00 sec)

mysql> select * from FTPUSERS;
+---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+
| userid                                | passwd                        | uid | gid | home                                                                                                                              | shell         | accesshost               | coment            |
+---------------------------------------+-------------------------------+-----+-----+-----------------------------------------------------------------------------------------------------------------------------------+---------------+--------------------------+-------------------+
| pay_com                 | {md5}MCbog7BadfaroQ== | 500 | 100 | /data/www/vhosts/platform.chinasoft.com                                                                                         | /sbin/nologin | web3                     |                   |


通过本地登录ftp报错:
root@server01:/usr/local/proftpd-1.3.6rc2]# tail -f /usr/local/proftpd/var/server.log

2018-07-05 19:50:28,817 server01 proftpd[46981] 2.2.2.2 (3.3.3.3[3.3.3.3]): USER admin.was.chinasoft.com: no such user found from 3.3.3.3 [3.3.3.3] to 1.1.1.1:21

结合客户端报错:
FTP connection has failed!Attempted to connect to 1.1.1.1 for user admin.was.chinasoft.com

数据库中有 1.1.1.1 这个授权
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}eddddd==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', 'web3', '20150306 17:30:57');
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afda==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '1.1.1.1', '20150818 23:29:30');

报错提到了2.2.2.2刚好是这个服务器的两个IP,于是添加2.2.2.2授权
INSERT INTO ``(`userid`, `passwd`, `uid`, `gid`, `home`, `shell`, `accesshost`, `coment`) VALUES ('admin.was.chinasoft.com', '{md5}bOBvuP1/afdfdadfa==', 500, 100, '/data/www/vhosts/admin.was.chinasoft.com', '/sbin/nologin', '2.2.2.2', '20180706 10:58:00');

重新登录发现可以正常获取ftp家目录,至此问题解决

 

上一篇:搭建vsftpd服务并实现本地用户访问


下一篇:CentOS下Proftpd环境部署并使用虚拟用户登录 - 运维笔记