Nenhum produto encontrado nessa seleção.
Para aqueles que precisam de um servidor FTP no Ubuntu, o ProFTPD irá superar suas expectativas. Com ele é possível criar um servidor robusto com várias integrações, como quota de usuários, integração à base de dados MySQL para que não seja necessário gerenciar todos os usuários “na unha” e muito mais.
Neste tutorial (com vídeo tutorial ao final) você vai aprender a configurar o ProFTPD de duas maneiras: como um servidor FTP simples e como um servidor FTP com quota de usuários integrado com uma base de dados MySQL, onde você poderá gerenciar tudo pela base de dados. Note que a segunda opção também é interessante para quem deseja criar sistemas com PHP (por exemplo) para gerenciar os dados do servidor.
Então vamos deixar de prosa fiada e coloquemos nossas mãos na massa. Arregace suas mangas e prepare-se para digitar algumas linhas de comando no seu Ubuntu.
Servidor FTP simples com o ProFTPD
Primeiramente vamos instalar o ProFTPD, para isso abra o terminal (CTRL+ALT+T) e digite:
sudo apt-get install proftpd
Escolha “autônomo” e continue até finalizar.
O próximo passo é editar o arquivo proftpd.conf, para isso digite:
sudo nano /etc/proftpd/proftpd.conf
Altere as seguintes linhas:
... # Adicione o nome do seu servidor ServerName "Nome do seu servidor" ... # Descomente a linha DefaultRoot ~ ... # Descomente a linha RequireValidShell off ... # Adicione CreateHome on ... # Não editei mais nada daqui adiante ...
Veja como ficou o arquivo completo (isso é apenas para você visualizar o que foi editado):
# # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 on # If set on you can experience a longer connection delay in many cases. IdentLookups off ServerName "Todo Espaço Online - FTP" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. RequireValidShell off CreateHome on # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # This is useful for masquerading address with dynamic IPs: # refresh any configured MasqueradeAddress directives every 8 hours <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords # AuthOrder mod_auth_pam.c* mod_auth_unix.c # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log # Logging onto /var/log/lastlog is enabled but set to off by default #UseLastlog on # In order to keep log file dates consistent after chroot, use timezone info # from /etc/localtime. If this is not set, and proftpd is configured to # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight # savings timezone regardless of whether DST is in effect. #SetEnv TZ :/etc/localtime <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://www.securityfocus.com/bid/11430/discuss # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> # # Alternative authentication frameworks # #Include /etc/proftpd/ldap.conf #Include /etc/proftpd/sql.conf # # This is used for FTPS connections # #Include /etc/proftpd/tls.conf # # Useful to keep VirtualHost/VirtualRoot directives separated # #Include /etc/proftpd/virtuals.conf # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> # Include other custom configuration files Include /etc/proftpd/conf.d/
Agora apenas precisamos criar os usuários que terão acesso ao nosso servidor FTP, para isso digite:
sudo adduser usuario-ftp --home=/home/usuario-ftp --shell=/bin/false
Saiba mais sobre o gerenciamento de usuários no Linux em:
E, por fim, reiniciar o proftpd:
sudo /etc/init.d/proftpd restart
Pronto, acesse o seu novo servidor com o cliente FTP que preferir.
Servidor FTP com MySQL e quota de usuários
Antes de continuar, saiba que é necessário instalar e configurar um servidor MySQL no seu Ubuntu, para isso siga o seguinte tutorial:
Depois disso vamos começar a instalação do ProFTPD (se você já fez isso anteriormente, pule esta parte):
sudo apt-get install proftpd proftpd-mod-mysql
Instale um servidor autônomo e vamos iniciar a configuração. Primeiramente, vamos alterar o arquivo proftpd.conf, para isso digite:
sudo nano /etc/proftpd/proftpd.conf
Veja o arquivo alterado (existe um comentário em cada linha alterada):
# # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 on # If set on you can experience a longer connection delay in many cases. IdentLookups off ######################################################################### # ALTERADO # ######################################################################### ServerName "Todo Espaço Online - FTP" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes ######################################################################### # ALTERADO # ######################################################################### DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. ######################################################################### # ALTERADO # ######################################################################### RequireValidShell off ######################################################################### # ADICIONADO # ######################################################################### CreateHome on # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # This is useful for masquerading address with dynamic IPs: # refresh any configured MasqueradeAddress directives every 8 hours <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords # AuthOrder mod_auth_pam.c* mod_auth_unix.c # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log # Logging onto /var/log/lastlog is enabled but set to off by default #UseLastlog on # In order to keep log file dates consistent after chroot, use timezone info # from /etc/localtime. If this is not set, and proftpd is configured to # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight # savings timezone regardless of whether DST is in effect. #SetEnv TZ :/etc/localtime <IfModule mod_quotatab.c> ######################################################################### # ALTERADO # ######################################################################### QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://www.securityfocus.com/bid/11430/discuss # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> # # Alternative authentication frameworks # #Include /etc/proftpd/ldap.conf ######################################################################### # ALTERADO # ######################################################################### Include /etc/proftpd/sql.conf # # This is used for FTPS connections # #Include /etc/proftpd/tls.conf # # Useful to keep VirtualHost/VirtualRoot directives separated # #Include /etc/proftpd/virtuals.conf # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> # Include other custom configuration files Include /etc/proftpd/conf.d/
Agora vamos editar o arquivo sql.conf, para isso digite:
sudo nano /etc/proftpd/sql.conf
Agora veja o arquivo alterado (comentários em linhas alteradas):
# # Proftpd sample configuration for SQL-based authentication. # # (This is not to be used if you prefer a PAM-based SQL authentication) # <IfModule mod_sql.c> # # Choose a SQL backend among MySQL or PostgreSQL. # Both modules are loaded in default configuration, so you have to specify the backend # or comment out the unused module in /etc/proftpd/modules.conf. # Use 'mysql' or 'postgres' as possible values. # ######################################################################### # ALTERADO # ######################################################################### SQLBackend mysql # ######################################################################### # ALTERADO # ######################################################################### SQLEngine on SQLAuthenticate on # # Use both a crypted or plaintext password ######################################################################### # ALTERADO # ######################################################################### SQLAuthTypes Crypt Plaintext # # Use a backend-crypted or a crypted password #SQLAuthTypes Backend Crypt # # Connection ######################################################################### # ALTERADO # ######################################################################### SQLConnectInfo [email protected] SeuUsuarioMySQL SenhaDoUsuarioMySQL # # Describes both users/groups tables # SQLUserInfo ftpuser userid passwd uid gid homedir shell SQLGroupInfo ftpgroup groupname gid members # ######################################################################### # ADICIONADO # ######################################################################### # # Update count every time user logs in SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser # Update modified everytime user uploads or deletes a file SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser # User quotas # =========== QuotaEngine on QuotaDirectoryTally on QuotaDisplayUnits Mb QuotaShowQuotas on SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally </IfModule>
Agora vamos editar o arquivo modules.conf, para isso digite:
sudo nano /etc/proftpd/modules.conf
Veja o arquivo alterado:
# # This file is used to manage DSO modules and features. # # This is the directory where DSO modules reside ModulePath /usr/lib/proftpd # Allow only user root to load and unload modules, but allow everyone # to see which modules have been loaded ModuleControlsACLs insmod,rmmod allow user root ModuleControlsACLs lsmod allow user * LoadModule mod_ctrls_admin.c LoadModule mod_tls.c # Install one of proftpd-mod-mysql, proftpd-mod-pgsql or any other # SQL backend engine to use this module and the required backend. # This module must be mandatory loaded before anyone of # the existent SQL backeds. ######################################################################### # ALTERADO # ######################################################################### LoadModule mod_sql.c # Install proftpd-mod-ldap to use this #LoadModule mod_ldap.c # # 'SQLBackend mysql' or 'SQLBackend postgres' (or any other valid backend) directives # are required to have SQL authorization working. You can also comment out the # unused module here, in alternative. # # Install proftpd-mod-mysql and decomment the previous # mod_sql.c module to use this. ######################################################################### # ALTERADO # ######################################################################### LoadModule mod_sql_mysql.c # Install proftpd-mod-pgsql and decomment the previous # mod_sql.c module to use this. #LoadModule mod_sql_postgres.c # Install proftpd-mod-sqlite and decomment the previous # mod_sql.c module to use this #LoadModule mod_sql_sqlite.c # Install proftpd-mod-odbc and decomment the previous # mod_sql.c module to use this #LoadModule mod_sql_odbc.c # Install one of the previous SQL backends and decomment # the previous mod_sql.c module to use this ######################################################################### # ALTERADO # ######################################################################### LoadModule mod_sql_passwd.c LoadModule mod_radius.c LoadModule mod_quotatab.c LoadModule mod_quotatab_file.c # Install proftpd-mod-ldap to use this #LoadModule mod_quotatab_ldap.c # Install one of the previous SQL backends and decomment # the previous mod_sql.c module to use this ######################################################################### # ALTERADO # ######################################################################### LoadModule mod_quotatab_sql.c LoadModule mod_quotatab_radius.c LoadModule mod_wrap.c LoadModule mod_rewrite.c LoadModule mod_load.c LoadModule mod_ban.c LoadModule mod_wrap2.c LoadModule mod_wrap2_file.c # Install one of the previous SQL backends and decomment # the previous mod_sql.c module to use this #LoadModule mod_wrap2_sql.c LoadModule mod_dynmasq.c LoadModule mod_exec.c LoadModule mod_shaper.c LoadModule mod_ratio.c LoadModule mod_site_misc.c LoadModule mod_sftp.c LoadModule mod_sftp_pam.c # Install one of the previous SQL backends and decomment # the previous mod_sql.c module to use this #LoadModule mod_sftp_sql.c LoadModule mod_facl.c LoadModule mod_unique_id.c LoadModule mod_copy.c LoadModule mod_deflate.c LoadModule mod_ifversion.c LoadModule mod_tls_memcache.c # Install proftpd-mod-geoip to use the GeoIP feature #LoadModule mod_geoip.c # keep this module the last one LoadModule mod_ifsession.c
Pronto, agora devemos criar a base de dados do proftpd, para você vai precisar baixar o arquivo abaixo:
Descompacte o arquivo em um local qualquer dentro do seu Ubuntu e digite o seguinte:
mysql -u UsuarioMySQL -p < /caminho/do/arquivo/proftpd.sql
Lembre-se de substituir “UsuarioMySQL” pelo nome de usuário do seu servidor MySQL e o caminho do arquivo proftpd.sql. O comando acima irá importar a base de dados do proftpd para seu servidor mysql, com isso, uma nova base de dados será criada com o nome de “proftpd”.
Dica: Normalmente eu utilizo o MySQL Workbench para gerenciar bases de dados MySQL. Ele poderá ser encontrado facilmente na Central de programas do Ubuntu.
Agora vamos criar o usuário padrão do nosso servidor FTP, para isso digite:
sudo adduser ftpuser --home=/home/FTP --shell=/bin/false
Conclua os dados requisitados após digitar este comando.
Verifique o UID e o GID do usuário e grupo que acabamos de criar com o seguinte comando:
id -u ftpuser id -g ftpuser
No meu caso o UID e GID tem o valor 1001.
Lembre-se que você terá que lembrar estes valores na hora de criar novos usuários na sua base de dados.
Vamos criar nosso primeiro usuário FTP, para isso você pode utilizar o MySQL Workbench ou Emma para gerenciar sua base de dados por uma interface gráfica. Mas se você quiser ser bem herói e digitar sudo por linha de comando, digite:
mysql -u UsuarioMySQL -p
Para acessar o servidor MySQL. Em seguida, digite a seguinte consulta alterando os dados necessários:
INSERT INTO `proftpd`.`ftpuser` (`userid`, `passwd`, `uid`, `gid`, `homedir`, `shell`, `count`, `accessed`) VALUES ('nomeusuario', 'senhausuario', '1001', '1001', '/home/FTP/nomeusuario', '/sbin/nologin', '', '');
Issso irá criar o usuário “novousuario” com a senha “senhausuario”. Lembre-se que também estamos enviando a home do usuário e o UID e GID do usuário que criamos como padrão para nosso servidor FTP.
Para adicionar quota para este usuário, digite a seguinte query:
INSERT INTO `proftpd`.`ftpquotalimits` (`name`, `limit_type`, `bytes_in_avail`, `bytes_out_avail`) VALUES ('nomeusuario', 'hard', '104857600', '104857600');
INSERT INTO `proftpd`.`ftpquotatallies` (`name`) VALUES ('nomeusuario');Neste caso estamos adicionando uma quota de 100MB (104857600 bytes) para o usuário “nomeusuario”, ele não será capaz de enviar mais arquivo quanto a quota for atingida.
Nota: O tamanho máximo que você poderá adicionar para quota será 9223372036854775807 (9.23EB – exabytes).
Agora você pode testar com o cliente FTP que preferir. Se ficou com alguma dúvida, assista ao vídeo tutorial ao final do artigo, ele detalha um pouco mais o que deverá ser feito para configurar o ProFTPD.
Vídeo tutorial
O vídeo tutorial abaixo complementa o texto do artigo acima:
Link do vídeo: https://www.youtube.com/watch?v=5hODYF1sLOM
Espero ter ajudado!
