ProFTPD 1.3.2 Install (rpm)


ProFTPD 1.3.2cをインストールした時のメモ。

  • Vine Linux 5.0
  • MySQL 5.1.41
  • ProFTPD 1.3.2c

まずはソースパッケージを落としてくる。

$ apt-get source proftpd
$ rpm -ivh proftpd-1.3.2c-1vl6.src.rpm

ユーザー管理をMySQLで行いたいのでspecに追記する。

$ cd ~/rpm/SPECS
$ vi proftpd.spec
%define _prefix		/usr
%define _localstatedir	/var/run
%define _sysconfdir	/etc
%define _rundir		/var/run/proftpd
%define tarballversion	1.3.2c
%define origversion	1.3.2c

Summary: ProFTPd -- Professional FTP Server.
Summary(ja): ProFTPd -- プロフェッショナル FTP サーバ
Name: proftpd
Epoch: 1
Version: %{origversion}
Release: 1%{?_dist_release}
License: GPL
Group: System Environment/Daemons
URL: http://www.proftpd.org/

Source0: ftp://ftp.proftpd.org/distrib/%{name}-%{origversion}.tar.bz2
Source1: proftpd.vine.conf
Source2: ftpusers.vine
Source3: proftpd.init
Source5: welcome.msg

# upstream bug fixes & security fixes

# auth 
Patch201: proftpd-1.3.1-use-system-auth-instead-of-pam_pwdb.patch

# iconv patch (CharsetLocal/CharsetRemote)
# Patch300: http://www.hakusan.tsg.ne.jp/tjkawa/software/misc/proftpd-iconv/pack/proftpd-1.3.0-iconv.patch.gz
Patch300: proftpd-1.3.1-iconv.patch.bz2

# fix build on recent kernel headers
# Patch400: proftpd-1.3.1-umode.patch

BuildRoot: %{_tmppath}/%{name}-%{version}-root
BuildRequires: pam-devel, openldap-devel, openssl-devel
Requires: pam > 0.59
Obsoletes: wu-ftpd, anonftp
Provides: ftpserver

Vendor: Project Vine
Distribution: Vine Linux

%description
ProFTPd is an enhanced FTP server with a focus toward simplicity,
security, and ease of configuration.  It features a very Apache-like
configuration syntax, and a highly customizable server infrastructure,
including support for multiple 'virtual' FTP servers, anonymous FTP,
and permission-based directory visibility.

%description -l ja
ProFTPd は シンプルさ, セキュリティ, 設定の容易さに焦点をあてた 優れた
FTP サーバです。Apache に似た構文による設定や、複数の仮想 FTP サーバ、
anonymous FTP, パーミッションベースのディレクトリ可視性のサポートを含む、
高度にカスタマイズ可能なサーバ・インターフェイスを特徴としています。

%prep
%setup -q -n %{name}-%{tarballversion}
find . -type d -name CVS | xargs -r rm -frv

# upstream fixes

## patches from mdk
# use system-auth instaed of pam_pwdb
%patch201 -p1

# iconv patch (CharsetLocal/CharsetRemote)
%patch300 -p1

# fix build on recent kernel headers
# %patch400 -p0

%build
# Disable stripping in order to get useful debuginfo packages
%{__perl} -pi -e 's|"-s"|""|g' configure

%configure \
    --libexecdir="%{_libexecdir}/proftpd" \
    --localstatedir="%{_var}/run" \
    --enable-ctrls \
    --enable-facl \
    --enable-dso \
    --enable-ipv6 \
    --with-includes=/usr/include/openssl:/usr/include/mysql \
    --with-libraries=/usr/lib64:/usr/lib64/mysql \
    --with-modules=mod_tls:mod_load:mod_wrap2:mod_codeconv:mod_df \
    --with-shared=mod_quotatab:mod_quotatab_sql:mod_sql:mod_sql_mysql

# It seems that with _smp_mflags -lsupp tries to get linked before being built
# (as of 1.3.0a-4 F7/devel with koji, happened on F8 x86_64 and F7 ppc64)
%{__make}


%install
%{__rm} -rf %{buildroot}
%{__make} install DESTDIR=%{buildroot} \
    rundir="%{_var}/run/proftpd" \
    INSTALL_USER=`id -un` \
    INSTALL_GROUP=`id -gn`

# auth
mkdir -p %{buildroot}%{_sysconfdir}/pam.d
%{__install} -m 644 contrib/dist/rpm/ftp.pamd %{buildroot}%{_sysconfdir}/pam.d/ftp

# logrotate
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
%{__install} -m 644 contrib/dist/rpm/proftpd.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/proftpd

# init.d
%{__install} -D -p -m 0755 %{SOURCE3} \
    %{buildroot}%{_sysconfdir}/rc.d/init.d/proftpd

%{__install} -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/proftpd.conf
%{__install} -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/ftpusers
%{__install} -D -p -m 0644 %{SOURCE5} %{buildroot}/%{_var}/ftp/welcome.msg

touch %{buildroot}%{_sysconfdir}/ftpusers

rm contrib/README.* || :
# eliminate executable bit in %doc
find doc/ sample-configurations/ -type f -perm +111 | xargs -r chmod -x

# remove .{la,a}
rm -f %{buildroot}%{_libexecdir}/proftpd/*.{la,a}

# remove development files (headers and pkgconfig file)
# who need these files?
rm -rf %{buildroot}%{_includedir}/proftpd
rm -rf %{buildroot}%{_libdir}/pkgconfig

%preun
if [ -d %{_rundir} ] ; then
	rm -rf %{_rundir}/*
fi

if [ $1 = 0 ] ; then
	/sbin/chkconfig --del proftpd
fi

%postun
if [ $1 -ge 1 ]; then
    /sbin/service proftpd condrestart
fi

%post
/sbin/chkconfig --add proftpd


%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root)
%doc COPYING CREDITS ChangeLog INSTALL NEWS
%doc README.{LDAP,PAM,modules} doc/*
%doc contrib/README contrib/xferstats.holger-preiss
%doc sample-configurations/
%{_sbindir}/*
%{_bindir}/*
%{_mandir}/*/*
%{_var}/ftp/welcome.msg
%dir %{_libexecdir}/proftpd/
%{_libexecdir}/proftpd/mod_*
%dir %{_rundir}
%dir %{_var}/ftp
%config %{_sysconfdir}/rc.d/init.d/proftpd
%config(noreplace) %{_sysconfdir}/pam.d/ftp
%config(noreplace) %{_sysconfdir}/proftpd.conf
%config(noreplace) %{_sysconfdir}/ftpusers
%config(noreplace) %{_sysconfdir}/logrotate.d/proftpd


%changelog
* Mon Dec 28 2009 Satoshi IWAMOTO  1.3.2c-1
- new upstream release with security fix (CVE-2009-3555)

* Wed Oct 21 2009 Satoshi IWAMOTO  1.3.2b-1
- new upstream release with security fix (NULL char in X.509 certificate)
- add chkconfig --add in post script

* Mon Jul 06 2009 Daisuke SUZUKI  1.3.2a-3
- remove .{la,a}
- remove headers and pkgconfig file

* Mon Jul  6 2009 Satoshi IWAMOTO  1.3.2a-2
- update Source1 (sample config file for vine)
  set default char set to UTF-8

* Fri Jul  3 2009 Satoshi IWAMOTO  1.3.2a-1
- new upstream release

* Sat Apr 04 2009 Daisuke SUZUKI  1.3.2-3
- rebuild with openldap-2.4.11

* Tue Mar 31 2009 Satoshi IWAMOTO  1.3.2-2
- built with openssl-0.9.8k

* Sat Feb 07 2009 Satoshi IWAMOTO  1.3.2-1
- new upstream release
- add configure option to activate new modules
- drop patch400

* Wed Jan 14 2009 Shu KONNO  1.3.1-6
- built with openssl-0.9.8j

* Mon Sep 22 2008 Shu KONNO  1.3.1-5
- built with openssl-0.9.8i

* Sun Aug 10 2008 MATSUBAYASHI Kohji  - 1.3.1-4
- add Patch400 to fix build failure at least on i386
- spec in UTF-8

* Tue Jul 15 2008 Shu KONNO  1.3.1-3
- built with openssl-0.9.8h

* Sun Mar 23 2008 Satoshi IWAMOTO  1.3.1-2
- update proftpd.vine.conf (use DisplayChdir instead of DisplayFirstChdir)

* Sun Mar 23 2008 Satoshi IWAMOTO  1.3.1-1
- new upstream release
- drop old patches which are included in new release
- update patch201, 300
- build under new versioning policy

* Mon Sep 10 2007 Satoshi IWAMOTO  1.3.0a-0vl1
- new upstream release
- built with openssl098
- drop old (for 1.2.10) patches
- Patch100-150 from FC8 package
- Patch160-170 from upstream CVS (maybe will be fixed in 1.3.1)
- update patch300 for 1.3.0
- change configure option refer to FC8
- add process reboot with message output when package is upgraded 
- docfiles list update
- fix changelog ver number typo

* Sun Sep 09 2007 Satoshi IWAMOTO  1.2.10-0vl6
- add patch202 for fix timestamp (backport from 1.3.0rc1 #2798)
  ()
- add Vendor/Distribution tag
- add patch104 for fix pr_ctrls_recv_request issue
- add patch103 for fix CVE-2006-6170
- add patch102 for fix CVE-2006-5815
- add patch101 for fix CVE-2006-6171

* Sun Aug 27 2006 NAKAMURA Kenta  1.2.10-0vl5
- rebuilt with openldap-2.3.27-0vl

* Sun Jul 02 2006 Satoshi MACHINO  1.2.10-0vl4
- rebuilt with openldap-2.3.24-0vl1

* Sun May 14 2006 Shoji Matsumoto  1.2.10-0vl3
- add patch300 for iconv patch

* Thu Mar 16 2006 Daisuke SUZUKI  1.2.10-0vl2
- enable mod_ldap
- add BuildRequires: openldap-devel, openssl-devel
- add Patch200 from MDK to support ldap
- add Patch201 from MDK to use system-auth instead of pam_pwdb
  (pam_pwdb is now obsolete, and will be removed in the future pam version)

* Fri Sep 09 2005 Satoshi IWAMOTO 
- 1.2.10-0vl1.1
- add patch100 for fix CAN-2005-2390

* Sun Sep 05 2004 Daisuke SUZUKI  1.2.10-0vl1
- new upstream release

* Tue Aug 03 2004 Daisuke SUZUKI  1.2.10-0vl0.3
- new upstream release (1.2.10rc3)
- build for Vine Linux 3.0

* Fri May 21 2004 IKEDA Katsumi  1.2.10-0vl0.1
- new upstream release
- fix security issue: http://secunia.com/advisories/11527/

* Tue Apr 13 2004 Daisuke SUZUKI  1.2.9-0vl1
- new upstream release

* Wed Sep 24 2003 Daisuke SUZUKI  1.2.8p-0vl1
- new upstream release
- fix security issue: http://xforce.iss.net/xforce/alerts/id/154

* Sun Mar  9 2003 Daisuke SUZUKI  1.2.8-0vl1
- new upstream release

* Fri Dec  6 2002 Daisuke SUZUKI  1.2.7-0vl1
- new upstream release 1.2.7
- add logrotate config file.
- move ftp home directory from /home/ftp to /var/ftp

* Mon Jun 10 2002 Daisuke SUZUKI  1.2.6-0vl1
- new upstream release 1.2.6

* Mon Jun 10 2002 Daisuke SUZUKI  1.2.5-0vl4
- new upstream release 1.2.5 (stable release version)

* Mon Jun 03 2002 Daisuke SUZUKI  1.2.5-0vl3
- new upstream release 1.2.5-rc3

* Mon Jan 28 2002 Toru Sagami  1.2.5-0vl2
- eliminate executable bit in %doc (requierment for /usr/bin/perl)
- put files in sample-configurations/ to the according directory
- remove unnecessary README.* files

* Thu Dec 20 2001 Toru Sagami  1.2.5-0vl1
- updated to 1.2.5rc1 for problems in file globbing

* Sun Oct 21 2001 Toru Sagami 
- 1.2.4-0vl1

* Fri Oct 19 2001 Toru Sagami 
- 1.2.3-0vl1

* Sat Aug 18 2001 Toru Sagami 
- 1.2.2-0vl1: update to 1.2.2 release
- added more documents

* Sun Jul 15 2001 Daisuke SUZUKI  1.2.2-0vl0.rc3
- update to 1.2.2rc3
- use macros

* Mon Jun 11 2001 MATSUBAYASHI 'Shaolin' Kohji 
- 1.2.1-0vl3
- rebuilt for VineSeed

* Tue Feb 27 2001 KAJIKI Yoshihiro  [1.2.1-0vl2]
- update to 1.2.1

* Tue Feb 27 2001 KAJIKI Yoshihiro  [1.2.0-0vl2]
- build for VineSeed

* Tue Feb 27 2001 KAJIKI Yoshihiro  [1.2.0-0vl1]
- update to 1.2.0
- set Epoch 1 to update from pre* and rc* version
 
* Tue Feb 20 2001 Toru Sagami 
- 1.2.0rc3-0vl3
- removed PreReq and postun about /etc/ftpusers stuff

* Mon Feb 19 2001 KAJIKI Yoshihiro  [1.2.0rc3-0vl3]
- remove setup of /etc/ftpusers in %%pre script
- add ftpusers.vine insted of the %%pre script
- remove contrib/README.* frpm %%files
- add BuildRequires: pam-devel

* Mon Feb 19 2001 KAJIKI Yoshihiro  [1.2.0rc3-0vl2]
- rebuild for VineSeed

* Wed Feb 07 2001 KAJIKI Yoshihiro  [1.2.0rc3-0vl1]
- update to 1.2.0rc3
- add 'TimesGMT FALSE' in default configuration file
- build on Vine 2.1

* Mon Feb 05 2001 Toru Sagami 
- modified pre script to make it run by bash2 and added PreReq
- remove /etc/ftpusers after uninstall

* Thu Feb 01 2001 MATSUBAYASHI 'Shaolin' Kohji 
- 1.2.0rc2-0vl8
- rebuilt on VineSeed

* Thu Feb 01 2001 KAJIKI Yoshihiro  [1.2.0rc2-0vl7]
- remove patch from CVS to avoid 'after 5min data brake'
- add passive patch insted of abobe CVS patch
- revival contribute's proftpd.init.d

* Tue Jan 23 2001 KAJIKI Yoshihiro  [1.2.0rc2-0vl6]
- fixed %pre script and remove /etc/ftpusers from files
- modify Japanese summary and descriptions

* Sun Dec 03 2000 Toru Sagami 
- actually fixed to make the package relocatable.
- non-root build failure by broken %prein, which should be %pre.
- dont include CVS directory in doc
- add %config /etc/rc.d/init.d/proftpd

* Tue Nov 14 2000 KAJIKI Yoshihiro  [1.2.0rc2-0vl4]
- correct config directive of the init.d script

* Wed Oct 18 2000 Yoshihiro Kajiki  [1.2.0rc2-0vl3]
- adopt current patch from CVS to avoid the 'put on passive mode' probrem

* Sun Jul 30 2000 Jun Nishii 
- 1.2.0rc2-0vl1
- obsoletes anonftp
- do not chkconfig --add in %post
- requires: pam
- added proftpd.vine.conf

* Fri Jul 28 2000 Daisuke SUZUKI 
- libtoolize for alpha

* Sat Jul 15 2000 Kazuhisa TAKEI
- [1.2.0rc2]

* Wed Jun 28 2000 Kazuhisa TAKEI
- repackaging for VineLinux

* Thu Oct 3 1999 O.Elliyasa 
- Multi package creation.
  Created core, standalone, inetd (&doc) package creations.
  Added startup script for init.d
  Need to make the "standalone & inetd" packages being created as "noarch"
- Added URL.
- Added prefix to make the package relocatable.

* Wed Sep 8 1999 O.Elliyasa 
- Corrected inetd.conf line addition/change logic.

* Sat Jul 24 1999 MacGyver 
- Initial import of spec.

ビルドする。

$ rpmbuild -bb --clean proftpd.spec

インストールする。

$ cd ../RPMS/x86_64
$ su
# rpm -ivh proftpd-1.3.2c-1vl5.x86_64.rpm

  • ユーザー管理はMySQLで行う。
  • 接続は暗号化して行う。
  • Anonymousは使用しない。
# vi /etc/proftpd.conf
# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"FTP Server"
ServerType			standalone
DefaultServer			on
ServerIdent			on "FTP OK"
UseReverseDNS			off
IdentLookups			off

<Limit LOGIN>
  DenyGroup			!users
</Limit>

# Port 21 is the standard FTP port.
Port				21

# Don't use IPv6 support by default.
UseIPv6				off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

TimesGMT			off
SetEnv TZ			JST-9
CharsetLocal			UTF-8
CharsetRemote			CP932
# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances			30
<IfModule mod_load.c>
  MaxLoad			10.0 "Server busy, seek elsewhere"
</IfModule>

MaxLoginAttempts		1
MaxClientsPerHost		1
MaxHostsPerUser			1
RootLogin			off
ListOptions			"-a"
RequireValidShell		off

TimeoutIdle			600
TimeoutLogin			300
TimeoutNoTransfer		600
TimeoutSession			none
TimeoutStalled			600
# Set the user and group under which the server will run.
User				nobody
Group				nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Normally, we want files to be overwriteable.
AllowOverwrite			on
AllowStoreRestart		on
AllowRetrieveRestart		on
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

LogFormat			default "%h %l %u %t \"%r\" %s %b"
LogFormat			auth "%v [%P] %h %t \"%r\" %s"
LogFormat			write "%h %l %u %t \"%r\" %s %b"
ExtendedLog			/var/log/proftpd/all.log ALL default
ExtendedLog			/var/log/proftpd/auth_log AUTH auth
ExtendedLog			/var/log/proftpd/access_log WRITE,READ write

<IfModule mod_tls.c>
  TLSEngine			on
  TLSLog			/var/log/proftpd/tls.log
  TLSProtocol			SSLv23
  TLSCipherSuite		ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
  TLSRequired			off
  TLSRSACertificateFile		/path/to/certificitate/server.crt
  TLSRSACertificateKeyFile	/path/to/certificitate/server.key
  TLSVerifyClient		off
</IfModule>

<IfModule mod_delay.c>
  DelayEngine			on
</IfModule>
DelayTable			/var/proftpd/proftpd.delay

<IfModule mod_sql_mysql.c>
  AuthOrder			mod_sql.c
  SQLAuthTypes			Plaintext
  SQLAuthenticate		users* groups*
# ScoreboardFile		/var/run/proftpd.scoreboard
  SQLConnectInfo		db_name@localhost:3306 sql_user_name sql_user_pass PERSESSION
  SQLDefaultGID			1001
  SQLDefaultUID			1001
  SQLUserInfo			users userid password uid gid homedir shell
  SQLGroupInfo			groups groupname gid members
</IfModule>

<IfModule mod_quotatab.c>
  QuotaEngine			on
  QuotaLog			/var/log/proftpd/quota.log
  QuotaLimitTable		sql:/get-quota-limit
  QuotaTallyTable		sql:/get-quota-tally/update-quota-tally/insert-quota-tally
  SQLNamedQuery			get-quota-limit SELECT "userid, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE userid = '%{0}' AND quota_type = '%{1}'"
  SQLNamedQuery			get-quota-tally SELECT "userid, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE userid = '%{0}' AND quota_type = '%{1}'"
  SQLNamedQuery			update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE userid = '%{6}' AND quota_type = '%{7}'" quotatallies
  SQLNamedQuery			insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
  QuotaLock			/tmp/proftpd-quota-lock
  QuotaShowQuotas		on
  QuotaDisplayUnits		Mb
  QuotaDirectoryTally		on
</IfModule>
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp

  # Limit the maximum number of anonymous logins
#  MaxClients			10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
#  DisplayLogin			welcome.msg
#  DisplayChdir			.message

  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE>
#    DenyAll
#  </Limit>
#</Anonymous>

MySQLにユーザー管理データベースを作成する。

# mysqladmin -u root --password='root_pass' create db_name
# mysql -u root -p
> use db_name;

groupテーブルを作成。

> CREATE TABLE `groups` (
> `groupname` varchar(30) NOT NULL,
> `gid` smallint(5) UNSIGNED NOT NULL default 1001,
> `members` varchar(255) default NULL,
> PRIMARY KEY (`groupname`),
> UNIQUE KEY `gid` (`gid`) );

userテーブルを作成

> CREATE TABLE `users` (
> `userid` varchar(30) NOT NULL,
> `password` varchar(30) NOT NULL,
> `uid` smallint(5) UNSIGNED NOT NULL default 10000,
> `gid` smallint(5) UNSIGNED NOT NULL default 1001,
> `homedir` varchar(255) default NULL,
> `shell` varchar(255) default '/bin/false',
> PRIMARY KEY (`userid`),
> UNIQUE KEY `uid` (`uid`) );

quotalimitsテーブルを作成

> CREATE TABLE `quotalimits` (
> `userid` varchar(30) NOT NULL,
> `quota_type` ENUM("user", "group", "class", "all") NOT NULL,
> `per_session` ENUM("false", "true") DEFAULT 'true' NOT NULL,
> `limit_type` ENUM("soft", "hard") DEFAULT 'soft' NOT NULL,
> `bytes_in_avail` FLOAT DEFAULT '0' NOT NULL,
> `bytes_out_avail` FLOAT DEFAULT '0' NOT NULL,
> `bytes_xfer_avail` FLOAT DEFAULT '0' NOT NULL,
> `files_in_avail` INT UNSIGNED DEFAULT '0' NOT NULL,
> `files_out_avail` INT UNSIGNED DEFAULT '0' NOT NULL,
> `files_xfer_avail` INT UNSIGNED DEFAULT '0' NOT NULL );

quotatalliesテーブルを作成。

> CREATE TABLE `quotatallies` (
> `userid` varchar(30) NOT NULL,
> `quota_type` ENUM("user", "group", "class", "all") default 'user' NOT NULL,
> `bytes_in_used` FLOAT default '0' NOT NULL,
> `bytes_out_used` FLOAT default '0' NOT NULL,
> `bytes_xfer_used` FLOAT default '0' NOT NULL,
> `files_in_used` INT UNSIGNED default '0' NOT NULL,
> `files_out_used` INT UNSIGNED default '0' NOT NULL,
> `files_xfer_used` INT UNSIGNED default '0' NOT NULL );

データベースへの権限設定をする。

> GRANT SELECT,UPDATE,INSERT ON db_name.* TO sql_user_name@localhost IDENTIFIED BY 'sql_user_pass';

ユーザーを作成。

> INSERT INTO groups VALUES ('users',1001,'');
> INSERT INTO users VALUES ('user_name',('user_pass'),1001,10000,'/path/to/directory/user_name','/bin/false');
> INSERT INTO quotalimits VALUES ('user_name','users','false','hard', 10737418240,0,0,0,0,0);
> flush privileges;
> \q

必要なフォルダを作成。

# mkdir /var/proftpd
# mkdir /var/log/proftpd
# mkdir -p /path/to/directory/user_name
# chown 10000:1001 /path/to/directory/user_name
# chmod 0700 /path/to/directory/user_name

起動スクリプト。

#!/bin/sh
# $Id: proftpd.init,v 1.1 2004/02/26 17:54:30 thias Exp $
#
# proftpd	This shell script takes care of starting and stopping
#		proftpd.
#
# chkconfig: - 80 30
# description: ProFTPD is an enhanced FTP server with a focus towards \
#              simplicity, security, and ease of configuration. \
#              It features a very Apache-like configuration syntax, \
#              and a highly customizable server infrastructure, \
#              including support for multiple 'virtual' FTP servers, \
#              anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftp.conf
# pidfile: /var/run/proftpd.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0

[ -x /usr/sbin/proftpd ] || exit 0

RETVAL=0

prog="proftpd"

start() {
	echo -n $"Starting $prog: "
	daemon proftpd 2>/dev/null
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}

stop() {
	echo -n $"Shutting down $prog: "
	killproc proftpd
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}

# See how we were called.
case "$1" in
  start)
	start
	;;
  stop)
	stop
	;;
  status)
	status proftpd
	RETVAL=$?
	;;
  restart)
	stop
	start
	;;
  condrestart)
	if [ -f /var/lock/subsys/proftpd ]; then
	  stop
	  start
	fi
	;;
  reload)
	echo -n $"Re-reading $prog configuration: "
	killproc proftpd -HUP
	RETVAL=$?
	echo
	;;
  *)
	echo "Usage: $prog {start|stop|restart|reload|condrestart|status}"
	exit 1
esac

exit $RETVAL

起動設定後、起動する。

# chkconfig proftpd on
# service proftpd start

Starting ProFTPd:				[  OK  ]

後は実際に接続してテスト。

# cat /var/log/proftpd/proftpd.log

xxx.xxx.xxx.xxx user nobody [20/ 2月/2010:01:13:17 +0900] "USER user" 331 -
xxx.xxx.xxx.xxx user user [20/ 2月/2010:01:13:17 +0900] "PASS (hidden)" 230 -
xxx.xxx.xxx.xxx user user [20/ 2月/2010:01:13:17 +0900] "XPWD" 257 -
xxx.xxx.xxx.xxx user user [20/ 2月/2010:01:13:17 +0900] "TYPE A" 200 -
xxx.xxx.xxx.xxx user user [20/ 2月/2010:01:13:17 +0900] "PORT xxx,xxx,xxx,xxx,207,12" 200 -
xxx.xxx.xxx.xxx user user [20/ 2月/2010:01:13:17 +0900] "LIST" 226 115