ProFTPD + quota 限制空間使用

目的: 達到每一個帳戶有自已的空間大小限制，非無限，雖然說可以使用 Linux 本身附的 quota 功能，不過那個是需要實體帳戶存在才可以，

這裡是用虛擬帳戶方式與檔案格式存放帳戶來作測試，

環境是已使用 RPM 安裝過了，所以需要自行編譯讓 ProFTPD 支援 quota 功能。

1。下載 1.3.2 版

wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.2.tar.gz

2。編譯

install_user=ftp install_group=ftp ./configure –prefix=/usr/local –sysconfdir=/etc –localstatedir=/var/run –mandir=/usr/local/man –without-pam –disable-auth-pam –with-modules=mod_ratio:mod_readme:mod_quotatab:mod_quotatab_file LDFLAGS=-static

make

make install

3。裝好後，新的 proftpd 等執行檔案都在 /usr/local/sbin/裡，就把它 link 至 /usr/sbin/ 吧，

還有 /root/proftpd-1.3.2/contrib/ 裡有 ftpasswd (建虛擬帳戶用的)及 ftpquota (建quota 用的) 這兩個檔案也需要用到，

把它們 copy 至 /usr/bin/ 或 /usr/local/bin/ 吧

4。編輯 /etc/proftpd.conf 設定檔，其它設定維持不變，只要有幾個要注意的

AuthUserFile                    /etc/proftpd.passwd
# Using a file-based limit table
QuotaLimitTable file:/etc/ftpquota.limittab   # quota設定檔，用 ftpquota 設定 quota 後，記錄在這裡，內容需要用指令方式查看
# Using a file-based tally table
QuotaTallyTable file:/etc/ftpquota.tallytab   # 記錄已使用的配額
QuotaDirectoryTally on      # 記錄目錄操作過程
QuotaDisplayUnits Mb        # 顯示的空間單位
QuotaEngine on                  # 啟用 quota
QuotaLog /var/log/proftpd/quota.log   # 記錄 quota 使用
QuotaShowQuotas on                          # on 的話可以下 ftp 指令方式登入後可以使用 quote SITE QUOTA 查看資訊
QuotaOptions ScanOnLogin                  # 登入時掃描 home 目錄更新大小及數量

5。建立虛擬帳戶於 /etc/proftpd.passwd

mkdir /home/cross2 && chmod 777 /home/cross2

ftpasswd –passwd –name=cross2 –uid=1001 –gid=1001 –home=/home/cross2 –shell=/sbin/nologin –file=/etc/proftpd.passwd

6。建立 ftpquota.limittab 及 ftpquota.tallytab 檔案

ftpquota –create-table –type=limit

ftpquota –create-table –type=tally

# 會在 ./ 目錄底下建立 ftpquota.limittab 及 ftpquota.tallytab 檔案

# 因為我們 proftpd.conf 是設定在 /etc/ 底下，所以可以切換到 /etc/ 目錄再下指令，或者使用 –table-path 指定檔案路徑

7。建立限制

ftpquota –add-record –type=limit –quota-type=user –name=cross2 –units=Mb –bytes-upload=1

# 給 cross2 帳戶，上傳空間 1mb

8。測試 quota 有沒有 working，登入 FTP 後下 quote SITE QUOTA 得到如下結果

ftp localhost
Connected to localhost.
220 ProFTPD 1.3.2 Server ready.
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): cross2
331 Password required for cross2
Password:
230 User cross2 logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote SITE QUOTA
200-The current quota for this session are [current/limit]:
Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded Mb:         0.00/1.00                        # 上傳空間 使用多少 / 限制多少 Mb
Downloaded Mb:       unlimited
Transferred Mb:      unlimited
Uploaded files:      unlimited
Downloaded files:    unlimited
Transferred files:   unlimited
200 Please contact root@ssorc.tw if these entries are inaccurate

也可以用 ftpquota –show-record –type=limit 方式查看 limit，這裡是查看實際限制多少

  Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded bytes:     1048576.00
Downloaded bytes:   unlimited
Transferred bytes:  unlimited
Uploaded files:     unlimited
Downloaded files:   unlimited
Transferred files:  unlimited

9。測試上傳

我丟了一個檔案 879KB，使用 quote SITE QUOTA 查看，就會記錄我使用空間 0.84 Mb了

 Limit Type: Hard
Uploaded Mb:         0.84/1.00
Downloaded Mb:       unlimited
Transferred Mb:      unlimited
Uploaded files:      unlimited
Downloaded files:    unlimited
Transferred files:   unlimited

或者下 ftpquota –show-record –type=tally，就會有我使用空間多少

  Name: cross2
Quota Type: User
Uploaded bytes:     883678.00
Downloaded bytes:   0.00
Transferred bytes:  0.00
Uploaded files:     0
Downloaded files:   0
Transferred files:  0

我如果上傳一個1.39mb的檔案，會有幾種情形

a。只能上傳 160KB

b。出現訊息 Disk quota exceeded，傳送失敗

c。tally 的記錄

  Name: cross2
Quota Type: User
Uploaded bytes:     1048541.00
Downloaded bytes:   0.00
Transferred bytes:  0.00
Uploaded files:     0
Downloaded files:   0
Transferred files:  0

d 。quote SITE QUOTA 的記錄

 Limit Type: Hard
Uploaded Mb:         1.00/1.00
Downloaded Mb:       unlimited
Transferred Mb:      unlimited
Uploaded files:      unlimited
Downloaded files:    unlimited
Transferred files:   unlimited

e。/var/log/proftpd/quota.log 的記錄，竟沒有記錄是誰  ???

Jun 30 12:17:58 mod_quotatab/1.3.0[24911]: quotatab write(): limit exceeded, returning EDQUOT

PS: cross2 帳戶登入的記錄 quota.log

Jun 30 12:19:56 mod_quotatab/1.3.0[25018]: found limit entry for user ‘cross2’
Jun 30 12:19:56 mod_quotatab/1.3.0[25018]: found tally entry for user ‘cross2’
Jun 30 12:19:56 mod_quotatab/1.3.0[25018]: quotatab fs registered

10。測試下載

ftpquota –update-record –type=limit –quota-type=user –name=cross2 –units=Mb –bytes-upload=2 –bytes-download=1

這時後就要用 –update-record 來更新設定，給上傳空間2mb，下載空間1mb

# ftpquota –show-record –type=limit
——————————————-
Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded bytes:     2097152.00
Downloaded bytes:   1048576.00
Transferred bytes:  unlimited
Uploaded files:     unlimited
Downloaded files:   unlimited
Transferred files:  unlimited

我把空間傳滿，可以從 ftpquota –show-record –type=tally 或 quote SITE QUOTA 來查看

# ftpquota –show-record –type=tally
Name: cross2
Quota Type: User
Uploaded bytes:     2096672.00
Downloaded bytes:   0.00
Transferred bytes:  0.00
Uploaded files:     0
Downloaded files:   0
Transferred files:  0

ftp> quote SITE QUOTA
200-The current quota for this session are [current/limit]:
Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded Mb:         2.00/2.00
Downloaded Mb:       0.00/1.00
Transferred Mb:      unlimited
Uploaded files:      unlimited
Downloaded files:    unlimited
Transferred files:   unlimited

如果下載空間超過1mb就不給下載了

出現

[L] 451 RETR denied: quota exceeded: used 1.00 of 1.00 download Mb
[L] 傳送失敗!

10。測試傳輸大小，使用 –bytes-xfer 參數，這裡設定1MB，–bytes-xfer是包含上下傳及目錄列表計算的

ftpquota –update-record –type=limit –quota-type=user –name=cross2 –units=Mb –bytes-upload=2 –bytes-download=2 –bytes-xfer=1

ftpquota –show-record –type=limit
——————————————-
Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded bytes:     2097152.00
Downloaded bytes:   2097152.00
Transferred bytes:  1048576.00
Uploaded files:     unlimited
Downloaded files:   unlimited
Transferred files:  unlimited

ftp> quote SITE QUOTA
200-The current quota for this session are [current/limit]:
Name: cross2
Quota Type: User
Per Session: False
Limit Type: Hard
Uploaded Mb:         2.00/2.00
Downloaded Mb:       1.00/2.00
Transferred Mb:      0.00/1.00
Uploaded files:      unlimited
Downloaded files:    unlimited
Transferred files:   unlimited

傳輸大小超過1mb會出現

[L] 451 RETR denied: quota exceeded: used 1.00 of 1.00 transfer Mb
[L] 傳送失敗!

11。測試 –files-upload=1

超過1 份檔案數量時

[L] 552-STOR denied: quota exceeded: used 1 of 1 upload file
[L] 552 STOR: notice: quota reached: used 1 of 1 upload file
[L] 傳送失敗!

12。測試 –files-download=1，超過1份下載檔案數量時

[L] 451 RETR denied: quota exceeded: used 1 of 1 download file
[L] 傳送失敗!

13。測試 –files-xfer=1，它是包含上、下載檔案數量。但我失敗，不能 –files-xfer=1 ????? Option files-xfer does not take an argument

PS: 如果有 VirtualHost 的話，要把設定設在 <VirtualHost> </VirutalHost> 裡面 quota 才會生效。