基于FreeBSD5.4全能服务器安装v1.01

sldxcxp

曹海波（b.s.d）
改版声明：此次改版主要增加了相应的说明文字特别是在ftp服务器方面
版权声明：本着开源的思想，大家尽可以转载也希望大家不要垄断技术
强烈建议：安装系统时安装src和ports
理由：经过试验可以提升同步src和ports的速度
基本设置
setenv PACKAGEROOT "ftp://ftp.jp.freebsd.org" 设置环境变量使pkg_add -r 源代码安装方式选择较快的服务器下载二进制软件安装 pkg_add -r cvsup-without-gui 下载并安装二进制代码程序cvsup-without-gui（cvsup-without-gui无图形支持在文本方式下工作的软件，用来同步代码及ports用。）
编辑/etc/rc.conf
ee /etc/rc.conf
增加以下（用来停止sendmail）
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
mkdir /usr/home/chb/pkg_info
reboot
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_cvsup-without-gui.txt
(主要是记录安装的软件，用来以后分析软件包的关联性)
同步系统代码
cvsup -g -L 2 -h cvsup.jp.FreeBSD.org /usr/share/examples/cvsup/standard-supfile 注意：standard-supfile这个文件同步前一定要查看里面内容是否正确！即：[*default release=cvs tag= ] 默认的情况下可能会把代码同步到当前的最新版本，当然这个最新版本可能是current版！所以一定要指定！我的写法是：
*default release=cvs tag=RELENG_5_4 意思是同步到FreeBSD5.4的当前稳定版代码 还有就是值得注意的是：目前同步代码可以选择两个文件
一是：stable-supfile
二是：standard-supfile
stable-supfile 一般已经指定了同步代码的版本，一般也不需要设定！但是用FreeBSD5.2.1的朋友们就需要注意了因为FreeBSD5.2.1会把代码同步到4系的最新版，我一直没明白FreeBSD开发小组为什么会这么做！一旦没有修改就同步的话，轻则造成部分软件无法使用重则造成内核错误根本就无法进入系统！我可亲身经历过
standard-supfile 我认为同步前最好核对一下里面关于同步代码版本的部分。
至于为什么选择standard-supfile而不选择stable-supfile我可是经过N次的重做才确定用standard-supfile
登陆系统后运行uname -v查看系统版本号你会发现以standard-supfile同步的系统显示的是FreeBSD 5.4-RELEASE-p4 #0: Sat Jul 16 09:29:22 CST 2005 chb@ns1.tjhaina.net:/usr/obj/usr/src/sys/GENERIC
注意这里的5.4-RELEASE-p4用stable-supfile是不会出现p4的！
当然这只是我个人的做法！
编译系统内核
cd /usr/src make -j4 buildworld 上面命令-j4表示使用多线程支持加快编译速度（注意：cpu的占用率会升高）
编辑内核
cd /usr/src/sys/i386/conf
cp GENERIC /root/GENERIC.OLD
ee NS1
建立内核
cd /usr/src
make buildkernel
安装内核
make installkernel
重新启动
shutdown -r now
更新系统配置文件
mergemaster -p
这个命令后会跟随多个提示问题建议仔细阅读后做出选择，如果是安装系统后第一次同步代码，并是在没有安装任何软件的情况下，可以考虑执行 mergemaster -ai 跳过询问信息选择全部跟新
cd /usr/src
make installworld
mergemaster
重新启动
shutdown -r now
删除/usr/obj（以防影响下一次编译内核）
/usr/obj
cd /usr/obj
chflags -R noschg *
rm -rf *
同步ports软件包
cvsup -g -L 2 -h cvsup.jp.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
DNS服务器
设置bind9.3.1
%%%%%%%%%%%%%%%%%建立正反向解析目录%%%%%%%%%%%%%%
mkdir /etc/namedb/rev
mkdir /etc/namedb/hosts
%%%%%%%%%%%%%%%改变正反向解析目录属性%%%%%%%%%%%%%%
chown bind:bind /etc/namedb/rev
chown bind:bind /etc/namedb/hosts
chmod 750 /etc/namedb/rev
chmod 750 /etc/namedb/hosts
%%%%%%%%%%%%%生成正反向解析文件的例子文件%%%%%%%%%%%%
cd /etc/namedb
sh make-localhost
%%%%%%%%%%%%%%%%生成这正反向解析文件%%%%%%%%%%%%%%
cp /etc/namedb/master/localhost.rev /etc/namedb/rev/192.168.0.rev
cp /etc/namedb/master/localhost.rev /etc/namedb/hosts/tjhaina.net.hosts
%%%%%%%%%%%%%%%%设置DNS服务器的主域%%%%%%%%%%%%%%%
ee /etc/namedb/named.conf
zone "0.168.192.IN-ADDR.ARPA" {
type master;
file "/etc/namedb/rev/192.168.0.rev";
};
zone "tjhaina.net" {
type master;
file "/etc/namedb/hosts/tjhaina.net.hosts";
};
%%%%%%%%%%%%%设置DNS服务器反向解析文件%%%%%%%
ee /etc/namedb/rev/192.168.0.rev
$TTL 3600
@ IN SOA ns1.tjhaina.net. root.ns1.tjhaina.net. (
20050430 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.tjhaina.net.
205 IN PTR ns1.tjhaina.net.
205 IN PTR www.tjhaina.net.
205是你的IP地址
（增加反向解析PTR记录 注意：不建议全部的域名及二级域名增加PTR记录）
%%%%%%%%%%%%%设置DNS服务器的正向解析文件%%%%%%%
ee /etc/namedb/hosts/tjhaina.net.hosts
$TTL 3600
@ IN SOA ns1.tjhaina.net. root.ns1.tjhaina.net. (
20050621 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.tjhaina.net.
ns1 IN A 192.168.0.205
www IN A 192.168.0.205
mail IN A 192.168.0.205
tjhaina.net. IN MX 10 mail.tjhaina.net
(注意：MX记录的添加要先做一个mail的A记录再做MX记录。MX记录添加的原则是用你的域名指向你的mail的二级域名。不过还有其他的添加方法大家自己可以找一下相关资料)
%%%%%%%%%%%%%生成DNS服务器的key文件%%%%%%%%%%%%%%%
/usr/sbin/rndc-confgen > /etc/namedb/rndc.conf
%%%%%%%%%%%%%将key文件导入named.conf文件%%%%%%%%%%%%%
cd /etc/namedb
tail -n10 rndc.conf | head -n9 | sed -e s/#\ //g >> named.conf
（这个命令我也不知道为什么这么写！希望大家一起讨论）
%%%%%%%%%%%%%启动DNS服务器%%%%%%%%%%%%%%%%%%%%%
/usr/sbin/named -gc /etc/namedb/named.conf &
（& 表示后台运行）
/usr/sbin/rndc status
（查看DNS的启动情况）
%%%%%%%%%%%%%设置本机DNS服务器地址%%%% %%%%%%%%%%%%
ee /etc/resolv.conf
添加
nameserver 127.0.0.1
nameserver 211.98.2.4
nameserver 202.99.104.68
nameserver 202.99.96.68
nameserver 202.102.128.68
nameserver 202.103.0.117
nameserver 202.103.44.5
(所以选这么多DNS是考虑到了冗余设计防止万一出错)
%%%%%%%%%%%%删除或注释掉DNS服务器的监听地址%%%%%%
ee /etc/namedb/named.conf
删除
20 listen-on { 127.0.0.1; };
注释掉
// listen-on { 127.0.0.1; };
rndc reload
（由于bind9在默认的情况下只是给自己，所以要去除监听地址listen-on { 127.0.0.1; };）
%%%%%%%%%%%%使DNS服务器和系统一起启动%%%%%%%%
ee /etc/rc.conf
添加
named_enable="YES"
安装perl5.8.X
cd /usr/ports/lang/perl5.8
make WITH_DEBUGGING=yes \
WITH_GDBM=yes \
WITHOUT_PERL_MALLOC=yes \
WITHOUT_PERL_64BITINT=yes \
WITH_THREADS=yes \
ENABLE_SUIDPERL=yes
（注意：以上命令及参数是按行输入）
make test
make install
make clean
make rmconfig
shutdown -r now
perl -v
ps auwx|grep perl
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_perl5.8.txt
###############更改ports软件包的默认下载路径（因为只有安装了perl后才会有/etc/make.conf）#######
ee /etc/make.conf
添加
MASTER_SITE_OVERRIDE=ftp://ftp3.jp.freebsd.org/pub/FreeBSD/ports/distfiles/${DIST_SUBDIR}
（更改ports默认的下载路径，可以根据自己的实际情况进行设置）
################################安装openssl####################################
cd /usr/ports/security/openssl
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_openssl.txt
#################################安装web管理系统##############################
cd /usr/ports/sysutils/webmin
make
make install
make clean
make rmconfig
/usr/local/lib/webmin/setup.sh
ee /etc/rc.conf
添加
webmin_enable="YES"
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_webmin.txt
#################################安装数据库mysql4.0############################
cd /usr/ports/databases/mysql40-server
make WITH_CHARSET=gbk \
WITH_XCHARSET=all \
SKIP_DNS_CHECK=yes \
BUILD_OPTIMIZED=yes \
BUILD_STATIC=yes
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_mysql40-server.txt
%%%%%%%%%%%%安装mysql40组件%%%%%%%%%%%%%%
cd /usr/ports/databases/p5-DBD-mysql40
make
make install
make clean
make rmconfig
%%%%%%%%%%%使mysql40和系统一起启动%%%%%%%%%%%
ee /etc/rc.conf
mysql_enable="YES"
%%%%%%%%%%%设置mysql40的密码%%%%%%%%%%%%%%
/usr/local/bin/mysqladmin -u root password 'password'
mysql -u root -ppassword
%%%%%%%%%%启动mysql40%%%%%%%%%%%%%%%%%%%
start mysql
#/usr/local/share/mysql/mysql.server start
/usr/local/etc/rc.d/mysql-server.sh start
如果以上两条命令不能启动mysql
那么请reboot系统来启动mysql
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_mysql40.txt
###############################安装expat2#####################################
cd /usr/ports/textproc/expat2
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_expat2.txt
###############################安装web服务器apache1.33######################
cd /usr/ports/www/apache13
make
make install
make clean
make rmconfig
%%%%%%%%%%%使apache和系统一起启动%%%%%%%%%%%
ee /etc/rc.conf
添加
apache_enable="YES"
%%%%%%%%%%%%更改apache的相应设置%%%%%%%%%%%
ee /usr/local/etc/apache/httpd.conf
change 330
ServerAdmin you@your.address ==>ServerAdmin b.s.d@163.com
change 348
#ServerName www.example.com==>ServerName www.tjhaina.net
添加 794
添加Language zh-cn .zh-cn
添加 822
添加charset GB2312 .gb2312
添加 977
NameVirtualHost 192.168.0.205 (your hosts ip)
%%%%%%%%%%%%启动apache%%%%%%%%%%%%%%%%%
start apache
/usr/local/sbin/apachectl start
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_apache.txt
####################################安装php###################################
cd /usr/ports/lang/php4
make
make install
make clean
make rmconfig
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_php4.txt
###################################安装php扩展################################
cd /usr/ports/lang/php4-extensions
make (+ bz2)
make install
make clean
make rmconfig
cd /usr/local/etc
cp php.ini-recommended php.ini
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_php4-extensions.txt
########################安装phpSysInfo基于php的系统监测#######################
cd /usr/ports/www/phpSysInfo/
make
make install
make clean
make rmconfig
cd /usr/local/www/data/phpSysInfo/
cp config.php.new config.php
chown www:www config.php
(改变config.php的所属组和用户)
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_phpSysInfo.txt
####################安装phpmyadmin基于php的数据库web管理系统################
cd /usr/ports/databases/phpmyadmin/
make
make install
make clean
make rmconfig
%%%%%%%%%%%%%更改phpMyAdmin的配置%%%%%%%%%%%%
cd /usr/local/www/phpMyAdmin
chmod 755 config.inc.php
ee /usr/local/www/phpMyAdmin/config.inc.php
将84行
$cfg['Servers'][$i]['auth_type'] = 'config'; // Authentication method (config, http or cookie based)?
改成
$cfg['Servers'][$i]['auth_type'] = 'http'; // Authentication method (config, http or cookie based)?
[#将39行
#$cfg['PmaAbsoluteUri'] = ' ';
#改成
#$cfg['PmaAbsoluteUri'] = 'http://192.168.0.205/phpMyAdmin/';
pkg_info
pkg_info | col -b > /usr/home/chb/pkg_info/pkg_info_phpmyadmin.txt ]
（我现在不建议更改39行的内容虽然phpMyAdmin提示更改！但并没有发现39行对phpMyAdmin的运行有影响！改不好反而使phpMyAdmin不能正常显示）
安装FTP服务器
#############################安装ftp服务器pure-ftpd#############################
cd /usr/ports/ftp/pure-ftpd
ee /usr/ports/ftp/pure-ftpd/Makefile
添加
--with-everything \
--with-paranoidmsg \
--with-virtualchroot \
--with-tls \
--with-largefile \
--with-welcomemsg \
--with-uploadscript \
--with-cookie \
--with-virtualhosts \
--with-virtualroot \
--with-diraliases \
--with-quotas \
--with-sysquotas \
--with-ratios \
--with-ftpwho \
--with-throttling \
--sysconfdir=${PREFIX}/etc
make WITH_MYSQL=1 \
WITH_LANG=simplified-chinese
make install
make clean
make rmconfig
cd /usr/local/etc
cp pureftpd-mysql.conf.sample pureftpd-mysql.conf
cp pure-ftpd.conf.sample pure-ftpd.conf
ee /usr/local/etc/pure-ftpd.conf
安装参数详解
--with-everything: 编译一个几乎所有特性都开启的“大”服务器。
--with-paranoidmsg: 当该参数被开启，不论何种原因登录失败都将显示同样的信息给用户。不开启该参数是，密码问题将显示“验证失败”，被禁止用户将显示“对不起，我不信任你”。
--with-virtualchroot:通常一个用户使用chrooted(使用-A 和 -a 参数)命令不会转出他的home目录。开启该功能之后将使其成为可能：符号连接总是一起作用，甚至他们指向的目录不在用户的home目录内。这对于共享路径是一个非常拥有的功能（例如，每一个home目录下都有一个符号连接到/var/incoming）。该功能默认不开启。
--with-tls \
--with-largefile: 支持在32位架构下下载大于2 gigabytes 的文件。通过FTP传输一个如此之大的文件是一个较为奇怪的主意。并且你的文件系统，你的系统内核、你的FTP客户端也需要支持才行。并且当该功能被开启后，下载将会比不开启变慢（或需要耗费更多的CPU）。简单的说，不要应为好玩而开启该功能，除非你真的计划下载大于gigabytes的文件。
--with-welcomemsg: （为兼容）其它FTP服务器pure-ftp可以阅读 'welcome.msg' 。这是一个安全的缺陷（匿名用户可以上载'welcome.msg'文件到随机显示）。Pure-ftpd 默认使用 '.banner'文件。
--with-uploadscript: 自从0.98版开始， Pure-FTPd 开始关注上传。当一个上传成功完成之后，任何额外的程序或脚本可以被自动启动。该功能需要一个称为“pure-uploadscript”的程序安装在Pure-FTPd包内。
--with-cookie: 在用户登录的时候显示随机或定制的信息。
--with-virtualhosts: 支持虚拟主机。这意味着每个IP地址可以有不同的匿名FPT区域。如果服务器只有一个IP地址，就不需要该功能。但是如果有多个IP地址，并且需要一个客户端连接到IP xxx 去获得/etc/pure-ftpd/xxx/而不是~ftp/，就可以开启该功能。
--with-virtualroot \ //虚拟root支持
--with-diraliases: 支持路径的别名。
--with-quotas: 开启虚拟限额，可以限制一个用户可以在他的帐号下存储的最大数字，也可以限制总的大小。
--with-sysquotas: 支持系统限额（非Pure-ftpd的虚拟限额）。只有在计划使用系统限额的时候启用。
--with-ratios: 支持上传/下载比。
--with-ftpwho: 支持'pure-ftpwho' 命令。开启这个功能需要额外的内存。当pure-ftp运行在standalone模式时比较好，在inetd模式下启用较慢。
--with-throttling: 支持带宽限制。
其它参数
--with-altlog: 除了系统输出，还支持一些特殊的文件格式，目前已实现了：CLF, Stats, W3C 和 xferlog 格式
CLF (通用日志格式)是Apache, WebFS, Roxen以及其它最常用 web 服务器的基本格式；该日志文件仅仅记录文件传输，可以被web流量统计软件(Analog, Webalizer, etc.) 所分析。Stats格式是一种专门为日志文件分析软件设计的特殊输出格式。W3C格式是一种商业日志分析软件(所有支持IIS日志的分析器)的标准格式。Xferlog 是一种源于wu-ftpd的格式。
--with-brokenrealpath: 一些 Solaris 版本中realpath()运行不可靠。如果altlog和（或）pure-uploadscript没有很好的运行，请用这个参数重新编译。
--with-certfile=: 该file用来做SSL认证，默认为 /etc/ssl/private/pure-ftpd.pem .
--with-extauth: 支持额外的校验模块。大多数用户不需要此参数。.
所支持语言
--with-language=english
--with-language=german
--with-language=romanian
--with-language=french
--with-language=polish
--with-language=spanish
--with-language=danish
--with-language=italian
--with-language=brazilian-portuguese
--with-language=slovak
--with-language=dutch
--with-language=korean
--with-language=swedish
--with-language=norwegian
--with-language=russian
--with-language=traditional-chinese
--with-language=simplified-chinese
--with-language=hungarian
--with-language=catalan
--with-language=czech: change the language of server messages.
默认为英语。
--with-ldap: 支持原始的LDAP路径。当该功能被开启，系统帐号将被忽略。你同时需要使用OpenLDAP。如果OpenLDAP被安装在一个特定的位置，你可以使用--with-ldap= 的参数。
--with-minimal: 为了有效运用现代FTP客户端的功能，Pure-FTPd采用基本的FTP协议加扩展(SITE IDLE,SITE CHMOD, MLSD, ...)的方式 。使用 --with-minimal 参数，这些扩展间不会被编译。同样的，也就不会有standalone server, 不会有lookup for user/group names, 不会有 humor也不会有 ASCII 的支持。但是执行文件将会比默认安装更小。该参数你至少需要GCC 3.3 以上来编译。如果你还想减少（执行）文件大小，可以采用--without-globbing 关联--with-minimal参数。如果你建立一个嵌入系统，可以这样使用；在其它场合，为了避免客户的抱怨（特别是使用windows客户端的客户），请忘记它吧
--with-mysql: 使用MySQL来提供用户数据库。当开启该参数，系统帐号被忽略。使用该功能MySQL 客户端的库文件将被安装。如果MySQL安装在特殊位置，可以使用--with-mysql= 语法。
--with-nonroot: 设置服务以非root特权用户启动。任何普通用户都可以运行服务。这对于在服务器上只有一个受限帐号的情况非常有用。但是一些特性将不能使用，而且密码只能通过LDAP，SQL或PureDB进行校验。当虚拟 chroot 被开启，用户将被限制在服务启动的目录。这是一种不安全的模式，一般用于普通（非root）用户建立临时性的服务器。在standalone模式下，2121端口将被侦听。如果想采用nonroot模式，需要编译并安装该软件(./configure --prefix=... && make install-strip) . /sbin, /bin and /man 目录需要被写入 prefix，同时还需要增加运行pure-ftpd用户在 /etc 目录的读写权限。
--with-pam: 使用紧密校验模式。Don't use this option if your login/passwd pairs are always refused (but the real fix would be to
fix your PAM configuration). 需要创建一个 /etc/pam.d/pure-ftpd 文件来运用PAM校验。'pam' 路径中包含该文件的一个样本。
--with-peruserlimits: 开启每用户同时在线限制，在繁忙的服务器上避免该参数。
--with-pgsql: 使用 Postgres 提供用户数据库。当开启该参数，系统帐号将被忽略，Postgres客户端库将被安装。如果Postgres安装与特殊位置，可以使用--with-pgsql= 语法。
--with-probe-random-dev: Pure-FTPd 使用 /dev/arandom, /dev/urandom 或者/dev/random 设备来提供严格的随机数字。这些设备通常在编译时被探测。如果想编译一个二进制包在其它主机上运行，该参数将在运行时被探测。该参数在Linux和BSD系统上无效，但可以使用在Solaris 和 QNX上。
--with-puredb: 支持虚拟用户，一个本地的用户数据库，不用于系统帐号。
--with-boring: 显示 "professionnal-looking" 信息。
--with-privsep: 开启权限分离。
--withrendez-vous: 允许在MacOS X上支持Rendezvous。
--without-ascii: 不支持 7-bits 传输 (ASCII)。如果有客户使用windows客户端程序发送脚本和HTML文件，不要使用 该参数或让他们对你大叫。
--without-banner: 不使用初始标语，这是一种通过隐瞒获得的愚蠢的安全。
--without-capabilities: 如果性能库 (libcap) 被找到，Pure-FTPd 将使用其提供安全性。该参数不测试这个库是否存在。如果性能库没有正常工作，可以到ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/ 下载。
--without-globbing: 不包括全局代码。能够减少内存消耗但经常不能工作。大多数用户不需要使用--without-globbing。Globbing是一个不错的功能。
--without-humor: 如果你没有查看过源代码而使用这个参数，就只好祝你幸运了。
--without-inetd: 如果Pure-FTPd总是运行在standalone模式下，这个参数可以节约一些代码字节。不要同时使用 --without-inetd和
--without-standalone参数，可能会导致服务不能运行。这些参数在Pure-FTPd的二进制分发包上都没有使用，所以inetd和standalone都被支持。
--without-iplogging: 为了保守机密而不记录任何IP地址，除非是政治敏感的服务器。
--without-nonalnum: 非法文件名检查。只支持基本的字符。不要盲目的使用这个参数，或者接受用户的抱怨。
--without-unicode: 不接受非拉丁字符。如果服务器文件名不含特殊字符则推荐使用。
--without-sendfile: 在Linux, Solaris, HPUX 和 FreeBSD 内核, Pure-FTPd采用特殊系统调用（sendfile）尝试减少CPU和内存的使用。在大多数文件系统中该方式运行良好，但该优化并不能在所有文件系统中正常工作。用户曾经报告过SMBFS(Samba)在FreeBSD以及TmpFS和NTFS在Linux（服务器报告错误为“broken pipe”或“Error during write to data connection”）上通过Pure-FTPd下载文件失败。如果计划在上述文件系统中运行服务，就不得不使用
--without-sendfile 参数来定义一个工作区。同样来自PA-Risc Linux 的系统也需要这个参数。
--without-shadow: 忽略shadow密码，即使他们被自动探测到。这通常是一个坏主意，除非使用的是PAM, LDAP 或 SQL。Pure-FTPd 支持shadow密码有效期 (包括帐号和密码)。.
--without-standalone: FTP 服务器能够正常地以 standalone 模式运行（没有任何超级服务）。如果不需要该功能并且想要节省一些代码字节的话，就可以开启该参数。一个类似于g2s, xinetd或tcpserver 的超级服务将强制运行该服务，但是推荐使用standalone模式。
--without-usernames: 从不在在路径列表里输出用户和组名，而代之以UIDs和GIDs。这将提高安全和性能，但会有用户觉得不够友好。
--without-capabilities: 如果性能库 (libcap) 被找到，Pure-FTPd 将使用其提供安全性。该参数不测试这个库是否存在。如果性能库没有正常工作，可以到ftp://ftp.kernel.org/pub/linux/libs/security/linux-privs/ 下载。
--without-usernames: 从不在在路径列表里输出用户和组名，而代之以UIDs和GIDs。这将提高安全和性能，但会有用户觉得不够友好。
"--prefix=" 改变安装路径，默认为 "/usr/local/".
配置文件详解
pure-ftpd.conf
ChrootEveryone yes
chroot每一个用户,等同于Proftpd 中的DefaultRoot~ , 可以限制用户在某个地方活动，增强服务器的安全性。使用户不能通过cd命令进入上一级目录。
TrustedGID 50
#以上两者要一起用
BrokenClientsCompatibility no
MaxClientsNumber 50
#最大链接数
Daemonize yes
#Fork in background 以守护进程方式在后台运行
MaxClientsPerIP 5
#每个ip最多链接数，最好设小点。
VerboseLog no
#是否要把所有client端的指令都log下来
DisplayDotFiles no
#显示开头的文件
AnonymousOnly no
#是否只让匿名登录
NoAnonymous no
#不开放匿名登入
SyslogFacility ftp
#应该是对日志做一下过滤 (auth, authpriv, daemon, ftp, security, user, local*)可以让日志只记录想要的信息
DontResolve yes
#不反向解释客户端的ip
MaxIdleTime 5
#最大闲置時間
#LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
#使用LDAP认证，
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
#使用MySQL认证
#PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
#使用PGSQL认证
#PureDB /ftp/etc/pureftpd.pdb
#使用者资料的DB存放地点 [由于我是用PureFTPD的內建DB.固有此选项]
#ExtAuth /var/run/ftpd.sock
#pure-authd socket 路径 (详细请看 README.Authentication-Modules)
#PAMAuthentication yes
#开启PAM认证
#UnixAuthentication yes
#如果你想要有简单的Unix(/etc/passwd)的认证的話
FortunesFile /usr/local/pureftpd/etc/.welcome
#显示的欢迎信息文件，你可以创建该文件，输入一些文字，然后你重启你的FTP服务，就会有意外的发现。
LimitRecursion 2000 8
#ls最多列出3000个文件.最深8层
AnonymousCanCreateDirs no
#匿名用户可以创建目录
MaxLoad 4
#当system load超过4時.使用者将不能再下载
PassivePortRange 30000 50000
#被动连接应答范围
ForcePassiveIP 192.168.0.1
#
AnonymousRatio 1 10
#Anonymous连接上传/下载比率
UserRatio 1 10
#用户上传/下载比率（注：如果使用ldap,mysql,pgsql,pam不要启用该功能，否则你在ldap等中设置的Ratio无校）
AntiWarez no
#上传的文件不能被下载(owner is ftp).等到local admin确认
Bind 127.0.0.1,8021
#要绑定和ip/port，在你的系统中有两个FTP Server这样你其中一个FTP就要使用其它端口。
#格式-> 127.0.0.1,21 如果只写port表All ip,port
AnonymousBandwidth 8
#Anonymous 带宽，单位KB/s
UserBandwidth 8
#用户带宽，单位KB/s
Umask 133:022
#上传文件的Umask.(: )
MinUID 1000
# UID至少多少才能登录
AllowUserFXP yes
#支不支持FXP
AllowAnonymousFXP no
#Anonymous支不支持FXP
ProhibitDotFilesWrite no
ProhibitDotFilesRead no
#(”.”)开头的文件能不能被读/写,UNIX Like下以点开头的文件是隐藏文件ls –a才能列出
#Pureftpd Quota模式下做产生” .ftpquota”文件。
AutoRename no
#上传文件若有相同文件名自动改名(file.1,file.2...)
AnonymousCantUpload no
#匿名用户上传文件
TrustedIP 10.1.1.1
#锁IP.
LogPID
#Log文件添加PID
AltLog stats:/ftp/etc/log/pureftpd.log
#log存放地点，注日志有几种常用的格式
#clf 类似apache格式，stats UNIX log格式，w3c 标准W3C格式，可能是HTML格式
NoChmod yes
#不给Chmod指令的权限
KeepAllFiles no
#使用者可续传.但不可刪除文件
CreateHomeDir yes
#如果user的home不存在自动建立(我把这个设为YES)
Quota 1000:10
#Quota :，FTP限制10M空间，可以上传1000个文件（注：如果使用ldap,mysql,pgsql,pam不要启用该功能，否则你在ldap等中设置的Quota无校）
PIDFile /ftp/etc/log/pure-ftpd.pid
#记录pure-ftpd的PID文件
CallUploadScript yes
#呼叫UploadScript
MaxDiskUsage 99
#当硬盘使用率到多少時将停止上传
NoRename yes
#用户不能重命名文件名
CustomerProof yes
PerUserLimits 3:20
#
pureftpd-mysql.conf
MYSQLServer 127.0.0.1
#MYSQL服务器的 IP
MYSQLPort 3306
#MYSQL 端口号
MYSQLSocket /var/lib/mysql/mysql.sock
#使用UNIX.sock本地连接
注：MYSQLServer 与 MYSQLSocket 选择一种即可
MYSQLUser ftp
#MYSQLUser 数据用户名
MYSQLPassword 123456
#MYSQL数据库用户的密码
MYSQLDatabase ftpusers
#FTP数据数据库
MYSQLCrypt md5
#密码加密方式"cleartext", "crypt", "md5" and "password"
# cleartext 明文，crypt，md5,password是Backend password(‘your-passwd’)函数（MYSQL数据库所使用的password（）函数）
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
# 密码字段，我使用users表中的Password做为密码字段
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
#UID用户ID字段
MYSQLDefaultUID 1000
#默认的UID （注：如何开启该选项，MYSQLGetUID将失去作用）
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
#GID组ID字段
MYSQLDefaultGID 1000
#默认的GID （注：如何开启该选项，MYSQLGetGID将失去作用）
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
#FTP用户目录如/home/web/www-9812-net
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
#磁盘限额，文件数限制。如1000，允许用户上传1千个文件
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
#磁盘限额，FTP用户空间限制（单位为M），如：100M
MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
#上传/下载比率。MySQLGetRatioUL为上传比，MySQLGetRatioDL下载比。如：1：5
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
#下传/下载带宽（单位KB/s）。MySQLGetBandwidthUL上传带宽，MySQLGetBandwidthDL下载带宽。如上传500KB/s,下载50KB/s
MySQLForceTildeExpansion 1
MySQLTransactions On
配置文件实例
pure-ftpd.conf配置文件
###############################################################################
# #
# Configuration file for pure-ftpd wrappers #
# #
###############################################################################
# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
#
# RPM binary files use another configuration file by default :
# /etc/sysconfig/pure-ftpd
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.html for a complete list of
# options.
# Cage in every user in his home directory
ChrootEveryone yes
# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
# TrustedGID 100
# Turn on compatibility hacks for broken clients
BrokenClientsCompatibility no
# Maximum number of simultaneous users
MaxClientsNumber 50
# Fork in background
Daemonize yes
# Maximum number of sim clients with the same IP address
MaxClientsPerIP 8
# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
VerboseLog no
# List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
# Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
# Disallow anonymous connections. Only allow authenticated users.
NoAnonymous no
# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
# Display fortune cookies
# FortunesFile /usr/share/fortune/zippy
# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
DontResolve yes
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 15
# LDAP configuration file (see README.LDAP)
# LDAPConfigFile /etc/pureftpd-ldap.conf
LDAPConfigFile /usr/local/pureftpd/etc/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
# MySQLConfigFile /etc/pureftpd-mysql.conf
MySQLConfigFile /usr/local/pureftpd/etc/pureftpd-mysql.conf
# Postgres configuration file (see README.PGSQL)
# PGSQLConfigFile /etc/pureftpd-pgsql.conf
PGSQLConfigFile /usr/local/pureftpd/etc/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
# PureDB /etc/pureftpd.pdb
PureDB /usr/local/pureftpd/etc/pureftpd.pdb
# Path to pure-authd socket (see README.Authentication-Modules)
# ExtAuth /var/run/ftpd.sock
# If you want to enable PAM authentication, uncomment the following line
# PAMAuthentication yes
# If you want simple Unix (/etc/passwd) authentication, uncomment this
# UnixAuthentication yes
# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.
# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
LimitRecursion 2000 8
# Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
MaxLoad 4
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 30000 50000
# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio for anonymous users.
# AnonymousRatio 1 10
# Upload/download ratio for all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
AntiWarez yes
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
Bind 127.0.0.1,8021
# Maximum bandwidth for anonymous users in KB/s
# AnonymousBandwidth 8
# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
# UserBandwidth 8
# File creation mask. : .
# 177:077 if you feel paranoid.
Umask 133:022
# Minimum UID for an authenticated user to log in.
MinUID 100
# Allow FXP transfers for authenticated users only.
AllowUserFXP yes
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
ProhibitDotFilesWrite no
# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
# Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload no
# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
# If you want to add the PID to every logged line, uncomment the following
# line.
#LogPID yes
# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
# AltLog clf:/var/log/pureftpd.log
# Create an additional log file with transfers logged in a format optimized
# for statistic reports.
# AltLog stats:/var/log/pureftpd.log
#AltLog stats:/var/log/pureftpd.log
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)
# AltLog w3c:/var/log/pureftpd.log
# Disallow the CHMOD command. Users can't change perms of their files.
#NoChmod yes
# Allow users to resume and upload files, but *NOT* to delete them.
#KeepAllFiles yes
# Automatically create home directories if they are missing
#CreateHomeDir yes
# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
#PIDFile /var/run/pure-ftpd.pid
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
#CallUploadScript yes
# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
MaxDiskUsage 99
# Set to 'yes' if you don't want your users to rename files.
#NoRename yes
# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : :
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
# PerUserLimits 3:20
pureftpd-mysql.conf配置文件
###############################################################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
###############################################################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
#MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/lib/mysql/mysql.sock
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword qKiscCbwbXAkWp.
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
#MYSQLCrypt leartext
MYSQLCrypt crypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (
DocumentRoot "/home/chb/ftp"
ServerName www.chb.com
allow from all
Options +Indexes
###################################增加ftp启动项###############################
ee /etc/rc.conf
添加
pureftpd_enable="YES"
qmail服务器安装
###################################下载软件包##################################
Part 1 - Download the Software(http://www.qmailrocks.org/downloads/qmailrocks.tar.gz)
mkdir /downloads
cd /downloads
tar zxvf qmailrocks.tar.gz
##################################安装qmail主程序##############################
Part 2 - Installing Qmail Itself
/downloads/qmailrocks/scripts/install/qmr_install_freebsd-s1.script
############qmr_install_freebsd-s1.script内容##############
#!/bin/sh
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux. :)
echo "Creating initial qmail directories..."
echo
sleep 2
cd /downloads/qmailrocks
mkdir -p /var/qmail
mkdir /usr/src/qmail
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2
#######
#Script to add users and groups for FreeBSD
#Add all need Qmail users and groups
pw groupadd nofiles
pw useradd alias -g nofiles -d /var/qmail/alias -s /sbin/nologin
pw useradd qmaild -g nofiles -d /var/qmail -s /sbin/nologin
pw useradd qmaill -g nofiles -d /var/qmail -s /sbin/nologin
pw useradd qmailp -g nofiles -d /var/qmail -s /sbin/nologin
pw groupadd qmail
pw useradd qmailq -g qmail -d /var/qmail -s /sbin/nologin
pw useradd qmailr -g qmail -d /var/qmail -s /sbin/nologin
pw useradd qmails -g qmail -d /var/qmail -s /sbin/nologin
#Add vpopmail users/groups
pw groupadd vchkpw
pw useradd vpopmail -g vchkpw -m -d /usr/home/vpopmail -s /sbin/nologin
#######
echo "Done!"
echo
sleep 2
echo "Unpacking qmail, ucspi-tcp and daemontools..."
echo
sleep 2
cd /usr/src/qmail
tar zxvf /downloads/qmailrocks/qmail-1.03.tar.gz
tar zxvf /downloads/qmailrocks/ucspi-tcp-0.88.tar.gz
mkdir -p /package
chmod 1755 /package
cd /package
tar zxvf /downloads/qmailrocks/daemontools-0.76.tar.gz
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:wheel /var/log/qmail
chmod -R 750 /var/log/qmail
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d
echo "Setting conf-split and conf-spawn"
echo
sleep 2
echo 211 > /usr/src/qmail/qmail-1.03/conf-split
echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn
echo "All steps completed!"
echo
sleep 2
######################### qmr_install_freebsd-s1.script内容#########################
###############################################################################
/downloads/qmailrocks/scripts/util/qmail_patches.script
############### qmail_patches.script内容##############
#!/bin/sh
#An automation script to start the installation of qmail, ucspi-tcp and daemontools
#Specially formulated for Redhat, Fedora, RHEL and Whitebox Linux. :)
echo "Creating initial qmail directories..."
echo
sleep 2
cd /downloads/qmailrocks
mkdir -p /var/qmail
mkdir /usr/src/qmail
echo "Done!"
echo
sleep 2
echo "Creating all needed users and groups..."
echo
sleep 2
#######
#Script to add users and groups for FreeBSD
#Add all need Qmail users and groups
pw groupadd nofiles
pw useradd alias -g nofiles -d /var/qmail/alias -s /sbin/nologin
pw useradd qmaild -g nofiles -d /var/qmail -s /sbin/nologin
pw useradd qmaill -g nofiles -d /var/qmail -s /sbin/nologin
pw useradd qmailp -g nofiles -d /var/qmail -s /sbin/nologin
pw groupadd qmail
pw useradd qmailq -g qmail -d /var/qmail -s /sbin/nologin
pw useradd qmailr -g qmail -d /var/qmail -s /sbin/nologin
pw useradd qmails -g qmail -d /var/qmail -s /sbin/nologin
#Add vpopmail users/groups
pw groupadd vchkpw
pw useradd vpopmail -g vchkpw -m -d /usr/home/vpopmail -s /sbin/nologin
#######
echo "Done!"
echo
sleep 2
echo "Unpacking qmail, ucspi-tcp and daemontools..."
echo
sleep 2
cd /usr/src/qmail
tar zxvf /downloads/qmailrocks/qmail-1.03.tar.gz
tar zxvf /downloads/qmailrocks/ucspi-tcp-0.88.tar.gz
mkdir -p /package
chmod 1755 /package
cd /package
tar zxvf /downloads/qmailrocks/daemontools-0.76.tar.gz
echo "Done!"
echo
sleep 2
echo "Next, we setup special logging directories..."
echo
sleep 2
mkdir /var/log/qmail
cd /var/log/qmail
mkdir qmail-send qmail-smtpd qmail-pop3d
chown -R qmaill:wheel /var/log/qmail
chmod -R 750 /var/log/qmail
echo "Done!"
echo
sleep 2
echo "And set up the supervise script directories..."
echo
sleep 2
mkdir /var/qmail/supervise
cd /var/qmail/supervise
mkdir -p qmail-smtpd/log qmail-send/log qmail-pop3d/log
chmod +t qmail-smtpd qmail-send qmail-pop3d
echo "Setting conf-split and conf-spawn"
echo
sleep 2
echo 211 > /usr/src/qmail/qmail-1.03/conf-split
echo 255 > /usr/src/qmail/qmail-1.03/conf-spawn
echo "All steps completed!"
echo
sleep 2
############################## qmail_patches.script内容###########################
###############################################################################
cd /usr/src/qmail/qmail-1.03
make man
make setup check
./config-fast mail.tjhaina.net
/usr/ports/mail/qmail
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
cd /usr/src/qmail/ucspi-tcp-0.88/
make
make setup check
/usr/ports/sysutils/ucspi-tcp
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
cd /package/admin/daemontools-0.76
package/install
reboot
/usr/ports/sysutils/daemontools
################################Part 3 - EZmlm##################################
Part 3 - EZmlm
cd /downloads/qmailrocks/
tar zxvf ezmlm-0.53-idx-0.41.tar.gz
cd ezmlm-0.53-idx-0.41
make
make setup
/usr/ports/mail/ezmlm
############################Part 4 - Qmail-Autoresponder ##########################
Part 4 - Qmail-Autoresponder
#pkg_add -r qmail-autoresponder
cd /downloads/qmailrocks
pkg_add qmail-autoresponder-0.96.1.tbz
/usr/ports/mail/qmail-autoresponder
################################art 5 - Vpopmail#################################
Part 5 - Vpopmail(I would like to install vpopmail with MySQL integration)
mkdir -p ~vpopmail/etc
mysql -u root -p
CREATE DATABASE vpopmail;
GRANT select,insert,update,delete,create,drop ON vpopmail.* TO vpopmailuser@localhost IDENTIFIED BY 'password';
quit
mysql -u vpopmailuser -p
quit
upload
iGENUS.mysql
mysql -u root -p  ~vpopmail/etc/vpopmail.mysql
chown vpopmail:vchkpw ~vpopmail/etc/vpopmail.mysql
chmod 640 ~vpopmail/etc/vpopmail.mysql
/home/vpopmail/bin/vadddomain 你的域名
之后回提示输入域管理员的密码
/home/vpopmail/bin/vadduser 邮件用户@你的域名
之后回提示输入邮件用户的密码
/usr/ports/mail/vpopmail
#############################Part 6 - Vqadmin###################################
Part 6 - Vqadmin
cd /downloads/qmailrocks
tar zxvf vqadmin-2.3.6.tar.gz
cd vqadmin-2.3.6
./configure \
--enable-cgibindir=/usr/local/www/cgi-bin \
--enable-htmldir=/usr/local/www/html
make
make install-strip
Now you will need to add the following to your server's Apache configuration file (usually called httpd.conf)
ee /usr/local/etc/apache/httpd.conf
在末尾添加
deny from all
Options ExecCGI
AllowOverride AuthConfig
Order deny,allow
cd /usr/local/www/cgi-bin/vqadmin
ee .htaccess
AuthType Basic
AuthUserFile /usr/local/etc/apache/conf/vqadmin.passwd
AuthName vQadmin
require valid-user
satisfy any
mkdir /usr/local/etc/apache/conf
chown www .htaccess
chmod 644 .htaccess
htpasswd -bc /usr/local/etc/apache/conf/vqadmin.passwd admin password
chmod 644 /usr/local/etc/apache/conf/vqadmin.passwd
apachectl stop
apachectl start
http://192.168.0.205/cgi-bin/vqadmin/vqadmin.cgi
/usr/ports/mail/vqadmin
##############################Part 7 - Maildrop###################################
Part 7 - Maildrop
cd /downloads/qmailrocks
tar zxvf maildrop-1.6.3.tar.gz
cd maildrop-1.6.3
./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw \
--enable-maildirquota
make
make install-strip
make install-man
/usr/ports/mail/maildrop
##############################Part 8 - Qmailadmin#############################
Part 8 - Qmailadmin
cd /downloads/qmailrocks
tar zxvf qmailadmin-1.2.3.tar.gz
cd qmailadmin-1.2.3
./configure \
--enable-cgibindir=/usr/local/www/cgi-bin \
--enable-htmldir=/usr/local/www/html/directory \
--enable-autoresponder-path=/usr/local/bin/qmail-autoresponder
make
make install-strip
/usr/ports/mail/qmailadmin
####################################Part 9 - Finalizing Qmail#######################
Part 9 - Finalizing Qmail
/downloads/qmailrocks/scripts/finalize/freebsd/finalize_freebsd.script
################# finalize_freebsd.script##############
#!/bin/sh
echo "This scripts will perform 3 functions:\n
1. Copy all supervise scripts to their proper locations.\n
2. Copy the qmail rc and qmailctl scripts to their proper locations and create needed symlinks.\n
3. Set all needed permisions on all supervise scripts.\n"
echo
echo "Press ENTER to proceeed"
read
echo
sleep 2
echo "Copying supervise scripts to their correct locations..."
echo
sleep 2
cp /downloads/qmailrocks/scripts/finalize/freebsd/pop3d_run /var/qmail/supervise/qmail-pop3d/run
cp /downloads/qmailrocks/scripts/finalize/freebsd/pop3d_log /var/qmail/supervise/qmail-pop3d/log/run
cp /downloads/qmailrocks/scripts/finalize/freebsd/smtpd_run /var/qmail/supervise/qmail-smtpd/run
cp /downloads/qmailrocks/scripts/finalize/freebsd/smtpd_log /var/qmail/supervise/qmail-smtpd/log/run
cp /downloads/qmailrocks/scripts/finalize/freebsd/send_run /var/qmail/supervise/qmail-send/run
cp /downloads/qmailrocks/scripts/finalize/freebsd/send_log /var/qmail/supervise/qmail-send/log/run
echo Done!
echo
sleep 2
echo "Copying rc and qmailctl scripts to proper locations..."
echo
sleep 2
cp /downloads/qmailrocks/scripts/finalize/rc /var/qmail/
cp /downloads/qmailrocks/scripts/finalize/qmailctl /var/qmail/bin/
echo Done!
echo
sleep 2
echo "Setting needed permisions..."
echo
sleep 2
chmod 755 /var/qmail/rc /var/qmail/bin/qmailctl
chmod 751 /var/qmail/supervise/qmail-pop3d/run
chmod 751 /var/qmail/supervise/qmail-pop3d/log/run
chmod 751 /var/qmail/supervise/qmail-smtpd/run
chmod 751 /var/qmail/supervise/qmail-smtpd/log/run
chmod 751 /var/qmail/supervise/qmail-send/run
chmod 751 /var/qmail/supervise/qmail-send/log/run
echo ./Maildir > /var/qmail/control/defaultdelivery
echo 255 > /var/qmail/control/concurrencyremote
chmod 644 /var/qmail/control/concurrencyremote
echo 30 > /var/qmail/control/concurrencyincoming
chmod 644 /var/qmail/control/concurrencyincoming
ln -s /var/qmail/bin/qmailctl /usr/bin
ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /var/qmail/supervise/qmail-pop3d /service
echo "Done!"
echo
sleep 2
echo "Script Complete!"
echo
################# finalize_freebsd.script##############
#######################################################
ee /var/qmail/supervise/qmail-pop3d/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com.
ee /var/qmail/supervise/qmail-smtpd/run
Find "mail.example.com" and change it to your server's hostname. For example: mail.mydomain.com
qmailctl stop
echo '127.:allow,RELAYCLIENT=""' >> /etc/tcp.smtp
qmailctl cdb
echo b.s.d@163.com > /var/qmail/alias/.qmail-root
where "some_address" is the system user or email address you want these addresses aliased to.
echo b.s.d@163.com > /var/qmail/alias/.qmail-postmaster
where "some_address" is the system user or email address you want these addresses aliased to.
echo b.s.d@163.com > /var/qmail/alias/.qmail-mailer-daemon
where "some_address" is the system user or email address you want these addresses aliased to.
ln -s /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-anonymous
chmod 644 /var/qmail/alias/.qmail*
##########################Part 10 - Uninstalling Sendmail###########################
Part 10 - Uninstalling Sendmail
killall sendmail
mv /usr/sbin/sendmail /usr/sbin/sendmail.old
mv /usr/lib/sendmail /usr/lib/sendmail.old(this may not apply if there is no sendmail link or binary in this location)
chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old
Now we will need to instruct FreeBSD not to attempt to start Sendmail upon startup. This is done by make the following
modification to the /etc/rc.conf file:
Change sendmail_enable="YES" to sendmail_enable="NONE"
ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
#ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
########################Part 11 - Starting up qmail#################################
Part 11 - Starting up qmail
/downloads/qmailrocks/scripts/util/qmr_inst_check
################# qmr_inst_check内容###################
#!/bin/sh
# Qmailrocks, 2003-12-05
# I've modified Dave Sill's script slightly to accomodate
# the variations between his Qmail installation and the
# Qmailrocks.org installation. The Qmailrocks version
# of this script takes into account the slightly different
# loggind directory setup and a few permissions differences.
# http://www.qmailrocks.org/downloads/scripts/qmr_inst_check
# Dave Sill, 2003-11-10
# http://lifewithqmail.org/inst_check
# set to n if you're not running a pop3 server, y if you are
CHECKPOP=y
CHECKSEND=y
QMHOME=/var/qmail
LBIN=/usr/local/bin
OK=1
if [ $# -eq 1 ]; then
if [ "$1" = "-v" ]; then
VERB=y
else
VERB=n
fi
fi
if [ ! -d $QMHOME ]; then
echo "! Couldn't find qmail's home directory, $QMHOME!"
else
if [ "$VERB" = y ]; then
echo "$QMHOME exists"
fi
for i in alias bin boot control doc man queue supervise users; do
if [ ! -d $QMHOME/$i ]; then
echo "! Couldn't find $QMHOME/$i!"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/$i exists"
fi
done
if [ ! -f $QMHOME/rc ]; then
echo "! $QMHOME/rc is missing"
OK=0
elif [ ! -x $QMHOME/rc ]; then
echo "! $QMHOME/rc is not executable"
echo "...try: chmod 755 $QMHOME/rc"
OK=0
elif [ `head -1 $QMHOME/rc|cat -vet` != '#!/bin/sh$' ]; then
echo "! $QMHOME/rc has bad magic cookie"
echo "...try: dos2unix $QMHOME/rc"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/rc is executable and has a valid magic cookie"
fi
fi
for i in alias qmaild qmaill qmailp qmailq qmailr qmails; do
grep "^$i:" /etc/passwd >/dev/null
if [ $? -ne 0 ]; then
echo "! Couldn't find $i user in /etc/passwd"
OK=0
elif [ "$VERB" = y ]; then
echo "$i user exists"
fi
done
for i in qmail nofiles; do
grep "^$i:" /etc/group >/dev/null
if [ $? -ne 0 ]; then
echo "! Couldn't find $i group in /etc/group"
OK=0
elif [ "$VERB" = y ]; then
echo "$i group exists"
fi
done
for i in tcprules tcpserver; do
if [ ! -x $LBIN/$i ]; then
echo "! Couldn't find $LBIN/$i from ucspi-tcp"
OK=0
elif [ "$VERB" = y ]; then
echo "$i from ucspi-tcp is installed"
fi
done
for i in multilog softlimit setuidgid supervise svok svscan tai64nlocal; do
if [ ! -x $LBIN/$i ]; then
echo "! Couldn't find $LBIN/$i from daemontools"
OK=0
elif [ "$VERB" = y ]; then
echo "$i from daemontools is installed"
fi
done
if [ ! -d /service ]; then
echo "! /service directory is missing"
OK=0
elif [ "$VERB" = y ]; then
echo "/service directory exists"
fi
if [ -f /etc/inittab ]; then
grep "^SV" /etc/inittab >/dev/null
if [ $? -ne 0 ]; then
echo "! Couldn't find SV entry in inittab"
OK=0
elif [ "$VERB" = y ]; then
echo "svscan /service is configured to run via /etc/inittab"
fi
PS="ps -ef"
else
grep "svscanboot" /etc/rc.local >/dev/null
if [ $? -ne 0 ]; then
echo "! Couldn't find 'csh -cf '/command/svscanboot &' in /etc/rc.local"
OK=0
elif [ "$VERB" = y ]; then
echo "/command/svscanboot is configured to run via /etc/rc.local"
fi
PS="ps -waux"
fi
SVRUN=`$PS | grep "svscan /service" | grep -v grep`
if [ -z "$SVRUN" ]; then
echo "'! svscan /service' doesn't seem to be running"
OK=0
elif [ "$VERB" = y ]; then
echo "svscan /service is running"
fi
if [ ! -f $QMHOME/control/defaultdelivery ]; then
echo "! Couldn't find $QMHOME/control/defaultdelivery"
OK=0
elif [ ! -s $QMHOME/control/defaultdelivery ]; then
echo "! $QMHOME/control/defaultdelivery is empty"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/control/defaultdelivery looks OK"
fi
if [ ! -f $QMHOME/bin/qmailctl ]; then
echo "! $QMHOME/bin/qmailctl is missing"
OK=0
elif [ ! -s $QMHOME/bin/qmailctl ]; then
echo "! $QMHOME/bin/qmailctl is empty"
OK=0
elif [ `head -1 $QMHOME/bin/qmailctl|cat -vet` != '#!/bin/sh$' ]; then
echo "! $QMHOME/bin/qmailctl has bad magic cookie"
echo "...try: dos2unix $QMHOME/bin/qmailctl"
OK=0
elif [ ! -x $QMHOME/bin/qmailctl ]; then
echo "! $QMHOME/bin/qmailctl is not executable"
echo "...try: chmod 755 $QMHOME/bin/qmailctl"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/bin/qmailctl looks OK"
fi
if [ ! -L /usr/bin/qmailctl ]; then
echo "! /usr/bin/qmailctl is missing"
echo "...try: ln -s $QMHOME/bin/qmailctl /usr/bin"
OK=0
elif [ "$VERB" = y ]; then
echo "/usr/bin/qmailctl exists"
fi
SVCDIRS="qmail-send qmail-send/log qmail-smtpd qmail-smtpd/log"
if [ "$CHECKPOP" = "y" ]; then
SVCDIRS="$SVCDIRS qmail-pop3d qmail-pop3d/log"
fi
for i in $SVCDIRS; do
if [ ! -f $QMHOME/supervise/$i/run ]; then
echo "! $QMHOME/supervise/$i/run file is missing"
OK=0
elif [ `head -1 $QMHOME/supervise/$i/run|cat -vet` != '#!/bin/sh$' ]; then
echo "! $QMHOME/supervise/$i/run has bad magic cookie"
echo "...try: dos2unix $QMHOME/supervise/$i/run"
OK=0
elif [ ! -x $QMHOME/supervise/$i/run ]; then
echo "! $QMHOME/supervise/$i/run file is not executable"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/supervise/$i/run looks OK"
fi
done
if [ ! -f $QMHOME/control/concurrencyincoming ]; then
echo "! $QMHOME/control/concurrencyincoming is missing"
echo "...try: echo 30 >$QMHOME/control/concurrencyincoming"
OK=0
elif [ "$VERB" = y ]; then
echo "$QMHOME/control/concurrencyincoming looks OK"
fi
LOGDIRS="/var/log/qmail /var/log/qmail/qmail-smtpd"
if [ "$CHECKPOP" = "y" ]; then
LOGDIRS="$LOGDIRS /var/log/qmail/qmail-pop3d"
fi
if [ "$CHECKSEND" = "y" ]; then
LOGDIRS="$LOGDIRS /var/log/qmail/qmail-send"
fi
for i in $LOGDIRS; do
if [ ! -d $i ]; then
echo "! $i is missing"
echo "...try: mkdir -p $i"
OK=0
elif [ "`ls -ld $i|awk '{print $3}'`" != "qmaill" ]; then
echo "! $i has wrong owner, should be qmaill"
echo "...try: chown qmaill $i"
OK=0
elif [ "`ls -ld $i|awk '{print $1}'`" != "drwxr-x---" ]; then
echo "! $i has wrong mode, should be 750"
echo "...try: chmod 750 $i"
OK=0
elif [ "$VERB" = y ]; then
echo "$i looks OK"
fi
done
SVCLINKS="/service/qmail-send /service/qmail-smtpd"
if [ "$CHECKPOP" = "y" ]; then
SVCLINKS="$SVCLINKS /service/qmail-pop3d"
fi
for i in $SVCLINKS; do
if [ ! -L $i ]; then
echo "! $i is missing"
echo "...try: ln -s $QMHOME$i $i"
OK=0
elif [ "$VERB" = y ]; then
echo "$i exists"
fi
done
if [ ! -f /etc/tcp.smtp ]; then
echo "! /etc/tcp.smtp is missing"
echo "...try: echo '127.:allow,RELAYCLIENT=\"\"' >>/etc/tcp.smtp"
OK=0
elif [ "$VERB" = y ]; then
echo "/etc/tcp.smtp exists"
fi
if [ ! -f /etc/tcp.smtp.cdb ]; then
echo "! /etc/tcp.smtp.cdb is missing"
echo "...try: $QMHOME/bin/qmailctl cdb"
OK=0
elif [ "$VERB" = y ]; then
echo "/etc/tcp.smtp.cdb exists"
fi
AHOME=`grep "^alias:" /etc/passwd | awk -F: '{print $6}'`
if [ -z "$AHOME" ]; then
echo "! Couldn't find user alias's home directory"
OK=0
else
for i in root postmaster mailer-daemon; do
if [ ! -f $AHOME/.qmail-$i ]; then
echo "! Alias for $i is missing"
echo "...try: echo me >$AHOME/.qmail-$i"
OK=0
elif [ "$VERB" = y ]; then
echo "$i alias exists"
fi
done
fi
if netstat -a | grep smtp | grep -i listen >/dev/null; then
if $PS | grep sendmail | grep -v grep >/dev/null; then
echo "! Sendmail is still running"
echo "...try: $RCDIR/init.d/sendmail stop"
OK=0
elif $LBIN/svok /service/qmail-smtpd; then
if [ "$VERB" = y ]; then
echo "/service/qmail-smtpd is running"
fi
else
echo "! Something is listening on port 25 (not tcpserver/qmail-smtpd)"
echo "...try: disabling current MTA"
OK=0
fi
fi
if [ "$CHECKPOP" = "y" ]; then
if netstat -a | grep pop | grep -i listen >/dev/null; then
if $LBIN/svok /service/qmail-pop3d; then
if [ "$VERB" = y ]; then
echo "/service/qmail-pop3d is running"
fi
else
echo "! Something is listening on port 110 (not tcpserver/qmail-pop3d)"
echo "...try: disabling other POP server"
OK=0
fi
fi
fi
for i in /usr/lib/sendmail /usr/sbin/sendmail; do
if [ -f $i -a ! -L $i ]; then
echo "! $i is a file, should be a link"
echo "...try: uninstalling current MTA or: mv $i $i.old; ln -s $QMHOME/bin/sendmail $i"
OK=0
elif [ ! -f $i ];then
echo "! $i is missing"
echo "...try: ln -s $QMHOME/bin/sendmail $i"
OK=0
elif [ "$VERB" = y ]; then
echo "$i exists"
fi
done
if [ $OK -eq 1 ]; then
echo "Congratulations, your Qmailrocks.org Qmail installation looks good!"
elif [ "$VERB" = y ]; then
echo "! Potential problems were found with your LWQ installation"
fi
################# qmr_inst_check内容###################
#######################################################
qmailctl stop
qmailctl start
telnet localhost 110
you should see something like this:
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK  
user postmaster@mydomain.com (enter your username here. remember to use the full e-mail address)
+OK
pass your_password
+OK
quit
+OK
Connection closed by foreign host.
This is the sign of a successfull POP connection to the server!
Now try sending mail to that same user from another location. Telnet to 110 again and run the "list" command and you should
see the message that your send...
telnet localhost 110
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
+OK  
user postmaster@mydomain.com (again, remember to log in with the full email address of the user)
+OK
pass your_password
+OK
list
+OK
1 323 (there's your message!)
.
quit
+OK
Connection closed by foreign host.
########################Part 12 - Installing Courier IMAP & IMAP SSL################
Part 12 - Installing Courier IMAP & IMAP SSL
cd /downloads/qmailrocks/
/usr/bin/bunzip2 courier-imap-3.0.8.tar.bz2 (Note: some systems may use bunzip2 instead of bunzip)
#bunzip courier-imap-3.0.8.tar.bz2
tar xvf courier-imap-3.0.8.tar
cd courier-imap-3.0.8
./configure \
--prefix=/usr/local \
--exec-prefix=/usr/local \
--without-authdaemon \
--with-authvchkpw \
--without-authldap \
--disable-root-check \
--with-ssl
make
make install-strip
cd /usr/local/etc
cp imapd.dist imapd
cp imapd-ssl.dist imapd-ssl
/usr/local/sbin/mkimapdcert
ee imapd-ssl
#make sure IMAPDSSLSTART=YES
cp /usr/local/libexec/imapd.rc /usr/local/etc/rc.d/imap.sh
cp /usr/local/libexec/imapd-ssl.rc /usr/local/etc/rc.d/imaps.sh
/usr/local/etc/rc.d/imap.sh start
/usr/local/etc/rc.d/imaps.sh start
telnet localhost 143
Trying 192.168.1.10...
Connected to 192.168.1.10.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS]
Courier-IMAP ready. Copyright 1998-2003 Double Precision, Inc. See COPYING for distribution information.
a login postmaster@mydomain.com my_password
a OK LOGIN Ok. (successful login!)
a logout (logs you out)
* BYE Courier-IMAP server shutting down
a OK LOGOUT completed
Connection closed by foreign host.
#########################Part 14 - Clam Antivirus & Spamassassin####################
Part 14 - Clam Antivirus & Spamassassin
安装Clamav
cd /usr/ports/security/clamav
make
make install
make clean
注：选中CURL
reboot
测试
/usr/local/bin/clamscan -r -i /usr/local/www/data
----------- SCAN SUMMARY -----------
Known viruses: 32358
Scanned directories: 47
Scanned files: 866
Infected files: 0
Data scanned: 10.32 MB
I/O buffer size: 131072 bytes
Time: 41.750 sec (0 m 41 s)
升级病毒库
/usr/local/bin/freshclam -l /var/log/clamav/clam-update.log
ClamAV update process started at Fri May 6 00:12:24 2005
WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Local version: 0.83 Recommended version: 0.84
Downloading main.cvd

main.cvd updated (version: 31, sigs: 33079, f-level: 4, builder: tkojm)
Downloading daily.cvd

daily.cvd updated (version: 871, sigs: 1178, f-level: 4, builder: ccordes)
Database updated (34257 signatures) from database.clamav.net (IP: 61.8.0.16)
Clamd successfully notified about the update.


本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/632/showart_142172.html