PDA

View Full Version : Virtual Hosting With Proftpd And MySQL (Incl. Quota)


pontifex
26th February 2006, 21:00
Hi everyone,

i used the howto to install proftpd with mysql support under fedora 4. i have mad all the entries and the login of the user to the appropriate directorys works fine BUT now the problem starts. if this users try to upload or create new folders or even delete files the error messages "permission denied" comes up.

what can i do against that?

Cheers

PM

falko
27th February 2006, 01:22
Please post your /etc/proftpd.conf here.

pontifex
27th February 2006, 10:39
Please post your /etc/proftpd.conf here.



# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName "ProFTPD server"
ServerIdent on "FTP Server Hamburg/Germany"
ServerAdmin test@test.de
ServerType standalone
DefaultServer on
AccessGrantMsg "User %u logged in."
#DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
DeferWelcome off


# Use pam to authenticate by default
PersistentPasswd off
AuthPAMAuthoritative off

DefaultRoot ~ !adm
IdentLookups off
UseReverseDNS off
Port 21
Umask 022
ListOptions "-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
#AllowForeignAddress off # For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart on
AllowStoreRestart on

MaxInstances 20

User ftp
Group ftp

ScoreboardFile /var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
</Global>

LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine on
#TLSRequired on
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite ALL:!ADH:!DES
#TLSOptions NoCertRequest
#TLSVerifyClient off
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
#TLSLog /var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
# User ftp
# Group ftp
# AccessGrantMsg "Anonymous login ok, restrictions apply."
#
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
#
# # Limit the maximum number of anonymous logins
# MaxClients 10 "Sorry, max %m users -- try again later"
#
# # Put the user into /pub right after login
# #DefaultChdir /pub
#
# # We want 'welcome.msg' displayed at login, '.message' displayed in
# # each newly chdired directory and tell users to read README* files.
# DisplayLogin /welcome.msg
# DisplayFirstChdir .message
# DisplayReadme README*
#
# # Some more cosmetic and not vital stuff
# DirFakeUser on ftpadm
# DirFakeGroup on ftpadm
#
# # Limit WRITE everywhere in the anonymous chroot
# <Limit WRITE SITE_CHMOD>
# DenyAll
# </Limit>
#
# # An upload directory that allows storing files but not retrieving
# # or creating directories.
# <Directory uploads/*>
# AllowOverwrite no
# <Limit READ>
# DenyAll
# </Limit>
#
# <Limit STOR>
# AllowAll
# </Limit>
# </Directory>
#
# # Don't write anonymous accesses to the system wtmp file (good idea!)
# WtmpLog off
#
# # Logging for the anonymous transfers
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

# virtual www / ftp users configuration
# mysql settings for authentication
# Be sure to substitute your passord for PASSWORD
SQLAuthTypes Plaintext Crypt
SQLConnectInfo ftp@localhost proftpd pass
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLGroupInfo ftpgroup groupname gid members
SQLMinID 500
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
TimesGMT on

# User quotas
# uncomment the following section to enable user quotas
#QuotaEngine on
#QuotaDirectoryTally on
#QuotaDisplayUnits Mb
#QuotaShowQuotas on
#SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
#SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
#QuotaLimitTable sql:/get-quota-limit
#QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

falko
28th February 2006, 00:35
Do the FTP directories in /home belong to ftpuser and ftpgroup?

pontifex
28th February 2006, 08:21
Do the FTP directories in /home belong to ftpuser and ftpgroup?

Hi,

i am not sure - i think currently "apache" is the owner, how to change that?

Cheers
PM

falko
28th February 2006, 10:42
Like this:
chown ftpuser:ftpgroup /path/to/directoryThis would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run

chown -R ftpuser:ftpgroup /path/to/directory

pontifex
1st March 2006, 15:08
Hi,
now this problem comes up:

Resolving host name domain.tld...
Connecting to (domain.tld) -> IP: XX.XX.XXX.X PORT: 21
Connected to (domain.tld) -> Time = 31ms
Socket connected waiting for login sequence.
220 FTP Server
USER user1
331 Password required for user1.
PASS (hidden)
230 User user1 logged in.
SYST
215 UNIX Type: L8
FEAT
211-Features:
MDTM
REST STREAM
SIZE
211 End
PWD
257 "/" is current directory.
CWD /domain.tld/log
250 CWD command successful
PWD
257 "/domain.tld/log" is current directory.
TYPE A
200 Type set to A
PASV
227 Entering Passive Mode (xx,xx,xxx,xxx,156,106).
Opening data connection IP: x,Xx,x,xx,156,106 PORT: 40042.
Der Host war bei einem Socketvorgang nicht erreichbar.
PORT 192,168,10,10,4,233
200 PORT command successful
Opening data connection IP: 192.168.10.10 PORT: 1257.
LIST -aL
150 Opening ASCII mode data connection for file list
271 bytes received successfully. (271 B/s) (00:00:01).
226 Transfer complete.


What can i do against that socket problem?

Cheers
PM

falko
1st March 2006, 15:38
Does this happen repeatedly? Did you try both active and passive mode?

pontifex
1st March 2006, 17:14
Hi Falko,
i have changed the FTP Client (Smartftp) from passive mode to active mode. i have also changed the option "force server ip for pass mode" now it is going much faster. shoud I add any other directives to the proftpd conf file?

Thanks a lot
ciao
PM

falko
1st March 2006, 23:33
i have also changed the option "force server ip for pass mode"
In your FTP client or on the server?
Looks like the problem was caused by a firewall...

shoud I add any other directives to the proftpd conf file?

None that I know of...

I guess it's working now?

mtpocket
3rd May 2006, 12:02
Like this:
chown ftpuser:ftpgroup /path/to/directoryThis would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run

chown -R ftpuser:ftpgroup /path/to/directory

Hello,
I really love this howto guide!
One question about ownership.. What do i need to change in order to permanently change the ownership? Ive tryed to just change
"('exampleuser', '1', MD5('secret'), '2001', '2001', '/home/www.example.com',"

To
"('exampleuser', '1', MD5('secret'), '33', '33', '/home/www.example.com',"

But it didn't work. I mainly use this guide to run a webserver, and i often get ownership problems when installing CMS's like Joomla and such. I use Debian and want the ownership set to Apache.

falko
3rd May 2006, 16:05
I think I read somewhere that you cannot use user ids below 1000...

mtpocket
3rd May 2006, 18:34
Thanks for your answer.

Ok, is there any other solution to my "problem" that dont include changing user/group settings in httpd.conf?

falko
3rd May 2006, 23:31
You could add the Apache user to the ftpgroup group and then change the umask in /etc/proftpd.conf to 002 so that all uploaded files are also writable for the group.

mtpocket
4th May 2006, 12:58
Ah crap, im running pure-ftpd :p
Ive looked up some information about umask in pure-ftpd, and it seems to be a bit pain in the a**..

Well thanks for your help anyways :)

mtpocket
2nd June 2006, 12:30
You could add the Apache user to the ftpgroup group and then change the umask in /etc/proftpd.conf to 002 so that all uploaded files are also writable for the group.

Hello falko,
I switched to Virtual Hosting With Proftpd And MySQL (Incl. Quota), this time and im wondering about the stuff you said earlyer. My Linux knowledge is somewhat limited (still learning). What did you mean by adding Apache user to ftpgroup, was it the groupmod -G thing; or something else?

falko
2nd June 2006, 13:02
You can simply open /etc/group and add the Apache user to the ftp group.

mtpocket
2nd June 2006, 13:24
Thanks Faklo :)
Ive added Apache to Ftpgroup now like this: ftpgroup:x:2001:www-data
One thing about Umask. There are two valuse to change:
Umask 022 022. Do i need to change both?

Thanks for your help Falko :)

falko
2nd June 2006, 18:26
Try
Umask 002 002
so that groups can write, too. :)

mtpocket
2nd June 2006, 19:54
Super, it worked :D
My questions is like a never ending story ;) When i used Pureftp i never had to wait to login, now with Proftpd it takes a while to login.. Any ideas?
I use Debian 3.1 (minimal install).

Edit:
I got the ftp problem sorted :)

mtpocket
9th June 2006, 16:11
Where do i find the setting for umask in pure-ftpd?

falko
10th June 2006, 00:46
Have a look here: http://download.pureftpd.org/pub/pure-ftpd/doc/README
http://forums.macosxhints.com/archive/index.php/t-13827.html

wr19026
29th August 2006, 01:14
Just to make sure that I understand correctly: if all I want the server to be used for is an FTP server (no mail, web or any other fancy stuff) all I need to install is apache2, PHP, MySQL, ProFTP and phpMyAdmin right?

And after that's set and done secure the server using some of the HowTos I can find here.

falko
29th August 2006, 22:12
all I need to install is apache2, PHP, MySQL, ProFTP and phpMyAdmin right?

You only need ProFTPd and MySQL. Apache and PHP aren't needed at all, only if you want to install phpMyAdmin.

lord0815
9th February 2007, 22:08
Hey there!

Ive used the Virtual Hosting With PureFTPd And MySQL How to, to switch to virtual hosting.

Umm my thoughts are, how secure is it?
In fact, the user decides where the homepath will be, but if a user will get shell access he will be able to access all the pathes where ftpuser has access.
Any way to make it more secure? Or do we have to live with this?

THanks a lot, and a really nice How-To!

bye

-andreas w.

falko
10th February 2007, 21:50
Umm my thoughts are, how secure is it?
In fact, the user decides where the homepath will be, but if a user will get shell access he will be able to access all the pathes where ftpuser has access.
Any way to make it more secure? Or do we have to live with this?

Virtual users cannot have shell access. Only system users can.

lord0815
11th February 2007, 14:23
Hi!

Ummm the ftpuser is an system user.
The DB users are virual users, right, but they all use the ftpuser for acces i think. Every file which is uploaded is created with the user ftpuser.
And nearly any ftp tool shows you the owner of the uploaded ftp file.

That was my thoughts.

falko
12th February 2007, 15:44
But then somebody would have to log in as the user ftpuser - and ftpuser should not have shell access.

flykk
23rd February 2007, 20:17
I follow the howto proftpd+mysql+quotes under ubuntu edgy and not work for me. if i run proftpd without mysql everything is ok but if i put the sql statments in proftpd.conf the server deny any connection.

Some help please..

falko
24th February 2007, 15:56
Did you install the proftpd-mysql package?
Any errors in the log files?

flykk
24th February 2007, 20:22
Yes i installed the proftpd-mysql package.

A view of proftpd.log:

---
...
Feb 23 16:36:09 expertissues.org proftpd[24425] expertissues.org: ProFTPD killed (signal 15)
Feb 23 16:36:09 expertissues.org proftpd[24425] expertissues.org: ProFTPD 1.3.0 standalone mode SHUTDOWN
Feb 23 16:36:09 expertissues.org proftpd[24726] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:37:51 expertissues.org proftpd[25059] expertissues.org: error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:37:51 expertissues.org proftpd[25059] expertissues.org: ProFTPD 1.3.0 (stable) (built Wed Nov 29 02:01:20 UTC 2006) standalone mode STARTUP
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session opened.
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): USER fribeiro: Login successful.
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:42:06 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session opened.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): USER fribeiro: Login successful.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:46:58 expertissues.org proftpd[25059] expertissues.org: ProFTPD killed (signal 15)
Feb 23 16:46:58 expertissues.org proftpd[25059] expertissues.org: ProFTPD 1.3.0 standalone mode SHUTDOWN
Feb 23 16:46:58 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:47:00 expertissues.org proftpd[25339] expertissues.org: error setting IPV6_V6ONLY: Protocol not available
...
----end log----


Appreciate more directions..
Thanks for answer.

falko
25th February 2007, 18:53
What's in /etc/proftpd.conf and /etc/hosts?

flykk
26th February 2007, 19:40
Restarting Proftpd:

root@expertissues:/# /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftpd
- IPv6 getaddrinfo 'expertissues.org' error: Name or service not known
[ ok ]


/etc/proftpd/proftpd.conf:

Include /etc/proftpd/modules.conf
ServerName "3bs FTP Server"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"
DenyFilter \*.*/
Port 21
MaxInstances 30
User proftpd
Group nogroup
Umask 022 022
AllowOverwrite on
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

DefaultRoot ~
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
SQLConnectInfo ftp@localhost proftpd *******
SQLUserInfo ftpuser userid passwd uid gid homedir shell
SQLGroupInfo ftpgroup groupname gid members
SQLMinID 500
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

SQLNamedQuery gettally SELECT "ROUND((bytes_in_used/1048576),2) FROM ftpquotatallies WHERE name='%u'"
SQLNamedQuery getlimit SELECT "ROUND((bytes_in_avail/1048576),2) FROM ftpquotalimits WHERE name='%u'"
SQLNamedQuery getfree SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1048576),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'"

SQLShowInfo LIST "226" "Used %{gettally}MB from %{getlimit}MB. You have %{getfree}MB available space."


Settings and modules

root@expertissues:/# proftpd --list
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_dso.c
mod_auth_pam.c
mod_readme.c
mod_cap.c
mod_ctrls.c
root@expertissues:/# proftpd -V
Compile-time Settings:
Version: 1.3.0
Platform: LINUX
Built With:
configure linux gnu

Files:
Configuration File:
/etc/proftpd/proftpd.conf
Pid File:
/var/run/proftpd.pid
Scoreboard File:
/var/run/proftpd/proftpd.scoreboard
Shared Module Directory:
/usr/lib/proftpd

Features:
+ Autoshadow support
+ Controls support
+ curses support
- Developer support
+ DSO support
+ IPv6 support
+ Largefile support
+ ncurses support
+ POSIX ACL support
+ Shadow file support
+ Sendfile support

Tunable Options:
PR_TUNABLE_BUFFER_SIZE = 1024
PR_TUNABLE_GLOBBING_MAX = 8
PR_TUNABLE_HASH_TABLE_SIZE = 40
PR_TUNABLE_NEW_POOL_SIZE = 512
PR_TUNABLE_RCVBUFSZ = 8192
PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
PR_TUNABLE_SELECT_TIMEOUT = 30
PR_TUNABLE_SNDBUFSZ = 8192
PR_TUNABLE_TIMEOUTIDENT = 10
PR_TUNABLE_TIMEOUTIDLE = 600
PR_TUNABLE_TIMEOUTLINGER = 180
PR_TUNABLE_TIMEOUTLOGIN = 300
PR_TUNABLE_TIMEOUTNOXFER = 300
PR_TUNABLE_TIMEOUTSTALLED = 3600
PR_TUNABLE_XFER_BUFFER_SIZE = 1024
PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10



/etc/hosts:

127.0.0.1 localhost.localdomain localhost
193.137.90.78 expertissues.org expertissues

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

falko
27th February 2007, 17:26
Please modify /etc/hosts to:
127.0.0.1 localhost.localdomain localhost
193.137.90.78 expertissues.org expertissues

# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts and restart Proftpd.

flykk
8th March 2007, 20:38
Don't work.

With me this howto on ubuntu doesn't work. :rolleyes:

Pureftpd it's fine. ;)

Thanks for your time.

Misak
17th March 2007, 10:36
I followed the guide, but it doesn't work.

Here is configuration file for proftpd.conf:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 1980


# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group ftpgroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>



DefaultRoot ~


# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost proftpd password


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID 500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off


Here is my proftpd.log:

Mar 17 10:28:57 misak-linux proftpd[29523] misak-linux: ProFTPD killed (signal 15)
Mar 17 10:28:57 misak-linux proftpd[29523] misak-linux: ProFTPD 1.3.0 standalone mode SHUTDOWN
Mar 17 10:28:59 misak-linux proftpd[30185] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:28:59 misak-linux proftpd[30185] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:29:14 misak-linux proftpd[30198] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:31:19 misak-linux proftpd[30304] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:31:19 misak-linux proftpd[30304] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:32:59 misak-linux proftpd[30410] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:32:59 misak-linux proftpd[30410] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:33:31 misak-linux proftpd[30462] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:33:31 misak-linux proftpd[30462] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:40:13 misak-linux proftpd[30691] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:40:13 misak-linux proftpd[30691] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:40:21 misak-linux proftpd[30701] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:42:21 misak-linux proftpd[30756] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:44:21 misak-linux proftpd[30805] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:46:21 misak-linux proftpd[30864] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.



I know something is wrong. Please help me. I had no problems with installing proftpd with virtual users. When i followed the guide i didn't change password to something else and i used for proftpd user password 'password'. In mysql i have created everything and is ok there.

Hmm...

falko
18th March 2007, 20:15
What's the output of netstat -tap and ifconfig?

vlade
28th April 2007, 18:30
I use Ubuntu 6.06.1 LTS

Same problems here. If I use mysql config proftpd does not work.
Strange thing is that netstat shows
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 localhost:7634 *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
This should be ok.

strange thing this virtual proftpd :)

falko
29th April 2007, 21:24
I use Ubuntu 6.06.1 LTS

Same problems here. If I use mysql config proftpd does not work.
Strange thing is that netstat shows
tcp 0 0 localhost:mysql *:* LISTEN
tcp 0 0 localhost:7634 *:* LISTEN
tcp 0 0 *:ftp *:* LISTEN
This should be ok.

strange thing this virtual proftpd :)
This is an old thread. What exactly is the problem? Are there any errors in your logs?

vlade
9th May 2007, 22:08
Never mind. I remove proftpd and now i'm using vsftpd.


tnx any way :)

neversfelde
23rd May 2007, 12:22
Very nice tutorial, everything works fine. Thanks for that.

Is there a possibility to use apache's mod_userdir with the virtual users? It only works here, if the user is present in /etc/passwd so long.

falko
24th May 2007, 18:36
As far as I know, Apache cannot read from MySQL databases... :(

ShinnRa
25th May 2007, 12:12
i've done everythin with this howto but when i type
ftp localhost i got such response:
root@rei:/home/dawid# ftp localhost
Connected to localhost.localdomain.
421 Service not available, remote server has closed connection
ftp> quit

and here is my proftpd.log:

root@rei:/var/log/proftpd# tail proftpd.log
May 23 20:31:24 xxxxxxxxxxxxxx proftpd[4004] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 23 20:38:53 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 24 01:33:50 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD killed (signal 15)
May 24 01:33:50 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 25 07:27:36 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 25 08:17:55 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD killed (signal 15)
May 25 08:17:55 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 25 08:17:58 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 25 10:26:35 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD killed (signal 15)
May 25 10:26:35 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN

falko
26th May 2007, 20:14
What's the output of netstat -tap? What's in /etc/hosts?

peo
29th May 2007, 17:05
I got the same problem.

this is my hosts file

vz6:/var/log# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost

# The following lines are desirable for IPv6 capable hosts
# (added automatically by netbase upgrade)

::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


and this is my proftpd.conf:

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21


MaxInstances 30

# Set the user and group that the server normally runs at.
User ftpuser
Group ftpgroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>


## Configurazione per virtualhost

DefaultRoot ~


# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost proftpd password


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID 500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

any help?
Thanks

falko
30th May 2007, 17:49
Can you add a line for your hostname to /etc/hosts (like 192.168.0.100 server1.example.com server1)?
What's the output of netstat -tap?

peo
30th May 2007, 18:19
vz6:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:ftp *:* LISTEN 1951/proftpd: (acce
tcp 0 0 *:smtp *:* LISTEN 1398/smtpd
tcp 0 0 localhost.localdo:10024 *:* LISTEN 21947/smtpd
tcp 0 0 localhost.localdo:mysql *:* LISTEN -
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:1221 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:64731 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 84.126.213.136.dyn:4975 CLOSE_WAIT -
tcp 0 0 localhost.localdo:60629 localhost.localdo:mysql ESTABLISHED8141/proxymap
tcp 0 0 localhost.localdo:60630 localhost.localdo:mysql ESTABLISHED8141/proxymap
tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:4591 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 219.83.23.69:4031 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:4911 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:3985 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 59.152.161.66:2516 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:2294 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:1082 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4837 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:61425 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:3503 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.1:ftp host33-158-dynami:50992 TIME_WAIT -
tcp 0 0 reverse.69.12.222.:smtp dsl-189-163-151-12:1982 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp 84.126.213.136.dyn:6226 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:3620 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:63890 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 84.122.192.149.dyn:1068 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:3449 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 201.47.44.162.adsl:1971 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp a83-132-203-183.cp:1259 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4504 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp mail2.edisontel.c:54952 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp dsl-189-148-11-226:2141 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:2677 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4265 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:4241 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:1429 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:4504 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:34174 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl88-244-48075.tt:1884 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:3439 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp host-205-241-35-1:60550 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp 59.152.161.66:3158 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:1929 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:4911 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:51018 CLOSE_WAIT 1398/smtpd
tcp 1 0 reverse.69.12.222.:smtp pool-72-76-99-72.:50539 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 87.119.86.227:4406 CLOSE_WAIT -
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:2309 ESTABLISHED-
tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:2309 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:42549 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl-189-163-151-12:4444 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:3011 CLOSE_WAIT -
tcp 1 0 localhost.localdo:10024 localhost.localdo:43516 CLOSE_WAIT -
tcp 0 0 localhost.localdo:mysql localhost.localdo:60630 ESTABLISHED-
tcp 1 0 localhost.localdo:10024 localhost.localdo:43517 CLOSE_WAIT -
tcp 0 0 localhost.localdo:mysql localhost.localdo:60629 ESTABLISHED-
tcp 1 0 reverse.69.12.222.:smtp 201.47.44.162.adsl:2867 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp 87.119.86.227:4436 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp chello062178038076:4745 CLOSE_WAIT -
tcp 1 0 reverse.69.12.222.:smtp dsl88-244-48075.tt:1334 CLOSE_WAIT -
tcp6 0 0 *:www *:* LISTEN 21630/apache2
tcp6 0 0 *:ssh *:* LISTEN 30370/sshd
tcp6 0 0 *:imaps *:* LISTEN 9488/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 24133/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 24035/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 9414/couriertcpd
tcp6 0 2736 reverse.69.12.222.1:ssh host33-158-dynami:50982 ESTABLISHED26524/0

ShinnRa
30th May 2007, 18:58
And thi is my /etc/hosts

root@rei:/etc/proftpd# cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
#192.168.0.128 rei.ayanami.eu rei
83.144.100.57 rei.ayanami.eu rei

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


proftpd.conf (password nulled :P )

root@rei:/etc/proftpd# cat proftpd.conf
Include /etc/proftpd/modules.conf
UseIPv6 off

ServerName "Ayanami FTP Server"
ServerType Standalone
ServerAdmin root@host

# Hide as much as possible to outside users
ServerIdent on "Welcome to the Ayanami.eu FTP server. Please login..."
DeferWelcome on
DefaultServer on

AllowStoreRestart on

Port 21

MultilineRFC2228 on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

Umask 022 022
MaxInstances 30

User ftpuser
Group ftpgroup
AllowOverwrite on

DenyFilter \*.*/
DefaultRoot ~

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

################################################## ##############################
# Logging options
#
TransferLog /var/log/proftpd.xferlog

# Some logging formats
#
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# Log file/dir access
ExtendedLog /var/log/proftpd/access.log WRITE,READ write

# Record all logins
ExtendedLog /var/log/proftpd/auth.log AUTH auth

# Paranoia logging level....
ExtendedLog /var/log/proftpd/paranoid.log ALL default

SyslogLevel debug
SystemLog /var/log/proftpd/proftpd.log
#
################################################## ##############################

# The passwords in MySQL are encrypted using CRYPT
#
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*

# used to connect to the database
# databasename@host database_user user_password
#
SQLConnectInfo server_data@localhost proftpd xxxxxxxx

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
#
SQLUserInfo ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
#
SQLGroupInfo ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
#
SQLMinID 500

# create a user's home directory on demand if it doesn't exist
#
SQLHomedirOnDemand on

# Update count every time user logs in
#
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
#
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
#
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

SQLNamedQuery gettally SELECT "ROUND((bytes_in_used/1048576),2) FROM ftpquotatallies WHERE name='%u'"
SQLNamedQuery getlimit SELECT "ROUND((bytes_in_avail/1048576),2) FROM ftpquotalimits WHERE name='%u'"
SQLNamedQuery getfree SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1048576),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'"

SQLShowInfo LIST "226" "Used %{gettally}MB from %{getlimit}MB. You have %{getfree}MB available space."

and output of netstat -tap

root@rei:/etc/proftpd# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:3496 *:* LISTEN 2669/rpc.statd
tcp 0 0 localhost.localdo:10024 *:* LISTEN 2167/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 2590/master
tcp 0 0 *:mysql *:* LISTEN 2238/mysqld
tcp 0 0 *:sunrpc *:* LISTEN 1832/portmap
tcp 0 0 *:auth *:* LISTEN 2532/inetd
tcp 0 0 *:ftp *:* LISTEN 3287/proftpd: (acce
tcp 0 0 192.168.0.128:domain *:* LISTEN 2108/named
tcp 0 0 192.168.100.1:domain *:* LISTEN 2108/named
tcp 0 0 localhost.locald:domain *:* LISTEN 2108/named
tcp 0 0 *:smtp *:* LISTEN 2590/master
tcp 0 0 localhost.localdoma:953 *:* LISTEN 2108/named
tcp6 0 0 *:imaps *:* LISTEN 2499/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 2516/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 2504/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 2487/couriertcpd
tcp6 0 0 *:www *:* LISTEN 3749/apache2
tcp6 0 0 *:81 *:* LISTEN 3749/apache2
tcp6 0 0 *:domain *:* LISTEN 2108/named
tcp6 0 0 *:ssh *:* LISTEN 2619/sshd
tcp6 0 0 ip6-localhost:953 *:* LISTEN 2108/named
tcp6 0 0 *:https *:* LISTEN 3749/apache2
tcp6 0 296 ::ffff:192.168.0.12:ssh ::ffff:192.168.0.1:1746 ESTABLISHED3772/sshd: dawid [p

SkY`
1st June 2007, 00:27
Hi all,
I've a problem with my proftp/mysql interaction: i have 3 users defined in the 2 tables of the database, but only one of these works when I'm trying to connect with my ftp server. What can I do? Should I post some config files?

Thank you for help,
SkY`

ShinnRa
1st June 2007, 00:30
Hi all,
I've a problem with my proftp/mysql interaction: i have 3 users defined in the 2 tables of the database, but only one of these works when I'm trying to connect with my ftp server. What can I do? Should I post some config files?

Thank you for help,
SkY`
check You /var/log/proftpd/proftpd.log if there is any info about it...

SkY`
1st June 2007, 00:43
I checked.
From the "client" I do this:
sky@Lara:~$ ftp 192.168.1.2
Connected to 192.168.1.2.
220 ProFTPD 1.3.0 Server (Debian) [192.168.1.2]
Name (192.168.1.2:sky): master
331 Password required for master.
Password:
530 Login incorrect.
Login failed.
And the log records:
May 31 23:40:00 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): FTP session opened.
May 31 23:40:03 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): mod_delay/0.5: delaying for 17195 usecs
May 31 23:40:07 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): PAM(master): User not known to the
underlying authentication module.
May 31 23:40:07 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): USER master (Login failed): No such user
found.
May 31 23:40:07 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): mod_delay/0.5: delaying for 261933 usecs

ShinnRa
1st June 2007, 02:12
This line explains everything:
May 31 23:40:07 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): USER master (Login failed): No such user
found.
it looks like you dont have user called "master" or you have it but in the db it contains whitespaces...

SkY`
1st June 2007, 19:01
Yes, but there is an user named 'master' in both the 'ftpquotalimits' and 'ftpuser' tables...

aquadraht
20th June 2007, 12:02
I configured my proftpd/mysql as described in the howto but now have the problem that ftp logins do not work.
As long as the Shell is set to "/sbin/nologin", login does not work. In debian etch /sbin/nologin does not exist, but /usr/sbin/nologin, changing the shell in mysql doesn't have an effect, changing it to /bin/false also not.
Only when I change the shell to /bin/bash the login works.

What am I doing wrong?

Regards,
a

falko
21st June 2007, 17:14
It seems that your Proftpd expects system users, not virtual users. Please make sure that your setup is exactly like the one from the tutorial (check for typos, etc.).

aquadraht
21st June 2007, 17:20
Dear Falko,

thanks for your reply. I couldn't find typos, I copied the config from the howto into my files. See my conf:


[root@jupiter ~]# cat /etc/proftpd/proftpd.conf
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

DefaultRoot ~
# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users groups


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost proftpd 3CL3BM7cVfuAzrJn


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID 500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_ avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_ out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_ xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_ used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit





Thanks,
a

falko
22nd June 2007, 14:29
And the MySQL username and password are correct?
Does the virtual user exist also as a system user?