Virtual Hosting With Proftpd And MySQL (Incl. Quota) - user/group issue

[shaft_manlike]

I've just upgraded by reinstalling my server at work from Ubuntu Dapper to Feisty

I previously had PureFTP/MySQL sep up working perfectly but wasn't happy about it using ftpuser/ftpgroup because the server default is www-data and so and php scripts which has been FTP'd up cannot create or change files.

So this time went through all the steps apart from creating ftpuser and ftp group and I just can't get it working

When I try to log in using Filezilla I get the following

Status: Connecting to 192.168.1.123 ...
Status: Connected with 192.168.1.123. Waiting for welcome message...
Response: 220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response: 220-You are user number 1 of 50 allowed.
Response: 220-Local time is now 16:25. Server port: 21.
Response: 220-This is a private system - No anonymous login
Response: 220-IPv6 connections are also welcome on this server.
Response: 220 You will be disconnected after 15 minutes of inactivity.
Command: USER firstuser
Response: 331 User firstuser OK. Password required
Command: PASS ******
Response: 530 Sorry, but I can't trust you
Error: Unable to connect!

This is the entry in the DB

+-----------+--------+----------------------------------+-----+-----+--------------------------+-------------+-------------+---------+----------+-----------+------------+
| User | status | Password | Uid | Gid | Dir | ULBandwidth | DLBandwidth | comment | ipaccess | QuotaSize | QuotaFiles |
+-----------+--------+----------------------------------+-----+-----+--------------------------+-------------+-------------+---------+----------+-----------+------------+
| firstuser | 1 | 5ebe2294ecd0e0f08eab7690d2a6ee69 | 33 | 33 | /var/www/apache2-default | 100 | 100 | | * | 50 | 0 |
+-----------+--------+----------------------------------+-----+-----+--------------------------+-------------+-------------+---------+----------+-----------+------------+
1 row in set (0.00 sec)

As you can see the gid and uid are 33 and the password is encrypted, I used md5

ish@officedev2:~$ sudo id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data)

ish@officedev2:~$ ls -l /var/www
total 4
drwxr-xr-x 2 www-data www-data 4096 2007-07-12 15:20 apache2-default

I'll put the contents of /etc/pure-ftpd/db/mysql.conf at the end. Any ideas?

##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################


# Optional : MySQL server name or IP. Don't define this for unix sockets.

# MYSQLServer 127.0.0.1


# Optional : MySQL port. Don't define this if a local unix socket is used.

# MYSQLPort 3306


# Optional : define the location of mysql.sock if the server runs on this host.

MYSQLSocket /var/run/mysqld/mysqld.sock


# Mandatory : user to bind the server as.

MYSQLUser pureftpd


# Mandatory : user password. You must have a password.

MYSQLPassword ftpdpass


# Mandatory : database to open.

MYSQLDatabase pureftpd


# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCrypt md5


# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.


# Query to execute in order to fetch the password

MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000


# Query to execute in order to fetch the system user group or gid

MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000


# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.

MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")


# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"


# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .

MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1


# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

# MySQLTransactions On

[shaft_manlike]

That should be PureFTP NOT ProFTP

[till]

Please check all pureftpd configuartion files if there is set a minimum uid somewhere like this:

MinUID 100

If you find it, set it to 33 as the userid of the www-data user is 33. If you do not find it, try to add:

MinUID 33

[shaft_manlike]

That made it worse, I now get

Status: Connecting to 192.168.1.123 ...
Error: Unable to connect!

[falko]

Any errors in your logs?

I think I read somewhere that the UID and GID must be above 1000, but I'm not sure...

[shaft_manlike]

Quote:

Originally Posted by falko

Any errors in your logs?

I think I read somewhere that the UID and GID must be above 1000, but I'm not sure...

I think you may be on to something.

This is what I get in my messages log when the Uid and Gid are 33

Jul 13 13:44:30 officedev2 pure-ftpd: (?@SHAFT.lan) [INFO] New connection from SHAFT.lan
Jul 13 13:44:30 officedev2 pure-ftpd: (?@SHAFT.lan) [WARNING] Can't login as [firstuser]: account disabled
Jul 13 13:44:34 officedev2 pure-ftpd: (?@SHAFT.lan) [INFO] Logout.


Then if I change them to 2001 (ftpuser and ftpgroup) and change nothing else I get

Jul 13 13:44:52 officedev2 pure-ftpd: (?@SHAFT.lan) [INFO] New connection from SHAFT.lan
Jul 13 13:44:52 officedev2 pure-ftpd: (?@SHAFT.lan) [INFO] firstuser is now logged in


Now this may be a really noobish question but is there a way I can change the uis and gid of existing users/groups?

Wouls there be any repercussions of doing that to www-data?