Virtual Hosting With Proftpd And MySQL (Incl. Quota)

[pontifex]

Hi everyone,

i used the howto to install proftpd with mysql support under fedora 4. i have mad all the entries and the login of the user to the appropriate directorys works fine BUT now the problem starts. if this users try to upload or create new folders or even delete files the error messages "permission denied" comes up.

what can i do against that?

Cheers

PM

[falko]

Please post your /etc/proftpd.conf here.

[pontifex]

Quote:

Originally Posted by falko

Please post your /etc/proftpd.conf here.

Code:

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"ProFTPD server"
ServerIdent			on "FTP Server  Hamburg/Germany"
ServerAdmin			test@test.de
ServerType			standalone
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off


# Use pam to authenticate by default
PersistentPasswd   off
AuthPAMAuthoritative off

DefaultRoot			~ !adm
IdentLookups			off
UseReverseDNS			off
Port				21
Umask				022
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

MaxInstances			20

User				ftp
Group				ftp

ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile	/usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir			/pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin			/welcome.msg
#  DisplayFirstChdir		.message
#  DisplayReadme			README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser			on ftpadm
#  DirFakeGroup			on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite		no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog			off
#
#  # Logging for the anonymous transfers
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

# virtual www / ftp users configuration
# mysql settings for authentication
# Be sure to substitute your passord for PASSWORD
SQLAuthTypes                    Plaintext Crypt
SQLConnectInfo                  ftp@localhost proftpd pass
SQLUserInfo                     ftpuser userid passwd uid gid homedir shell
SQLGroupInfo                    ftpgroup groupname gid members
SQLMinID                        500
SQLHomedirOnDemand              on
SQLLog                          PASS updatecount
SQLNamedQuery                   updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog                          STOR,DELE modified
SQLNamedQuery                   modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
TimesGMT on

# User quotas
# uncomment the following section to enable user quotas
#QuotaEngine                    on
#QuotaDirectoryTally            on
#QuotaDisplayUnits              Mb
#QuotaShowQuotas                on
#SQLNamedQuery                  get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery                  get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery                  update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
#SQLNamedQuery                  insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
#QuotaLimitTable                        sql:/get-quota-limit
#QuotaTallyTable                        sql:/get-quota-tally/update-quota-tally/insert-quota-tally

[falko]

Do the FTP directories in /home belong to ftpuser and ftpgroup?

[pontifex]

Quote:

Originally Posted by falko

Do the FTP directories in /home belong to ftpuser and ftpgroup?

Hi,

i am not sure - i think currently "apache" is the owner, how to change that?

Cheers
PM

[falko]

Like this:

Code:

chown ftpuser:ftpgroup /path/to/directory

This would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run

Code:

chown -R ftpuser:ftpgroup /path/to/directory

[pontifex]

Hi,
now this problem comes up:

Code:

Resolving host name domain.tld...
    Connecting to (domain.tld) ->  IP: XX.XX.XXX.X PORT: 21
    Connected to (domain.tld) -> Time = 31ms
    Socket connected waiting for login sequence.
220 FTP Server 
    USER user1
331 Password required for user1.
    PASS (hidden)
230 User user1 logged in.
    SYST
215 UNIX Type: L8
    FEAT
211-Features:
 MDTM
 REST STREAM
 SIZE
211 End
    PWD
257 "/" is current directory.
    CWD /domain.tld/log
250 CWD command successful
    PWD
257 "/domain.tld/log" is current directory.
    TYPE A
200 Type set to A
    PASV
227 Entering Passive Mode (xx,xx,xxx,xxx,156,106).
    Opening data connection IP: x,Xx,x,xx,156,106 PORT: 40042.
    Der Host war bei einem Socketvorgang nicht erreichbar.
    PORT 192,168,10,10,4,233
200 PORT command successful
    Opening data connection IP: 192.168.10.10 PORT: 1257.
    LIST -aL
150 Opening ASCII mode data connection for file list
    271 bytes received successfully. (271 B/s) (00:00:01).
226 Transfer complete.

What can i do against that socket problem?

Cheers
PM

[falko]

Does this happen repeatedly? Did you try both active and passive mode?

[pontifex]

Hi Falko,
i have changed the FTP Client (Smartftp) from passive mode to active mode. i have also changed the option "force server ip for pass mode" now it is going much faster. shoud I add any other directives to the proftpd conf file?

Thanks a lot
ciao
PM

[falko]

Quote:

Originally Posted by pontifex

i have also changed the option "force server ip for pass mode"

In your FTP client or on the server?
Looks like the problem was caused by a firewall...

Quote:

Originally Posted by pontifex

shoud I add any other directives to the proftpd conf file?

None that I know of...

I guess it's working now?