Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 4th August 2007, 15:18
geekman geekman is offline
Join Date: Sep 2006
Location: Sydney, Australia
Posts: 56
Thanks: 1
Thanked 10 Times in 10 Posts
Send a message via ICQ to geekman Send a message via MSN to geekman
Default Proftpd + MySQL virtual users, can't connect

Ok so I've had proftpd installed on my server for a fair few years now along with apache, I also have mysql 5 running on another server which all the websites use. The ftp server was running under the permissions of websites:websites. I've changed it to run as cpanel:cpanel (I'm currently looking at developing a custom control panel - I have tried ISPconfig and many others but considering I have multiple servers running the multiple required services and I want the ability to add multiple webservers for example then centrally manage them none have worked well - and thus the want to do with virtual users with MySQL so I can more easily manage users.) I originally had proftpd installed on its own, i removed and purged that with apt, I then installed proftpd-mysql. Apart from that I then Added the bits to mysql mentioned in the guide (http://www.howtoforge.com/proftpd_my...rtual_hosting), but instead telling it to run as cpanel:cpanel. Also, I am running ubuntu 6.10 on my webserver and my database server.

Here is my proftpd.conf file:
ServerName                      "::Uberhosting::"
ServerType                      standalone
DeferWelcome                    off

MultilineRFC2228                on
DefaultServer                   on
ShowSymlinks                    on

TimeoutNoTransfer               600
TimeoutStalled                  600
TimeoutIdle                     1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                     "-l"

DenyFilter                      \*.*/

# Port 21 is the standard FTP port.
Port                            21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                    49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            cpanel
Group                           cpanel

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd              off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile                   off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off

<IfModule mod_quota.c>
QuotaEngine on

<IfModule mod_ratio.c>
Ratios on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                                ftp
#   Group                               nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                   anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser on ftp
#   DirFakeGroup on ftp
#   RequireValidShell           off
#   # Limit the maximum number of anonymous logins
#   MaxClients                  10
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                        welcome.msg
#   DisplayFirstChdir           .message
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                           022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# </Anonymous>

# MySQL Config & Hardening
# ------------------------

DefaultRoot ~

# Lets speed up login time by disabling ident and dns lookup
UseReverseDNS off
IdentLookups off

# The passwords in MySQL are encrypted using CRYPT
# SQLAuthTypes            Plaintext Crypt
# SQLAuthenticate         users* groups*

# used to connect to the database
# databasename@host database_user user_password
# SQLConnectInfo  cpanel@ cpanel xxxxxxxx

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
# SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
# SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
# SQLMinID        500

# create a user's home directory on demand if it doesn't exist
# SQLHomedirOnDemand on

# Update count every time user logs in
# SQLLog PASS updatecount
# SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
# SQLLog  STOR,DELE modified
#SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
# QuotaEngine on
# QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off
I know I have all the mysql part commented out...just seeing if it would work without that and go back to system users, it doesn't IIRC. Also while i'm at it, where exactly would I need to add something to make it so that I could have a 'disabled' field and require that to be 0 in order to be able to login, possibly a link to documentation on the relevant MySQL directives?

Here is the modules.conf file:
# This file is used to manage DSO modules and features.

# This is the directory where DSO modules resides

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

#LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_sql.c
LoadModule mod_ldap.c
LoadModule mod_sql_mysql.c
LoadModule mod_sql_postgres.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_ldap.c
LoadModule mod_quotatab_sql.c
LoadModule mod_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c

# keep this module the last one
LoadModule mod_ifsession.c
Please look on to next post.

Last edited by geekman; 4th August 2007 at 15:24.
Reply With Quote
The Following User Says Thank You to geekman For This Useful Post:
alexeyttsy3922 (22nd June 2013)
Sponsored Links


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 16:11
SECRUTIY issue with Virtual hosting with Proftpd & Mysql snowfly HOWTO-Related Questions 4 9th July 2006 04:50
Virtual Hosting With Proftpd And MySQL Problems bigredgecko HOWTO-Related Questions 1 7th July 2006 12:56
Problem with Virtual Users And Domains With Postfix, Courier And MySQL Howto fenix Server Operation 4 11th March 2006 02:53
Another Problem: Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP bluegrass Installation/Configuration 24 8th March 2006 01:41

All times are GMT +2. The time now is 08:27.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.