ISPConfig 3 ProFTPd For Debian

1 Introduction

I'm a new user of ISPConfig and I've been playing with Linux for a few years now. My server is currently a VPS with OpenVZ and it won't allow me to run the default pureftpd that comes with ISPConfig, so I started looking into ProFTPd, and found that it wasn't very difficult to switch over to using it.

 

2 Pre-Installation

Please Note: This does not include quota support because my VPS does not support it. If you have any suggestions or ideas on how to improve this integration without having to modify ftp_user_edit.php in ISPConfig3 please let me know. These instructions were made running Debian 5.0 Lenny but should work the same for 6.0. For other Distributions these instructions may have to be modified slightly.

Also note: This process worked fine for me on a fresh server and ISPConfig 3 install. Using this on an existing server will require going in and editting/saving every ftp user that has been created, and may cause other issues. I may create a simple php script to do this automatically in the future. I am not responsible for any problems that may arise, so please use this AT YOUR OWN RISK.

 

3 Installation

Run

apt-get remove pure-ftpd-common pure-ftpd-mysql
apt-get install proftpd proftpd-mod-mysql

Run as standalone

 

Create Group & User

groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "proftpd user" -g ftpgroup ftpuser

 

4 Database Configuration

mysql -u root -p
Use dbispconfig

Run query: 

ALTER TABLE `ftp_user` ADD `shell` VARCHAR( 18 ) NOT NULL DEFAULT
'/sbin/nologin',
ADD `count` INT( 11 ) NOT NULL DEFAULT '0',
ADD `accessed` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
ADD `modified` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';
CREATE TABLE ftp_group (
groupname varchar(16) NOT NULL default '',
gid smallint(6) NOT NULL default '5500',
members varchar(16) NOT NULL default '',
KEY groupname (groupname)
) TYPE=MyISAM COMMENT='ProFTP group table';
INSERT INTO `ftp_group` (`groupname`, `gid`, `members`) VALUES
('ftpgroup', 2001, 'ftpuser');

 

5 ProFTPd Configuration

Edit /usr/local/ispconfig/interface/lib/config.inc.php:

nano /usr/local/ispconfig/interface/lib/config.inc.php

Find variable db_password.

Note password for later.

 

Edit /etc/proftpd/proftpd.conf

nano /etc/proftpd/proftpd.conf

Find:

#Include /etc/proftpd/sql.conf

Change to:

Include /etc/proftpd/sql.conf

 

Edit /etc/proftpd/sql.conf

nano /etc/proftpd/sql.conf

Erase all contents and replace with:

#
# Proftpd sample configuration for SQL-based authentication.
#
# (This is not to be used if you prefer a PAM-based SQL authentication)
#

<IfModule mod_sql.c>
DefaultRoot ~

SQLBackend mysql

# The passwords in MySQL are encrypted using CRYPT

SQLAuthTypes  Plaintext Crypt

SQLAuthenticate         users groups

# used to connect to the database
# [email protected] database_user user_password
SQLConnectInfo  [email protected] ispconfig _insertpasswordhere_

# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftp_user username password uid gid dir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"

# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftp_group groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        500

# create a user's home directory on demand if it doesn't exist
CreateHome off

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

RootLogin off

RequireValidShell off

</IfModule>


Be sure to change _insertpasswordhere_ to the password you retrieved from ISPConfig.

If your MySQL database is on another server, change localhost to represent your MySQL server.

 

Edit: /etc/proftpd/modules.conf

nano /etc/proftpd/modules.conf

Find:

#LoadModule mod_sql.c

Change to:

LoadModule mod_sql.c

Find:

#LoadModule mod_sql_mysql.c

Change to:

LoadModule mod_sql_mysql.c

Run:

/etc/init.d/proftpd restart

 

6 ISPConfig 3 Changes

Now we have to change one of the ispconfig files.  This isn't ideal, as if you upgrade to new version you'll lose the changes, but it is the only way to make proftpd work that I could find.

 

Edit /usr/local/ispconfig/interface/web/sites/ftp_user_edit.php

nano /usr/local/ispconfig/interface/web/sites/ftp_user_edit.php

Find:

$uid = $web["system_user"];
$gid = $web["system_group"];

Replace with:

$userinfo = posix_getpwnam($web["system_user"]);
$uid = $userinfo['uid'];
$gid = $userinfo['gid'];

Note: if you are currently logged into ISPConfig's web panel you have to log out before changes are registered on your machine.

Share this page:

3 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By: Anonymous
Reply  

Hi ! and thanks for that howto

(Sorry for my english.)

Just to add 2 things :

I'm on debian 7 wheezy and ISPconfig 3.0.5.3

I cant use .ftpacces to protect a folder from ftp user, so i what to switch to proftpd.

There is 2 things that i have to modify to make proftp work with ISPconfig :

1 -  In Database Configuration

The SQL query :

Find  "TYPE=MyISAM"
To "ENGINE=MyISAM"

2 - In  /etc/proftpd/sql.conf

Find :

 SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

To :

 SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE username='%u'" ftp_user


And it's work for me

By :)

By: Kihom
Reply  

Thanks for this howto. I had to change userid to username as well ... (ISPConfig 3.0.5)

sql.conf:SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE username='%u'" ftp_user

sql.conf:SQLNamedQuery modified UPDATE "modified=now() WHERE username='%u'" ftp_user


By:
Reply  



Change for Point 4.
You must create an Table in "DBISPCONFIG" Database with MySQL Events
DROP TABLE IF EXISTS `ftp_group`;
CREATE TABLE IF NOT EXISTS `ftp_group` (
 `groupname` varchar(16) NOT NULL DEFAULT '',
 `gid` smallint(6) NOT NULL DEFAULT '2001',
 `members` varchar(16) NOT NULL DEFAULT '',
 UNIQUE KEY `groupname_2` (`groupname`,`gid`,`members`),
 KEY `groupname` (`groupname`)

) ENGINE=MyISAM DEFAULT CHARSET=utf8;

DELIMITER $$

DROP EVENT `ftp-group`$$

CREATE DEFINER=`root`@`localhost` EVENT `ftp-group` ON SCHEDULE EVERY 1 HOUR STARTS CURRENT ON COMPLETION NOT PRESERVE ENABLE DO 
INSERT INTO `ftp_group`(`groupname`, `gid`, `members`) SELECT 'ftpgroup',2001,ftp_user.uid FROM `ftp_user`$$

DELIMITER ;

 you must extend the table "ftp_user" in "DBISPCONFIG" Database

alter table ftp_user add nuid int after gid;

alter table ftp_user add ngid int after nuid;
3. Change the SQL.CONF to this one



#

# Proftpd sample configuration for SQL-based authentication.

#

# (This is not to be used if you prefer a PAM-based SQL authentication)

#



</ifmodule mod_sql.c="">

DefaultRoot ~



SQLBackend mysql



# The passwords in MySQL are encrypted using CRYPT



SQLAuthTypes  Plaintext Crypt



SQLAuthenticate         users groups



# used to connect to the database

# [email protected] database_user user_password

SQLConnectInfo  [email protected] ispconfig _insertpasswordhere_



# Here we tell ProFTPd the names of the database columns in the "usertable"

# we want it to interact with. Match the names with those in the db

SQLUserInfo     ftp_user username password nuid ngid dir shell

SQLUserWhereClause "active = 'y' AND server_id = '1'"



# Here we tell ProFTPd the names of the database columns in the "grouptable"

# we want it to interact with. Again the names match with those in the db

SQLGroupInfo    ftp_group groupname gid members



# set min UID and GID - otherwise these are 999 each

SQLMinID        100



# create a user's home directory on demand if it doesn't exist

CreateHome off



RootLogin off



RequireValidShell off



</ifmodule>

Be sure to change _insertpasswordhere_ to the password you retrieved from ISPConfig.

If your MySQL database is on another server, change localhost to represent your MySQL server.

 

6 ISPConfig 3 Changes

Edit /usr/local/ispconfig/interface/web/sites/ftp_user_edit.php

nano /usr/local/ispconfig/interface/web/sites/ftp_user_edit.php

Find every:

$uid = $web["system_user"];
$gid = $web["system_group"];

Replace with:

$userinfo = posix_getpwnam($web["system_user"]);
$uid = $web["system_user"];
$gid = $web["system_group"];
$nuid = $userinfo['uid'];
$ngid = $userinfo['gid'];

Note: if you are currently logged into ISPConfig's web panel you have to log out before
 changes 

Find every:

$sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;

Replace with:

$sql = "UPDATE ftp_user SET server_id = $server_id, dir = '$dir', uid = '$uid', gid = '$gid', nuid = '$nuid', ngid = '$ngid', sys_groupid = '$sys_groupid' WHERE ftp_user_id = ".$this->id;

 Last STEPS:

You must an manually the uid and gid into the nuid and ngid.
Example:
User: web107 have uid -> 5013 
Group: client25 habe gid -> 5012
then is the nuid = 5013 and ngid = 5012