The Perfect Server - OpenSUSE 10.3 (32-bit) - Page 6

12 Proftpd

I want to use Proftpd instead of vsftpd which is SUSE's default FTP server because the control panel software I am going to install on this server (ISPConfig) requires Proftpd on OpenSUSE 10.3 (on other distributions this is different). Since there are no OpenSUSE packages for Proftpd I have to compile it manually:

cd /tmp/
wget --passive-ftp
tar xvfz proftpd-1.3.1rc3.tar.gz
cd proftpd-1.3.1rc3/
./configure --sysconfdir=/etc
make install
cd ..
rm -fr proftpd-1.3.1rc3*

Now create the file /etc/init.d/proftpd:

vi /etc/init.d/proftpd

#! /bin/sh
# Copyright (c) 2000-2001 SuSE GmbH Nuernberg, Germany.
# All rights reserved.
# Original author: Marius Tomaschewski <>
# Slightly modified in 2003 for use with SuSE Linux 8.1,
# by
# Slightly modified in 2005 for use with SuSE Linux 9.2,
# by Falko Timme
# /etc/init.d/proftpd
# Provides:                proftpd
# Required-Start:        $network $remote_fs $syslog $named
# Required-Stop:
# Default-Start:        3 5
# Default-Stop:        0 1 2 6
# Description:                Starts ProFTPD server

# Determine the base and follow a runlevel link name.

# Force execution if not called by a runlevel directory.
test $link = $base && START_PROFTPD=yes  # Modified by
test "$START_PROFTPD" = yes || exit 0    # Modified by

# Return values acc. to LSB for all commands but
# status (see below):
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running


[ -r $proftpd_cfg ] || exit 6
[ -x $proftpd_bin ] || exit 5

# Source status functions
. /etc/rc.status

# First reset status of this service

case "$1" in
  echo -n "Starting ProFTPD Server: "
  test -f /etc/shutmsg && rm -f /etc/shutmsg
  /sbin/startproc $proftpd_bin
  rc_status -v

  echo -n "Shutting down ProFTPD Server: "
  test -x /usr/local/sbin/ftpshut && /usr/local/sbin/ftpshut now && sleep 1
  /sbin/killproc -TERM $proftpd_bin
  test -f /etc/shutmsg && rm -f /etc/shutmsg
  rc_status -v

  ## If first returns OK call the second, if first or
  ## second command fails, set echo return value.
  $0 stop
  $0 start

  ## Stop the service and if this succeeds (i.e. the
  ## service was running before), start it again.
  ## Note: not (yet) part of LSB (as of 0.7.5)
  $0 status >/dev/null &&  $0 restart

  ## Exclusive possibility: Some services must be stopped
  ## and started to force a new load of the configuration.
  echo -n "Reload ProFTPD Server: "
  /sbin/killproc -HUP $proftpd_bin
  rc_status -v

  # Status has a slightly different for the status command:
  # 0 - service running
  # 1 - service dead, but /var/run/  pid  file exists
  # 2 - service dead, but /var/lock/ lock file exists
  # 3 - service not running
  echo -n "Checking for ProFTPD Server: "
  checkproc $proftpd_bin
  rc_status -v

  ## Optional: Probe for the necessity of a reload,
  ## give out the argument which is required for a reload.
  [ $proftpd_cfg -nt $proftpd_pid ] && echo reload

  echo "Usage: $0 {start|stop|status|restart|reload|try-restart|probe}"
  exit 1

# Set an exit status.

Then run

chmod 755 /etc/init.d/proftpd
chkconfig --add proftpd

Start Proftpd:

/etc/init.d/proftpd start

For security reasons you can add the following lines to /etc/proftpd.conf:

vi /etc/proftpd.conf

DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server ready."

Be sure to comment out the following lines in order to allow ftp users to CHMOD:

# Bar use of SITE CHMOD by default
#  DenyAll

and restart Proftpd:

/etc/init.d/proftpd restart


13 Webalizer

To install webalizer, just run

yast2 -i webalizer


14 Synchronize the System Clock

If you want to have the system clock synchronized with an NTP server do the following:

yast2 -i xntp

Then add system startup links for ntp and start ntp:

chkconfig --add ntp
/etc/init.d/ntp start


15 Install some Perl Modules needed by SpamAssassin (comes with ISPConfig)


yast2 -i perl-HTML-Parser perl-Net-DNS perl-Digest-SHA1


16 Disable AppArmor

AppArmor is a security extension of SUSE (similar to Fedora's SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).

We can disable it like this:

/etc/init.d/boot.apparmor stop
chkconfig -d boot.apparmor


17 The End

The configuration of the server is now finished, and if you wish you can now install ISPConfig on it, following these instructions:


17.1 A Note On SuExec

If you want to run CGI scripts under suExec, you should specify /srv/www as the web root for websites created by ISPConfig as SUSE's suExec is compiled with /srv/www as Doc_Root. Run

/usr/sbin/suexec2 -V

and the output should look like this:

server1:~ # /usr/sbin/suexec2 -V
 -D AP_DOC_ROOT="/srv/www"
 -D AP_HTTPD_USER="wwwrun"
 -D AP_LOG_EXEC="/var/log/apache2/suexec.log"
 -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin"
 -D AP_USERDIR_SUFFIX="public_html"
server1:~ #

So if you want to use suExec with ISPconfig, don't change the default web root (which is /srv/www) if you use expert mode during the ISPConfig installation (in standard mode you can't change the web root anyway so you'll be able to use suExec in any case).


18 Links

Share this page:

1 Comment(s)

Add comment


From: sky at: 2009-12-27 00:50:17

Next we configure Postfix for SMTP-AUTH and TLS:

gedit /etc/postfix/

and go to the bottom page file, and figure it