Virtual Hosting With vsftpd And MySQL On Debian Etch
Author: Falko Timme
Vsftpd is one of the most secure and fastest FTP servers for Linux. Usually vsftpd is configured to work with system users. This document describes how to install a vsftpd server that uses virtual users from a MySQL database instead of real system users. This is much more performant and allows to have thousands of ftp users on a single machine.
For the administration of the MySQL database you can use web based tools like phpMyAdmin which will also be installed in this howto. phpMyAdmin is a comfortable graphical interface which means you do not have to mess around with the command line.
This tutorial is based on Debian Etch (Debian 4.0). You should already have set up a basic Debian Etch system, as described in the first six chapters of this tutorial: http://www.howtoforge.com/perfect_setup_debian_etch
This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They are treated in a lot of other documents in the web.
This document comes without warranty of any kind! I want to say that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
1 Preliminary Note
In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.
2 Install vsftpd, MySQL And phpMyAdmin
Vsftpd has no built-in MySQL support, therefore we must use PAM to authenticate against the MySQL database. So we install libpam-mysql in addition to vsftpd, MySQL, and phpMyAdmin:
apt-get install vsftpd libpam-mysql mysql-server mysql-client phpmyadmin
Create a password for the MySQL user root (replace yourrootsqlpassword with the password you want to use):
mysqladmin -u root password yourrootsqlpassword
Then check with
netstat -tap | grep mysql
on which addresses MySQL is listening. If the output looks like this:
tcp 0 0 localhost.localdo:mysql *:* LISTEN 2713/mysqld
which means MySQL is listening on localhost.localdomain only, then you're safe with the password you set before. But if the output looks like this:
tcp 0 0 *:mysql *:* LISTEN 2713/mysqld
you should set a MySQL password for your hostname, too, because otherwise anybody can access your database and modify data:
mysqladmin -h server1.example.com -u root password yourrootsqlpassword
3 Create The MySQL Database For vsftpd
Now we create a database called vsftpd and a MySQL user named vsftpd which the vsftpd daemon will use later on to connect to the vsftpd database:
mysql -u root -p
CREATE DATABASE vsftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
Replace the string ftpdpass with whatever password you want to use for the MySQL user vsftpd. Still on the MySQL shell, we create the database table we need (yes, there is only one table!):
CREATE TABLE `accounts` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 30 ) NOT NULL ,
`pass` VARCHAR( 50 ) NOT NULL ,
) ENGINE = MYISAM ;
As you may have noticed, with the quit; command we have left the MySQL shell and are back on the Linux shell.
BTW, (I'm assuming that the hostname of your ftp server system is server1.example.com) you can access phpMyAdmin under http://server1.example.com/phpmyadmin/ (you can also use the IP address instead of server1.example.com) in a browser and log in as the user vsftpd. Then you can have a look at the database. Later on you can use phpMyAdmin to administrate your vsftpd server.