Virtual Hosting With Proftpd And MySQL (Incl. Quota)

Hi everyone,

i used the howto to install proftpd with mysql support under fedora 4. i have mad all the entries and the login of the user to the appropriate directorys works fine BUT now the problem starts. if this users try to upload or create new folders or even delete files the error messages "permission denied" comes up.

what can i do against that?

Cheers

PM

 

Please post your /etc/proftpd.conf here.

 

Code:

# This is the ProFTPD configuration file
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $

ServerName			"ProFTPD server"
ServerIdent			on "FTP Server  Hamburg/Germany"
ServerAdmin			[email protected]
ServerType			standalone
DefaultServer			on
AccessGrantMsg			"User %u logged in."
#DisplayConnect			/etc/ftpissue
#DisplayLogin			/etc/ftpmotd
#DisplayGoAway			/etc/ftpgoaway
DeferWelcome			off


# Use pam to authenticate by default
PersistentPasswd   off
AuthPAMAuthoritative off

DefaultRoot			~ !adm
IdentLookups			off
UseReverseDNS			off
Port				21
Umask				022
ListOptions			"-a"

# See Configuration.html for these (here are the default values)
#MultilineRFC2228		off
#RootLogin			off
#LoginPasswordPrompt		on
#MaxLoginAttempts		3
#MaxClientsPerHost		none
#AllowForeignAddress		off	# For FXP

# Allow to resume not only the downloads but the uploads too
AllowRetrieveRestart		on
AllowStoreRestart		on

MaxInstances			20

User				ftp
Group				ftp

ScoreboardFile			/var/run/proftpd.score

# Normally, we want users to do a few things.
<Global>
  AllowOverwrite		yes
  <Limit ALL SITE_CHMOD>
    AllowAll
  </Limit>
</Global>

LogFormat			default	"%h %l %u %t \"%r\" %s %b"
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"

# TLS
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
#TLSEngine			on
#TLSRequired			on
#TLSRSACertificateFile		/usr/share/ssl/certs/proftpd.pem
#TLSRSACertificateKeyFile	/usr/share/ssl/certs/proftpd.pem
#TLSCipherSuite			ALL:!ADH:!DES
#TLSOptions			NoCertRequest
#TLSVerifyClient		off
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
#TLSLog				/var/log/proftpd/tls.log

# A basic anonymous configuration, with an upload directory.
#<Anonymous ~ftp>
#  User				ftp
#  Group				ftp
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
#
#  # We want clients to be able to login with "anonymous" as well as "ftp"
#  UserAlias			anonymous ftp
#
#  # Limit the maximum number of anonymous logins
#  MaxClients			10 "Sorry, max %m users -- try again later"
#
#  # Put the user into /pub right after login
#  #DefaultChdir			/pub
#
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
#  # each newly chdired directory and tell users to read README* files. 
#  DisplayLogin			/welcome.msg
#  DisplayFirstChdir		.message
#  DisplayReadme			README*
#
#  # Some more cosmetic and not vital stuff
#  DirFakeUser			on ftpadm
#  DirFakeGroup			on ftpadm
#
#  # Limit WRITE everywhere in the anonymous chroot
#  <Limit WRITE SITE_CHMOD>
#    DenyAll
#  </Limit>
#
#  # An upload directory that allows storing files but not retrieving
#  # or creating directories.
#  <Directory uploads/*>
#    AllowOverwrite		no
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>
#
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
#  WtmpLog			off
#
#  # Logging for the anonymous transfers
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
#
#</Anonymous>

# virtual www / ftp users configuration
# mysql settings for authentication
# Be sure to substitute your passord for PASSWORD
SQLAuthTypes                    Plaintext Crypt
SQLConnectInfo                  [email protected] proftpd pass
SQLUserInfo                     ftpuser userid passwd uid gid homedir shell
SQLGroupInfo                    ftpgroup groupname gid members
SQLMinID                        500
SQLHomedirOnDemand              on
SQLLog                          PASS updatecount
SQLNamedQuery                   updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog                          STOR,DELE modified
SQLNamedQuery                   modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
TimesGMT on

# User quotas
# uncomment the following section to enable user quotas
#QuotaEngine                    on
#QuotaDirectoryTally            on
#QuotaDisplayUnits              Mb
#QuotaShowQuotas                on
#SQLNamedQuery                  get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery                  get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
#SQLNamedQuery                  update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
#SQLNamedQuery                  insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
#QuotaLimitTable                        sql:/get-quota-limit
#QuotaTallyTable                        sql:/get-quota-tally/update-quota-tally/insert-quota-tally

 

Do the FTP directories in /home belong to ftpuser and ftpgroup?

 

Hi,

i am not sure - i think currently "apache" is the owner, how to change that?

Cheers
PM

 

Like this:

Code:

chown ftpuser:ftpgroup /path/to/directory

This would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run

Code:

chown -R ftpuser:ftpgroup /path/to/directory

 

Hi,
now this problem comes up:

Code:

Resolving host name domain.tld...
    Connecting to (domain.tld) ->  IP: XX.XX.XXX.X PORT: 21
    Connected to (domain.tld) -> Time = 31ms
    Socket connected waiting for login sequence.
220 FTP Server 
    USER user1
331 Password required for user1.
    PASS (hidden)
230 User user1 logged in.
    SYST
215 UNIX Type: L8
    FEAT
211-Features:
 MDTM
 REST STREAM
 SIZE
211 End
    PWD
257 "/" is current directory.
    CWD /domain.tld/log
250 CWD command successful
    PWD
257 "/domain.tld/log" is current directory.
    TYPE A
200 Type set to A
    PASV
227 Entering Passive Mode (xx,xx,xxx,xxx,156,106).
    Opening data connection IP: x,Xx,x,xx,156,106 PORT: 40042.
    Der Host war bei einem Socketvorgang nicht erreichbar.
    PORT 192,168,10,10,4,233
200 PORT command successful
    Opening data connection IP: 192.168.10.10 PORT: 1257.
    LIST -aL
150 Opening ASCII mode data connection for file list
    271 bytes received successfully. (271 B/s) (00:00:01).
226 Transfer complete.

What can i do against that socket problem?

Cheers
PM

 

Does this happen repeatedly? Did you try both active and passive mode?

 

Hi Falko,
i have changed the FTP Client (Smartftp) from passive mode to active mode. i have also changed the option "force server ip for pass mode" now it is going much faster. shoud I add any other directives to the proftpd conf file?

Thanks a lot
ciao
PM

 

In your FTP client or on the server?
Looks like the problem was caused by a firewall...

None that I know of...

I guess it's working now?

 

Hello,
I really love this howto guide!
One question about ownership.. What do i need to change in order to permanently change the ownership? Ive tryed to just change
"('exampleuser', '1', MD5('secret'), '2001', '2001', '/home/www.example.com',"

To
"('exampleuser', '1', MD5('secret'), '33', '33', '/home/www.example.com',"

But it didn't work. I mainly use this guide to run a webserver, and i often get ownership problems when installing CMS's like Joomla and such. I use Debian and want the ownership set to Apache.

 

I think I read somewhere that you cannot use user ids below 1000...

 

Thanks for your answer.

Ok, is there any other solution to my "problem" that dont include changing user/group settings in httpd.conf?

 

You could add the Apache user to the ftpgroup group and then change the umask in /etc/proftpd.conf to 002 so that all uploaded files are also writable for the group.

 

Ah crap, im running pure-ftpd
Ive looked up some information about umask in pure-ftpd, and it seems to be a bit pain in the a**..

Well thanks for your help anyways

 

Hello falko,
I switched to Virtual Hosting With Proftpd And MySQL (Incl. Quota), this time and im wondering about the stuff you said earlyer. My Linux knowledge is somewhat limited (still learning). What did you mean by adding Apache user to ftpgroup, was it the groupmod -G thing; or something else?

 

You can simply open /etc/group and add the Apache user to the ftp group.

 

Thanks Faklo
Ive added Apache to Ftpgroup now like this: ftpgroup:x:2001:www-data
One thing about Umask. There are two valuse to change:
Umask 022 022. Do i need to change both?

Thanks for your help Falko

 

Try

Code:

Umask 002 002

so that groups can write, too.

 

Super, it worked
My questions is like a never ending story When i used Pureftp i never had to wait to login, now with Proftpd it takes a while to login.. Any ideas?
I use Debian 3.1 (minimal install).

Edit:
I got the ftp problem sorted