Virtual Hosting With Proftpd And MySQL (Incl. Quota)

Discussion in 'HOWTO-Related Questions' started by pontifex, Feb 26, 2006.

  1. pontifex

    pontifex New Member

    Hi everyone,

    i used the howto to install proftpd with mysql support under fedora 4. i have mad all the entries and the login of the user to the appropriate directorys works fine BUT now the problem starts. if this users try to upload or create new folders or even delete files the error messages "permission denied" comes up.

    what can i do against that?

    Cheers

    PM
     
  2. falko

    falko Super Moderator Howtoforge Staff

    Please post your /etc/proftpd.conf here.
     
  3. pontifex

    pontifex New Member



    Code:
    # This is the ProFTPD configuration file
    # $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
    
    ServerName			"ProFTPD server"
    ServerIdent			on "FTP Server  Hamburg/Germany"
    ServerAdmin			[email protected]
    ServerType			standalone
    DefaultServer			on
    AccessGrantMsg			"User %u logged in."
    #DisplayConnect			/etc/ftpissue
    #DisplayLogin			/etc/ftpmotd
    #DisplayGoAway			/etc/ftpgoaway
    DeferWelcome			off
    
    
    # Use pam to authenticate by default
    PersistentPasswd   off
    AuthPAMAuthoritative off
    
    DefaultRoot			~ !adm
    IdentLookups			off
    UseReverseDNS			off
    Port				21
    Umask				022
    ListOptions			"-a"
    
    # See Configuration.html for these (here are the default values)
    #MultilineRFC2228		off
    #RootLogin			off
    #LoginPasswordPrompt		on
    #MaxLoginAttempts		3
    #MaxClientsPerHost		none
    #AllowForeignAddress		off	# For FXP
    
    # Allow to resume not only the downloads but the uploads too
    AllowRetrieveRestart		on
    AllowStoreRestart		on
    
    MaxInstances			20
    
    User				ftp
    Group				ftp
    
    ScoreboardFile			/var/run/proftpd.score
    
    # Normally, we want users to do a few things.
    <Global>
      AllowOverwrite		yes
      <Limit ALL SITE_CHMOD>
        AllowAll
      </Limit>
    </Global>
    
    LogFormat			default	"%h %l %u %t \"%r\" %s %b"
    LogFormat			auth	"%v [%P] %h %t \"%r\" %s"
    
    # TLS
    # Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
    #TLSEngine			on
    #TLSRequired			on
    #TLSRSACertificateFile		/usr/share/ssl/certs/proftpd.pem
    #TLSRSACertificateKeyFile	/usr/share/ssl/certs/proftpd.pem
    #TLSCipherSuite			ALL:!ADH:!DES
    #TLSOptions			NoCertRequest
    #TLSVerifyClient		off
    ##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
    #TLSLog				/var/log/proftpd/tls.log
    
    # A basic anonymous configuration, with an upload directory.
    #<Anonymous ~ftp>
    #  User				ftp
    #  Group				ftp
    #  AccessGrantMsg		"Anonymous login ok, restrictions apply."
    #
    #  # We want clients to be able to login with "anonymous" as well as "ftp"
    #  UserAlias			anonymous ftp
    #
    #  # Limit the maximum number of anonymous logins
    #  MaxClients			10 "Sorry, max %m users -- try again later"
    #
    #  # Put the user into /pub right after login
    #  #DefaultChdir			/pub
    #
    #  # We want 'welcome.msg' displayed at login, '.message' displayed in
    #  # each newly chdired directory and tell users to read README* files. 
    #  DisplayLogin			/welcome.msg
    #  DisplayFirstChdir		.message
    #  DisplayReadme			README*
    #
    #  # Some more cosmetic and not vital stuff
    #  DirFakeUser			on ftpadm
    #  DirFakeGroup			on ftpadm
    #
    #  # Limit WRITE everywhere in the anonymous chroot
    #  <Limit WRITE SITE_CHMOD>
    #    DenyAll
    #  </Limit>
    #
    #  # An upload directory that allows storing files but not retrieving
    #  # or creating directories.
    #  <Directory uploads/*>
    #    AllowOverwrite		no
    #    <Limit READ>
    #      DenyAll
    #    </Limit>
    #
    #    <Limit STOR>
    #      AllowAll
    #    </Limit>
    #  </Directory>
    #
    #  # Don't write anonymous accesses to the system wtmp file (good idea!)
    #  WtmpLog			off
    #
    #  # Logging for the anonymous transfers
    #  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
    #  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
    #
    #</Anonymous>
    
    # virtual www / ftp users configuration
    # mysql settings for authentication
    # Be sure to substitute your passord for PASSWORD
    SQLAuthTypes                    Plaintext Crypt
    SQLConnectInfo                  ftp@localhost proftpd pass
    SQLUserInfo                     ftpuser userid passwd uid gid homedir shell
    SQLGroupInfo                    ftpgroup groupname gid members
    SQLMinID                        500
    SQLHomedirOnDemand              on
    SQLLog                          PASS updatecount
    SQLNamedQuery                   updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
    SQLLog                          STOR,DELE modified
    SQLNamedQuery                   modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
    TimesGMT on
    
    # User quotas
    # uncomment the following section to enable user quotas
    #QuotaEngine                    on
    #QuotaDirectoryTally            on
    #QuotaDisplayUnits              Mb
    #QuotaShowQuotas                on
    #SQLNamedQuery                  get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
    #SQLNamedQuery                  get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
    #SQLNamedQuery                  update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
    #SQLNamedQuery                  insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
    #QuotaLimitTable                        sql:/get-quota-limit
    #QuotaTallyTable                        sql:/get-quota-tally/update-quota-tally/insert-quota-tally
    
    
    
    
     
  4. falko

    falko Super Moderator Howtoforge Staff

    Do the FTP directories in /home belong to ftpuser and ftpgroup?
     
  5. pontifex

    pontifex New Member

    Hi,

    i am not sure - i think currently "apache" is the owner, how to change that?

    Cheers
    PM
     
  6. falko

    falko Super Moderator Howtoforge Staff

    Like this:
    Code:
    chown ftpuser:ftpgroup /path/to/directory
    This would change the ownership of that directory only. If you also want to change the ownership of the files and directories that are in that directory, you'd run

    Code:
    chown -R ftpuser:ftpgroup /path/to/directory
     
  7. pontifex

    pontifex New Member

    Hi,
    now this problem comes up:

    Code:
    Resolving host name domain.tld...
        Connecting to (domain.tld) ->  IP: XX.XX.XXX.X PORT: 21
        Connected to (domain.tld) -> Time = 31ms
        Socket connected waiting for login sequence.
    220 FTP Server 
        USER user1
    331 Password required for user1.
        PASS (hidden)
    230 User user1 logged in.
        SYST
    215 UNIX Type: L8
        FEAT
    211-Features:
     MDTM
     REST STREAM
     SIZE
    211 End
        PWD
    257 "/" is current directory.
        CWD /domain.tld/log
    250 CWD command successful
        PWD
    257 "/domain.tld/log" is current directory.
        TYPE A
    200 Type set to A
        PASV
    227 Entering Passive Mode (xx,xx,xxx,xxx,156,106).
        Opening data connection IP: x,Xx,x,xx,156,106 PORT: 40042.
        Der Host war bei einem Socketvorgang nicht erreichbar.
        PORT 192,168,10,10,4,233
    200 PORT command successful
        Opening data connection IP: 192.168.10.10 PORT: 1257.
        LIST -aL
    150 Opening ASCII mode data connection for file list
        271 bytes received successfully. (271 B/s) (00:00:01).
    226 Transfer complete.
    
    What can i do against that socket problem?

    Cheers
    PM
     
  8. falko

    falko Super Moderator Howtoforge Staff

    Does this happen repeatedly? Did you try both active and passive mode?
     
  9. pontifex

    pontifex New Member

    Hi Falko,
    i have changed the FTP Client (Smartftp) from passive mode to active mode. i have also changed the option "force server ip for pass mode" now it is going much faster. shoud I add any other directives to the proftpd conf file?

    Thanks a lot
    ciao
    PM
     
  10. falko

    falko Super Moderator Howtoforge Staff

    In your FTP client or on the server?
    Looks like the problem was caused by a firewall...

    None that I know of...

    I guess it's working now?
     
  11. mtpocket

    mtpocket New Member

    Hello,
    I really love this howto guide!
    One question about ownership.. What do i need to change in order to permanently change the ownership? Ive tryed to just change
    "('exampleuser', '1', MD5('secret'), '2001', '2001', '/home/www.example.com',"

    To
    "('exampleuser', '1', MD5('secret'), '33', '33', '/home/www.example.com',"

    But it didn't work. I mainly use this guide to run a webserver, and i often get ownership problems when installing CMS's like Joomla and such. I use Debian and want the ownership set to Apache.
     
    Last edited: May 3, 2006
  12. falko

    falko Super Moderator Howtoforge Staff

    I think I read somewhere that you cannot use user ids below 1000...
     
  13. mtpocket

    mtpocket New Member

    Thanks for your answer.

    Ok, is there any other solution to my "problem" that dont include changing user/group settings in httpd.conf?
     
  14. falko

    falko Super Moderator Howtoforge Staff

    You could add the Apache user to the ftpgroup group and then change the umask in /etc/proftpd.conf to 002 so that all uploaded files are also writable for the group.
     
  15. mtpocket

    mtpocket New Member

    Ah crap, im running pure-ftpd :p
    Ive looked up some information about umask in pure-ftpd, and it seems to be a bit pain in the a**..

    Well thanks for your help anyways :)
     
  16. mtpocket

    mtpocket New Member

    Hello falko,
    I switched to Virtual Hosting With Proftpd And MySQL (Incl. Quota), this time and im wondering about the stuff you said earlyer. My Linux knowledge is somewhat limited (still learning). What did you mean by adding Apache user to ftpgroup, was it the groupmod -G thing; or something else?
     
  17. falko

    falko Super Moderator Howtoforge Staff

    You can simply open /etc/group and add the Apache user to the ftp group.
     
  18. mtpocket

    mtpocket New Member

    Thanks Faklo :)
    Ive added Apache to Ftpgroup now like this: ftpgroup:x:2001:www-data
    One thing about Umask. There are two valuse to change:
    Umask 022 022. Do i need to change both?

    Thanks for your help Falko :)
     
  19. falko

    falko Super Moderator Howtoforge Staff

    Try
    Code:
    Umask 002 002
    so that groups can write, too. :)
     
  20. mtpocket

    mtpocket New Member

    Super, it worked :D
    My questions is like a never ending story ;) When i used Pureftp i never had to wait to login, now with Proftpd it takes a while to login.. Any ideas?
    I use Debian 3.1 (minimal install).

    Edit:
    I got the ftp problem sorted :)
     
    Last edited: Jun 2, 2006

Share This Page