Virtual Hosting With Proftpd And MySQL (Incl. Quota)

Where do i find the setting for umask in pure-ftpd?

 

Have a look here: http://download.pureftpd.org/pub/pure-ftpd/doc/README
http://forums.macosxhints.com/archive/index.php/t-13827.html

 

Just to make sure that I understand correctly: if all I want the server to be used for is an FTP server (no mail, web or any other fancy stuff) all I need to install is apache2, PHP, MySQL, ProFTP and phpMyAdmin right?

And after that's set and done secure the server using some of the HowTos I can find here.

 

You only need ProFTPd and MySQL. Apache and PHP aren't needed at all, only if you want to install phpMyAdmin.

 

Hey there!

I´ve used the Virtual Hosting With PureFTPd And MySQL How to, to switch to virtual hosting.

Umm my thoughts are, how secure is it?
In fact, the user decides where the homepath will be, but if a user will get shell access he will be able to access all the pathes where ftpuser has access.
Any way to make it more secure? Or do we have to live with this?

THanks a lot, and a really nice How-To!

bye

-andreas w.

 

Virtual users cannot have shell access. Only system users can.

 

Hi!

Ummm the ftpuser is an system user.
The DB users are virual users, right, but they all use the ftpuser for acces i think. Every file which is uploaded is created with the user ftpuser.
And nearly any ftp tool shows you the owner of the uploaded ftp file.

That was my thoughts.

 

But then somebody would have to log in as the user ftpuser - and ftpuser should not have shell access.

 

Proftpd+mysql on Ubuntu Edgy

I follow the howto proftpd+mysql+quotes under ubuntu edgy and not work for me. if i run proftpd without mysql everything is ok but if i put the sql statments in proftpd.conf the server deny any connection.

Some help please..

 

Did you install the proftpd-mysql package?
Any errors in the log files?

 

Yes i installed the proftpd-mysql package.

A view of proftpd.log:

Code:

---
...
Feb 23 16:36:09 expertissues.org proftpd[24425] expertissues.org: ProFTPD killed (signal 15)
Feb 23 16:36:09 expertissues.org proftpd[24425] expertissues.org: ProFTPD 1.3.0 standalone mode SHUTDOWN
Feb 23 16:36:09 expertissues.org proftpd[24726] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:37:51 expertissues.org proftpd[25059] expertissues.org: error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:37:51 expertissues.org proftpd[25059] expertissues.org: ProFTPD 1.3.0 (stable) (built Wed Nov 29 02:01:20 UTC 2006) standalone mode STARTUP
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session opened.
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): USER fribeiro: Login successful.
Feb 23 16:41:30 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:42:06 expertissues.org proftpd[25166] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session opened.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): USER fribeiro: Login successful.
Feb 23 16:44:19 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): error setting IPV6_V6ONLY: Protocol not available
Feb 23 16:46:58 expertissues.org proftpd[25059] expertissues.org: ProFTPD killed (signal 15)
Feb 23 16:46:58 expertissues.org proftpd[25059] expertissues.org: ProFTPD 1.3.0 standalone mode SHUTDOWN
Feb 23 16:46:58 expertissues.org proftpd[25244] expertissues.org (3bs-filipe[::ffff:193.137.90.86]): FTP session closed.
Feb 23 16:47:00 expertissues.org proftpd[25339] expertissues.org: error setting IPV6_V6ONLY: Protocol not available
...
----end log----

Appreciate more directions..
Thanks for answer.

 

What's in /etc/proftpd.conf and /etc/hosts?

 

Restarting Proftpd:

Code:

root@expertissues:/# /etc/init.d/proftpd restart
 * Stopping ftp server proftpd                                           [ ok ] 
 * Starting ftp server proftpd                                                  
 - IPv6 getaddrinfo 'expertissues.org' error: Name or service not known
                                                                         [ ok ]

/etc/proftpd/proftpd.conf:

Code:

Include /etc/proftpd/modules.conf
ServerName			"3bs FTP Server"
ServerType			standalone
DeferWelcome			off
MultilineRFC2228		on
DefaultServer			on
ShowSymlinks			on
TimeoutNoTransfer		600
TimeoutStalled			600
TimeoutIdle			1200
DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                	"-l"
DenyFilter			\*.*/
Port				21
MaxInstances			30
User				proftpd
Group				nogroup
Umask				022  022
AllowOverwrite			on
TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>

<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

DefaultRoot ~
SQLAuthTypes            Plaintext Crypt
SQLAuthenticate         users* groups*
SQLConnectInfo  ftp@localhost proftpd *******
SQLUserInfo     ftpuser userid passwd uid gid homedir shell
SQLGroupInfo    ftpgroup groupname gid members
SQLMinID        500
SQLHomedirOnDemand on
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off

SQLNamedQuery gettally  SELECT "ROUND((bytes_in_used/1048576),2) FROM ftpquotatallies WHERE name='%u'"
SQLNamedQuery getlimit  SELECT "ROUND((bytes_in_avail/1048576),2) FROM ftpquotalimits WHERE name='%u'"
SQLNamedQuery getfree   SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1048576),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'"

SQLShowInfo   LIST    "226" "Used %{gettally}MB from %{getlimit}MB. You have %{getfree}MB available space."

Settings and modules

Code:

root@expertissues:/# proftpd --list
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_dso.c
  mod_auth_pam.c
  mod_readme.c
  mod_cap.c
  mod_ctrls.c
root@expertissues:/# proftpd -V
Compile-time Settings:
  Version: 1.3.0
  Platform: LINUX
  Built With:
    configure linux gnu

  Files:
    Configuration File:
      /etc/proftpd/proftpd.conf
    Pid File:
      /var/run/proftpd.pid
    Scoreboard File:
      /var/run/proftpd/proftpd.scoreboard
    Shared Module Directory:
      /usr/lib/proftpd

  Features:
    + Autoshadow support
    + Controls support
    + curses support
    - Developer support
    + DSO support
    + IPv6 support
    + Largefile support
    + ncurses support
    + POSIX ACL support
    + Shadow file support
    + Sendfile support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_GLOBBING_MAX = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_RCVBUFSZ = 8192
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_SNDBUFSZ = 8192
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 180
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_BUFFER_SIZE = 1024
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

/etc/hosts:

Code:

127.0.0.1 localhost.localdomain localhost
193.137.90.78 expertissues.org expertissues

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts                   

 

Please modify /etc/hosts to:

Code:

127.0.0.1 localhost.localdomain localhost
193.137.90.78 expertissues.org expertissues

# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts 

and restart Proftpd.

 

Don't work.

With me this howto on ubuntu doesn't work.

Pureftpd it's fine.

Thanks for your time.

 

aghhh

I followed the guide, but it doesn't work.

Here is configuration file for proftpd.conf:

PHP:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
# 

# Includes DSO modules
Include /etc/proftpd/modules.conf

ServerName            "Debian"
ServerType            standalone
DeferWelcome            off

MultilineRFC2228        on
DefaultServer            on
ShowSymlinks            on

TimeoutNoTransfer        600
TimeoutStalled            600
TimeoutIdle            1200

DisplayLogin                    welcome.msg
DisplayFirstChdir               .message
ListOptions                    "-l"

DenyFilter            \*.*/

# Port 21 is the standard FTP port.
Port                1980


# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                    49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances            30

# Set the user and group that the server normally runs at.
User                proftpd
Group                ftpgroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                022  022
# Normally, we want files to be overwriteable.
AllowOverwrite            on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd        off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile            off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default. 
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        on
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                ftp
#   Group                nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias            anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser    on ftp
#   DirFakeGroup on ftp
# 
#   RequireValidShell        off
# 
#   # Limit the maximum number of anonymous logins
#   MaxClients            10
# 
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin            welcome.msg
#   DisplayFirstChdir        .message
# 
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
#     <Limit WRITE>
#       DenyAll
#     </Limit>
#   </Directory>
# 
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
#   #   Umask                022  022
#   #            <Limit READ WRITE>
#   #            DenyAll
#   #            </Limit>
#   #            <Limit STOR>
#   #            AllowAll
#   #            </Limit>
#   # </Directory>
# 
# </Anonymous>



DefaultRoot ~


# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes            Plaintext Crypt
SQLAuthenticate         users* groups*


# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo  ftp@localhost proftpd password


# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo     ftpuser userid passwd uid gid homedir shell

# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo    ftpgroup groupname gid members

# set min UID and GID - otherwise these are 999 each
SQLMinID        500

# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on

# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# Update modified everytime user uploads or deletes a file
SQLLog  STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on

SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"

SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies

SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies

QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally

RootLogin off
RequireValidShell off


Here is my proftpd.log:

PHP:

Mar 17 10:28:57 misak-linux proftpd[29523] misak-linux: ProFTPD killed (signal 15)
Mar 17 10:28:57 misak-linux proftpd[29523] misak-linux: ProFTPD 1.3.0 standalone mode SHUTDOWN
Mar 17 10:28:59 misak-linux proftpd[30185] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:28:59 misak-linux proftpd[30185] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:29:14 misak-linux proftpd[30198] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:31:19 misak-linux proftpd[30304] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:31:19 misak-linux proftpd[30304] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:32:59 misak-linux proftpd[30410] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:32:59 misak-linux proftpd[30410] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:33:31 misak-linux proftpd[30462] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:33:31 misak-linux proftpd[30462] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:40:13 misak-linux proftpd[30691] misak-linux: Failed binding to 0.0.0.0, port 1980: Address already in use
Mar 17 10:40:13 misak-linux proftpd[30691] misak-linux: Check the ServerType directive to ensure you are configured correctly.
Mar 17 10:40:21 misak-linux proftpd[30701] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:42:21 misak-linux proftpd[30756] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:44:21 misak-linux proftpd[30805] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.
Mar 17 10:46:21 misak-linux proftpd[30864] misak-linux (89-212-114-175.dynamic.dsl.t-2.net[89.212.114.175]): FTP session closed.


I know something is wrong. Please help me. I had no problems with installing proftpd with virtual users. When i followed the guide i didn't change password to something else and i used for proftpd user password 'password'. In mysql i have created everything and is ok there.

Hmm...

 

What's the output of

Code:

netstat -tap

and

Code:

ifconfig

?

 

I use Ubuntu 6.06.1 LTS

Same problems here. If I use mysql config proftpd does not work.
Strange thing is that netstat shows

Code:

tcp        0      0 localhost:mysql         *:*                     LISTEN
tcp        0      0 localhost:7634          *:*                     LISTEN
tcp        0      0 *:ftp                   *:*                     LISTEN

This should be ok.

strange thing this virtual proftpd

 

This is an old thread. What exactly is the problem? Are there any errors in your logs?

 

Never mind. I remove proftpd and now i'm using vsftpd.


tnx any way