Very nice tutorial, everything works fine. Thanks for that. Is there a possibility to use apache's mod_userdir with the virtual users? It only works here, if the user is present in /etc/passwd so long.
i've done everythin with this howto but when i type Code: ftp localhost i got such response: Code: root@rei:/home/dawid# ftp localhost Connected to localhost.localdomain. 421 Service not available, remote server has closed connection ftp> quit and here is my proftpd.log: Code: root@rei:/var/log/proftpd# tail proftpd.log May 23 20:31:24 xxxxxxxxxxxxxx proftpd[4004] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN May 23 20:38:53 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP May 24 01:33:50 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD killed (signal 15) May 24 01:33:50 xxxxxxxxxxxxxx proftpd[2755] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN May 25 07:27:36 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP May 25 08:17:55 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD killed (signal 15) May 25 08:17:55 xxxxxxxxxxxxxx proftpd[2706] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN May 25 08:17:58 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP May 25 10:26:35 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD killed (signal 15) May 25 10:26:35 xxxxxxxxxxxxxx proftpd[2935] xxxxxxxxxxxxxx: ProFTPD 1.3.0 standalone mode SHUTDOWN
I got the same problem. this is my hosts file Code: vz6:/var/log# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost # The following lines are desirable for IPv6 capable hosts # (added automatically by netbase upgrade) ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts and this is my proftpd.conf: Code: # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Port 21 is the standard FTP port. Port 21 MaxInstances 30 # Set the user and group that the server normally runs at. User ftpuser Group ftpgroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP to retrieve passwords: # PersistentPasswd off # Be warned: use of this directive impacts CPU average load! # # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> ## Configurazione per virtualhost DefaultRoot ~ # The passwords in MySQL are encrypted using CRYPT SQLAuthTypes Plaintext Crypt SQLAuthenticate users* groups* # used to connect to the database # databasename@host database_user user_password SQLConnectInfo ftp@localhost proftpd password # Here we tell ProFTPd the names of the database columns in the "usertable" # we want it to interact with. Match the names with those in the db SQLUserInfo ftpuser userid passwd uid gid homedir shell # Here we tell ProFTPd the names of the database columns in the "grouptable" # we want it to interact with. Again the names match with those in the db SQLGroupInfo ftpgroup groupname gid members # set min UID and GID - otherwise these are 999 each SQLMinID 500 # create a user's home directory on demand if it doesn't exist SQLHomedirOnDemand on # Update count every time user logs in SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser # Update modified everytime user uploads or deletes a file SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser # User quotas # =========== QuotaEngine on QuotaDirectoryTally on QuotaDisplayUnits Mb QuotaShowQuotas on SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally RootLogin off RequireValidShell off any help? Thanks
Can you add a line for your hostname to /etc/hosts (like Code: 192.168.0.100 server1.example.com server1 )? What's the output of Code: netstat -tap ?
Code: vz6:~# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:ftp *:* LISTEN 1951/proftpd: (acce tcp 0 0 *:smtp *:* LISTEN 1398/smtpd tcp 0 0 localhost.localdo:10024 *:* LISTEN 21947/smtpd tcp 0 0 localhost.localdo:mysql *:* LISTEN - tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:1221 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:64731 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 84.126.213.136.dyn:4975 CLOSE_WAIT - tcp 0 0 localhost.localdo:60629 localhost.localdo:mysql ESTABLISHED8141/proxymap tcp 0 0 localhost.localdo:60630 localhost.localdo:mysql ESTABLISHED8141/proxymap tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:4591 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 219.83.23.69:4031 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:4911 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:3985 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 59.152.161.66:2516 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:2294 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:1082 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4837 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:61425 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:3503 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.1:ftp host33-158-dynami:50992 TIME_WAIT - tcp 0 0 reverse.69.12.222.:smtp dsl-189-163-151-12:1982 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp 84.126.213.136.dyn:6226 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:3620 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp p54BDA476.dip0.t-:63890 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 84.122.192.149.dyn:1068 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:3449 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 201.47.44.162.adsl:1971 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp a83-132-203-183.cp:1259 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4504 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp mail2.edisontel.c:54952 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp dsl-189-148-11-226:2141 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:2677 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:4265 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:4241 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:1429 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:4504 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:34174 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl88-244-48075.tt:1884 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl-189-132-247-46:3439 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp host-205-241-35-1:60550 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp 59.152.161.66:3158 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp executives-unlimit:1929 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp CPE-65-27-32-14.kc:4911 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:51018 CLOSE_WAIT 1398/smtpd tcp 1 0 reverse.69.12.222.:smtp pool-72-76-99-72.:50539 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 87.119.86.227:4406 CLOSE_WAIT - tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:2309 ESTABLISHED- tcp 0 0 reverse.69.12.222.:smtp catv-5984887d.catv:2309 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp smtp-out2.libero.:42549 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl-189-163-151-12:4444 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 20119188003.user.v:3011 CLOSE_WAIT - tcp 1 0 localhost.localdo:10024 localhost.localdo:43516 CLOSE_WAIT - tcp 0 0 localhost.localdo:mysql localhost.localdo:60630 ESTABLISHED- tcp 1 0 localhost.localdo:10024 localhost.localdo:43517 CLOSE_WAIT - tcp 0 0 localhost.localdo:mysql localhost.localdo:60629 ESTABLISHED- tcp 1 0 reverse.69.12.222.:smtp 201.47.44.162.adsl:2867 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp 87.119.86.227:4436 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp chello062178038076:4745 CLOSE_WAIT - tcp 1 0 reverse.69.12.222.:smtp dsl88-244-48075.tt:1334 CLOSE_WAIT - tcp6 0 0 *:www *:* LISTEN 21630/apache2 tcp6 0 0 *:ssh *:* LISTEN 30370/sshd tcp6 0 0 *:imaps *:* LISTEN 9488/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 24133/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 24035/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 9414/couriertcpd tcp6 0 2736 reverse.69.12.222.1:ssh host33-158-dynami:50982 ESTABLISHED26524/0
And thi is my /etc/hosts Code: root@rei:/etc/proftpd# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost #192.168.0.128 rei.ayanami.eu rei 83.144.100.57 rei.ayanami.eu rei # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts proftpd.conf (password nulled ) Code: root@rei:/etc/proftpd# cat proftpd.conf Include /etc/proftpd/modules.conf UseIPv6 off ServerName "Ayanami FTP Server" ServerType Standalone ServerAdmin root@host # Hide as much as possible to outside users ServerIdent on "Welcome to the Ayanami.eu FTP server. Please login..." DeferWelcome on DefaultServer on AllowStoreRestart on Port 21 MultilineRFC2228 on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" Umask 022 022 MaxInstances 30 User ftpuser Group ftpgroup AllowOverwrite on DenyFilter \*.*/ DefaultRoot ~ <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. # <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> ################################################################################ # Logging options # TransferLog /var/log/proftpd.xferlog # Some logging formats # LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" # Log file/dir access ExtendedLog /var/log/proftpd/access.log WRITE,READ write # Record all logins ExtendedLog /var/log/proftpd/auth.log AUTH auth # Paranoia logging level.... ExtendedLog /var/log/proftpd/paranoid.log ALL default SyslogLevel debug SystemLog /var/log/proftpd/proftpd.log # ################################################################################ # The passwords in MySQL are encrypted using CRYPT # SQLAuthTypes Plaintext Crypt SQLAuthenticate users* groups* # used to connect to the database # databasename@host database_user user_password # SQLConnectInfo server_data@localhost proftpd xxxxxxxx # Here we tell ProFTPd the names of the database columns in the "usertable" # we want it to interact with. Match the names with those in the db # SQLUserInfo ftpuser userid passwd uid gid homedir shell # Here we tell ProFTPd the names of the database columns in the "grouptable" # we want it to interact with. Again the names match with those in the db # SQLGroupInfo ftpgroup groupname gid members # set min UID and GID - otherwise these are 999 each # SQLMinID 500 # create a user's home directory on demand if it doesn't exist # SQLHomedirOnDemand on # Update count every time user logs in # SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser # Update modified everytime user uploads or deletes a file # SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser # User quotas # =========== # QuotaEngine on QuotaDirectoryTally on QuotaDisplayUnits Mb QuotaShowQuotas on SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies QuotaLimitTable sql:/get-quota-limit QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally RootLogin off RequireValidShell off SQLNamedQuery gettally SELECT "ROUND((bytes_in_used/1048576),2) FROM ftpquotatallies WHERE name='%u'" SQLNamedQuery getlimit SELECT "ROUND((bytes_in_avail/1048576),2) FROM ftpquotalimits WHERE name='%u'" SQLNamedQuery getfree SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1048576),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'" SQLShowInfo LIST "226" "Used %{gettally}MB from %{getlimit}MB. You have %{getfree}MB available space." and output of netstat -tap Code: root@rei:/etc/proftpd# netstat -tap Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:3496 *:* LISTEN 2669/rpc.statd tcp 0 0 localhost.localdo:10024 *:* LISTEN 2167/amavisd (maste tcp 0 0 localhost.localdo:10025 *:* LISTEN 2590/master tcp 0 0 *:mysql *:* LISTEN 2238/mysqld tcp 0 0 *:sunrpc *:* LISTEN 1832/portmap tcp 0 0 *:auth *:* LISTEN 2532/inetd tcp 0 0 *:ftp *:* LISTEN 3287/proftpd: (acce tcp 0 0 192.168.0.128:domain *:* LISTEN 2108/named tcp 0 0 192.168.100.1:domain *:* LISTEN 2108/named tcp 0 0 localhost.locald:domain *:* LISTEN 2108/named tcp 0 0 *:smtp *:* LISTEN 2590/master tcp 0 0 localhost.localdoma:953 *:* LISTEN 2108/named tcp6 0 0 *:imaps *:* LISTEN 2499/couriertcpd tcp6 0 0 *:pop3s *:* LISTEN 2516/couriertcpd tcp6 0 0 *:pop3 *:* LISTEN 2504/couriertcpd tcp6 0 0 *:imap2 *:* LISTEN 2487/couriertcpd tcp6 0 0 *:www *:* LISTEN 3749/apache2 tcp6 0 0 *:81 *:* LISTEN 3749/apache2 tcp6 0 0 *:domain *:* LISTEN 2108/named tcp6 0 0 *:ssh *:* LISTEN 2619/sshd tcp6 0 0 ip6-localhost:953 *:* LISTEN 2108/named tcp6 0 0 *:https *:* LISTEN 3749/apache2 tcp6 0 296 ::ffff:192.168.0.12:ssh ::ffff:192.168.0.1:1746 ESTABLISHED3772/sshd: dawid [p
Hi all, I've a problem with my proftp/mysql interaction: i have 3 users defined in the 2 tables of the database, but only one of these works when I'm trying to connect with my ftp server. What can I do? Should I post some config files? Thank you for help, SkY`
I checked. From the "client" I do this: Code: sky@Lara:~$ ftp 192.168.1.2 Connected to 192.168.1.2. 220 ProFTPD 1.3.0 Server (Debian) [192.168.1.2] Name (192.168.1.2:sky): master 331 Password required for master. Password: 530 Login incorrect. Login failed. And the log records:
This line explains everything: Code: May 31 23:40:07 xxx.xxx.xxx proftpd[19528] xxx.xxx.xxx (192.168.1.4[192.168.1.4]): USER master (Login failed): No such user found. it looks like you dont have user called "master" or you have it but in the db it contains whitespaces...
Login doesn't work I configured my proftpd/mysql as described in the howto but now have the problem that ftp logins do not work. As long as the Shell is set to "/sbin/nologin", login does not work. In debian etch /sbin/nologin does not exist, but /usr/sbin/nologin, changing the shell in mysql doesn't have an effect, changing it to /bin/false also not. Only when I change the shell to /bin/bash the login works. What am I doing wrong? Regards, a²
It seems that your Proftpd expects system users, not virtual users. Please make sure that your setup is exactly like the one from the tutorial (check for typos, etc.).
Dear Falko, thanks for your reply. I couldn't find typos, I copied the config from the howto into my files. See my conf: Code: [root@jupiter ~]# cat /etc/proftpd/proftpd.conf # # /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off ServerName "Debian" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP to retrieve passwords: # PersistentPasswd off # Be warned: use of this directive impacts CPU average load! # # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> # A basic anonymous configuration, no upload directories. # <Anonymous ~ftp> # User ftp # Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" # UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user # DirFakeUser on ftp # DirFakeGroup on ftp # # RequireValidShell off # # # Limit the maximum number of anonymous logins # MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. # DisplayLogin welcome.msg # DisplayFirstChdir .message # # # Limit WRITE everywhere in the anonymous chroot # <Directory *> # <Limit WRITE> # DenyAll # </Limit> # </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # # </Anonymous> DefaultRoot ~ # The passwords in MySQL are encrypted using CRYPT SQLAuthTypes Plaintext Crypt SQLAuthenticate users groups # used to connect to the database # databasename@host database_user user_password SQLConnectInfo ftp@localhost proftpd 3CL3BM7cVfuAzrJn # Here we tell ProFTPd the names of the database columns in the "usertable" # we want it to interact with. Match the names with those in the db SQLUserInfo ftpuser userid passwd uid gid homedir shell # Here we tell ProFTPd the names of the database columns in the "grouptable" # we want it to interact with. Again the names match with those in the db SQLGroupInfo ftpgroup groupname gid members # set min UID and GID - otherwise these are 999 each SQLMinID 500 # create a user's home directory on demand if it doesn't exist SQLHomedirOnDemand on # Update count every time user logs in SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser # Update modified everytime user uploads or deletes a file SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser # User quotas # =========== QuotaEngine on QuotaDirectoryTally on QuotaDisplayUnits Mb QuotaShowQuotas on SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_ avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_ out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'" SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_ xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_ used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies QuotaLimitTable sql:/get-quota-limit Thanks, a²