Hi

I am trying to setup ProFTPD up on a FreeBSD machine. I have ProFTPD running but the problem is i am unsure how to configure it for mass virtual hosting.

What i would like to do is allow using to ftp into their root, e.g. /home/u/username then be able to browser four folders in there but not be able to write any of them except htdocs.

If this can not be done with ProFTPD are they any other FTP servers i can use?

If anyone can help please post and i will give you some more infomration.

Why not use unix owner/permission ? To be specific , just change owner of those folders to something else not owned by user or chmod 555 thos folders ?

i tried many ftp servers and would say that proftpd is the most versatile software out there. You might find other ftp server that do your specific need but you might get complaints from other clients later when other functions is missing.

Hi

What the problem is that i am trying to figure out how to set it up for mass virtual hosting in proftpd.conf

Setting the permissions is not a problem for that bit, i already worked that part of it out its getting the ftp conf right.

Thanks for your help.

Could you explain a bit about you mass virtual hosting? I run complex mass virtual hosting with thousands domain per box . For proftpd users, I use separate "AuthUserFile".

We run ProFTPd as well. If you can explain a little more about what you are wanting ProFTPd to do (or not do) I'm sure we can help you out. Their site, www.proftpd.org, is extremely helpful too.

Hi

OK say we have 5 users which means 5 different directories (in real life we have them into the hundreds). What i want to do is allow each main user to access their directory and allow other users to access it to.

The directory format is /home/firstletterofusername/username (but i'm willing to change this if it causes problems).

So say we have the following users and their directories:

user1 /home/u/user1
user2 /home/u/user1
user3 /home/u/user1
user4 /home/u/user1
user5 /home/u/user1

I want to allow user1 to access their directory and that one only. I then would like to but this is not required allow other users to access this directory as well or sub directories of this one.

For example user1subaccount could access /home/u/user1 or /home/u/user1/somedir

Hope this makes sence to you, Thanks.

Check out the MySQL features of ProFTPd. You can specify usernames, passwords, home directories, etc. You can also lock users into their own home directories (as specified by ProFTPd) with a conf directive. Make sure you chmod 600 your proftpd.conf file since it has your mysql username/password in it.

ProFTPd's conf file functions much in the same way as Apache's. Look at the sample conf files on their site and their (very) long list of directives. I'm still finding new things to add to our conf files. :)

Hi

I tried to recompile proftpd earlier with mysql support but i got an error message saying it cant find a .h mysql file or something.

Is there any additional files i need to download?

Thanks.

Yep: http://www.lastditcheffort.org/home/aah/proftpd/mod_sql/

Hi

OK thanks downloaded it and going to recompile proftpd now.

Will let you know how i get on or if i need any help setting mysql stuff up.

Thanks for your help.

Hi

When i try and compile proftpd i get the following error:


mod_sql_mysql.c:43: mysql/mysql.h: No such file or directory
*** Error code 1

Stop in /tmp/downloads/proftpd-1.2.4/modules.
*** Error code 1

Stop in /tmp/downloads/proftpd-1.2.4.


I configure with the following options:


--with-modules=mod_sql:mod_sql_mysql
--with-includes=/usr/local/mysql/include/mysql/
--with-libraries=/usr/local/mysql/lib/mysql/


I placed the mod_sql-3.2.4.tar file in proftpd-1.2.4/modules/ and unzipped it into the same directory.

Am i missing something or could i be doing something wrong?

Thanks for your help.

It can't find your mysql.h file. Try changing this line:

--with-includes=/usr/local/mysql/include/mysql/

Try making it /usr/local/mysql or /usr/local.

Hi buddy , let me warn you it's a risk authenticating your user with mysql. of course , it's very easy to manage, but guess when mysql connection is full or when mysql is shutdown unexpectedly. Guest a user run a script to spoof your db's password so he can grab all users in his hand then the word spread that your host is not secure(which might be untrue)

I once run mysql but I now run separate authentication file (like /etc/passwd ) instead

Hi

allera
I did get past that part but got another error message, now i cant seem to get that back up again to say what it was.

jakis
If i used a seperate auth file would this do what i want and specify the directory they login to and so on?

Thanks for your help guys.

Guest a user run a script to spoof your db's password so he can grab all users in his hand then the word spread that your host is not secure(which might be untrue)
Guess we better stop using MySQL for everything, eh? :)

I once run mysql but I now run separate authentication file (like /etc/passwd ) instead
That could get messy if you plan to offer things like 50 FTP Users, which I've seen many hosts offer. ProFTPd uses other authentication methods, not just MySQL. It was just an option. :)

I agree with you, though. If MySQL isn't running, no one can log in. Then again, if MySQL isn't running, your customer's sites are down.

Originally posted by sjbates
I did get past that part but got another error message, now i cant seem to get that back up again to say what it was.
I can't help with that if I don't know what the error is. :) Try removing the directory, untarring again, and reconfiguring.

Hi

Tried that but i got the same .h file could not be found but will keep trying.

Thanks.

Where is your mysql.h file located?

Hi

mysql.h file is at /usr/local/mysql/include/mysql/mysql.h

Thanks.

Hi

Got it! It was looking for mysql/mysql.h so i had to change my config to:

--with-modules=mod_sql:mod_sql_mysql
--with-includes=/usr/local/mysql/include/
--with-libraries=/usr/local/mysql/lib

Just recompile it again and will let you know the error.

Thanks.

Hi buddy , mysql is good if we as admin don't share it with users , as you know people today use mysql on their sites and they're trouble prone. I mean some sites are not using mysql and they should not be responsible if they can't use FTP because of mysql problem caused by other users. Worst than that, how can you manage to do things on the server if you can't ftp in. On Proftpd site the author said setting up mysql authentication is the hardest task and they also didnot implement it (Hmm..).

I have thousand FTP users using the same authentication file per single IP which is a breeze although there's a few seconds delay when FTP user do password authentication . Actually , proftpd can setup separate authentication file per IP so you can actually offer unlimited FTP but that's a little file discriptor waste. Then it's no longer depend number of FTP users , it's how the scripts correctly manage it. If you are worry about how to manage a large number of user in a flat file. let's use Pure-ftpd. They have programs that can automatically manage the user's database file.


Ok, Let's see my proftpd.conf


<VirtualHost 216.234.xxx.xxx>
ServerName "Welcome"
AuthUserFile /path/to/passwd
AllowOverwrite on
DefaultRoot ~
Port 21
</VirtualHost>


You do not need to compile anything special , just put the right path to password file into proftpd.conf , where /path/to/passwd contain the same format as /etc/passwd

easier than mysql huh ?

Hi

Would that map the user to their directory and so on?

If so that would be better as you say because of mySQL problems users should not suffer and could be safer.

Thanks.

yes sir, this line in proftpd.conf

AuthUserFile /path/to/passwd

tell proftpd to look in /path/to/passwd instead of the default /etc/passwd

here's a line in my /path/to/passwd

user:H1iBXAufIsFmo:1275:99:comments:/home/user/domain.com:/bin/bash

as you see, it's copied from /etc/passwd

Hi

Looks a lot lot easier, will give it ago. Is the password do with crypt() ?

Thanks.

of course, Many ways to create crypted password , like php's crypt() function. try searching a little more on perl.

Thanks

Hi

Got it to work for someone with a shell account, is there anyway to make it work without one or would i have to have a shell account for every user but use :/nonexistent for their shell?

Thanks.

I highly recommend pure-ftpd if

- your user don't upload through browser (say , type ftp.domain.com in IE and it prompt you username and password)
- you're doing shared IP hosting.

pure-ftpd is fast as hell and offer very nice customizable features per user.

You can use one single user's id for all FTP users but it's dangerous and not ideal to do so because you will lost the capability to do suexec, quota etc..

Hi

OK i'll give it a try, so instead of the same group id should they have their own?

Thanks.

Hi

Thanks guys got it working perfect, just how i wanted it.

Thanks for your help.

Separate user's group id if they've nothing to do with each other. (my user's tree is rather complex so I use group id to help)

Thanks

Hi

OK thanks will do, i noticed it dont jail them to their directories so i'm going to sort it out today.

Thanks.

Hi,

I usually include the following in my proftpd.conf

DefaultRoot ~admin

This is to limit users from moving up/above their /home/users/public_html directory

Some use DefaultRoot ~ in their proftpd.conf and It works so I guess it depends how your server is set up.

Another point is your httpd.conf should have the directive or similar TAG "UserDir public_html "

OR

UserDir public_html
<Directory /home/*/public_html>
AllowOverride FileInfo AuthConfig Limit
Options Multiviews Index SymLinksIfOwnerMatch IncludesNoExec
Order allow, deny
Allow from all
</Directory>

You have to restart Apache if you hand-coded it and Apache will spit out any error(s) if you made an error and on which line number that you can check . Using a control panel minimize errors and the script(control panel) does the work automatically for you without have to know which file to edit, but if your want to know what really is happening and where to look for the changes, then it's only 2 files (proftpd.conf & httpd.conf ) so you know should you want a better understanding instead of relying on the contol panel.

Hope this helps.

Hi

FTP is all setup now, they cant get past their root directory and only have access to write certian folders in there.

I use mod_rewrite in apache to handle all my user directories if that what you mean.

Thanks.