WARNING THIS SECTION IS (TECH SPEAK TIME) ROUGH AS F*CK, you have been warned
In any database you want. You can then tell it's location in proftpd.conf. The database can even be remote (I guess). 2. what format is the table in the sql DB meant to take
1) how to compile proftp with mod_mysql support
1a) with mysql installed in a standard place
1b) with mysql installed somewhere else (cf my post last weeks : on 24.october, Subject :
[ProFTPD] Mini MOD_MYSQL install howto (if the standard installation doesn't work for you)
2) database setup (mysql < proftpd.sql)
3) proftpd.conf configuration
4) explanation of log messagesmod_sqlpq provides the basic support for authentication and the hooks for a sql backend to authenticate against mod_mysql provides the support for mySQL to actually provide that support. I think that if you want to use mod_mysql, you have to compile mod_sqlpw also. just replace --with-modules=mod_mysql by --with-module=mod_sqlpw:mod_mysql
mysql> show fields from proftp; +----------+-------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +----------+-------------+------+-----+---------+-------+ | username | varchar(30) | YES | | NULL | | | uid | int(11) | YES | | NULL | | | gid | int(11) | YES | | NULL | | | password | varchar(30) | YES | | NULL | | | homedir | varchar(50) | YES | | NULL | | | count | int(11) | YES | | NULL | | +----------+-------------+------+-----+---------+-------+
Example 7-5. Typical contents
mysql> select * from proftp; +----------+------+------+----------+----------+-------+ | username | uid | gid | password | homedir | count | +----------+------+------+----------+----------+-------+ | oli | 500 | 500 | test | /home/om | 2 | | oli2 | 500 | 500 | test | / | 1 | +----------+------+------+----------+----------+-------+
(take care : uid and gid must be > 500. or change the source code of the module).
Example 7-6. Typical configuration for SQL support
MySQLInfo localhost test "" test
# HOST login password database
MySQLUserTable proftp
MySQLUsernameField username
MySQLUidField uid
MySQLGidField gid
MySQLPasswordField password
MySQLHomedirField homedir
MySQLLoginCountField count
MySQLAuthoritative on
MySQLPlaintextPasswords on Ensure that the user "ftp" is in the sql database.
Example 7-7. Working mysql config
* my proftpd.conf (mysql part) ------------------------------ # to not use /etc/passwd AuthPAMAuthoritative Off # auth using mysql host login pass db MySQLInfo localhost proftpd ******* admin SQLUserTable account_ftp SQLUsernameField username SQLUidField uid SQLGidField gid SQLPasswordField password SQLHomedirField homedir SQLLoginCountField count #SQLLogHits SQLLogStats on #MySQLHomedir /tmp SQLAuthoritative on SQLPlaintextPasswords on SQLLogDirs fcdir
Example 7-8. database structure (mysql)
---------------------------- CREATE TABLE account_ftp ( id int(11) DEFAULT '0' NOT NULL auto_increment, account_id int(11) DEFAULT '0' NOT NULL, username varchar(50) NOT NULL, uid int(5), gid int(5), password varchar(30), homedir varchar(50), count int(11) DEFAULT '0', fhost varchar(50), faddr varchar(15), ftime timestamp(14), fcdir varchar(150) NOT NULL, fstor int(11) DEFAULT '0' NOT NULL, fretr int(11) DEFAULT '0' NOT NULL, bstor int(11) DEFAULT '0' NOT NULL, bretr int(11) DEFAULT '0' NOT NULL, creation_date datetime DEFAULT '0000-00-00 00:00:00' NOT NULL, ts timestamp(14), frate int(11) DEFAULT '5' NOT NULL, fcred int(2) DEFAULT '15' NOT NULL, brate int(11) DEFAULT '5' NOT NULL, bcred int(2) DEFAULT '1' NOT NULL, flogs int(11) DEFAULT '0' NOT NULL );
Simple enough problem, but multiple causes. The problem is that Proftpd failed to open a connection to the SQL database specified in the config. Normally because of an authentication problem, however it could be caused by anything which is preventing a sucessful connection
Example 7-9. Typical log errors
paris.cybercable.fr - ProFTPD 1.2.0pre9 standalone mode STARTUP paris.cybercable.fr (10.0.0.3[10.0.0.3]) - connected - local : 10.0.0.1:21 paris.cybercable.fr (10.0.0.3[10.0.0.3]) - connected - remote : 10.0.0.3:1834 paris.cybercable.fr (10.0.0.3[10.0.0.3]) - mod_sqlpw/2.0: unconfigured: no backend could connect paris.cybercable.fr (10.0.0.3[10.0.0.3]) - mod_mysql/2.0: configured: db toto at root@localhost:3306
There is a hard coded limitation in the sql module which requires that all UID's and GID's are numercially greater than or equal to 1000. If this is unacceptable for some reason the only solution is to alter the source code and change the definition of MOD_SQL_MIN_ID
Example 7-10. another config frag
MySQLInfo localhost app app vpopmail SQLUserTable account_ftp SQLUsernameField username SQLUidField uid SQLGidField gid SQLPasswordField password SQLHomedirField homedir SQLLoginCountField count #SQLLogHits SQLLogStats on MySQLHomedir /virtual/dir SQLAuthoritative on SQLPlaintextPasswords on SQLLogDirs /virtual/logs
Hello all, i installed pre9 with mod_mysql and mod_sqlpw on a redhat 6.1 with a 2.2.12 kernel, and now i've gotten stuck, the server gives me this output when i run it -d 5 , but i dont really get what the problem is, do i have to set up pam now too ? any feedback is appreciated
Example 7-11. SQL Authentication
ServerName "outer-limits"
ServerType Standalone
DefaultServer on
ServerIdent off
Port 21
Umask 022
MaxInstances 30
AllowForeignAddress on
SystemLog /root/proftpd.debug
User nobody
Group nobody
AllowOverwrite off
AllowStoreRestart on
DeferWelcome on
MaxClients 5
MaxClientsPerHost 1 "Sorry, you may not connect more than one time."
TimeoutIdle 120
TimeoutNoTransfer 250
TimeoutStalled 60
DisplayLogin .welcome.txt
MySQLInfo localhost root "" proftpd
SQLUserTable proftp
SQLUsernameField username
SQLPasswordField password
SQLAuthoritative on
<Anonymous ~ftp>
User ftp
Group 50
AnonRequirePassword on
UserAlias SQLUsernameField ftp
UserPassword ftp SQLPasswordField
PathDenyFilter "(\.ftpaccess)|(\.htaccess)$"
<Directory *>
<Limit SEND MKD RNFR RNTO DELE RMD STOR>
DenyAll
</Limit>
<Limit RETR LIST CWD>
AllowAll
</Limit>
</Directory>
<Directory /ftp1/Upload>
<Limit CWD MKD RETR SEND STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>