News | About | Get Frugalware | Packages | Documentation | Discussion Forums | Bug Tracker | Wiki | Community | Development

Virtual Users with Pure-FTPd and MySQL

From FrugalWiki

Jump to: navigation, search

Contents

Introduction

This document is written for Pure-FTPd 0.99.1 and higher.

Pure-FTPd is a free (BSD-licenced), secure, production-quality and standard-conformant FTP server based upon Troll-FTPd. It doesn't provide useless bells and whistles, but focuses on efficiency and ease of use. It provides simple answers to common needs, plus unique useful features for personal users as well as hosting providers.

The MySQL database server is the world's most popular open source database. Its architecture makes it extremely fast and easy to customize. Extensive reuse of code within the software and a minimalistic approach to producing functionally-rich features has resulted in a database management system unmatched in speed, compactness, 1000 stability and ease of deployment. The unique separation of the core server from the table handler makes it possible to run with strict transaction control or with ultra-fast transactionless disk access, whichever is most appropriate for the situation.

Disclaimer

This document assumes that you have some knowledge on Pure-FTPd, and MySQL. At least enough to get everything installed. Installing the software is outside the scope of this document.

This document originally based on this article.

MySQL Install

Installation of MySQL is outside the scope of this document. We will use an out of the box MySQL install:

pacman -S mysql

MySQL Setup

You just have to have fields with the following info:

  • The user's login.
  • The user's password, in plaintext, MD5, crypt()ed or MySQL's password()

format. Pure-FTPd also accepts the "any" value for the MySQLCrypt field. With "any", all hashing functions (not plaintext) are tried.

Note: Avoid password() whoose hash function is rather weak, not portable, and it is supposed to be only used for internal accounts of MySQL servers. password() is no more supported by Pure-FTPd with MySQL 4.1.0 and later.

  • The home directory.

Here's a dump of a simple table to handle this:

CREATE TABLE users (
  User varchar(16) NOT NULL default ,
  Password varchar(64) NOT NULL default ,
  Dir varchar(128) NOT NULL default ,
  PRIMARY KEY  (User)
);

PureFTPd Install

If you want to install Pure-FTPd with pacman, simply install it with

pacman -Sy pure-ftpd

You'll need at least 1.0.20-2.

PureFTPd Setup

ftpusers user/group

We'll need at least one user and group that represents the ftp users on the system.

# groupadd ftpusers
# useradd ftpuser -g ftpusers
# mkdir -p /home/ftpusers/someuser
# chown -R ftpuser:ftpusers /home/ftpusers/someuser

On my system ftpuser's uid is 1010, and ftpusers' gid is 106.

MySQL Configuration file

Before running the server, you have to create a configuration file. Why a configuration file instead of simple command-line options? you may ask. Because of security reasons, you may want to hide how to connect to your MySQL server. And as command-line options can be discovered by local users (with 'ps auxwww' for instance), it's more secure to use a configuration file for sensitive data. Keep it readable only by root (chmod 600).

Here's a sample configuration file:

#MYSQLServer     localhost
#MYSQLPort       3306
MYSQLSocket     /tmp/mysql.sock
MYSQLUser       user
MYSQLPassword   userpw
MYSQLDatabase   pureftpd
MYSQLCrypt      cleartext
MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"
MYSQLDefaultUID 1010
MYSQLDefaultGID 106

The uid/gid numbers are likely different on your system!

You should change the MYSQLUser and MYSQLPassword fields to confirm with your system.

Have a look at the sample pureftpd-mysql.conf configuration file for explanations of every keyword.

Save the configuration file anywhere. Let's say /etc/pureftpd-mysql.conf.

Pure-FTPd Configuration file

Add this line:

MySQLConfigFile               /etc/pureftpd-mysql.conf

to your /etc/pure-ftpd.conf.

Then, in the pureftpd-mysql.conf configuration file, you have to provide SQL templates to fetch the needed info.

Let's take the previous example:

MYSQLGetPW      SELECT Password FROM users WHERE User="\L"
MYSQLGetDir     SELECT Dir FROM users WHERE User="\L"

For each query:

  • \L is replaced by the login of an user trying to authenticate.
  • \I is replaced by the IP address the client connected to.
  • \P is replaced by the port number the client connected to.
  • \R is replaced by the remote IP address the client connected from.
  • \D is replaced by the remote IPv4 address, as a long decimal number.

You can mix all of these to store info in various tables. For instance, with \I, you can have a different table for every domain, so that joe@domain1

1000 won't be the same account than joe@domain2 . And with \R, you can restrict one account to one specific address.

Please note that a login can only contains common characters: A...Z, a...z, 0...9, -, ., _, space, :, @ and ' . For security purposes, other characters are forbidden.

You can also remove uid and gid fields in your tables and use default values instead (thus saving useless lookups) . Two directives are useful to serve that purpose: MYSQLDefaultUID and MYSQLDefaultGID.

Obvious example:

MYSQLDefaultUID 1000
MYSQLDefaultGID 1000

Using these directives overrides MYSQLGetUID and MYSQLGetGID.

Personal tools
Namespaces
Variants
Actions