Proftpd support

I'm using ispconfig 3 with proftpd (instead of pure-ftp). To support it i make the following small hack: 1 - in table ftp_user added two int column nguid and nuid to store numeric uid/gid corresponding to existing uid/gid (user and group names). I set this fields manually when create a new ftp account (but could be done by a script)

2 - in /etc/proftpd.conf make the very simple config:

SQLAuthTypes Crypt SQLAuthenticate users* SQLConnectInfo db-ispconfig@127.0.0.1 ispconfig SQLUserInfo ftp_user username password nuid ngid dir '/bin/false' SQLUserWhereClause "active = 'y' AND server_id = '1'" #SQLLog PASS login #SQLLogFile /var/log/proftpd/mod_sql.log

You could also track connections count, ul/dl traffic, limit ul/dl rate, etc.

IMHO is a very good idea to store nuid/ngid in table web_domain (corresponding to system_user/system_group) when a new web/user is created: is a very usefull info! This nuid/ngid can then be copied in table ftp_user when a new ftp account is created/edited.

Milestone changed to Planned features

If using this hack and want to update ispconfig, before you need to restore the original DB structure:

-- save data SELECT concat('update ftp_user set nuid=',nuid,', ngid=',ngid,' where ftp_user_id=',ftp_user_id,';') FROM ftp_user where nuid is not null or ngid is not null;

-- drop custom columns alter table drop nuid; alter table ftp_user drop ngid;

do ispconfig update

-- re-create custom columns alter table ftp_user add nuid int after gid; alter table ftp_user add ngid int after nuid;

-- import data

For some reason using this method my permissions are not set right? any ideas! thanks!

Have you tried to enable proftpd mod_sql log and check for errors during authentication?

Hi thanks for your fast reply! Logging is enabled. and seems like to connect to the correct user.

I think i may be getting mixed up with the nuid and ngid? because when the user logs in the user is set as the owner but group is set as ? (using filezilla)

Thanks!

Do I also need to alter the proftpd.conf other then mod_sql.c? Thanks!

The only modify i made is in proftpd.conf. My actual conf:

SQLAuthTypes Crypt

#SQLAuthenticate users* groups* SQLAuthenticate users* SQLConnectInfo srv_db_ispconfig@127.0.0.1 ispconfig SQLUserInfo ftp_user username password nuid ngid dir '/bin/false' #SQLGroupInfo ftp_groups groupname gid members SQLUserWhereClause "active = 'y' AND server_id = '1'" SQLLog PASS login #SQLLogFile /var/log/proftpd/mod_sql.log

#SQLNamedQuery login UPDATE "last_login=now(), login_count=login_count+1 WHERE username='%u'" ftp_users

Have you populated correctly nguid and nuid fields in ftp_user tables?

Hi,

I think that may be the problem with the nguid/nuid... should these match with sys_userid and sys_groupid in the ftp_user table?

for example for the first user the sys_userid = 1 sys_groupid = 2 ... so I set the nuid = 1 and ngid = 2

Thanks!

No, the relation is between nuid/ngid and uid/gid. Example: in ftp_user i have: uid/gid = web21/client2 from >cat /etc/passwd i read: web21:x:5017:5006::/var/clients/client2/web21:/bin/false so i set nuid/ngid to 5017/5006! These are the real linux user and group id: they are numeric values; web21,client21 are only user-friendly values decoded by linux throught passwd file or other authentication layers.

Thank you very!! got it work now! sorry for being such a newbie!

please vote this request! I think it would be an interesting enhancement. bye.

Done! Thanks Again!

Voted yes for this.

voted for proftpd

You can use a join with the web_domain table to get the proper info.

Is there still any progress with this feature request? It's in the road map for 3.0.4 and was opened in April 2009.

If people still want this I'm willing to pick this one up and prep it for 3.0.4, I'd love to have proftpd back on ispconfig systems.

Till, can i get this one assigned to me, don't think Horst is still active on this project.

it will be more secure to set

SQLMinID 1000

to prevent sql attacks

Do I also need to alter the proftpd.conf other then mod_sql.c? Thanks! yes you need to modify modules.conf and enable

LoadModule mod_sql.c LoadModule mod_sql_mysql.c

resulting conf should look like this...

root@web1:~# cat /etc/proftpd/conf.d/ispconfig.conf SQLBackend mysql SQLEngine auth SQLAuthenticate users groups #SQLLOGFILE /var/log/proftpd/sql.log SQLAuthTypes Crypt SQLConnectInfo dbispconfig@127.0.0.1 ispconfig PASSWD SQLMinID 1000 SQLUserInfo ftp_user username password nuid ngid dir "NULL" SQLUserWhereClause "active = 'y' AND server_id = '2'" SQLGroupInfo ftp_user gid ngid "NULL" SQLGroupWhereClause "active = 'y' AND server_id = '2'"

sorry, SQLGroupInfo dont work in my example conf

+1

I think this Report should get more importance, because pure-ftpd is sh*t!

See https://bugs.launchpad.net/ubuntu/+source/pure-ftpd/+bug/1349438

because of this, I get some files with a different encoding and which are not able to read!

Pure-ftpd is also outdated (last update 21-Mar-2012) and maintained by only one? developer?!

Is there any progress on this? Pure-FTPD development became slow (but not halted) and ProFTPD looks to me as it would be developed more actively...

However, there should be - and remain - support for both FTP daemons.

It's a very old FR, but I have a working solution for this. It's a simple plugin that manages proftpd user entries in a separate table (it has some specific requirements for user data, like numeric UID/GID values). Configuration management and integration at installation is not supported (although it creates the necessary table), but if one has a working proftpd config, that can be easily adapted. It's written as a standard plugin, in use for about a year. Can post patch if anyone is interested.

It would be nice if you could contribute your plugin.

I'll post the plugin file later here and the proftpd.conf I've made for it. Back then it wasn't really meant for sharing in its current state but for us it's enough for stable operation, I think it's easy enough of a change to integrate upstream in a future version.

Here are the files. It supports installation of the plugin symlink. I put the table create statement in upd_dev_collection.sql. It's not a patch so I'm omitting that file now. The sql is in the comments of the .php file.

I opted to create a separate table, but if the standard ftp_user table can be amended with UID, GID values, proftpd can use it as is, since it can use arbitrary sql queries or column names can match the existing tables. A big plus for proftpd (besides having a vast feature set and modern pw hash support) is its native sftp implementation - no need to use a separate daemon.

ftpuser_proftpd_plugin.inc.php proftpd.conf

added Stale label

changed the description

removed time estimate

removed milestone %Planned features