Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Installing ProFTPd with MySQL user tables on Server OS X Server
afp548.com published my article on how to replace the Apple-supplied FTP server with ProFTPd, with authentication through users and groups kept in MySQL instead of NetInfo or a simple passwd file. This is a nice tip if you're looking to serve up a lot of different users on a system without wanting them to be able to login via SSH and such. Read "ProFTPd, for the pro?" for the how-to.

[Editor's note: The article discusses the installation on OS X Server; I don't know for sure, but I suspect it would work as described for OS X Client as well.]
    •    
  • Currently 2.00 / 5
  You rated: 3 / 5 (6 votes cast)
 
[9,810 views]  

Installing ProFTPd with MySQL user tables on Server | 5 comments | Create New Account
Click here to return to the 'Installing ProFTPd with MySQL user tables on Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
no shell
Authored by: bhines on Dec 14, '02 07:42:47PM

If you just don't give the users a shell, i believe they will not be able to log in via anything but FTP.



[ Reply to This | # ]
Does not work
Authored by: BahamutZERO on Dec 15, '02 12:28:25AM

I did as the article said, however I created my database so that the two tables and their fields match the default ones for the SQL addon.

Still, I cannot get the server to work. When I try to log in with a user contained in the database, I get the following error:

530 Login incorrect.
ftp: Login failed.

I have installed MySQL from the package at http://www.entropy.ch. I have also installed phpMyAdmin in order to easily edit my SQL databases.

My machine is running behind an AirPort station, has a static internal IP, and I am running Mac OS X 10.2.3 6G19 ATM.

Here is my ProFTPd configuration:

ServerName "My FTP Server"
ServerType inetd
ServerAdmin foo@bar.zoop

#DefaultServer on

# Port 21 is the standard FTP port.
Port 21

# NAT fix
MasqueradeAddress foo.dyndns.org

# Use the IANA registered ephemeral port range
PassivePorts 49152 65534

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# Set the user and group that the server normally runs at.
User root
Group wheel

DefaultRoot ~

# MySQL authentification
SQLAuthTypes Backend Crypt

SQLAuthenticate users

# dbase connect information
SQLConnectInfo ftpauth@127.0.0.1 proftpd password

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>

# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"

User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files
<Directory Upload/>
#<Limit STOR CWD XCWD>
<Limit WRITE>
AllowAll
</Limit>
</Directory>

</Anonymous>

Any help would be greatly appreciated.



[ Reply to This | # ]
Does not work
Authored by: Shadowcharly on Dec 15, '02 10:54:36PM

I am a newbie myself, but maybe my ideas guide someone to the real solution :)

Have you tried with:
# MySQL authentification
SQLAuthTypes Backend

It works for me.

Another thing, i noticed that the only way i can introduce the passwords when i create a new account is by doing it through the mysql command line, i've tried YourSQL to manage the databases and have had no succes in getting the passwords encrypted. And when i tried creating the accounts and latter modify the passwd field through the CLI, the login failed.

To see if you have the same problem with the passwd encryption, create a new account with the mysql comand shown in the article (midifying only the gui, id and passwd) and try to logon with this new user. If this new user can logon, delete the other rows of the database and create the account anew from CLI.

Hope it makes sense :)



[ Reply to This | # ]
K, i have the uid, what about w/r privileges?
Authored by: Shadowcharly on Dec 15, '02 11:05:01PM

K, i have a valid ftp server with it's own sql user database working.

But i have a problem, as the users are not defined in my netinfo database, how can i assign w/r privileges to the folders itselves?

I mean, the sql-defined users, get only privileges defined to world, not to their proper group (ftpusers).

I have created a equally named ftpusers group both in netinfo and sql, both with the same gid. The netinfo one has only the name of the group and the gid, as the users are not defined in the netinfo database (the purpose of all this sql thinggie ;) ); the sql one has the gid, the name of the group and the list of users, formatted: "name1,name2,name3" without the quotes. Am i doing something wrong?

When i assign privileges to the ftpusers group in the finder, they seem to get ignored, and doing so through x-ray bodes equal results. How can i connect the sql group and the netinfo one so i can manage w/r privileges to my ftpserver?

Thanks in advance



[ Reply to This | # ]
K, i have the uid, what about w/r privileges?
Authored by: Shadowcharly on Dec 15, '02 11:25:14PM

btw it's on os x 10.2.2 client, and works! (kinda :) )



[ Reply to This | # ]