Difference between revisions of "ProFTPD - Customized FTP server instance"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
(reworked page and deleted some unnecessary stuff)
(INSTALLATION)
Line 7: Line 7:
 
'''This information is based on the forum posts of casachi:'''
 
'''This information is based on the forum posts of casachi:'''
  
== INSTALLATION ==
+
== Linkstation 2 (MIPSEL)==
  
 
=== Stock Proftpd v1.2.9 ===
 
=== Stock Proftpd v1.2.9 ===
 +
You need to keep the linkstation from rewriting the file '''/etc/proftpd.conf'''
  
{{Postit| Enabling the stock-config afterwards | I don't know what happens exactly, but i think that there will be problems by two instances of proFtpd trying to run on the same port }}
+
To achieve this, the file '''/etc/init.d/mkshare.sh''' needs to be edited.
 +
Only the 5 lines below
 +
#      echo "FTP configration file generating..."
 +
need to be commented out.
  
* '''Disable your default ftp-server over the webinterface'''
+
   vi /etc/init.d/mkshare.sh
 
+
* '''Create a new startup file /etc/init.d/ftpd2nd and copy the the text below into it.'''
+
 
+
Note the command ''/usr/sbin/proftpd -c /etc/proftpd2nd.conf'' specifying the alternate config file.
+
 
+
   vi /etc/init.d/ftpd2nd
+
  
 
----
 
----
 
+
  #generate configuration files
  #!/bin/sh
+
if [ -x /bin/mkcode ]; then
#
+
        echo "Netatalk configration file generating..."
# ftpd - startup script for ftpd
+
        /bin/mkcode -a > /dev/null
# This goes in /etiiic/init.d and gets run at boot-time.
+
        /bin/nkf -sEO /etc/atalk/AppleVolumes.default /tmp/AppleVolumes
  #
+
        mv -f /tmp/AppleVolumes /etc/atalk/AppleVolumes.default
# chkconfig 2 92 92
+
   
#
+
        echo "Samba configration file generating..."
#. /etc/timezone
+
        /bin/mkcode -s > /dev/null
. /etc/melco/ftpstatus > /dev/null 2>&1
+
        /bin/nkf -sEO /etc/samba/smb.conf /tmp/smb.conf
  PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
        mv -f /tmp/smb.conf /etc/samba/smb.conf
  tag=linkstation
+
  facility=user.info
+
#      echo "FTP configration file generating..."
  if ! [ -x /usr/sbin/proftpd ]; then
+
#      /bin/mkcode -f > /dev/null
exit 0
+
  #      /bin/nkf -sEO /etc/wu-ftpd/ftpaccess /tmp/ftpaccess
 +
  #      mv -f /tmp/ftpaccess /etc/wu-ftpd/ftpaccess
 +
  #      /bin/nkf -sEO /etc/proftpd.conf /tmp/proftpd.conf
 +
  #      mv -f /tmp/proftpd.conf /etc/proftpd.conf
 
  fi
 
  fi
start()
 
{
 
# delete shutdown message
 
if [ -f /etc/shutmsg ] ; then
 
rm -f /etc/shutmsg
 
fi
 
echo "Start services: proftpd2nd"
 
/usr/sbin/proftpd -c /etc/proftpd2nd.conf
 
logger -t ${tag} -p ${facility} -i 'Started proftpd2nd'
 
}
 
stop()
 
{
 
echo "Stop services: proftpd2nd"
 
/sbin/start-stop-daemon --stop --quiet --exec /usr/sbin/proftpd
 
logger -t ${tag} -p ${facility} -i 'Stopped proftpd2nd'
 
}
 
case "$1" in
 
start)
 
start
 
;;
 
stop)
 
stop
 
;;
 
restart)
 
stop
 
sleep 1
 
start
 
;;
 
*)
 
echo "usage: $0 { start | stop | restart}" >&2
 
exit 1
 
;;
 
esac
 
exit 0
 
 
----
 
 
* '''Link this startup file to the 0, 2 and 6 Runlevel (startup & shutdown)'''
 
 
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc0.d/K92ftpd2nd
 
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc2.d/S92ftpd2nd
 
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc6.d/K92ftpd2nd
 
 
* '''Now your proFTPd is ready for customizing. move to the configuration part'''
 
 
----
 
 
'''Installation should be complete and your ftp-server should be running automaticaly if you reboot the linkstation....the rest is only configuration'''
 
 
=== TODO: ===
 
 
* transform the casachis forum posts for the configuration into a step-by-step-tutorial
 
 
* add some basic sample-configs for virtual users
 
 
  
 
----
 
----

Revision as of 14:04, 25 August 2006

This article Originally by mindbender. at Linkstationwiki.org

This information is based on the forum posts of casachi:

Linkstation 2 (MIPSEL)

Stock Proftpd v1.2.9

You need to keep the linkstation from rewriting the file /etc/proftpd.conf

To achieve this, the file /etc/init.d/mkshare.sh needs to be edited. Only the 5 lines below

#       echo "FTP configration file generating..."

need to be commented out.

 vi /etc/init.d/mkshare.sh

#generate configuration files
if [ -x /bin/mkcode ]; then
       echo "Netatalk configration file generating..."
       /bin/mkcode -a > /dev/null
       /bin/nkf -sEO /etc/atalk/AppleVolumes.default /tmp/AppleVolumes
       mv -f /tmp/AppleVolumes /etc/atalk/AppleVolumes.default

       echo "Samba configration file generating..."
       /bin/mkcode -s > /dev/null
       /bin/nkf -sEO /etc/samba/smb.conf /tmp/smb.conf
       mv -f /tmp/smb.conf /etc/samba/smb.conf

#       echo "FTP configration file generating..."
#       /bin/mkcode -f > /dev/null
#       /bin/nkf -sEO /etc/wu-ftpd/ftpaccess /tmp/ftpaccess
#       mv -f /tmp/ftpaccess /etc/wu-ftpd/ftpaccess
#       /bin/nkf -sEO /etc/proftpd.conf /tmp/proftpd.conf
#       mv -f /tmp/proftpd.conf /etc/proftpd.conf
fi

CONFIGURATION

As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file (I wanted to assign different priviledges to virtual users).


To start with you can just create /etc/proftpd2nd.conf as a copy of /etc/proftpd.conf so the new instance of proftpd should behave exactly as the original one (the original one must not be running, otherwise they would conflict on the use of port 21).

Then you can start changing /etc/proftpd2nd.conf to your liking, I would suggest modifying the following

ScoreboardFile /var/log/scoreboardfile2nd
PidFile /var/run/proftp2nd.pid
TransferLog /var/log/xferlog2nd


So the new instance and the old one would use different files for log/pid/vardata.

The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).

Authentication with "virtual users" (non-system users)

I added these to my config file

AuthPAMAuthoritative off
AuthPAMConfig ftp 
AuthGroupFile /etc/ftp2ndgroup
AuthUserFile /etc/ftp2ndpasswd


What happens then is that, if the user has an "regular account" on the linkstation (i.e. the user is in the usual /etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password. So you dont have to duplicate your own user account. If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked. The format is exactly the same as /etc/passwd but you have to use fake id number that wont overlap with the ones in the normal passwd file. To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command. In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shell.

Something else: the logfile

You might want to add /var/log/xferlog2nd to the list of files that are log-rotated. You can do that by creating a file /etc/logrotate.d/proftp2nd with content:


/var/log/xferlog2nd {
missingok
notifempty
vpostrotate
/usr/local/bin/kill -HUP `cat /var/run/proftp2nd.pid 2>/dev/null`  
2>/dev/null || true
endscript
}