Difference between revisions of "ProFTPD - Customized FTP server instance"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
(Stock Proftpd v1.2.9)
(CONFIGURATION)
Line 47: Line 47:
  
 
As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file  (I wanted to assign different priviledges to virtual users).
 
As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file  (I wanted to assign different priviledges to virtual users).
 
 
To start with you can just create /etc/proftpd2nd.conf as a copy of /etc/proftpd.conf so the new instance of proftpd should behave exactly as the original one
 
(the original one must not be running, otherwise they would conflict on the use of port 21).
 
 
Then you can start changing /etc/proftpd2nd.conf to your liking, I would suggest modifying the following
 
 
ScoreboardFile /var/log/scoreboardfile2nd
 
PidFile /var/run/proftp2nd.pid
 
TransferLog /var/log/xferlog2nd
 
 
 
So the new instance and the old one would use different files for log/pid/vardata.
 
  
 
The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).  
 
The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).  
Line 75: Line 62:
 
What happens then is that, if the user has an "regular account" on the linkstation (i.e. the user is in the usual
 
What happens then is that, if the user has an "regular account" on the linkstation (i.e. the user is in the usual
 
/etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password.  
 
/etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password.  
 +
 
So you dont have to duplicate your own user account.  
 
So you dont have to duplicate your own user account.  
 
If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked.
 
If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked.
 
The format is exactly the same as /etc/passwd but you have to use fake id number that wont  overlap with the ones in the normal passwd file.
 
The format is exactly the same as /etc/passwd but you have to use fake id number that wont  overlap with the ones in the normal passwd file.
 +
 
To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command.
 
To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command.
 
In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shell.  
 
In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shell.  
 
'''Something else: the logfile'''
 
 
You might want to add /var/log/xferlog2nd to the list of files that are log-rotated.
 
You can do that by creating a file /etc/logrotate.d/proftp2nd with content:
 
 
 
/var/log/xferlog2nd {
 
missingok
 
notifempty
 
vpostrotate
 
/usr/local/bin/kill -HUP `cat /var/run/proftp2nd.pid 2>/dev/null` 
 
2>/dev/null || true
 
endscript
 
}
 
 
  
 
[[Category:General]]
 
[[Category:General]]
 
[[Category:Howto]]
 
[[Category:Howto]]
 
[[Category:Software]]
 
[[Category:Software]]

Revision as of 14:21, 25 August 2006

This article Originally by mindbender. at Linkstationwiki.org

This information is based on the forum posts of casachi:

Linkstation 2 (MIPSEL)

Stock Proftpd v1.2.9

You need to keep the linkstation from rewriting the file /etc/proftpd.conf

To achieve this, the file /etc/init.d/mkshare.sh needs to be edited. Only the 5 lines below

#       echo "FTP configration file generating..."

need to be commented out.

 vi /etc/init.d/mkshare.sh

#generate configuration files
if [ -x /bin/mkcode ]; then
       echo "Netatalk configration file generating..."
       /bin/mkcode -a > /dev/null
       /bin/nkf -sEO /etc/atalk/AppleVolumes.default /tmp/AppleVolumes
       mv -f /tmp/AppleVolumes /etc/atalk/AppleVolumes.default

       echo "Samba configration file generating..."
       /bin/mkcode -s > /dev/null
       /bin/nkf -sEO /etc/samba/smb.conf /tmp/smb.conf
       mv -f /tmp/smb.conf /etc/samba/smb.conf

#       echo "FTP configration file generating..."
#       /bin/mkcode -f > /dev/null
#       /bin/nkf -sEO /etc/wu-ftpd/ftpaccess /tmp/ftpaccess
#       mv -f /tmp/ftpaccess /etc/wu-ftpd/ftpaccess
#       /bin/nkf -sEO /etc/proftpd.conf /tmp/proftpd.conf
#       mv -f /tmp/proftpd.conf /etc/proftpd.conf
fi

Now you can edit /etc/proftpd.conf and it will actually stay that way.

If you speak german, here is a good spot to start your research on how to customize your PROFTPD configuration.

CONFIGURATION

As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file (I wanted to assign different priviledges to virtual users).

The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).

Authentication with "virtual users" (non-system users)

I added these to my config file

AuthPAMAuthoritative off
AuthPAMConfig ftp 
AuthGroupFile /etc/ftp2ndgroup
AuthUserFile /etc/ftp2ndpasswd


What happens then is that, if the user has an "regular account" on the linkstation (i.e. the user is in the usual /etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password.

So you dont have to duplicate your own user account. If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked. The format is exactly the same as /etc/passwd but you have to use fake id number that wont overlap with the ones in the normal passwd file.

To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command. In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shell.