Howto / Ubuntu
Ubuntu - Configurare un server ftp con pure-ftpd e mysql
Author: Tafaz
Visits: 3753
Date: 15.06.2008
Configurazone Pure-ftpd:
ora configuriamo pure-fptd per connettersi a mysql modificando il file /etc/pure-ftpd/db/mysql.conf come mostrato qui sotto
tafaz@Imhotep:~$ vim /ect/pure-ftpd/db/mysql.conf
##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
#MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword pureftpdPasswd
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt md5
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
# Optional : default UID - if set this overrides MYSQLGetUID
MYSQLDefaultUID 33
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
# Optional : default GID - if set this overrides MYSQLGetGID
MYSQLDefaultGID 33
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
il file è abbastanza esplicito, l'unica cosa veramente importante da sapere è che il parametro MYSQLCrypt se impostato a password userà il vecchio metodo di hashing di mysql quindi quello delle versioni minori della 4.1, quindi se volete usare pure-ftpd-mysql con mysql5 e MYSQLCrypt password dovete tener presente che quando creerete gli utenti la password dovrà essere creata usando OLD_PASSWORD anzichè PASSWORD, questo perchè pure-ftpd non usa la libreria libmysqlclient per generare gli hash.
Noi nel nostro esempio usiamo md5 per avere una maggior sicurezza.
In questo esempio abbiamo impostato MYSQLDefaultGID e MYSQLDefaultGID a 33 che sono lo uid e lo gid con cui gira apache in modo da permettere agli utenti che usano l'ftp di non doversi preoccupare troppo dei permessi dei files, questo ovviamente non vale se si usa suphp.
Author: Tafaz
Visits: 3753
Date: 15.06.2008
Configurazone Pure-ftpd:
ora configuriamo pure-fptd per connettersi a mysql modificando il file /etc/pure-ftpd/db/mysql.conf come mostrato qui sotto
tafaz@Imhotep:~$ vim /ect/pure-ftpd/db/mysql.conf
##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
#MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
#MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser pureftpd
# Mandatory : user password. You must have a password.
MYSQLPassword pureftpdPasswd
# Mandatory : database to open.
MYSQLDatabase pureftpd
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt md5
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
MYSQLGetPW SELECT Password FROM users WHERE User="\L" AND status="1" AND (ipaccess="*" OR ipaccess="\R")
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
# Optional : default UID - if set this overrides MYSQLGetUID
MYSQLDefaultUID 33
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
# Optional : default GID - if set this overrides MYSQLGetGID
MYSQLDefaultGID 33
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"
# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1
# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On
il file è abbastanza esplicito, l'unica cosa veramente importante da sapere è che il parametro MYSQLCrypt se impostato a password userà il vecchio metodo di hashing di mysql quindi quello delle versioni minori della 4.1, quindi se volete usare pure-ftpd-mysql con mysql5 e MYSQLCrypt password dovete tener presente che quando creerete gli utenti la password dovrà essere creata usando OLD_PASSWORD anzichè PASSWORD, questo perchè pure-ftpd non usa la libreria libmysqlclient per generare gli hash.
Noi nel nostro esempio usiamo md5 per avere una maggior sicurezza.
In questo esempio abbiamo impostato MYSQLDefaultGID e MYSQLDefaultGID a 33 che sono lo uid e lo gid con cui gira apache in modo da permettere agli utenti che usano l'ftp di non doversi preoccupare troppo dei permessi dei files, questo ovviamente non vale se si usa suphp.
Se vuoi discutere con noi su questo articolo o comunque vuoi porci delle domande usa il nostro Forum
Se pureftp non vi dovesse autenticare dando il seguente messaggio "530 Sorry, but I can't trust you" modificate il file /etc/pure-ftpd/conf/MinUID e impostatelo a 33 che è lo UserId di apache e con cui verranno autenticati gli utenti ftp
