PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : ProFTPD mit mod_sql: Probleme mit den Verzeichnissrechten



TheAnimal
05.10.05, 15:28
Hallo Zusammen,
Bei mir läuft ProFTPd mit mod_sql. Funktioniert auch wunderbar. Eingerichtet sind zwei Gruppen: admins, Users

Frage:
In der proftpd.conf habe ich jetzt für ein Verzeichniss Limits gesetzt. Das klappt auch, allerdings muß ich die Verzeichniss-Rechte auf 777 setzen.
Ist das normal?? Muß ich das Verzeichniss auf 777 setzen?? Oder habe ich was falsch eingetragen in der proftpd.conf??

Meine proftpd.conf


ServerName "Servername"
ServerType standalone
ServerIdent on "Servers identifying string"
DeferWelcome on
DefaultServer on

DisplayLogin .welcome # Textfile to display on login
DisplayConnect .connect # Textfile to display on connection
DisplayFirstChdir .firstchdir # Textfile to display on first changedir

UseReverseDNS off
IdentLookups off

Port 21
Umask 022
MaxInstances 15
MaxClientsPerHost 3 "Only %m connections per host allowed"
MaxClients 10 "Only %m total simultanious logins allowed"
MaxHostsPerUser 1

User ftpuser
Group ftpgroup

ScoreboardFile /var/log/scoreboard

# Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# Define log-files to use
TransferLog /var/log/proftpd.xferlog
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
ExtendedLog /var/log/proftpd.auth_log AUTH auth
ExtendedLog /var/log/proftpd.paranoid_log ALL default
SQLLogFile /var/log/proftpd.mysql

# Set up authentication via SQL
# ===========
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo proftpd_admin@localhost proftpd epmsserv
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"

# Log the user logging in
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable

# logout log
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable

# display last login time when PASS command is given
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLShowInfo PASS "230" "Last login was: %{login_time}"

# xfer Log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat


AllowStoreRestart on
AllowRetrieveRestart on
RequireValidShell off
PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/


<Directory /var/ftp/*>
AllowOverwrite off
HideNoAccess off
<Limit READ>
AllowAll
</Limit>

<Limit WRITE>
DenyGroup !admins
</Limit>
</Directory>

<Directory /var/ftp/incoming/*>
AllowOverwrite on
HideNoAccess on

<Limit READ>
DenyGroup !admins
</Limit>

<Limit STOR MKD>
AllowAll
</Limit>
</Directory>


Kann mir jemand weiterhelfen??

Danke im voraus

daniel444
06.10.05, 14:36
bei mir werden die mysql benutzer nicht gefunden



[R] USER test
[R] 331 User test OK. Password required
[R] PASS (hidden)
[R] 530 Authentication failed, sorry



pureftpd-mysq.conf:



##############################################
# #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations. #
# #
##############################################


# Optional : MySQL server name or IP. Don't define this for unix sockets.

# MYSQLServer 127.0.0.1


# Optional : MySQL port. Don't define this if a local unix socket is used.

# MYSQLPort 3306


# Optional : define the location of mysql.sock if the server runs on this host.

MYSQLSocket /tmp/mysql.sock


# Mandatory : user to bind the server as.

MYSQLUser ftpuser


# Mandatory : user password. You must have a password.

MYSQLPassword ftpuser1234


# Mandatory : database to open.

MYSQLDatabase pureftpd


# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"

MYSQLCrypt cleartext


# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.


# Query to execute in order to fetch the password

MYSQLGetPW SELECT Password FROM users WHERE User="\L"


# Query to execute in order to fetch the system user name or uid

MYSQLGetUID SELECT Uid FROM users WHERE User="\L"


# Optional : default UID - if set this overrides MYSQLGetUID

#MYSQLDefaultUID 1000


# Query to execute in order to fetch the system user group or gid

MYSQLGetGID SELECT Gid FROM users WHERE User="\L"


# Optional : default GID - if set this overrides MYSQLGetGID

#MYSQLDefaultGID 1000


# Query to execute in order to fetch the home directory

MYSQLGetDir SELECT Dir FROM users WHERE User="\L"


# Optional : query to get the maximal number of files
# Pure-FTPd must have been compiled with virtual quotas support.

# MySQLGetQTAFS SELECT QuotaFiles FROM users WHERE User="\L"


# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.

# MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"


# Optional : ratios. The server has to be compiled with ratio support.

# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"


# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .

# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.

# MySQLForceTildeExpansion 1


# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.

# MySQLTransactions On





Tabellennstruktur:



CREATE TABLE users (
User varchar(16) NOT NULL default '',
Password varchar(64) NOT NULL default '',
Uid int(11) NOT NULL default '-1',
Gid int(11) NOT NULL default '-1',
Dir varchar(128) NOT NULL default '',
PRIMARY KEY (User)
);



Woran kann dies liegen, dass ich mich mit benutzern der myswl db nicht einloggen kann? bzw. kann ich irgendwo nachsehen, ob überhaupt auf die db zugegriffen wird



weiters möchte ich gerne den server mit dem configurationsfile pure-ftpd.conf starten:



################################################## ##########
# #
# Configuration file for pure-ftpd wrappers #
# #
################################################## ##########

# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# @prefix@/sbin/pure-config.pl @prefix@/etc/pure-ftpd.conf
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.shtml for a complete list of
# options.

# Cage in every user in his home directory

ChrootEveryone yes



# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.

# TrustedGID 100



# Turn on compatibility hacks for broken clients

BrokenClientsCompatibility no



# Maximum number of simultaneous users

MaxClientsNumber 50



# Fork in background

Daemonize yes



# Maximum number of sim clients with the same IP address

MaxClientsPerIP 8



# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.

VerboseLog no



# List dot-files even when the client doesn't send "-a".

DisplayDotFiles yes



# Don't allow authenticated users - have a public anonymous FTP only.

AnonymousOnly no



# Disallow anonymous connections. Only allow authenticated users.

NoAnonymous no



# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.

SyslogFacility ftp



# Display fortune cookies

# FortunesFile /usr/share/fortune/zippy



# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.

DontResolve yes



# Maximum idle time in minutes (default = 15 minutes)

MaxIdleTime 15



# LDAP configuration file (see README.LDAP)

# LDAPConfigFile /etc/pureftpd-ldap.conf



# MySQL configuration file (see README.MySQL)

MySQLConfigFile /etc/pureftpd-mysql.conf


# Postgres configuration file (see README.PGSQL)

# PGSQLConfigFile /etc/pureftpd-pgsql.conf


# PureDB user database (see README.Virtual-Users)

PureDB /etc/pureftpd.pdb


# Path to pure-authd socket (see README.Authentication-Modules)

# ExtAuth /var/run/ftpd.sock



# If you want to enable PAM authentication, uncomment the following line

# PAMAuthentication yes



# If you want simple Unix (/etc/passwd) authentication, uncomment this

# UnixAuthentication yes



# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.



# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth

LimitRecursion 2000 8



# Are anonymous users allowed to create new directories ?

AnonymousCanCreateDirs no



# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.

MaxLoad 4



# Port range for passive connections replies. - for firewalling.

# PassivePortRange 30000 50000



# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.

# ForcePassiveIP 192.168.0.1



# Upload/download ratio for anonymous users.

# AnonymousRatio 1 10



# Upload/download ratio for all users.
# This directive superscedes the previous one.

# UserRatio 1 10



# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.

AntiWarez yes



# IP address/port to listen to (default=all IP and port 21).

# Bind 127.0.0.1,21



# Maximum bandwidth for anonymous users in KB/s

# AnonymousBandwidth 8



# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.

# UserBandwidth 8



# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.

Umask 133:022



# Minimum UID for an authenticated user to log in.

MinUID 100



# Allow FXP transfers for authenticated users.

AllowUserFXP no



# Allow anonymous FXP for anonymous and non-anonymous users.

AllowAnonymousFXP no



# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.

ProhibitDotFilesWrite no



# Prohibit *reading* of files beginning with a dot (.history, .ssh...)

ProhibitDotFilesRead no



# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...

AutoRename no



# Disallow anonymous users to upload new files (no = upload is allowed)

AnonymousCantUpload no



# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.

#TrustedIP 10.1.1.1



# If you want to add the PID to every logged line, uncomment the following
# line.

#LogPID yes



# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.

# AltLog clf:/var/log/pureftpd.log



# Create an additional log file with transfers logged in a format optimized
# for statistic reports.

# AltLog stats:/var/log/pureftpd.log



# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)

# AltLog w3c:/var/log/pureftpd.log



# Disallow the CHMOD command. Users can't change perms of their files.

#NoChmod yes



# Allow users to resume and upload files, but *NOT* to delete them.

#KeepAllFiles yes



# Automatically create home directories if they are missing

#CreateHomeDir yes



# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.

#Quota 1000:10



# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid

#PIDFile /var/run/pure-ftpd.pid



# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.

#CallUploadScript yes



# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.

MaxDiskUsage 99



# Set to 'yes' if you don't want your users to rename files.

#NoRename yes



# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.

CustomerProof yes



# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.

# PerUserLimits 3:20



# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual quotas.

# NoTruncate yes



# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.

# TLS 1



# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.

# IPV4Only yes



# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.

# IPV6Only yes



jedoch ist der dämon pure-config.pl im sbin verzeichnis nicht vorhanden


pure-config.pl /etc/pure-ftpd.conf

ich kompilierte den server mit:

./configure --with-everything
Warum ist dann das Starten mit einem .conf file dann nicht möglich?



Auch das das Starten des Servers mit normalen Benutzern funktioniert nicht wirklich.
d.h. wenn ich den server mit einem normalen benutzer starte ist dieser nicht erreichbar

nur das starten als root funktioniert

Welche Rechte muss eine Benutzer haben um einen FTP Server starten zu können?


Vielleicht kann mir jemand weiterhelfen.


mfg daniel444

daniel444
07.10.05, 10:09
Hat wirklich niemand eine ahnung warum ich pure-ftpd nicht mit der conf datei starten kann, obwohl ich mit configure --with-everything die installation durchführte.