subutux

install proftpd with web ui on ubuntu 10.04

Last night I was searching around for a good ftp server with good access control,quota support and logging and stumbled upon ProFTPD.

ProFTPD is a advanced ftp server that is extendible with modules and the config is pretty straight  forward (markup us equal to that from apache.conf). I also found a good web ui for ProFTPd with mysql logging,quota support, user management, group management, system resources, etc. named ProFTPd Administrator.

Because setting this up was a slight pain in the ass, here’s an howto for the ubuntu folks !

Step 1: preparation

make sure all the needed packages are installed:

sudo apt-get install apache2 php5 mysql-server mysql-client proftpd proftpd-mysql phpmyadmin

• Choose a password for the root account in mysql and write it down somewhere (or remember it, even better!).
  quick tip: for easly ‘rememberable’ passwords, use pwgen. Pwgen generates hard to guess, but easy to remember passwords.

• For phpmyadmin, choose apache2 configuration.

Go to your www-root and download proftpd-adm:

cd /var/www/
wget http://sourceforge.net/projects/proftpd-adm/files/proFTPd%20Administrator/proFTPd%20Administrator%20v1.2/proftpd_admin_v1.2.tar.gz/
tar vxzf proftpd_admin_v1.2.tar.gz
mv proftpd_admin_v1.2 ftp

Step 2: Installing the mysql user and table

Go to /var/www/ftp/misc and edit the database file.

cd /var/www/ftp/misc/database_structure_mysql
vi (or your favorite text editor) db_structure.sql

and change the last lines as followed:

GRANT ALL ON usertable proftpd_admin.* TO proftpd@localhost IDENTIFIED BY ‘SomePass‘;
GRANT ALL ON grouptable TO proftpd@localhost IDENTIFIED BY ‘<database_password>’;
GRANT ALL ON xfer_stat TO proftpd@localhost IDENTIFIED BY ‘<database_password>’;

Changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are striketrough.

Now we need to create the database and fill it with the tables, like this.

mysql -u root -p < db_structure.sql

Test this by executing the following (you will be prompted for the proftpd password you changed above):

mysql -u proftpd -p proftpd_admin
mysql> show tables;
+————————-+
| Tables_in_proftpd_admin |
+————————-+
| ftpquotalimits          |
| ftpquotatallies         |
| grouptable              |
| usertable               |
| xfer_stat               |
+————————-+
5 rows in set (0.00 sec)

Step 3: configuring proFTPd

make the ftp dirs and correct the rights:

mkdir /ftp
chown nobody:nogroup /ftp
chmod 0660 /ftp
mkdir /ftp/incoming
chown nobody:nogroup /ftp/incoming
chmod 0660 /ftp/incoming

Save the default config under another name:

cd /etc/proftpd
mv proftpd.conf proftpd.conf.default

and copy the one from the proFTPd Administrator package & edit:

cp /var/www/ftp/misc/sample_config/proftpd_quota.conf proftpd.conf
vi proftpd.conf

As above, changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are strikethrough.

ServerName                      “Server”
ServerType                      standalone
ServerIdent                     on              “Server”
DeferWelcome                    on
DefaultServer                   on
DisplayLogin                    .welcome        # Textfile to display on login
DisplayConnect                  .connect        # Textfile to display on connection
DisplayFirstChdir               .firstchdir     # Textfile to display on first changedir

UseReverseDNS                   off
IdentLookups                    off

Port                            21
Umask                           022
MaxInstances                    15
MaxClientsPerHost               3               “Only %m connections per host allowed”
MaxClients                      10              “Only %m total simultanious logins allowed”
MaxHostsPerUser                 1
Include                         /etc/proftpd/modules.conf
User                            nobody
Group                           nobodynogroup
[...]
# Set up authentication via SQL
# ===========
AuthOrder                       mod_sql.c
SQLAuthTypes                    Backend
SQLConnectInfo                  proftpd_admin@localhost proftpd SomePass
SQLUserInfo                     usertable userid passwd uid gid homedir shell
SQLGroupInfo                    grouptable groupname gid members
SQLUserWhereClause              “disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)”
[...]

ProFTPd Should be configured right now with quota support & authentication via a mysql back end.

try to start the service:

service proftpd restart

If it returns ok, you win! Else, post the errors you’ve got in the comments below.

Step 4: Securing ProFTPd Administrator

Security first! Whe are going to secure our /ftp webdirectory with use of apaches build in httpauth.

edit the default site:

vi /etc/apache2/sites-available/default

Again, changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are strikethrough.

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride NoneAll
Order allow,deny
allow from all
</Directory>
[...]

Now we create the .htpasswd file. For maximum security, I place this in my apache /etc/ dir

htpasswd -c /etc/apache2/.htpasswd root

Enter your password as you wish.

Go to /var/www/ftp/ and create the .htaccess file

cd /var/www/ftp/
vi .htaccess

AuthType Basic
AuthName “Restricted Area”
AuthUserFile /etc/apache2/.htpasswd
Require user root

Now restart apache2 to apply your changes;

service apache2 restart

Step 6: Make a little change to ProFTPd Administrator code

edit the class_system.php file on line 196 to fix the module problem:

#exec($GLOBALS['config_path_to_proftpd'] . ‘ -l’, $modules);
#Fix for ubuntu
exec(“cat /etc/proftpd/modules.conf | egrep -v \”^#\” | egrep -v \”^ModuleControlsACLs\” | sed ‘s/LoadModule //g’ | egrep -v \”^ModulePath\”",$modules);

Step 7: Configuring ProFTPd Administrator

make sure configuration.xml is writable to apache:

chown www-data:www-data /var/www/ftp/configuration.xml

in your webbrowser, go to [ip-server]/ftp/configure.php
login with your credetials as mentioned above.

Database

Enter the information as followed:

• username: proftpd
• password: SomePass
• Hostname: localhost
• Database: proftpd_admin
• Database server : mysql
• Subtype: Standard

ProFTPd

Enter the information as followed:

• FTP root: /ftp
• Default home directory: /ftp
• Create user command: empty
• Delete user command: /bin/bash /var/www/ftp/misc/user_script/delete_user.sh
• Default shell: # /etc/shells: valid login shells

Filepaths

Enter the information as followed:

• who: /usr/bin/who
• df: /bin/df
• ps: /bin/ps
• sysctl: /sbin/sysctl
• ftpwho: /usr/bin/ftpwho
• Kernel configuration file: /boot/config-2.6.32-25-generic (check in your /boot the latest config file)
• proftpd: /usr/sbin/proftpd

Extentions

• Quota: enabled
  (if you can’t select enabled, check if you entered the above hack correct and include /etc/proftpd/modules.conf is present in your /etc/proftpd/proftpd.conf file.)

Step 9: Success!

Done! try to create a user in Users > Create User and try to login. Set some quotas, etc. Play with it and get to know the interface!

If you’re stuck somewhere, leeave a comment and I’ll try to help you out.

Tags: apache2, ftp, httpauth, linux, mysql, php, php5, proftftp, proftpd administrator, quota, ubuntu, ubuntu 10.04