/ linux

install proftpd with web ui on ubuntu 10.04

note: This post is from 2011. It was imported from wordpress for nostalgic reasons.

Last night I was searching around for a good ftp server with good access control,quota support and logging and stumbled upon ProFTPD.

ProFTPD is a advanced ftp server that is extendible with modules and the config is pretty straight  forward (markup us equal to that from apache.conf). I also found a good web ui for ProFTPd with mysql logging,quota support, user management, group management, system resources, etc. named ProFTPd Administrator.

Because setting this up was a slight pain in the ass, here’s an howto for the ubuntu folks !

Step 1: preparation

make sure all the needed packages are installed:

sudo apt-get install apache2 php5 mysql-server mysql-client proftpd proftpd-mysql phpmyadmin
  • Choose a password for the root account in mysql and write it down somewhere (or remember it, even better!)._
    quick tip: for easly ‘rememberable’ passwords, use pwgen. Pwgen generates hard to guess, but easy to remember passwords._

  • For phpmyadmin, choose apache2 configuration.

Go to your www-root and download proftpd-adm:

cd /var/www/  
wget http://sourceforge.net/projects/proftpd-adm/files/proFTPd%20Administrator/proFTPd%20Administrator%20v1.2/proftpd\_admin\_v1.2.tar.gz/  
tar vxzf proftpd\_admin\_v1.2.tar.gz  
mv proftpd\_admin\_v1.2 ftp

Step 2: Installing the mysql user and table

Go to /var/www/ftp/misc and edit the database file.

cd /var/www/ftp/misc/database\_structure\_mysql
vi db_structure.sql #(or your favorite text editor)

and change the last lines as followed:

GRANT ALL ON usertable **proftpd_admin.*** TO proftpd@localhost IDENTIFIED BY ‘_**SomePass**_‘;  
GRANT ALL ON grouptable TO proftpd@localhost IDENTIFIED BY ‘<database_password>’;  
GRANT ALL ON xfer\_stat TO proftpd@localhost IDENTIFIED BY ‘<database\_password>’;

Changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are striketrough.

Now we need to create the database and fill it with the tables, like this.

mysql -u root -p < db_structure.sql

Test this by executing the following (you will be prompted for the proftpd password you changed above):

mysql -u proftpd -p proftpd_admin  
mysql> show tables;  
+————————-+  
| Tables\_in\_proftpd_admin |  
+————————-+  
| ftpquotalimits          |  
| ftpquotatallies         |  
| grouptable              |  
| usertable               |  
| xfer_stat               |  
+————————-+  
5 rows in set (0.00 sec)

Step 3: configuring proFTPd

make the ftp dirs and correct the rights:

mkdir /ftp  
chown nobody:nogroup /ftp  
chmod 0660 /ftp  
mkdir /ftp/incoming  
chown nobody:nogroup /ftp/incoming  
chmod 0660 /ftp/incoming

Save the default config under another name:

cd /etc/proftpd  
mv proftpd.conf proftpd.conf.default

and copy the one from the proFTPd Administrator package & edit:

cp /var/www/ftp/misc/sample\_config/proftpd\_quota.conf proftpd.conf
vi proftpd.conf

As above, changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are strikethrough.

ServerName                      “_**Server**_”  
ServerType                      standalone  
ServerIdent                     on              “_**Server**_”  
DeferWelcome                    on  
DefaultServer                   on  
DisplayLogin                    .welcome        # Textfile to display on login  
DisplayConnect                  .connect        # Textfile to display on connection  
DisplayFirstChdir               .firstchdir     # Textfile to display on first changedir

UseReverseDNS                   off  
IdentLookups                    off

Port                            21  
Umask                           022  
MaxInstances                    15  
MaxClientsPerHost               3               “Only %m connections per host allowed”  
MaxClients                      10              “Only %m total simultanious logins allowed”  
MaxHostsPerUser                 1  
**Include                         /etc/proftpd/modules.conf**  
User                            nobody  
Group                           nobody**nogroup**  
\[…\]  
\# Set up authentication via SQL  
\# ===========  
AuthOrder                       mod_sql.c  
SQLAuthTypes                    Backend  
SQLConnectInfo                  proftpd_admin@localhost proftpd _**SomePass**_  
SQLUserInfo                     usertable userid passwd uid gid homedir shell  
SQLGroupInfo                    grouptable groupname gid members  
SQLUserWhereClause              “disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)”  
\[…\]

ProFTPd Should be configured right now with quota support & authentication via a mysql back end.

try to start the service:

service proftpd restart

If it returns ok, you win! Else, post the errors you’ve got in the comments below.

Step 4: Securing ProFTPd Administrator

Security first! Whe are going to secure our /ftp webdirectory with use of apaches build in httpauth.

edit the default site:

vi /etc/apache2/sites-available/default

Again, changes are displayed in bold, changes that needs your specific input are displayed in bold italic.
Things that needs to be deleted are strikethrough.

<VirtualHost *:80>  
ServerAdmin webmaster@localhost

DocumentRoot /var/www  
<Directory />  
Options FollowSymLinks  
AllowOverride None  
</Directory>  
<Directory /var/www/>  
Options Indexes FollowSymLinks MultiViews  
AllowOverride None**All**  
Order allow,deny  
allow from all  
</Directory>  
\[…\]

Now we create the .htpasswd file. For maximum security, I place this in my apache /etc/ dir

htpasswd -c /etc/apache2/.htpasswd root

Enter your password as you wish.

Go to /var/www/ftp/ and create the .htaccess file

cd /var/www/ftp/  
vi .htaccess
AuthType Basic  
AuthName “Restricted Area”  
AuthUserFile /etc/apache2/.htpasswd  
Require user root

Now restart apache2 to apply your changes;

service apache2 restart

Step 6: Make a little change to ProFTPd Administrator code

edit the class_system.php file on line 196 to fix the module problem:

**#**exec($GLOBALS\[‘config\_path\_to_proftpd’\] . ‘ -l’, $modules);  
**#Fix for ubuntu  
exec(“cat /etc/proftpd/modules.conf | egrep -v \\”^#\\” | egrep -v \\”^ModuleControlsACLs\\” | sed ‘s/LoadModule //g’ | egrep -v \\”^ModulePath\\””,$modules);**

Step 7: Configuring ProFTPd Administrator

make sure configuration.xml is writable to apache:

chown www-data:www-data /var/www/ftp/configuration.xml

in your webbrowser, go to [ip-server]/ftp/configure.php
login with your credetials as mentioned above.

Database

Enter the information as followed:

  • username: proftpd
  • password: SomePass
  • Hostname: localhost
  • Database: proftpd_admin
  • Database server : mysql
  • Subtype: Standard

ProFTPd

Enter the information as followed:

  • FTP root: /ftp
  • Default home directory: /ftp
  • Create user command: empty
  • Delete user command: /bin/bash /var/www/ftp/misc/user_script/delete_user.sh
  • Default shell: # /etc/shells: valid login shells

Filepaths

Enter the information as followed:

  • who: /usr/bin/who
  • df: /bin/df
  • ps: /bin/ps
  • sysctl: /sbin/sysctl
  • ftpwho: /usr/bin/ftpwho
  • Kernel configuration file: /boot/config-2.6.32-25-generic (check in your /boot the latest config file)
  • proftpd: /usr/sbin/proftpd

Extentions

  • Quota: enabled
    (if you can’t select enabled, check if you entered the above hack correct and include /etc/proftpd/modules.conf is present in your /etc/proftpd/proftpd.conf file.)

Step 9: Success!

Done! try to create a user in Users > Create User and try to login. Set some quotas, etc. Play with it and get to know the interface!

If you’re stuck somewhere, leeave a comment and I’ll try to help you out.