Proxmox – Install ProFTPd on the host with MySQL user authorization

This is how install ProFTPd on the host, which allow to access directly to all the containers. The user authorizations are made with a MySQL database.

Install ProFTPd :

 # apt-get install proftpd proftpd-mod-mysql
 mode : standalone

Install Mysql

Read : proxmox – install a database server with mysql

Connect to database

# mysql -p

Create a new database named ftpusers:

mysql > create database ftpusers_db;

Grant all the permissions to the user proftpd:

mysql > GRANT ALL on ftpusers_db.* to proftpd@'hostname' identified by "PASSWORD";
mysql > GRANT ALL on ftpusers_db.* to proftpd@'%' identified by "PASSWORD";

Create the user table and group table and insert test users:

mysql> use ftpusers;
mysql> CREATE TABLE users (userid varchar(12) NOT NULL, passwd varchar(100) NOT NULL, uid smallint(6) default NULL, gid smallint(6) default NULL, homedir varchar(50) default NULL, shell varchar(20) default '/bin/false');
mysql> CREATE TABLE groups (groupname varchar(30) NOT NULL, gid int NOT NULL, members varchar(255));
mysql> INSERT INTO users VALUES ('user1', PASSWORD('pass123'), 500, 500, '/var/www/web1', '/bin/false');
mysql> INSERT INTO users VALUES ('user2', PASSWORD('pass123'), 501, 500, '/var/www/web2', '/bin/false');
mysql> INSERT INTO users VALUES ('usern', PASSWORD('pass123'), 502, 500, '/var/www/web3', '/bin/false');
mysql> INSERT INTO groups VALUES ('ftpusers', 500, 'user1,user2,usern');
mysql> quit;

éditer le fichier de configuration proftpd :

# nano /etc/proftpd/proftpd.conf

uncomment

DefaultRoot ~
RequireValidShell off
PassivePorts 49152 65534

add

AuthOrder mod_sql.c

uncomment

Include /etc/proftpd/sql.conf
Include /etc/proftpd/modules.conf

edit the database configuration file :

# nano /etc/proftpd/sql.conf

uncomment

SQLBackend mysql
SQLEngine on
SQLAuthenticate on
SQLAuthTypes Backend Crypt
SQLConnectInfo ftpuser_db@192.168.0.121 proftpd PASSWORD
SQLUserInfo users userid passwd uid gid homedir shell
SQLGroupInfo groups groupname gid members

add

SqlLogFile /var/log/proftpd/sql.log

edit the module configuration file:

# nano /etc/proftpd/modules.conf

uncomment

LoadModule mod_sql.c
LoadModule mod_sql_mysql.c

comment

#LoadModule mod_tls_memcache.c

add a group on the host:

# groupadd -g 500 ftpusers

allow directory access:

# chgrp -R ftpusers /var/lib/vz/root/101/home/folder
# chmod -R 775 /var/lib/vz/root/101/home/folder

restart proftpd:

# service proftpd restart

Show running modules

# proftpd -l

Firewall authorization

You need to authorize ftpconnexion on the host.

Log on the host

Display iptables rules:

# ipdateble -L

If the following rule is missing, add it:

# iptables -t nat -A PREROUTING -i vmbr0 -p tcp -m tcp --dport 21 -j DNAT --to-destination <server ip>:21

Raphaël has written 45 articles

2 thoughts on “Proxmox – Install ProFTPd on the host with MySQL user authorization

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>