virtual hosting with pureftpd and mysql
DESCRIPTION
VIRTUAL HOSTING WITH PureFTPd And MYSQL. (Quota And Bandwidth Management) BY Odoh Kenneth Emeka Sun Yu Patrick Appiah. FTP. FTP is an acronym for File Transfer Protocol What is a protocol? FTP Client / server architecture Port 21 for incoming connection . TCP protocol. - PowerPoint PPT PresentationTRANSCRIPT
VIRTUAL HOSTING WITH VIRTUAL HOSTING WITH PureFTPd And MYSQLPureFTPd And MYSQL
(Quota And Bandwidth Management)
BYOdoh Kenneth EmekaSun YuPatrick Appiah
FTPFTPFTP is an acronym for File
Transfer Protocol
What is a protocol?FTP
Client / server architecture Port 21 for incoming connection . TCP protocol
ADVANTAGES OF FTPADVANTAGES OF FTPEasy to useLow bandwidth Control over transfer e.g.
choosing how data is transferred with binary, executable e.t.c
Disadvantages of FTPDisadvantages of FTPSECURITY
Using ch’root file server with suitable file permission can deter simple attacks but SSH or TLS is a better option as password is not transferred in clear text.
Security in virtual hosting Security in virtual hosting projectprojectCh’root FTP.
User is directed to a specially made home directory with minimal permissions.
Users don’t have shell few commands e.g ls System files are inaccessible to users.
Software used for virtual Software used for virtual hosting projecthosting project
Project RequirementProject RequirementScalable Handle both authenticated user
and anonymous user. Implement quota management
and upload/download bandwidth limits management.
ProceduresProceduresNote: Always back up any configuration file before making any changes.
Log into the computer using the administrator account.
$ sudo suConfigure the static IP address by
editing the /etc/hosts file.Install mysql-server ,mysql-client,
phpmyadmin and Apache2 .$ aptitude install mysql-server
mysql-client phpmyadmin apache2
Procedure cont…Procedure cont…Install the package that enables
connection between pureFtp and mysql.
$ aptitude install pure-ftpd-mysql
Then we create an ftp group (ftpgroup) and user (ftpuser) that all our virtual users will be mapped to. Replace the group- and userid with 2001
$ groupadd -g 2001 ftpgroup
$ useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser
Procedure cont…Procedure cont… We create a database called pureftpd and an mysql
user called pureftp.We would log in into the mysql database as root using the command.#remember to start mysql server$ mysql -u root –p
CREATE DATABASE pureftpd; Then creates a user and grant them the required
priviledgesGRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost' IDENTIFIED BY 'ftpdpass';GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'pureftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;
Procedure cont…Procedure cont… USE pureftpd;
CREATE TABLE ftpd (User varchar(16) NOT NULL default '',status enum('0','1') NOT NULL default '0',Password varchar(64) NOT NULL default '',Uid varchar(11) NOT NULL default '-1',Gid varchar(11) NOT NULL default '-1',Dir varchar(128) NOT NULL default '',ULBandwidth smallint(5) NOT NULL default '0',DLBandwidth smallint(5) NOT NULL default '0',comment tinytext NOT NULL,ipaccess varchar(15) NOT NULL default '*',QuotaSize smallint(5) NOT NULL default '0',QuotaFiles int(11) NOT NULL default 0,PRIMARY KEY (User),UNIQUE KEY User (User)) TYPE=MyISAM;
Procedure cont…Procedure cont…$ touch
/etc/pure-ftpd/db/mysql.conf_origNow I have to copy the configuration
files from /etc/pure-ftpd/db/mysql.conf to
/etc/pure-ftpd/db/mysql.conf_orig using the cp command.
$cp /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf_orig
I have to edit the file /etc/pure-ftpd/db/mysql.conf
$ nano /etc/pure-ftpd/db/mysql.conf
Procedure cont…Procedure cont… MYSQLSocket /var/run/mysqld/mysqld.sock #MYSQLServer localhost #MYSQLPort 3306 MYSQLUser pureftpd MYSQLPassword pureftpd MYSQLDatabase pureftpd #MYSQLCrypt md5, cleartext, crypt() or
password() - md5 is VERY RECOMMENDABLE uppon cleartext MYSQLCrypt md5 MYSQLGetPW SELECT Password FROM ftpd
WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
Procedure cont…Procedure cont…
MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND(ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND(ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND(ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"ANDstatus="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"ANDstatus="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1"AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1"AND (ipaccess = "*" OR ipaccess LIKE "\R")
CH’ROOT ConfigurationCH’ROOT Configuration Then create the file /etc/pure-ftpd/conf/ChrootEveryone
which simply contains the string yes:$touch /etc/pure-ftpd/conf/ChrootEveryone$echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
This will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory.
create the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes.
$touch /etc/pure-ftpd/conf/CreateHomeDir$echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
This will make PureFTPd create a user's home directory when the user logs in and the home directory does not exist yet.
create the file /etc/pure-ftpd/conf/DontResolve which again simply contains the string yes.
Cont..Cont..
$touch /etc/pure-ftpd/conf/DontResolve
$echo "yes" > /etc/pure-ftpd/conf/DontResolve
This will make that PureFTPd reduce bandwidth usage.
We have to restart the pureftpd server
$ /etc/init.d/pure-ftpd-mysql restart
Testing the pTesting the prrojectojectINSERT INTO `ftpd` (`User`,
`status`, `Password`, `Uid`, `Gid`, `Dir`,`ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`,`QuotaFiles`) VALUES ('exampleuser', '1', MD5('secret'), '2001', '2001','/home/www.example.com', '100', '100', '', '*', '50', '0');
Creating Anonymous UserCreating Anonymous UserINSERT INTO `ftpd` (`User`, `status`,
`Password`, `Uid`, `Gid`, `Dir`,`ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`,`QuotaFiles`) VALUES ('ftp', '1', MD5(''), '2001', '2001', '/home/ftp', '100', '100', '','*', '50', '0');
quit;Create the file
/etc/pure_ftpd/conf/NoAnonymousThis configuration will allow anonymous login.
$ touch /etc/pure-ftpd/conf/NoAnonymous$ echo "no" > /etc/pure-ftpd/conf/NoAnonymous
$ /etc/init.d/pure-ftpd-mysql restart$ cd /home/ftp$ mkdir incoming$ chown ftp:nogroup incoming/$ chmod 311 incoming/$ cd ../$ chmod 555 ftp/
Now anonymous users can login, and they can download files from /home/ftp, but uploads are limited to /home/ftp/incoming (and once a file is uploaded into /home/ftp/incoming, it cannot be read nor downloaded from there; the server admin has to move it into /home/ftp first to make it available to others
Cont…Cont…
log in$ ftp 192.168.10.75
ReferencesReferenceshttp://www.chinalinuxpub.com/doc/
www.siliconvalleyccie.com/index.htmhttp://www.linuxhomenetworking.com/http://linuxservertutorials.blogspot.com/
2008/11/configure-ftp-server-onubuntu.html
http://en.wikipedia.org/wiki/Pure-FTPdhttp://www.howtoforge.com/virtual-hosting-
with-pureftpd-and-mysql-incl-quotaand-bandwidth-management-on-ubuntu-9.10-p2
ENDEND
THANKS