[[papers:pureftpd.mysql]]
 
Traccia: » solidarieta.per.pietro » pureftpd.mysql

Usare pureftpd con autenticazione su MySQL

Lo scenario ovvero: il disastro

Il problema si è verificato una sera di circa un anno fa. Improvvisamente il server FTP (proftpd) configurato come descritto qui si è “spento” e non siamo riusciti a capirne il motivo.
Trattandosi di una macchina di produzione con un discreto numero di virtual domains a bordo, oltre a cercare di capire il problema originario, abbiamo iniziato a cercare un’alternativa “veloce”.

In breve tempo abbiamo individuato in Pure-FTPd un possibile sostituto.
Abbiamo provveduto ad installarlo dai ports (/usr/ports/ftp/pure-ftpd) attivando l’opzione MySQL e adattando il file di configurazione /usr/local/etc/pureftpd-mysql.conf alla struttura del database precedentemente utilizzata dal proftpd. 

##############################################
#                                            #
# Sample Pure-FTPd Mysql configuration file. #
# See README.MySQL for explanations.         #
#                                            #
##############################################
# Optional : MySQL server name or IP. Don't define this for unix sockets.
# MYSQLServer     127.0.0.1

# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort       3306

# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket     /tmp/mysql.sock

# Mandatory : user to bind the server as.
MYSQLUser       xxxLOGINxxx

# Mandatory : user password. You must have a password.
MYSQLPassword   xxxDB_PASSWORDxxx

# Mandatory : database to open.
# Qui il nome del database è quello usato per il proftpd
MYSQLDatabase   proftpd

# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "md5" *and* "password"
MYSQLCrypt      cleartext

# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.

# Query to execute in order to fetch the password
MYSQLGetPW      SELECT password FROM ftpusers WHERE (username="\L" and LoginAllowed='Y')

# Query to execute in order to fetch the system user name or uid
#MYSQLGetUID     SELECT Uid FROM users WHERE User="\L"

# Optional : default UID - if set this overrides MYSQLGetUID
MYSQLDefaultUID 1000

# Query to execute in order to fetch the system user group or gid
#MYSQLGetGID     SELECT Gid FROM users WHERE User="\L"

# Optional : default GID - if set this overrides MYSQLGetGID
MYSQLDefaultGID 1000

# Query to execute in order to fetch the home directory
MYSQLGetDir     SELECT homedir FROM ftpusers WHERE (username="\L" and loginallowed='Y')

# Optional : query to get the maximal number of files 
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTAFS  SELECT QuotaFiles FROM users WHERE User="\L"

# Optional : query to get the maximal disk usage (virtual quotas)
# The number should be in Megabytes.
# Pure-FTPd must have been compiled with virtual quotas support.
# MySQLGetQTASZ  SELECT QuotaSize FROM users WHERE User="\L"

# Optional : ratios. The server has to be compiled with ratio support.
# MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
# MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"

# Optional : bandwidth throttling.
# The server has to be compiled with throttling support.
# Values are in KB/s .
# MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
# MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

# Enable ~ expansion. NEVER ENABLE THIS BLINDLY UNLESS :
# 1) You know what you are doing.
# 2) Real and virtual users match.
# MySQLForceTildeExpansion 1

# If you upgraded your tables to transactionnal tables (Gemini,
# BerkeleyDB, Innobase...), you can enable SQL transactions to
# avoid races. Leave this commented if you are using the
# traditionnal MyIsam databases or old (< 3.23.x) MySQL versions.
# MySQLTransactions On

La scelta si è dimostrata vincente è siamo riusciti a far ripartire il server nel giro di un paio d’ore.

Links
Il file di configurazione usato per il proftpd (proftpd-mysql.conf)
Configurare proftpd con MySQL
pure-FTPd Homepage
pure-FTPd - MySQL docs

 
  papers/pureftpd.mysql.txt · Ultima modifica: 2007/09/18 23:54
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki