View previous topic :: View next topic |
Author |
Message |
kernings n00b
Joined: 14 Nov 2007 Posts: 36
|
Posted: Wed Feb 06, 2008 4:39 pm Post subject: [Proftpd] Eclaircissement sur le fonctionnement !! |
|
|
Bonjour à tous,
VOIla, j'utilise Proftpd avec mysql et ça marche plutot bien. Il y'a juste quelque chose que je ne comprend pas bien dans le fonctionnement :
Voila, je crée un utilisateur "test" qui appartient au groupe "users", j'ajoute cet utilisateur dans la liste des utilisateurs proftpd : Lorsque j'upload un fichier l'utilisateur du fichier est le bon "test" mais le groupe est "nogroup" comment ça se fait ?
Pareil autre infos, les fichiers uploadés sont forcement en chmod 644 pour les fichiers, hors j'utilise plutot 755 ... mais en l'occurence avec nogroup, ça va pas me servir à grand chose. A priori c'est a cause du UMASK à 022, il faut le mettre à combien pour les fichiers 755 ?
A bientot. |
|
Back to top |
|
|
oxomichael Tux's lil' helper
Joined: 05 Aug 2005 Posts: 87 Location: Loin de chez moi
|
Posted: Fri Feb 08, 2008 7:32 pm Post subject: |
|
|
Si tu poster tes fichiers de config pour que je comprenne comment tu utilise proftpd avec mysql _________________ Gigabyte MA790GP-DS4H - Phenon X4 955 - 4Go
3.0 - ~amd64
Gigabyte MA770T-UD3P - Athlon II X2 240 - 4Go
2.6.38 - ~amd64 |
|
Back to top |
|
|
kernings n00b
Joined: 14 Nov 2007 Posts: 36
|
Posted: Sat Feb 09, 2008 11:13 am Post subject: |
|
|
Voila !!
Code: | # This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anonymous access.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
RequireValidShell off
AuthPAM off
AuthPAMConfig ftp
AccessGrantMsg "Utilisateur %u connecté"
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit the maximum number of processes per service
# (such as xinetd).
MaxInstances 30
AllowOverwrite on
AllowRetrieveRestart on
AllowForeignAddress on
RootLogin no
ListOptions "-a"
MaxClients 5
MaxClientsPerHost 3
MaxLoginAttempts 3
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
TransferLog /var/log/proftpd/proftpd.log
ExtendedLog /var/log/proftpd/access.log WRITE,READ write
ExtendedLog /var/log/proftpd/auth.log AUTH auth
UseReverseDNS off
IdentLookups off
# Set the user and group under which the server will run.
User ftpuser
Group ftpgroup
# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>
DefaultRoot ~
# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost proftpd XXXXXXXXX
# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell
# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members
# set min UID and GID - otherwise these are 999 each
SQLMinID 500
# create a user's home directory on demand if it doesn't exist
#SQLHomedirOnDemand off
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
RootLogin off
RequireValidShell off
SQLNamedQuery gettally SELECT "ROUND((bytes_in_used/1048576),2) FROM ftpquotatallies WHERE name='%u'"
SQLNamedQuery getlimit SELECT "ROUND((bytes_in_avail/1048576),2) FROM ftpquotalimits WHERE name='%u'"
SQLNamedQuery getfree SELECT "ROUND(((ftpquotalimits.bytes_in_avail-ftpquotatallies.bytes_in_used)/1048576),2) FROM ftpquotalimits,ftpquotatallies WHERE ftpquotalimits.name = '%u' AND ftpquotatallies.name = '%u'"
SQLShowInfo LIST "226" "Used %{gettally}MB from %{getlimit}MB. You have %{getfree}MB available space." |
Mon compte sur Mysql
id userid passwd uid gid homedir shell count accessed modified
2 evolv XXXXX 1013 100 /var/www/evolv /sbin/nologin 208 2008-02-09 11:15:35 2008-02-08 16:12:51
MOn compte (user unix)
evolv:x:1013:100:evolv:/var/www/evolv:/bin/false
Comtpe Ftpdf
proftpd:x:101:1001:added by portage for proftpd:/dev/null:/usr/sbin/nologin
ftpuser:x:2001:2001:proftpd user:/bin/null:/bin/false
Le tuto que j'ai utilisé :
http://www.howtoforge.com/proftpd_mysql_virtual_hosting |
|
Back to top |
|
|
oxomichael Tux's lil' helper
Joined: 05 Aug 2005 Posts: 87 Location: Loin de chez moi
|
Posted: Sun Feb 10, 2008 10:35 am Post subject: |
|
|
Voilà mon fichier de config :
Code: |
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "OxO FTP Server"
ServerType standalone
DefaultServer on
MultilineRFC2228 on
UseReverseDNS off
IdentLookups off
MasqueradeAddress oxomichael.serveftp.net
# Port 21 is the standard FTP port.
Port 35000
PassivePorts 60000 65535
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances 30
# Set the user and group under which the server will run.
User nobody
Group nogroup
DefaultRoot ~
AllowStoreRestart on
AllowRetrieveRestart on
AllowOverwrite on
<Directory />
HideFiles (\.php)$ user !oxomichael
</Directory>
# The passwords in MySQL are encrypted using CRYPT
SQLAuthTypes Plaintext Crypt
SQLAuthenticate users* groups*
# used to connect to the database
# databasename@host database_user user_password
SQLConnectInfo ftp@localhost root ****
# Here we tell ProFTPd the names of the database columns in the "usertable"
# we want it to interact with. Match the names with those in the db
SQLUserInfo ftpuser userid passwd uid gid homedir shell
# Here we tell ProFTPd the names of the database columns in the "grouptable"
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo ftpgroup groupname gid members
# set min UID and GID - otherwise these are 999 each
SQLMinID 500
# create a user's home directory on demand if it doesn't exist
SQLHomedirOnDemand on
# Update count every time user logs in
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser
# Update modified everytime user uploads or deletes a file
SQLLog STOR,DELE modified
SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
# User quotas
# ===========
QuotaEngine on
QuotaDirectoryTally on
QuotaDisplayUnits Mb
QuotaShowQuotas on
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM ftpquotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM ftpquotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" ftpquotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" ftpquotatallies
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
RootLogin off
RequireValidShell off
|
Comme tu le vois mon serveur ftp s'execute sous l'utiliateur
User nobody
Group nogroup
Voilà comment sont répartis mes utilisateurs
root, oxomichael sont des utilisateurs UNIX
Tout mon stockage de fichiers se fait dans oxomichael
pour le serveur web et le serveur ftp
et ma table ftpgroup dans mysql fait référence au groupe oxomichael et au membre oxomichael avec l'id correspondant
J'évite ainsi d'avoir des problèmes de droit dans mes répertoires utilisateurs pour tous les utilisateurs virtuels
Le problème pour ta situation est que tu utilise des répertoires principalement accessible par root donc pour ne pas avoir de problème de droit sur les fichiers et vu que tu utilise ftpuser:ftpgroup comme utilisateur de référence pour les utilisateurs virtuel (suivant le tutoriel d'howtoforge)
tu doit avoir ce compte unix de crée et dans la table ftpgroup tous cela bien référencé. Et donc donner les accès réel à cette utilisateur dans /var/www et donc normalement depuis le client ftp tu pourra attribuer les droits que tu veut sur tes fichiers.
Enfin voilà je crois avoir tout expliqué. Après tu dois faire tes propres tests en sachant que tu as des utilisateurs virtuels qui utilise normalement tous le même utilisateur réel pour écrire les fichiers sur le systèmes, après a toi de mettre ton système en accord avec ce que tu as configurer.
Et sinon normalement la valeur de umask à 022 et une bonne valeur.
umask 022 correspond à 755 pour les répertoires et 644 pour les fichiers (une petite rechercher sur google t'en apprendra plus sur le système octal) _________________ Gigabyte MA790GP-DS4H - Phenon X4 955 - 4Go
3.0 - ~amd64
Gigabyte MA770T-UD3P - Athlon II X2 240 - 4Go
2.6.38 - ~amd64 |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|