Pages
About Me
Links
Tags
PERSONAL 520
SPIRITUAL 416
LDS 312
BOOK OF MORMON 237
SCRIPTURES 154
STUDIO-JOURNEY 129
RELIGION 112
LINUX 79
COMPUTERS 65
LIFE 60
GENERAL CONFERENCE 46
GENTOO 39
MISCELLANEOUS 37
MUSIC 37
PROGRAMMING 33
CARS 29
MICROSOFT 23
FAMILY 23
AUDIO 21
I LOVE MY JOURNAL 18
FUN 15
CHILDREN 12
CURRENT EVENTS 10
NATURE'S WAY 10
VIDEO 9
DRM 9
CONEXM 7
BABBLINGS 7
PROVO CITY CENTER TEMPLE 6
FRIENDS 6
HEROD THE FINK 5
GAMES 5
COMPUTER HARDWARE 5
DRUMS 4
HAND OF GOD 3
ADVERSITY 3
KDENLIVE 3
AUDIO HARDWARE 3
GENERAL INSANITY 3
STUDIO 3
THANKS4GIVING 2
CATS 2
MY JOURNAL 1
POETRY 1
FOREVERGREEN 1
EVERYDAY THOUGHTS 1
GOSPEL 1
PARENTING 1
YOUTH CONFERENCE 1
CHURCH NOTES 1
POLITICS 1
RSS Feed
Subscribe!Thu - May 29, 2008 : 06:20 pm
content
 |
|
|
|
|
rated 1 time |
Postgres Authentication in Proftpd
Today I was commissioned to create an FTP server here at work. Through persistent pestering of the hideously insecure nature of FTP in general, my boss let me dedicate an entire server just for the company's need to FTP. This was to negate the possibility of any hacking of the web server, should the FTP server be compromised. It's even going to be restricted to its own subnet.
All technicalities aside, my boss told me just to put up a "quick" site for a "couple" of users. Well, I've been a web dev for long enough to know better. A "quick" site put up quickly becomes the site everyone uses, and the subject of incessant requests for improvement.
I didn't want that to be the case for this FTP server, so I spent the time and hopefully did it right.
I'm using Proftpd 1.3.1 on gentoo (of course), and I'm authenticating through a postgres database. Yes, it's probably overkill, but at least I'll be able to sleep at night after 5,000 people are using it each having their own repositories.
Here's how the config looks, just in case anyone is trying to do the same.
ServerName "Natures Way FTP Server"
ServerType standalone
DefaultServer on
RequireValidShell off
SQLAuthenticate users
SQLAuthTypes Plaintext
SQLBackend postgres
SQLConnectInfo proftpd@localhost username password 120
SQLDefaultHomedir /var/ftp/default
SQLDefaultUID 21
SQLDefaultGID 21
SQLEngine auth
SQLNamedQuery get_user_info SELECT "username, passwd, uid,gid,homedir,shell FROM users WHERE username = '%U' LIMIT 1;"
SQLUserInfo custom:/get_user_info
SystemLog /var/log/ftp/system.log
TransferLog /var/log/ftp/transfer.log
DebugLevel 9
DefaultRoot ~
AuthPAM off
AuthPAMConfig ftp
Port 21
Umask 022
MaxInstances 30
User proftpd
Group proftpd
<Directory />
AllowOverwrite on
</Directory>
I created a simple table containing username, passwd, uid, gid, homedir, and shell fields and I was off!
Anyway... I just thought of putting in a quick 'n' dirty reference for anyone trying to use postgres authentication through proftpd.
Hope it helped (and sorry it wasn't very thorough. I had about 10 minutes to throw this together)
All technicalities aside, my boss told me just to put up a "quick" site for a "couple" of users. Well, I've been a web dev for long enough to know better. A "quick" site put up quickly becomes the site everyone uses, and the subject of incessant requests for improvement.
I didn't want that to be the case for this FTP server, so I spent the time and hopefully did it right.
I'm using Proftpd 1.3.1 on gentoo (of course), and I'm authenticating through a postgres database. Yes, it's probably overkill, but at least I'll be able to sleep at night after 5,000 people are using it each having their own repositories.
Here's how the config looks, just in case anyone is trying to do the same.
ServerName "Natures Way FTP Server"
ServerType standalone
DefaultServer on
RequireValidShell off
SQLAuthenticate users
SQLAuthTypes Plaintext
SQLBackend postgres
SQLConnectInfo proftpd@localhost username password 120
SQLDefaultHomedir /var/ftp/default
SQLDefaultUID 21
SQLDefaultGID 21
SQLEngine auth
SQLNamedQuery get_user_info SELECT "username, passwd, uid,gid,homedir,shell FROM users WHERE username = '%U' LIMIT 1;"
SQLUserInfo custom:/get_user_info
SystemLog /var/log/ftp/system.log
TransferLog /var/log/ftp/transfer.log
DebugLevel 9
DefaultRoot ~
AuthPAM off
AuthPAMConfig ftp
Port 21
Umask 022
MaxInstances 30
User proftpd
Group proftpd
<Directory />
AllowOverwrite on
</Directory>
I created a simple table containing username, passwd, uid, gid, homedir, and shell fields and I was off!
Anyway... I just thought of putting in a quick 'n' dirty reference for anyone trying to use postgres authentication through proftpd.
Hope it helped (and sorry it wasn't very thorough. I had about 10 minutes to throw this together)