return to I Love My Journal
A Little Closer to Center...
Musings about Life, Linux, and Latter-day Saints.
Pages
About Me
Links


Tags
PERSONAL 520
SPIRITUAL 416
LDS 312
BOOK OF MORMON 237
SCRIPTURES 154
STUDIO-JOURNEY 129
RELIGION 112
LINUX 79
COMPUTERS 65
LIFE 60
GENERAL CONFERENCE 46
GENTOO 39
MISCELLANEOUS 37
MUSIC 37
PROGRAMMING 33
CARS 29
MICROSOFT 23
FAMILY 23
AUDIO 21
I LOVE MY JOURNAL 18
FUN 15
CHILDREN 12
CURRENT EVENTS 10
NATURE'S WAY 10
VIDEO 9
DRM 9
CONEXM 7
BABBLINGS 7
PROVO CITY CENTER TEMPLE 6
FRIENDS 6
HEROD THE FINK 5
GAMES 5
COMPUTER HARDWARE 5
DRUMS 4
HAND OF GOD 3
ADVERSITY 3
KDENLIVE 3
AUDIO HARDWARE 3
GENERAL INSANITY 3
STUDIO 3
THANKS4GIVING 2
CATS 2
MY JOURNAL 1
POETRY 1
FOREVERGREEN 1
EVERYDAY THOUGHTS 1
GOSPEL 1
PARENTING 1
YOUTH CONFERENCE 1
CHURCH NOTES 1
POLITICS 1


RSS Feed

RSS FeedSubscribe!
Thu - May 29, 2008 : 06:20 pm
content
   rated 1 time
>>next>>
<<previous<<
Postgres Authentication in Proftpd
Today I was commissioned to create an FTP server here at work.  Through persistent pestering of the hideously insecure nature of FTP in general, my boss let me dedicate an entire server just for the company's need to FTP.  This was to negate the possibility of any hacking of the web server, should the FTP server be compromised.  It's even going to be  restricted to its own subnet.

All technicalities aside, my boss told me just to put up a "quick" site for a "couple" of users.  Well, I've been a web dev for long enough to know better.  A "quick" site put up quickly becomes the site everyone uses, and the subject of incessant requests for improvement.

I didn't want that to be the case for this FTP server, so I spent the time and hopefully did it right.

I'm using Proftpd 1.3.1 on gentoo (of course), and I'm authenticating through a postgres database.  Yes, it's probably overkill, but at least I'll be able to sleep at night after 5,000 people are using it each having their own repositories.

Here's how the config looks, just in case anyone is trying to do the same.

ServerName            "Natures Way FTP Server"
ServerType            standalone
DefaultServer        on
RequireValidShell    off
SQLAuthenticate        users
SQLAuthTypes        Plaintext
SQLBackend        postgres
SQLConnectInfo        proftpd@localhost username password 120
SQLDefaultHomedir    /var/ftp/default
SQLDefaultUID        21
SQLDefaultGID        21
SQLEngine        auth
SQLNamedQuery        get_user_info SELECT "username, passwd, uid,gid,homedir,shell FROM users WHERE username = '%U' LIMIT 1;"
SQLUserInfo         custom:/get_user_info

SystemLog        /var/log/ftp/system.log
TransferLog        /var/log/ftp/transfer.log
DebugLevel        9

DefaultRoot        ~

AuthPAM                off
AuthPAMConfig        ftp
Port                21
Umask                022

MaxInstances        30

User                proftpd
Group                proftpd

<Directory />
    AllowOverwrite        on
</Directory>



I created a simple table containing username, passwd, uid, gid, homedir, and shell fields and I was off!

Anyway...  I just thought of putting in a quick 'n' dirty reference for anyone trying to use postgres authentication through proftpd.

Hope it helped (and sorry it wasn't very thorough.  I had about 10 minutes to throw this together)