ProFTPD Virtual User Directory

Question

Alright, I'm trying to replicate a web hosting company's basic setup here by authenticating virtual users via SQL and redirect/jail them to their directory. I've accomplished most of the goals here, with the exception of redirect/jailing them to their directory.

The directories are stored in /home/ftp and that's what DefaultRoot is set to. I want each individual user to have and be jailed into their own directory. It doesn't appear that setting homedir in SQL has any effect. Upon logging into FTP with any user, it logs into the DefaultRoot with no directory jailing or redirect.

How do I accomplish this last task?

user9517 · Accepted Answer · 2010-06-08T07:01:04.210

4

Try commenting out DefaultRoot I think it may override the values read from the database backend.

EDIT:

If DefaultRoot is set and anything other than ~ then the user will be jailed in a tree rooted at DefaultRoot.

If DefaultRoot is ~ then the user will be jailed in a tree rooted at theit home directory.

edited Jun 08 '10 at 07:01

answered Jun 07 '10 at 16:13

user9517

114,104
20
206
289

But this action invalidates the task of jailing the user to their directory, which is a step towards information security. – Nik Jun 07 '10 at 16:14
1

set `DefaultRoot` to `~` this makes the server use the users home directory wherever it comes from. – user9517 Jun 07 '10 at 17:15
+1 Agreed this works. – Richard Holloway Jun 07 '10 at 22:29

score 2 · Answer 2 · answered Jun 08 '10 at 09:26

In addition to setting DefaultRoot ~ as mentioned, what does your SQL config look like - are you actually extracting it from the database?

DefaultRoot ~

<IfModule mod_dso.c>
  LoadModule mod_sql.c
  LoadModule mod_sql_mysql.c
</IfModule>

SQLLogFile          /var/log/proftpd/mod_sql.log
PersistentPasswd    off
AuthPAM             off
AuthUserFile        /some/path/to/dummy/passwd.ftp
AuthGroupFile       /some/path/to/dummy/group.ftp
AuthOrder           mod_sql.c mod_auth_file.c

SQLConnectInfo      proftpd@localhost:3306 userdatabase password
SQLAuthTypes        Backend Crypt Plaintext OpenSSL
SQLUserInfo         user user_id password NULL NULL ftp_homedir NULL
SQLAuthenticate     users
SQLDefaultUID       14
SQLDefaultGID       50
SQLMinUserUID       13
SQLMinUserGID       49

That's a more or less concise example of doing 100% auth from the database and jailing them to their homedir as listed in the DB. If you want to also dynamically create their home directory when they log in (useful if you add them in a database and don't want to log into a server to do it) you can add:

CreateHome on dirmode 0755

...to the config. The other two dummy files listed above match your ProFTPd install, which on a Red Hat/Centos server:

passwd.ftp

ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin

group.ftp

ftp:x:50:
nobody:x:99:

This all makes your virtual users have UID/GID of 14:50 on the hard drive regardless of their login username.

ProFTPD Virtual User Directory

2 Answers2

Linked