[lug] LAMP FTP setup

Brad Crotchett brad at bradandkim.net
Wed Jun 6 19:07:15 MDT 2007 

On Wed, 2007-06-06 at 17:08 -0700, karl horlen wrote:
> > You need an FTP server with virtual accounts.  These
> > servers use their 
> > own user database totally separate from the system
> > accounts.  The 
> > database could be as simple as username/password/ftp
> > directory, or it 
> > could include things like quotas, time-of-day
> > restrictions, etc.  Their 
> > ftp directory would be the same as their web site.
> > 
> > I use pure-ftpd, but it's not the only ftp server
> > with this support.
> 
> this probably looks like the way to go...
> 
> 1) question though.. each user directory is still
> going to require separate user permissions.  that
> essentially means creating a user account for each
> user even though the authentication now takes place
> via sequre ftp to mysql db versus standard password
> tables.  so it looks like regardless of the approach
> used, a user account needs to be created right?
> 
> 2) i imagine i can just lock the account or set the
> default shell to none for each of those real system
> accounts so that those accounts are basically useless
> right (safe)?  is that the right approach or am i off
> here?

I don't have documentation of how we had this set up, but it is entirely
possible to have ftp users that do not have an account on the system.  I
don't manage any FTP servers anymore (strictly sFTP) but we used ProFTPd
and it had this capability.  I believe PureFTPd is the better choice now
and has the same features.  Here is a link on setting it up on Debian:

http://www.howtoforge.com/pureftpd_mysql_virtual_hosting

We had it configured so that ProFTPd created the user's dir on the fly.
In other words, from a provisioning standpoint we simply propagated the
MySQL db with the user account info (including dir, shell, and quota
info) and ProFTPd took care of the rest.  Upon successful authentication
to the db, ProFTPD created the user's dir and set the permissions.  We
were only dealing with userdir and not separate sites, but I am sure it
can be done for separate sites as well.

Hope that helps,

Brad Crotchett
brad at bradandkim.net
http://www.bradandkim.net

More information about the LUG mailing list