How-To: FTP Virtual Host with ProFTPD and MySQL — page 2

1 minute read

4. Configure ProFTPd

ProFTPd main configuration file is /etc/proftpd/proftpd.conf. On Debian, proFTPd over the capability of including files from the main configuration file. Thus, we are going to create a file call /etc/proftpd/mysql.conf which we will include from the main file.

This has the advantage that if the new config is not working, we can easily comment our include and fall back to the previous config.

So, get ready with your favorite text editor, edit /etc/proftpd/mysql.conf and put the following inside:

# Force the use of mysql backend
SQLBackend                      mysql

# The passwords in MySQL are using its own PASSWORD function
SQLAuthTypes                    Backend
SQLAuthenticate                 users* groups*

# details to connect to mysql db
# dbname@host dbuser dbpass
SQLConnectInfo                  proftpddb@localhost proftpduser proftpdpassword

# Let proFTPd know the name of the columns in the user table
# Mind that this need to match the name in you table
SQLUserInfo                     ftpuser userid passwd uid gid homedir shell

# Let proFTPd know the name of the columns in the group table
# we want it to interact with. Again the names match with those in the db
SQLGroupInfo                    ftpgroup groupname gid members

# proftpd will dynamicaly create if the homedir does not yet exist
SQLHomedirOnDemand              on

# update counter when a user logs in
SQLLog                          PASS updatecount
SQLNamedQuery                   updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser

# change modified time anytime a user delete a file or upload one
SQLLog                          STOR,DELE modified
SQLNamedQuery                   modified UPDATE "modified=now() WHERE userid='%u'" ftpuser

No, let’s modify proftpd.conf and add the following lines just after Include /etc/proftpd/modules.conf:

Include /etc/proftpd/mysql.conf
RootLogin off
RequireValidShell off

The include will include our customized file, RootLogin is to off to forbid root to use the ftp service and finally RequireValidShell is to off to allow our virtual users to log in. Remember that the shell of our ftp user is /bin/false.

Finally restart proftpd:

/etc/init.d/proftpd restart

That’s it, you can now connect to your ftp server using user firstuser.

5. Tips

If you get the following error:

May 22 21:37:10 mydomain.com proftpd[9308] mydomain.com (WW.XX.YY.ZZ[WW.XX.YY.ZZ]): USER firstuser (Login failed): Invalid shell: '/sbin/nologin'

This is most probably because you forget to turn RequireValidShell to off.