Hi guys,
Just a quick question, I've been slowly moving all my user services to mysql backend, I realise it's probably not as good a choice as LDAP, but you tend to stick with what you know.
To that end I want to setup both Apache and VSFTP to use mysql db for virtual users. Basically I want to create virtual users that are locked into their own home dir and have apache use mysql to work out it's virtual hosts.
I can probably work out apache by myself as I've done similiar things before, but VSFTP seems to be fairly lax in the online documentation aspects so I'd appreciate any tips from the gurus.
regards
Franki
On 02/08/05, Franki franki@htmlfixit.com wrote:
Just a quick question, I've been slowly moving all my user services to mysql backend, I realise it's probably not as good a choice as LDAP, but you tend to stick with what you know.
To that end I want to setup both Apache and VSFTP to use mysql db for virtual users. Basically I want to create virtual users that are locked into their own home dir and have apache use mysql to work out it's virtual hosts.
I can probably work out apache by myself as I've done similiar things before, but VSFTP seems to be fairly lax in the online documentation aspects so I'd appreciate any tips from the gurus.
For Apache you might want to look into something like mod_auth_mysql if you want user authentication.
For vsftpd, after some Googling I turned up...
<-----------------------------------------------------------------------------------------------------------------> http://rsm.demon.co.uk/node/194
Submitted by kang (not verified) on Wed, 08/06/2005 - 09:22. I also use it with virtualhosting. It's a bit uncommon but it works ok. You have to use something like pam-mysql (if your users are stored in sql) and use eg, the site name as login then you store every site like: /var/ftp/mysite.com /var/ftp/myothersite.com and so on
as /etc/vsftpd/vsftpd.conf use something including this stuff:
chroot_local_user=YES guest_enable=YES guest_username=ftp user_sub_token=$USER local_root=/var/ftp/$USER user_config_dir=/etc/vsftpd/users_conf (if u want one) virtual_use_local_privs=YES
as /etc/pam.d/mysql:
auth optional pam_mysql.so user=sqluser \ passwd=sqlpassword host=localhost db=sqldb usercolumn=user \ passwdcolumn=passwd crypt=2
account required pam_mysql.so user=sqluser \ passwd=sqlpassword host=localhost db=sqldb usercolumn=user \ passwdcolumn=passwd crypt=2
I have been unable to use something else than crypt=2 as hashing
Anyway, good luck ! <----------------------------------------------------------------------------------------------------------------->
It should be fairly straightforward to integrate it all.
Will.
On Tuesday 02 August 2005 06:28, Will McDonald wrote:
You have to use something like pam-mysql (if your users are stored in sql)
That's what we use over here, and it works moderately well. I'd go a step further and use mod_auth_pam for Apache instead of mod_auth_mysql and use the same service. That way you can be sure that Apache authentication behaves exactly the same way as vsftpd authentication.
Thanks for that guys,
The httpd mysql link would be for the setup of virtual hosts, not for user auth.
To that end it looks like mod_vhost_mysql would be the go, I'm just looking for a RH/FC src rpm to rebuild so I can keep it all in rpm. I installed pam_mysql by rebuilding an FC4 src rpm, so I'll see how I go with this one as well. (no luck so far) http://modules.apache.org/search?id=745
If I can't find one for Redhat, I'll try and make one myself I guess, but it's been a while since I played with building rpms.
Basically my end goal is to have mail (already done on debian Woody but now to replicate on CentOS), DNS, HTTPD and TLS FTP all configured from a dedicated mysql server connected to the machines via gigabit internal networking.
That way I can write a custom Perl or PHP app that will be only accessable to me on the internal network where I can completely configure a new setup from one web form. It could cut down on my work considerably.
rgds
Franki
Simon Perreault wrote:
On Tuesday 02 August 2005 06:28, Will McDonald wrote:
You have to use something like pam-mysql (if your users are stored in sql)
That's what we use over here, and it works moderately well. I'd go a step further and use mod_auth_pam for Apache instead of mod_auth_mysql and use the same service. That way you can be sure that Apache authentication behaves exactly the same way as vsftpd authentication. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Just to throw out another option, consider looking at ProFTPd instead of VSFTPd; it supports native (as long as you compile it in) MySQL authentication and is completely configurable as to which tables and fields you can query for the login data. I can provide some quickie examples if you need.
I have for years ditched whatever FTP daemon RedHat has offered and gone right to ProFTPd on every server that needs FTP, and have never been dissappointed.
hth, -te
Franki wrote:
Hi guys,
Just a quick question, I've been slowly moving all my user services to mysql backend, I realise it's probably not as good a choice as LDAP, but you tend to stick with what you know.
To that end I want to setup both Apache and VSFTP to use mysql db for virtual users. Basically I want to create virtual users that are locked into their own home dir and have apache use mysql to work out it's virtual hosts.
I can probably work out apache by myself as I've done similiar things before, but VSFTP seems to be fairly lax in the online documentation aspects so I'd appreciate any tips from the gurus.
regards
Franki
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Troy Engel wrote:
Just to throw out another option, consider looking at ProFTPd instead of VSFTPd; it supports native (as long as you compile it in) MySQL authentication and is completely configurable as to which tables and fields you can query for the login data. I can provide some quickie examples if you need.
I have for years ditched whatever FTP daemon RedHat has offered and gone right to ProFTPd on every server that needs FTP, and have never been dissappointed.
hth, -te
Franki wrote:
Is there any reason why pam/mysql is a bad idea?
I like the idea behind VSFTP, small, fast and secure, and it handles virtual users and TLS, if pam/mysql does the trick then that sounds perfect for me.
Still, having said that if it doesn't work out in my testing, proftp would be my next option.
My perfect solution would be SSH/SFTP with chroot jails, but unfortunately thats an administration nightmare.
rgds
Franki
-
Franki -
Simon Perreault -
Troy Engel -
Will McDonald