Jul
02
02
ProFTPd Administrator 1.3
Install Instructions:
Upgrading Instructions:
General Instructions:
Hello,
during the last couple of weeks I spent some of my time to enhance proftpd Administrator. This is a web frontend to manage ftp accounts and the proftpd server. The project’s last release dates back to 2006, but the latest Version (1.2) has a lot of nice features. Therefore, I fixed some bugs and added a lot of new features to it and removed some others.
If you find any bugs or need help, just contact me via info(q)batland(d)de where (q) stands for @ and (d) for a dot. So far, this is the only documentation. But, I’ll add some more during the next couple of weeks if needed.
This Version has been tested with FreeBSD 7.3, Ubuntu 10.04 and SLES 10.0, but it should work on any other *nix and Windows, too, as long as mysql, proftpd, php and apache can be installed.
You’ll find all the needed information in the following paragraphs. The changelog is incomplete. I’ve applied many minor changes so that I just wrote down the important changes.
- Added a login system to the web frontend. After 10 login failures the account is automatically disabled and can be reactivated by a script.
- Management of administrators via scripts
- Password generator which is deriviate from the GWP
- Overview of the current active Bans
- support to run script when a group is added or deleted
- A separate interface for users so that they can see their quota stats without having any permissions.
- Activation and deactivation all users of a group
- German translation
- Import of users via a CSV file
- Improvement to the web GUI
- A user only belongs to one group, no secondary groups exists anymore
- Support for postgres_sql (which can be added without a problem)
- Configuration of the proftpd administrator via the webinterface because of security reasons
- Fixes system problems with the parsing of command outputs to generate the system status
- Fixes some security holes such as mysql injection
- Removed the usage of $_SERVER[’PHP_SELF’]
- Added some protection against SQL injection
- Removed warnings and minor errors
You can download the ProFTPd Administrator here.
Install Instructions:
- Setup Apache including mod_php
- Setup a MySQL Server
- You need to edit misc/database_structure_mysql/db_structure.sql. In line 89 to 94 replace each test at the end of the line by a password for the mysql database for proftpd administrator. In line 97 replace the test123 with a different password. The second account is used by the web interface for regular ftp-uses to display their quotas. This user has only read rights on some tables.
- Copy the following directories to apaches data directory: admin and userView
- Copy the configuration.xml to a directory accessible by the web server, but not accessible via the web server so that no user can download the file.
- Now edit the configuration.xml: You need to change the password in line 10 to the first password you set in the db_struture.sql file and maybe you need to change the IP of the mysql server if it is not running on localhost. Additionally check the lines 52 - 70 regarding the correct paths to the command.
- You need to set the Path to the admin directory in the admin/include_rootpath.php (2. line) and in the 3. line the path to the configuration file.
- Open the userView/index.php and change line 12 - 13 so that the correct password is set (this is the second password you choose in the db_structure.sql) and your database host.
- Before we can setup an administrator account the following Perl modules need to be installed: Term::ReadKey, XML::Simple, DBD::mysql. I suggest to use your OS package manager to install these, because if you have no experiences with cpan, it can be tough.
- Now you need to edit scripts/rootpath.pl. Set the correct path to you configuration in the 1. line including its name.
- The last step is to configure your proftpd. You find an example configuration in misc/proftpd. this includes three files: proftpd.conf, include_mysql.conf and modules.conf. In the proftpd.conf you need to set your IP address and port. Additionally, you can activate TLS or configure additional modules. In the include_mysql.conf you need to set the credentials. This is done in line 13, change test to your password you choose in db_structure.sql. Now start the proftpd server. Depending on your proftpd installation you need to edit the modules.conf file to deactivate not installed modules or to adjust the ModulePath.
- You can change the language of the userView frontend by editing the index file and including a different language file.
Upgrading Instructions:
- Change the two Password set in /misc/database_structure_mysql/upgrade_to_1.3.sql in line 11 and line 13.
- Execute the SQL Script.
- You can delete all files of the previous version.
- Copy the following directories to apaches data directory: admin and userView
- Copy the configuration.xml to a directory accessible by the web server, but not accessible via the web server so that no user can download the file.
- Now edit the configuration.xml: You need to change the password in line 10 to the first password you set in the db_struture.sql file. Additionally check the lines 52 - 70 regarding the correct paths to the command.
- You need to set the Path to the admin directory in the admin/include_rootpath.php (2. line) and in the 3. line the path to the configuration file.
- Open the userView/index.php and change line 12 - 13 so that the correct password is set
General Instructions:
Management of administrators via scripts:
| createAdmin.pl | A "createuser" unix like script. It takes no argument. All needed information will re requested interactively by the script. |
| enableAdmin.pl | First argument is the name of the administrator which shall be activated because the account is deactivated after 10 failed login attempts. |
| deleteAdmin.pl | Deletes a administrator. The scripts takes no argument. All needed information will re requested interactively by the script. |
| upDateAdminPwd.pl | Changes the password of an administrator. The scripts takes no argument. All needed information will re requested interactively by the script. |
Instructions for use import:
The cvs file needs to have the following format regarding the columns:
- Username
- Password
- Groupename
- Is deactivated (=1) or is active (=0)
- Expiration date. Set to 0 if the account does not expire. Otherwise use the following format: YYYY-MM-DD HH:MM:SS
- Real name of the user
- Address
- Notes
Note: The groups of the users need to exist otherwise the import will fail.
A few Screenshots:
(After successful login)
(create user)
(overview of all groups)
(report when the user is created)
(the overview about the used quota for a standard ftp user)
Bye, Dennis
Posted by: admin | 3 Comments
May
30
30
Patch for proftpd: New Option for CreateHome to specify a UID
Hi,
I just added a patch for proftpd to extend the functionality of the CreateHome directive. My problem was that the home directory should not be created with the owner being the ftp user, because this can lead to several problems in some deployment scenarios. Basically it boils down to this: Several
users share the same home directory and they shall be able to read each
others files, but a user shall only be able able to delete it's own
files. Currently the owner of the directory can delete all files, even though the sticky bit is set, because the
user who first logs on will own the directory and, therefore, be able to
delete all files, regarding of the files' permissions.
Therefore, I needed a way to automatically create the home directory while being able to specify the owner.
So I added a new option to the CreateHome directive. The option is called homeuid and can be used as follows:
Impressum | RSS |
Powered by NucleusCMS | Ported by VinhBoy | Designed by DemusDesign
I just added a patch for proftpd to extend the functionality of the CreateHome directive. My problem was that the home directory should not be created with the owner being the ftp user, because this can lead to several problems in some deployment scenarios. Basically it boils down to this: Several
users share the same home directory and they shall be able to read each
others files, but a user shall only be able able to delete it's own
files. Currently the owner of the directory can delete all files, even though the sticky bit is set, because the
user who first logs on will own the directory and, therefore, be able to
delete all files, regarding of the files' permissions.
Therefore, I needed a way to automatically create the home directory while being able to specify the owner.
So I added a new option to the CreateHome directive. The option is called homeuid and can be used as follows:
CreateHome on homeuid UID
So when the home directory is created the owner of the directory is set to UID. This option can be used with all the other officially supported options. For example, assume the directory /ftp already exists and the home directory of the new user is set to /ftp/foobar/new, the following directive:
CreateHome on mode 755 uid 150 gid ~ homeuid 10000
will result in creating the following directories:
The patch for mod_auth.c and mkhome.c can be found here. I'll submit this to the official proftpd project during the next couple of days. I'll inform you if the patch is accepted or not.
Bye,
Dennis
- /ftp/foobar being owned by UID 150 and GID being the new user's group.
- /ftp/foobar/new is owned by UID 10000 and GID of the new user's group.
The patch for mod_auth.c and mkhome.c can be found here. I'll submit this to the official proftpd project during the next couple of days. I'll inform you if the patch is accepted or not.
Bye,
Dennis
Posted by: admin | Add comment