4. Configure ProFTPd
ProFTPd main configuration file is /etc/proftpd/proftpd.conf. On Debian, proFTPd over the capability of including files from the main configuration file. Thus, we are going to create a file call /etc/proftpd/mysql.conf which we will include from the main file.
This has the advantage that if the new config is not working, we can easily comment our include and fall back to the previous config.
So, get ready with your favorite text editor, edit /etc/proftpd/mysql.conf and put the following inside:
# Force the use of mysql backend SQLBackend mysql # The passwords in MySQL are using its own PASSWORD function SQLAuthTypes Backend SQLAuthenticate users* groups* # details to connect to mysql db # [email protected] dbuser dbpass SQLConnectInfo [email protected] proftpduser proftpdpassword # Let proFTPd know the name of the columns in the user table # Mind that this need to match the name in you table SQLUserInfo ftpuser userid passwd uid gid homedir shell # Let proFTPd know the name of the columns in the group table # we want it to interact with. Again the names match with those in the db SQLGroupInfo ftpgroup groupname gid members # proftpd will dynamicaly create if the homedir does not yet exist SQLHomedirOnDemand on # update counter when a user logs in SQLLog PASS updatecount SQLNamedQuery updatecount UPDATE "count=count+1, accessed=now() WHERE userid='%u'" ftpuser # change modified time anytime a user delete a file or upload one SQLLog STOR,DELE modified SQLNamedQuery modified UPDATE "modified=now() WHERE userid='%u'" ftpuser
No, let’s modify
proftpd.conf and add the following lines just after Include /etc/proftpd/modules.conf:
Include /etc/proftpd/mysql.conf RootLogin off RequireValidShell off
The include will include our customized file, RootLogin is to off to forbid root to use the ftp service and finally RequireValidShell is to off to allow our virtual users to log in. Remember that the shell of our ftp user is /bin/false.
Finally restart proftpd:
That’s it, you can now connect to your ftp server using user firstuser.
If you get the following error:
May 22 21:37:10 mydomain.com proftpd mydomain.com (WW.XX.YY.ZZ[WW.XX.YY.ZZ]): USER firstuser (Login failed): Invalid shell: '/sbin/nologin'
This is most probably because you forget to turn RequireValidShell to off.