From owner-freebsd-isp@FreeBSD.ORG Wed Mar 16 19:54:37 2005 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9B03016A4CE for ; Wed, 16 Mar 2005 19:54:37 +0000 (GMT) Received: from skyweb.ca (smtp-1.vancouver.ipapp.com [216.152.192.190]) by mx1.FreeBSD.org (Postfix) with ESMTP id E3C9E43D39 for ; Wed, 16 Mar 2005 19:54:36 +0000 (GMT) (envelope-from mjohnston@skyweb.ca) Received: from [192.168.15.82] ([64.42.246.34]) by smtp-1.vancouver.ipapp.com ; Wed, 16 Mar 2005 11:54:24 -0800 From: Mark Johnston To: "Scott St. John" In-Reply-To: <200503161844.j2GIinBi053119@kelly.talon.net> References: <200503161844.j2GIinBi053119@kelly.talon.net> Content-Type: text/plain Date: Wed, 16 Mar 2005 13:54:23 -0600 Message-Id: <1111002863.7843.8.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.0 Content-Transfer-Encoding: 7bit X-Country: CA cc: freebsd-isp@freebsd.org Subject: Re: FTP controlled by SQL X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 19:54:37 -0000 On Wed, 2005-03-16 at 13:45 -0500, Scott St. John wrote: > I have a client who wants to be able to add/remove users to an FTP site. > They do not have access to the machine so this sounds like a job for PHP and > MySQL. I have been trying (pulling hair out) with Proftp and MySQL. > > My question is: is anyone on the list doing something like this and what > are you using? I'm doing something very like this, using the ProFTPD port version 1.2.10_1 and PostgreSQL. Relevant config chunks: AuthPAM off DefaultRoot ~ SQLConnectInfo dbname@db.host.fqdn username password SQLAuthenticate users # Could also use groups SQLAuthTypes Plaintext # Passwords are stored as plaintext SQLHomedirOnDemand on # Create missing home directories SQLNegativeCache on # Cache missing usernames SQLDefaultGID 10000 # Everyone will get this GID SQLMinUserUID 10000 # Users must be at least UID 10000 SQLNamedQuery getuser SELECT "name, password, uid, NULL, '/home/' || name, NULL FROM domain WHERE name = '%U' AND enabled" SQLUserInfo custom:/getuser Basically, this turns off PAM, and authenticates using the given SQL query. It doesn't use groups (everyone gets the DefaultGID of 10000). The order in the SQLNamedQuery is significant - it's name, password, numeric uid, numeric gid, home directory, something else (sorry). %U is the username the user entered. Management of the database table is done with an internal web front-end, but it's a trivial matter of programming anyway. PHP sounds eminently suitable. HTH, Mark