Pure-ftpd: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Keine Bearbeitungszusammenfassung |
(xxx) |
||
(13 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
==== Config ==== | |||
in /etc/pure-ftpd/conf | |||
<source lang="bash"> | |||
#in /etc/pure-ftpd/conf # more * | |||
:::::::::::::: | |||
AllowDotFiles | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
AltLog | |||
:::::::::::::: | |||
clf:/var/log/pure-ftpd/transfer.log | |||
:::::::::::::: | |||
Bind | |||
:::::::::::::: | |||
x.x.x.x,21 | |||
:::::::::::::: | |||
BrokenClientsCompatibility | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
ChrootEveryone | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
CustomerProof | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
DisplayDotFiles | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
DontResolve | |||
:::::::::::::: | |||
1 | |||
:::::::::::::: | |||
MaxClientsPerIP | |||
:::::::::::::: | |||
3 | |||
:::::::::::::: | |||
MinUID | |||
:::::::::::::: | |||
32 | |||
:::::::::::::: | |||
MySQLConfigFile | |||
:::::::::::::: | |||
/etc/pure-ftpd/db/mysql.conf | |||
:::::::::::::: | |||
NoAnonymous | |||
:::::::::::::: | |||
yes | |||
:::::::::::::: | |||
PAMAuthentication | |||
:::::::::::::: | |||
no | |||
:::::::::::::: | |||
PassivePortRange | |||
:::::::::::::: | |||
33000 33100 | |||
:::::::::::::: | |||
PerUserLimits | |||
:::::::::::::: | |||
2 0 | |||
:::::::::::::: | |||
PureDB | |||
:::::::::::::: | |||
/etc/pure-ftpd/pureftpd.pdb | |||
:::::::::::::: | |||
SyslogFacility | |||
:::::::::::::: | |||
none | |||
:::::::::::::: | |||
TLS | |||
:::::::::::::: | |||
2 | |||
:::::::::::::: | |||
VerboseLog_off | |||
:::::::::::::: | |||
yes</source> | |||
==== vboxadm als Auth-Backend (MySQL)==== | |||
User must be an Domainadmin to login | |||
<source lang="php"> | |||
#/etc/pure-ftpd/db/mysql.conf | |||
# Optional : MySQL server name or IP. Don't define this for unix sockets. | |||
# MYSQLServer 127.0.0.1 | |||
# Optional : MySQL port. Don't define this if a local unix socket is used. | |||
# MYSQLPort 3306 | |||
# Optional : define the location of mysql.sock if the server runs on this host. | |||
MYSQLSocket /var/run/mysqld/mysqld.sock | |||
# Mandatory : user to bind the server as. | |||
MYSQLUser dovecot | |||
# Mandatory : user password. You must have a password. | |||
MYSQLPassword xxxx | |||
# Mandatory : database to open. | |||
MYSQLDatabase vboxadm | |||
# Mandatory : how passwords are stored | |||
# Valid values are : "cleartext", "crypt", "sha1", "md5" and "password" | |||
# ("password" = MySQL password() function) | |||
# You can also use "any" to try "crypt", "sha1", "md5" *and* "password" | |||
MYSQLCrypt crypt | |||
# In the following directives, parts of the strings are replaced at | |||
# run-time before performing queries : | |||
# | |||
# \L is replaced by the login of the user trying to authenticate. | |||
# \I is replaced by the IP address the user connected to. | |||
# \P is replaced by the port number the user connected to. | |||
# \R is replaced by the IP address the user connected from. | |||
# \D is replaced by the remote IP address, as a long decimal number. | |||
# | |||
# Very complex queries can be performed using these substitution strings, | |||
# especially for virtual hosting. | |||
# Query to execute in order to fetch the password | |||
#MYSQLGetPW SELECT Password FROM users WHERE User='\L' | |||
MYSQLGetPW SELECT passwd_crypt FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active AND m.is_domainadmin = 1 | |||
# Query to execute in order to fetch the system user name or uid | |||
MYSQLGetUID SELECT 33 as Uid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active | |||
# Optional : default UID - if set this overrides MYSQLGetUID | |||
#MYSQLDefaultUID 1000 | |||
# Query to execute in order to fetch the system user group or gid | |||
MYSQLGetGID SELECT 33 as Gid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active | |||
# Optional : default GID - if set this overrides MYSQLGetGID | |||
#MYSQLDefaultGID 1000 | |||
# Query to execute in order to fetch the home directory | |||
MYSQLGetDir SELECT CONCAT('/srv/www/',SUBSTRING_INDEX('\L', '@', -1)) as Dir FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active | |||
</source> | |||
==== vpopmail als Auth-Backend (alt) ==== | |||
from http://www.qmailinfo.org/index.php/Horde-Procmail-Filters<br> | |||
das ganze wird benötigt, um von Horde aus z.b. den Mailfilter (maildrop) zu ändern. | |||
<br> /etc/init.d/pure-ftpd_vpopmail <source lang="bash"> | |||
#! /bin/sh | |||
# Starts a pure-ftp-auth-process with vpopmail as backend and pure-ftpd on Port 2121 | |||
# | |||
# Author: Jonathan Tietz <http://crazylinux.de> | |||
# | |||
# Version: 1.0 03-Dec-2006 | |||
# | |||
set -e | |||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin | |||
DESC="Pure-Ftpd-vpopmail" | |||
NAME=pure-authd | |||
NAME2=pure-ftpd | |||
DAEMON=/usr/sbin/pure-authd | |||
PIDFILE=/var/run/pure-ftpd_auth_vpop.pid | |||
PIDFILE2=/var/run/pure-ftpd_vpop.pid | |||
SCRIPTNAME=/etc/init.d/pure-ftpd_vpop | |||
# Gracefully exit if the package has been removed. | |||
test -x $DAEMON || exit 0 | |||
# Read config file if it is present. | |||
#if [ -r /etc/default/$NAME ] | |||
#then | |||
# . /etc/default/$NAME | |||
#fi | |||
# | |||
# Function that starts the daemon/service. | |||
# | |||
d_start() { | |||
#start-stop-daemon --start --quiet --pidfile $PIDFILE \ | |||
# --exec $DAEMON | |||
/usr/sbin/pure-authd -p /var/run/pure-ftpd_auth_vpop.pid -s /var/run/pure-ftpd_auth_vpop.sock -r /usr/sbin/pure-authd_vpopmail & | |||
/usr/sbin/pure-ftpd -0 -B -A -E -H -g /var/run/pure-ftpd_vpop.pid -S 127.0.0.1,2121 -lextauth:/var/run/pure-ftpd_auth_vpop.sock | |||
} | |||
# | |||
# Function that stops the daemon/service. | |||
# | |||
d_stop() { | |||
start-stop-daemon --stop --quiet --pidfile $PIDFILE \ | |||
--name $NAME | |||
start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \ | |||
--name $NAME2 | |||
} | |||
# | |||
# Function that sends a SIGHUP to the daemon/service. | |||
# | |||
d_reload() { | |||
start-stop-daemon --stop --quiet --pidfile $PIDFILE \ | |||
--name $NAME --signal 1 | |||
start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \ | |||
--name $NAME2 --signal 1 | |||
} | |||
case "$1" in | |||
start) | |||
echo -n "Starting $DESC: $NAME" | |||
d_start | |||
echo "." | |||
;; | |||
stop) | |||
echo -n "Stopping $DESC: $NAME" | |||
d_stop | |||
echo "." | |||
;; | |||
#reload) | |||
# | |||
# If the daemon can reload its configuration without | |||
# restarting (for example, when it is sent a SIGHUP), | |||
# then implement that here. | |||
# | |||
# If the daemon responds to changes in its config file | |||
# directly anyway, make this an "exit 0". | |||
# | |||
# echo -n "Reloading $DESC configuration..." | |||
# d_reload | |||
# echo "done." | |||
#;; | |||
restart|force-reload) | |||
# | |||
# If the "reload" option is implemented, move the "force-reload" | |||
# option to the "reload" entry above. If not, "force-reload" is | |||
# just the same as "restart". | |||
# | |||
echo -n "Restarting $DESC: $NAME" | |||
d_stop | |||
sleep 1 | |||
d_start | |||
echo "." | |||
;; | |||
*) | |||
# echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 | |||
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 | |||
exit 1 | |||
;; | |||
esac | |||
exit 0 | |||
</source> | |||
Activate init-script: | |||
<source lang="bash">update-rc.d pure-ftpd_vpop defaults</source> | |||
/usr/sbin/pure-authd_vpopmail <source lang="bash"> | |||
#!/bin/bash | |||
# ftpauth: This program is called by pure-authd to check if the email l/p are correct | |||
# Copyright (C) 2005 Roman Volf | |||
# This program is free software; you can redistribute it and/or | |||
# modify it under the terms of the GNU General Public License | |||
# as published by the Free Software Foundation; either version 2 | |||
# of the License, or (at your option) any later version. | |||
# This program is distributed in the hope that it will be useful, | |||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
# GNU General Public License for more details. | |||
# You should have received a copy of the GNU General Public License | |||
# along with this program; if not, write to the Free Software | |||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | |||
VPOPHOME=/var/vpopmail | |||
## Do not change anything below here | |||
PATH=$PATH:$VPOPHOME/bin | |||
VPOPMAIL_UID=`printf "%s\0%s\0%s\0" $AUTHD_ACCOUNT $AUTHD_PASSWORD Y123457 | vchkpw id -u vpopmail 3<&0` | |||
VPOPMAIL_GID=`id -g vpopmail` | |||
DOMAIN_DIR=`vdominfo -d $DOMAIN` | |||
USER_DIR=`vuserinfo -d $AUTHD_ACCOUNT` | |||
if [ $VPOPMAIL_UID ]; then | |||
DOMAIN=`echo $AUTHD_ACCOUNT|cut -d "@" -f 2` | |||
USER=`echo $AUTHD_ACCOUNT|cut -d "@" -f 1` | |||
DOMAIN_DIR=`vdominfo -d $DOMAIN` | |||
#not used | |||
#if [ ! -f $DOMAIN_DIR/.qmail-$USER ]; then | |||
# echo "| /var/qmail/bin/preline /usr/local/bin/preprocmail" > $DOMAIN_DIR/.qmail-$USER | |||
# echo "| $VPOPHOME/bin/vdelivermail '' $USER_DIR/Maildir/" >> $DOMAIN_DIR/.qmail-$USER | |||
# chown vpopmail $DOMAIN_DIR/.qmail-$USER | |||
# chmod 600 $DOMAIN_DIR/.qmail-$USER | |||
#fi | |||
echo "auth_ok:1" | |||
echo "uid:$VPOPMAIL_UID" | |||
echo "gid:$VPOPMAIL_GID" | |||
echo "dir:$USER_DIR" | |||
echo "end" | |||
exit | |||
fi | |||
echo "auth_ok:0" | |||
echo "end" | |||
</source> | |||
[[Kategorie:Linux]] | |||
[[Kategorie:Mail]] | |||
[[Kategorie:Dovecot]] |
Aktuelle Version vom 30. August 2014, 23:32 Uhr
Config
in /etc/pure-ftpd/conf
#in /etc/pure-ftpd/conf # more *
::::::::::::::
AllowDotFiles
::::::::::::::
yes
::::::::::::::
AltLog
::::::::::::::
clf:/var/log/pure-ftpd/transfer.log
::::::::::::::
Bind
::::::::::::::
x.x.x.x,21
::::::::::::::
BrokenClientsCompatibility
::::::::::::::
yes
::::::::::::::
ChrootEveryone
::::::::::::::
yes
::::::::::::::
CustomerProof
::::::::::::::
yes
::::::::::::::
DisplayDotFiles
::::::::::::::
yes
::::::::::::::
DontResolve
::::::::::::::
1
::::::::::::::
MaxClientsPerIP
::::::::::::::
3
::::::::::::::
MinUID
::::::::::::::
32
::::::::::::::
MySQLConfigFile
::::::::::::::
/etc/pure-ftpd/db/mysql.conf
::::::::::::::
NoAnonymous
::::::::::::::
yes
::::::::::::::
PAMAuthentication
::::::::::::::
no
::::::::::::::
PassivePortRange
::::::::::::::
33000 33100
::::::::::::::
PerUserLimits
::::::::::::::
2 0
::::::::::::::
PureDB
::::::::::::::
/etc/pure-ftpd/pureftpd.pdb
::::::::::::::
SyslogFacility
::::::::::::::
none
::::::::::::::
TLS
::::::::::::::
2
::::::::::::::
VerboseLog_off
::::::::::::::
yes
vboxadm als Auth-Backend (MySQL)
User must be an Domainadmin to login
#/etc/pure-ftpd/db/mysql.conf
# Optional : MySQL server name or IP. Don't define this for unix sockets.
# MYSQLServer 127.0.0.1
# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort 3306
# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket /var/run/mysqld/mysqld.sock
# Mandatory : user to bind the server as.
MYSQLUser dovecot
# Mandatory : user password. You must have a password.
MYSQLPassword xxxx
# Mandatory : database to open.
MYSQLDatabase vboxadm
# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "sha1", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "sha1", "md5" *and* "password"
MYSQLCrypt crypt
# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.
# Query to execute in order to fetch the password
#MYSQLGetPW SELECT Password FROM users WHERE User='\L'
MYSQLGetPW SELECT passwd_crypt FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active AND m.is_domainadmin = 1
# Query to execute in order to fetch the system user name or uid
MYSQLGetUID SELECT 33 as Uid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active
# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000
# Query to execute in order to fetch the system user group or gid
MYSQLGetGID SELECT 33 as Gid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active
# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000
# Query to execute in order to fetch the home directory
MYSQLGetDir SELECT CONCAT('/srv/www/',SUBSTRING_INDEX('\L', '@', -1)) as Dir FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active
vpopmail als Auth-Backend (alt)
from http://www.qmailinfo.org/index.php/Horde-Procmail-Filters
das ganze wird benötigt, um von Horde aus z.b. den Mailfilter (maildrop) zu ändern.
/etc/init.d/pure-ftpd_vpopmail
#! /bin/sh
# Starts a pure-ftp-auth-process with vpopmail as backend and pure-ftpd on Port 2121
#
# Author: Jonathan Tietz <http://crazylinux.de>
#
# Version: 1.0 03-Dec-2006
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="Pure-Ftpd-vpopmail"
NAME=pure-authd
NAME2=pure-ftpd
DAEMON=/usr/sbin/pure-authd
PIDFILE=/var/run/pure-ftpd_auth_vpop.pid
PIDFILE2=/var/run/pure-ftpd_vpop.pid
SCRIPTNAME=/etc/init.d/pure-ftpd_vpop
# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0
# Read config file if it is present.
#if [ -r /etc/default/$NAME ]
#then
# . /etc/default/$NAME
#fi
#
# Function that starts the daemon/service.
#
d_start() {
#start-stop-daemon --start --quiet --pidfile $PIDFILE \
# --exec $DAEMON
/usr/sbin/pure-authd -p /var/run/pure-ftpd_auth_vpop.pid -s /var/run/pure-ftpd_auth_vpop.sock -r /usr/sbin/pure-authd_vpopmail &
/usr/sbin/pure-ftpd -0 -B -A -E -H -g /var/run/pure-ftpd_vpop.pid -S 127.0.0.1,2121 -lextauth:/var/run/pure-ftpd_auth_vpop.sock
}
#
# Function that stops the daemon/service.
#
d_stop() {
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--name $NAME
start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \
--name $NAME2
}
#
# Function that sends a SIGHUP to the daemon/service.
#
d_reload() {
start-stop-daemon --stop --quiet --pidfile $PIDFILE \
--name $NAME --signal 1
start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \
--name $NAME2 --signal 1
}
case "$1" in
start)
echo -n "Starting $DESC: $NAME"
d_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME"
d_stop
echo "."
;;
#reload)
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
# If the daemon responds to changes in its config file
# directly anyway, make this an "exit 0".
#
# echo -n "Reloading $DESC configuration..."
# d_reload
# echo "done."
#;;
restart|force-reload)
#
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart".
#
echo -n "Restarting $DESC: $NAME"
d_stop
sleep 1
d_start
echo "."
;;
*)
# echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0
Activate init-script:
update-rc.d pure-ftpd_vpop defaults
/usr/sbin/pure-authd_vpopmail
#!/bin/bash
# ftpauth: This program is called by pure-authd to check if the email l/p are correct
# Copyright (C) 2005 Roman Volf
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
VPOPHOME=/var/vpopmail
## Do not change anything below here
PATH=$PATH:$VPOPHOME/bin
VPOPMAIL_UID=`printf "%s\0%s\0%s\0" $AUTHD_ACCOUNT $AUTHD_PASSWORD Y123457 | vchkpw id -u vpopmail 3<&0`
VPOPMAIL_GID=`id -g vpopmail`
DOMAIN_DIR=`vdominfo -d $DOMAIN`
USER_DIR=`vuserinfo -d $AUTHD_ACCOUNT`
if [ $VPOPMAIL_UID ]; then
DOMAIN=`echo $AUTHD_ACCOUNT|cut -d "@" -f 2`
USER=`echo $AUTHD_ACCOUNT|cut -d "@" -f 1`
DOMAIN_DIR=`vdominfo -d $DOMAIN`
#not used
#if [ ! -f $DOMAIN_DIR/.qmail-$USER ]; then
# echo "| /var/qmail/bin/preline /usr/local/bin/preprocmail" > $DOMAIN_DIR/.qmail-$USER
# echo "| $VPOPHOME/bin/vdelivermail '' $USER_DIR/Maildir/" >> $DOMAIN_DIR/.qmail-$USER
# chown vpopmail $DOMAIN_DIR/.qmail-$USER
# chmod 600 $DOMAIN_DIR/.qmail-$USER
#fi
echo "auth_ok:1"
echo "uid:$VPOPMAIL_UID"
echo "gid:$VPOPMAIL_GID"
echo "dir:$USER_DIR"
echo "end"
exit
fi
echo "auth_ok:0"
echo "end"