Pure-ftpd

Aus crazylinux.de
Zur Navigation springen Zur Suche springen

1 Config

in /etc/pure-ftpd/conf

#in /etc/pure-ftpd/conf # more *
::::::::::::::
AllowDotFiles
::::::::::::::
yes
::::::::::::::
AltLog
::::::::::::::
clf:/var/log/pure-ftpd/transfer.log
::::::::::::::
Bind
::::::::::::::
x.x.x.x,21
::::::::::::::
BrokenClientsCompatibility
::::::::::::::
yes
::::::::::::::
ChrootEveryone
::::::::::::::
yes
::::::::::::::
CustomerProof
::::::::::::::
yes
::::::::::::::
DisplayDotFiles
::::::::::::::
yes
::::::::::::::
DontResolve
::::::::::::::
1
::::::::::::::
MaxClientsPerIP
::::::::::::::
3
::::::::::::::
MinUID
::::::::::::::
32
::::::::::::::
MySQLConfigFile
::::::::::::::
/etc/pure-ftpd/db/mysql.conf
::::::::::::::
NoAnonymous
::::::::::::::
yes
::::::::::::::
PAMAuthentication
::::::::::::::
no
::::::::::::::
PassivePortRange
::::::::::::::
33000 33100
::::::::::::::
PerUserLimits
::::::::::::::
2 0
::::::::::::::
PureDB
::::::::::::::
/etc/pure-ftpd/pureftpd.pdb
::::::::::::::
SyslogFacility
::::::::::::::
none
::::::::::::::
TLS
::::::::::::::
2
::::::::::::::
VerboseLog_off
::::::::::::::
yes

2 vboxadm als Auth-Backend (MySQL)

User must be an Domainadmin to login

#/etc/pure-ftpd/db/mysql.conf
# Optional : MySQL server name or IP. Don't define this for unix sockets.
# MYSQLServer     127.0.0.1

# Optional : MySQL port. Don't define this if a local unix socket is used.
# MYSQLPort       3306

# Optional : define the location of mysql.sock if the server runs on this host.
MYSQLSocket      /var/run/mysqld/mysqld.sock

# Mandatory : user to bind the server as.
MYSQLUser       dovecot

# Mandatory : user password. You must have a password.
MYSQLPassword   xxxx

# Mandatory : database to open.
MYSQLDatabase   vboxadm

# Mandatory : how passwords are stored
# Valid values are : "cleartext", "crypt", "sha1", "md5" and "password"
# ("password" = MySQL password() function)
# You can also use "any" to try "crypt", "sha1", "md5" *and* "password"
MYSQLCrypt      crypt

# In the following directives, parts of the strings are replaced at
# run-time before performing queries :
#
# \L is replaced by the login of the user trying to authenticate.
# \I is replaced by the IP address the user connected to.
# \P is replaced by the port number the user connected to.
# \R is replaced by the IP address the user connected from.
# \D is replaced by the remote IP address, as a long decimal number.
#
# Very complex queries can be performed using these substitution strings,
# especially for virtual hosting.

# Query to execute in order to fetch the password
#MYSQLGetPW      SELECT Password FROM users WHERE User='\L'
MYSQLGetPW      SELECT passwd_crypt FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active AND m.is_domainadmin = 1

# Query to execute in order to fetch the system user name or uid
MYSQLGetUID     SELECT 33 as Uid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active

# Optional : default UID - if set this overrides MYSQLGetUID
#MYSQLDefaultUID 1000

# Query to execute in order to fetch the system user group or gid
MYSQLGetGID     SELECT 33 as Gid FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active

# Optional : default GID - if set this overrides MYSQLGetGID
#MYSQLDefaultGID 1000

# Query to execute in order to fetch the home directory
MYSQLGetDir     SELECT CONCAT('/srv/www/',SUBSTRING_INDEX('\L', '@', -1)) as Dir FROM mailboxes AS m LEFT JOIN domains AS d ON m.domain_id = d.id WHERE m.local_part = CONCAT(SUBSTRING_INDEX('\L', '@', 1)) AND d.name = CONCAT(SUBSTRING_INDEX('\L', '@', -1)) AND m.is_active AND d.is_active

3 vpopmail als Auth-Backend (alt)

from http://www.qmailinfo.org/index.php/Horde-Procmail-Filters

das ganze wird benötigt, um von Horde aus z.b. den Mailfilter (maildrop) zu ändern.


/etc/init.d/pure-ftpd_vpopmail

#! /bin/sh
# Starts a pure-ftp-auth-process with vpopmail as backend and pure-ftpd on Port 2121
#
# Author:       Jonathan Tietz <http://crazylinux.de>
#
# Version:      1.0  03-Dec-2006
#

set -e

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="Pure-Ftpd-vpopmail"
NAME=pure-authd
NAME2=pure-ftpd
DAEMON=/usr/sbin/pure-authd
PIDFILE=/var/run/pure-ftpd_auth_vpop.pid
PIDFILE2=/var/run/pure-ftpd_vpop.pid
SCRIPTNAME=/etc/init.d/pure-ftpd_vpop

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

# Read config file if it is present.
#if [ -r /etc/default/$NAME ]
#then
#       . /etc/default/$NAME
#fi

#
#       Function that starts the daemon/service.
#
d_start() {
        #start-stop-daemon --start --quiet --pidfile $PIDFILE \
        #       --exec $DAEMON
                /usr/sbin/pure-authd -p /var/run/pure-ftpd_auth_vpop.pid -s /var/run/pure-ftpd_auth_vpop.sock -r /usr/sbin/pure-authd_vpopmail &
                /usr/sbin/pure-ftpd -0 -B -A -E -H -g /var/run/pure-ftpd_vpop.pid -S 127.0.0.1,2121 -lextauth:/var/run/pure-ftpd_auth_vpop.sock

}

#
#       Function that stops the daemon/service.
#
d_stop() {
        start-stop-daemon --stop --quiet --pidfile $PIDFILE \
                --name $NAME
        start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \
                --name $NAME2
}

#
#       Function that sends a SIGHUP to the daemon/service.
#
d_reload() {
        start-stop-daemon --stop --quiet --pidfile $PIDFILE \
                --name $NAME --signal 1
        start-stop-daemon --stop --quiet --pidfile $PIDFILE2 \
                --name $NAME2 --signal 1
}

case "$1" in
  start)
        echo -n "Starting $DESC: $NAME"
        d_start
        echo "."
        ;;
  stop)
        echo -n "Stopping $DESC: $NAME"
        d_stop
        echo "."
        ;;
  #reload)
        #
        #       If the daemon can reload its configuration without
        #       restarting (for example, when it is sent a SIGHUP),
        #       then implement that here.
        #
        #       If the daemon responds to changes in its config file
        #       directly anyway, make this an "exit 0".
        #
        # echo -n "Reloading $DESC configuration..."
        # d_reload
        # echo "done."
  #;;
  restart|force-reload)
        #
        #       If the "reload" option is implemented, move the "force-reload"
        #       option to the "reload" entry above. If not, "force-reload" is
        #       just the same as "restart".
        #
        echo -n "Restarting $DESC: $NAME"
        d_stop
        sleep 1
        d_start
        echo "."
        ;;
  *)
        # echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
esac

exit 0

Activate init-script:

update-rc.d pure-ftpd_vpop defaults


/usr/sbin/pure-authd_vpopmail

#!/bin/bash

#  ftpauth: This program is called by pure-authd to check if the email l/p are correct
#  Copyright (C) 2005 Roman Volf

#  This program is free software; you can redistribute it and/or
#  modify it under the terms of the GNU General Public License
#  as published by the Free Software Foundation; either version 2
#  of the License, or (at your option) any later version.

#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.

#  You should have received a copy of the GNU General Public License
#  along with this program; if not, write to the Free Software
#  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

VPOPHOME=/var/vpopmail


## Do not change anything below here

PATH=$PATH:$VPOPHOME/bin


VPOPMAIL_UID=`printf "%s\0%s\0%s\0" $AUTHD_ACCOUNT $AUTHD_PASSWORD Y123457 | vchkpw id -u vpopmail 3<&0`
VPOPMAIL_GID=`id -g vpopmail`
DOMAIN_DIR=`vdominfo -d $DOMAIN`
USER_DIR=`vuserinfo -d $AUTHD_ACCOUNT`

if [ $VPOPMAIL_UID ]; then
        DOMAIN=`echo $AUTHD_ACCOUNT|cut -d "@" -f 2`
        USER=`echo $AUTHD_ACCOUNT|cut -d "@" -f 1`
        DOMAIN_DIR=`vdominfo -d $DOMAIN`
        #not used
        #if [ !  -f $DOMAIN_DIR/.qmail-$USER ]; then
        #        echo "| /var/qmail/bin/preline /usr/local/bin/preprocmail" > $DOMAIN_DIR/.qmail-$USER
        #        echo "| $VPOPHOME/bin/vdelivermail '' $USER_DIR/Maildir/" >> $DOMAIN_DIR/.qmail-$USER
        #        chown vpopmail $DOMAIN_DIR/.qmail-$USER
        #        chmod 600 $DOMAIN_DIR/.qmail-$USER
        #fi
        echo "auth_ok:1"
        echo "uid:$VPOPMAIL_UID"
        echo "gid:$VPOPMAIL_GID"
        echo "dir:$USER_DIR"
        echo "end"
        exit
fi

echo "auth_ok:0"
echo "end"