i having problem with proftpd authention, when i add user via shell account.so i plan to uninstall it...can u all tell me how i can remove it?


regards.

Were you looking to remove proftpd or the user in question?

As as for making shell users work, try adding:

AuthOrder mod_auth_unix mod_sql_mysql

in the Global section in the /etc/proftpd.conf

Chris

I wanted to do a similar thing, and followed your instuctions, but got the error:
[CODE
- Fatal: AuthOrder: no such module 'mod_auth_unix' installed proftpd startup failed proftpd shutdown failed
[/CODE]

I have a 'fresh' install from Sago, so im pretty sure you will see this creep up more.

Too bad there isnt a section of nodeworx to create ftp users that belong to the server, not a site (this could work w/ dbs, and ssh logins as well).

I wanted to do a similar thing, and followed your instuctions, but got the error:
[CODE
- Fatal: AuthOrder: no such module 'mod_auth_unix' installed proftpd startup failed proftpd shutdown failed
[/CODE]


I'm dumb, let me investigate this further and get a working solution.


I have a 'fresh' install from Sago, so im pretty sure you will see this creep up more.



Too bad there isnt a section of nodeworx to create ftp users that belong to the server, not a site (this could work w/ dbs, and ssh logins as well).


General ftp/db users are really "outside" the system at this point. ssh users may be added at the node/siteworx level in the future based on user interest.

Chris

Cool, getting that up would be nice, right now im just ftping into a site, then moving it via ssh.

Even if there was an interface directly into that db table, that would be nice. I can get the db login via /etc/proftpd.conf correct? It is the 'SQLConnectInfo' line. Is it a table in the mysql db that is hidden from root? Or am I just missing it?

Adding users for ftp, and ssh via nodeWorx would be nice, but i understand you guys have more pressing issues / features.

Even if there was an interface directly into that db table, that would be nice. I can get the db login via /etc/proftpd.conf correct? It is the 'SQLConnectInfo' line. Is it a table in the mysql db that is hidden from root? Or am I just missing it?


Just a word about the setup here. The are 2 mysql instances running at any one time. 1 instance is for the system, and is your normal every day mysql on port 3306 with a unix socket at /var/lib/mysql/mysql.sock.

The second is the iworx extra special mysql instance for iworx only. It runs on 2306, has it's own set of perms and uses the unix socket at /home/interworx/var/lib/mysql.sock (if memory serves). The "root" user for the system mysql is NOT the same as the root user for the iworx mysql. They are 2 different entities. The proftpd.conf shows you the connection info for the 'iworx' user to the iworx mysql instance and you can query the iworx db direct (not that I recommend doing so) using that login info.

Chris

hmmmm. off topic, but it would probably make sence to back up this db as well. just in case I have a major crash or something.

Possible feature would be making a backup user w/ readonly to everything for this purpose, so you could backup your interworx configs, etc. This is in all honesty my bigest concern, i have all of my sytems backed up, but the interworx configs i would have to completly remake.

Whats the worst that could happen :D (I am incredibly paranoid, and will leave this alone for the time being)

My big problem now is that since proftp is chrooted, I can't get to my backup drive to transfer backups off. Even mounting(mount --bind) the directory in a 'user' directory, i still cant access the files, I was hoping this would get around it.

What im actually going to do, to kludge around this, is set up a ftp server on a local and scp remotly.

We're actually actively working on a much better backup script that will backup your entire siteworx account. This means email accounts, quotas, emails, ftp accounts, SSL certs, subdomains, etc, will be included in the backup. Also, you will also be able to *restore* backups too.

I just wish there was an easy way to make system ftp accounts (outside of a site). So i could get these backups, instead of jumping through lots of hoops :(.

Ive even gone as far as trying to mount my backup drive in a site, but it didnt help :(

What im actually going to do, to kludge around this, is set up a ftp server on a local and scp remotly.


Can you explain this a bit more eDixon? Why wouldn't simply using SCP entirely instead of FTP solve this problem? I'm not trying to nit pick, but trying to get an idea of what you'd like to see ftp-wise, and how it's better than just using SCP, which you *can* safely do as root as to see the whole filesystem.

Chris

Can you explain this a bit more eDixon? Why wouldn't simply using SCP entirely instead of FTP solve this problem? I'm not trying to nit pick, but trying to get an idea of what you'd like to see ftp-wise, and how it's better than just using SCP, which you *can* safely do as root as to see the whole filesystem.

Chris

I'm curious about this myself. I used scp to back up my files the last time I did a move. The only neagative thing is if you have lots of files but you can zip or tar them to make the process go faster.

Ah, sorry, w/ the upgrade ive neglected this thread :(

I had to scrap the scp thing, as my craptacular firewall(local) will not allow it. I should have been a little more clear. More of a situational issue than a server problem. I can scp up to the server, but coming inbound, the firewall blocks it.

Im also unable to initiate a ftp inbound, again, stupid firewall I cant bypass :(.

Ive had to return to the idea of running a second ftp server on this box on a different port.

UPDATE:

I got the AuthOrder working with the latest proftpd that was just released tonight. Simply add:


AuthOrder mod_sql.c mod_auth_unix.c


to your /etc/proftpd.conf file and you can login via a unix user acct or an iworx-cp created DB auth'd account. Just yum update first and you'll be good to go.

Chris

<VOICE char='Mr. Burns'>
Excellent
</VOICE>

Is using the update in nodeworx ok?

Thanks again. :)

Is using the update in nodeworx ok?


Yes, using the software update in NodeWorx will get you the new RPM, but you'll have to hand edit the /etc/proftpd.conf.

Chris

Updating and editing that line, and reloading the config didnt seem to enable shell users to work, but it isnt giving me errors. I will mess around w/ it some more today and see where i get.

AuthOrder mod_sql.c mod_auth_unix.c


For some reason, my yum isn't working correctly (I'll need to talk to Sago about that), so I wasn't able to yum update to the newest proftpd.

Instead, I'll detail the wrong way to do the update.


Updated via vanilla RPM from proftpd's website.
Found out that the RPM broke the special Interworx MySQL authentication.
Tried to get the new RPM version to take the modules, found out it didn't come with SQL/MySQL or Unix Auth.
Scrambled about for a solution.
Ended up following the directions at Sago's Forum by Dan (http://sagonet.com/forums/viewtopic.php?t=373) (halfway down the page) for installing from the source.
Had problems trying to get proftpd to compile with the options Dan detailed, as well as the mod_auth_unix module option.
Discovered that things from my Sago RH9 box's install of Mysql were missing due to RH's RPM-ish nature and what I think might be oddball customizations by Sago. Had to download the mysql 3.23.53 gzip from mysql.com for the includes, libraries and mysql.h header. Put materials in the places Dan's instructions said they should be.
Tried compiling again. It worked with the SQL modules as Dan's original instructions state, but not when including the mod_auth_unix. When it's included, I get some weird error that makes no sense -- something about mod_auth_unix was already included.
Gave up, installed with just the SQL modules. Worked, the Interworx users were back online.
On a lark, discovered that using the above code quote in the /etc/proftpd.conf file did indeed work for the Linux user logins and the Interworx at the same time (of course it would work, after I spent all that time gutting the FTP service and stitching it back into some Frankenstein abomination!).
Exited Linux Hell a bit singed, less an hour and a half of my lifespan and thuroughly confused. Happy, but confused.


So, now I can login with both Interworx users and Linux users. I'm happy, except for now I need to find out how to adjust FTP permissions for said Linux users.

YUM on an InterWorx box is configured to upgrade certain packages ONLY from the InterWorx upgrade sites sites (e.g. httpd) because InterWorx uses a (slightly) modified version. This could be the case for proftp. IIRC these are listed in your /etc/yum.conf file. Chris, am I on the right track here or has this changed?

YUM on an InterWorx box is configured to upgrade certain packages ONLY from the InterWorx upgrade sites sites (e.g. httpd) because InterWorx uses a (slightly) modified version. This could be the case for proftp. IIRC these are listed in your /etc/yum.conf file. Chris, am I on the right track here or has this changed?
On the 1.7.1 install, nothing was getting upgraded at all when I ran yum. That could have been due to some custom 1.7.1 upgrade config of Interworx's.

Yum kicked in during the 1.8 upgrade. This is my first experience using this combo of Interworx and RH, so I wasn't too sure what yum was supposed to be doing -- but I think I have a better picture now.

On the 1.7.1 install, nothing was getting upgraded at all when I ran yum. That could have been due to some custom 1.7.1 upgrade config of Interworx's.

Yum kicked in during the 1.8 upgrade. This is my first experience using this combo of Interworx and RH, so I wasn't too sure what yum was supposed to be doing -- but I think I have a better picture now.

Under the old 1.7.1 InterWorx your yum.conf file was pointed to the old RedHat 9 update repository (unless you moved it manually to the Fedoralegacy repository). Even if you did move it by hand, Fedoralegacy only released about 4 updates between the time I RH0 went EOL at the end of April and when I finally ditched it. Two fof them were for the CVS server which most of us don't even use.

The upgrade from 1.7.1 to 1.8.0 altered your YUM repositories to the Fedoralegacy project (for Red Hat 9 boxes) and NEW InterWorx repositories which are now distributing new RPM's for PHP, MySQL and several other "key" packages. (Okay it actually replaced the files in question)

Assuming yum is working properly (and set to auto-update in NodeWorx) once a week or so (probably less with RH9), you will get some of your software updated in the middle of the night. You can review this in the NodeWorx=>Updates screen. Ideally it will keep all (or at least most) of your software up to date (the RPM's need to be in one of the archives it searches) so you don't have to search all over the Net. Anything that you installed the old fashioned way (from source) will need to be upgraded manually.

Yum also is great because it provides a fast and easy way to install any package that would have shipped withthe OS without havig to locate it and download it.

Let's just say you want to install a package named foobar. You'd type the followung command from the shell

# yum install foobar

and assuming it was in the archive, yum would download and install the package. If it had any "dependancies" (packages the package you want needs to run correctly) it asks if it can doanload and intall them (assuming they are in the repository) and then proceeds with installing the package you want. I think it's neat.

I take it from your writing you are running RH9, so I probably get more up to date packates than you rught now because I'm running CentOS. But the principles are the same.

Tim

PS If you want to get really technical the "old" (pre 1.8.0) InterWorx used two yum conf files (yum-os.conf and yum-iworx.conf) which were consolidated to a singel yum.conf file with they update to 1.8.0

Im probably just slow...

But i still cant get shell users to work in proftpd.

Im not sure if its not working (the config) or my login metod.

I have tried for login names:
username
username @ ipaddress
username @ website

To both IP addresses, and domain names.

Im pretty sure the error exists somewhere between the chair and the keyboard.

Thanks Tim. :)

edixon: Did you upgrade Interworx to 1.8?

Im probably just slow...

But i still cant get shell users to work in proftpd.

Im not sure if its not working (the config) or my login metod.

I have tried for login names:
username
username @ ipaddress
username @ website

To both IP addresses, and domain names.

Im pretty sure the error exists somewhere between the chair and the keyboard.

Try this:

username: ftp@domain.com (you need to add the @domain.com here, not just ftp)
server: domain.com or < ipaddress >

email is the same name, the domain name is part of the username.

Lhadatt - im on 1.8

timryberg - This isnt the regular ftp logins, its the sytems user logins.
(I did the proftpd.conf mod)

Lhadatt - im on 1.8

timryberg - This isnt the regular ftp logins, its the sytems user logins.
(I did the proftpd.conf mod)

Does it matter? you still have multipe domains onthe same IP the reason for adding the domain in the first place.

Does it matter? you still have multipe domains onthe same IP the reason for adding the domain in the first place.
Uhm, what?

The main reason for enabling shell users (at least for me) is the ability to upload via FTP to places on the server other than /home/<websitedir>. Yes, it can be done with SCP/SFTP, but some users just don't like using the secure clients (and for good reason -- most of the Windows SFTP clients suck, and nothing beats FlashFXP :D ).

edixon: My amature-level guess is you might want to see if you can reinstall proftpd, via yum, reinstalling the rpm or compiling from scratch. You may want to find a friend who knows Linux to check things out if you're not familiar with doing this. I highly advise that you do not do this if you are not reasonably sure of what you are doing with Linux. I doubt Interworx or your provider would help you try to get FTP back online without some sort of charge for extra services if you break something.

proftpd seems to be kind of squirrely in dealing with how it's been configured for Interworx -- some people seem to get it to work right away, others don't. For me, it worked with the "AuthOrder mod_sql.c mod_auth_unix.c" directive on the first try after upgrading to 1.8.

Uhm, what?

Is this direccted at me?

Let me clairify if it is, in case it is. The reason you have to add the @yourdomain.com to your ftp users wither it's the default "ftp" or "tryberg" which I sometimes use is because the ftp daemon is listening to the IP's on your box and those IP's all have multiple domains on them. It helps them distinuish the FTP user on mydomain.com from the ftp user on myotherdomain.com.

You also have to do this with email (eg webmaster@yourdomain.com is different from webmaster@yourotherdomain.com). I know it's anoying but that's how it is.

InterWorx users are not regular system users [in a sense] and this a login for ftp does not work on ssh or email. Am I making any sense here? Maybe Chris or Paul can explain it better.

He's talking about allowing normal unix users to login via FTP the same way Interworx users can -- which is why the thread was made. :p

For instance, I have a normal unix user account called "josh" and a user for my niftytech.net Interworx account named "ftp@niftytech.net". Both users can login via FTP using the setup one of the Interworx employees gave us earlier in this thread. That is what he's having trouble trying to get to work.

Why would we want to do this? Well, logging in as ftp@niftytech.net only gives me access to /home/niftytechnet/. The goal is getting a FTP account that has access to more of the system than that. (Yes, using SFTP is better, but people have their preferences.)

He's talking about allowing normal unix users to login via FTP the same way Interworx users can -- which is why the thread was made. :p

For instance, I have a normal unix user account called "josh" and a user for my niftytech.net Interworx account named "ftp@niftytech.net". Both users can login via FTP using the setup one of the Interworx employees gave us earlier in this thread. That is what he's having trouble trying to get to work.

Why would we want to do this? Well, logging in as ftp@niftytech.net only gives me access to /home/niftytechnet/. The goal is getting a FTP account that has access to more of the system than that. (Yes, using SFTP is better, but people have their preferences.)

It's not just a prefference. It's a potential security problem.