vsftpd or pureftp addition?
- Thread starter Dark_Wizard
- Start date
- Status
nobaloney
NoBaloney Internet Svcs - In Memoriam †
@scsi:
It's perfectly reasonable to add a vote to a Feature Request; that's how DirectAdmin staff can decide whether or not there's enough interest to build the feature into the base DirectAdmin system.
Jeff
It's perfectly reasonable to add a vote to a Feature Request; that's how DirectAdmin staff can decide whether or not there's enough interest to build the feature into the base DirectAdmin system.
Jeff
zEitEr
Super Moderator
I'd like to have a choice what to use (option in DA to switch a program):
1. ProFTPd
2. PureFTPd
1. ProFTPd
2. PureFTPd
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Did you see the post DirectAdmin Support made in this thread (post 22).
It shows you the case under which Pure FTP won't work.
Jeff
It shows you the case under which Pure FTP won't work.
Jeff
zEitEr
Super Moderator
Yes, I did. That's why it would be great to give an option to select.
In case if Directadmin is used for a single user (not for shared hosting) or without private IPs - they can select PureFTPd.
In other cases - they can use ProFTPd.
p.s. A little bit wrong link, you gave Jeff.
In case if Directadmin is used for a single user (not for shared hosting) or without private IPs - they can select PureFTPd.
In other cases - they can use ProFTPd.
p.s. A little bit wrong link, you gave Jeff.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
zEitEr
Super Moderator
Sorry Jeff, my mistake. I was confused by the topic's subject.
While I saw John's answers before in another thread.
While I saw John's answers before in another thread.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
In what way is the poll loaded?
Perhaps it's lop-sided because most people don't realize the limitatoins of using VSFTPD or Pure FTPd.
Jeff
- Joined
- Feb 27, 2003
- Messages
- 8,509
Also the question is grotesquely weighted in a one-sided manner voiding any point to the poll, and we'll likely ignore it. A proper poll needs the options, eg "keep proftpd" or "try pureftp/vsftpd".. and then in the actual post, put the pros-cons to each. If you guys want to create a proper poll question, and avoid weighting the question, then we'll look at it with more seriousness. I'm not voiding the idea, just the poll results since the question is very skewed.
John
LawsHosting
Verified User
TBH, I'd like to have the option to install ProFTP or others, to not force people that think "if it isn't broke, don't fix it" to change.....
As John said, whats the pro's & con's - loads of con's from a programming point of view I imagine.
As John said, whats the pro's & con's - loads of con's from a programming point of view I imagine.
- Joined
- Feb 27, 2003
- Messages
- 8,509
The main issue with pure-ftp is that it doesn't support VirtualHosts. Note that the --with-virtualhost option (I believe) only applies to anonymous ftp accounts, and doesn't let us specify seperate ftp password files based on IP.
vsftpd can do virtualhosts, but it's in a slightly hacky form.. it could work though. Basically, you'd run a seperate ftp deamon for each IP. If you add a new IP to the box, an entire new isntance of vsftpd would start up to listen for that IP once assigned to a User. I personally don't like this as "restarting" the service would be quite confusing since they'd all be running with the same names but be totally seperate and their own process master. Messy.
What might be the best option is to have a directadmin.conf flag which would specify something to the extent of "allow private ftp accounts".. (internally set to 1 by default) so that if you manually set it to 0, then all accounts created in DA are forced into the main /etc/proftpd.passwd file (convertion of ftp.passwd to proftpd.passwd required).. and you can then very easily you any ftp program you wish. If you do that, you'd lose the ability to have private "username" ftp accounts, except your DA account names. The private username ftp accounts are really the only reason we've got the VirtualHosts for the IPs. If we didn't need the "username" account format, and people could live with [email protected] ftp account formats for all domain types, then it would be a piece of cake with the proposed directadmin.conf option.
So the question would come down to... how much does everyone like the ability to add an ftp account named "username" on an owned IP? If they can live with [email protected] for all ftp accounts, then this directadmin.conf option will work. (note that the DA usernames are exempt from this, they'll always be just "username")
Right now I'm figuring out the multi-IP issue with ftp accounts, which is somewhat related. (Leaning towards option 1)
John
vsftpd can do virtualhosts, but it's in a slightly hacky form.. it could work though. Basically, you'd run a seperate ftp deamon for each IP. If you add a new IP to the box, an entire new isntance of vsftpd would start up to listen for that IP once assigned to a User. I personally don't like this as "restarting" the service would be quite confusing since they'd all be running with the same names but be totally seperate and their own process master. Messy.
What might be the best option is to have a directadmin.conf flag which would specify something to the extent of "allow private ftp accounts".. (internally set to 1 by default) so that if you manually set it to 0, then all accounts created in DA are forced into the main /etc/proftpd.passwd file (convertion of ftp.passwd to proftpd.passwd required).. and you can then very easily you any ftp program you wish. If you do that, you'd lose the ability to have private "username" ftp accounts, except your DA account names. The private username ftp accounts are really the only reason we've got the VirtualHosts for the IPs. If we didn't need the "username" account format, and people could live with [email protected] ftp account formats for all domain types, then it would be a piece of cake with the proposed directadmin.conf option.
So the question would come down to... how much does everyone like the ability to add an ftp account named "username" on an owned IP? If they can live with [email protected] for all ftp accounts, then this directadmin.conf option will work. (note that the DA usernames are exempt from this, they'll always be just "username")
Right now I'm figuring out the multi-IP issue with ftp accounts, which is somewhat related. (Leaning towards option 1)
John
Richard G
Verified User
Sorry but I don't believe that. Also in Cpanel the admin can choose between using pure-ftpd or another one.
Next to that I'm running pure-ftpd on my home server for years now. You can use virtual useraccounts based on ip or hostname, you can do more with pure-ftpd then with proftpd to my idea.
The next question is why you would need seperate ftp password files based on ip address? I don't think very much users will use this function. However, it is possible with pure-ftpd.
And if Cpanel can, I can't imagine why Directadmin should not be able to use it.
If you don't believe my statement about the accounts based on ip address, please have a look at the pure-ftpd documentation, the virtual user part.
As you can see... several options, even with mask, to allow or deny hosts/ip's.
I would therefore like to suggest a choice option like Cpanel has, between proftpd and pure-ftpd (or vsftpd and pure-ftpd).
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
Ok, good, you've got some experience and know how it can be done.
Can you elaborate on how one can use different password files based on IPs? Once we know that, we can look at adding the option. I wasn't able to find any documentation on it, hence I had my doubts it was possible.
Your statement about the pure-pw command does not help us with that. They would still all be stored in one password file and just be denied from logging into other IPs (if I read it right, let me know if I'm wrong here). This also does not help with the duplicate usernames. Only sperate password files can help with that.
After reading over reviews, I'd lean towards pure-ftp over vsftp, and if it can be integrated into what we've already got, even better.
However, the argument that "cpanel can do it" doesn't mean it's possible with what I'm talking about. They may not allow duplicate usernames. Many IPs could be connected to, but they may all use the same password file, so need unique usernames. What I'm referring to is the ability to use a different password file, which allows for duplicate usernames for each IPs, and those username could be directed to different locations.
So if you have any information on how one can use pure-ftp to do that, please, let me know, as that's what's holding things up.
John
Ok, good, you've got some experience and know how it can be done.
Can you elaborate on how one can use different password files based on IPs? Once we know that, we can look at adding the option. I wasn't able to find any documentation on it, hence I had my doubts it was possible.
Your statement about the pure-pw command does not help us with that. They would still all be stored in one password file and just be denied from logging into other IPs (if I read it right, let me know if I'm wrong here). This also does not help with the duplicate usernames. Only sperate password files can help with that.
After reading over reviews, I'd lean towards pure-ftp over vsftp, and if it can be integrated into what we've already got, even better.
However, the argument that "cpanel can do it" doesn't mean it's possible with what I'm talking about. They may not allow duplicate usernames. Many IPs could be connected to, but they may all use the same password file, so need unique usernames. What I'm referring to is the ability to use a different password file, which allows for duplicate usernames for each IPs, and those username could be directed to different locations.
So if you have any information on how one can use pure-ftp to do that, please, let me know, as that's what's holding things up.
John
Richard G
Verified User
Not on different files. Different ip's and passwords is no problem, but indeed this is all done in 1 password file if you are making use of the virtual users option. But there are more possibility's, f.e. mysql or custom scripting.
Correct, 1 password file, but in that 1 file you can create various users with various ip's.
I'm just not sure I understand what you exactly expect from the IP's, should this be a restriction for every user?
Because I don't see any ip stuff in DA at te moment (I can be mistaken) and can login to my DA account from every IP I would like to. So that's why I don't understand the IP requirement you're talking about.
However, with duplicate usernames there would be a problem, so in that case maybe the mysql option is maybe better or another method.
I just had a look on how the concurrent panel is doing it and they are making use of external authentication.
ExtAuth /var/run/ftpd.sock
Maybe that helps. However, I'm no coder or programmer so I wouldn't know how to create something like this, but there is some documentation about that on the pureftpd site.
I also had a look how about duplicate usernames over there, but that is not possible because they make the ftp user as an email address, like [email protected] so there could well be a [email protected], same username, not conflicting because of the domainname added to the accountname.
Last edited:
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
Thanks for the info. The ExtAuth may indeed be a solution to the seperate password file problem.
The issue is that for "owned" IPs, the main domain of a User has the ability to create ftp account names with just "user", and no trailing @domain.com. Proftpd supports VirtualHosts, just like apache does, hence you can have "user" under an IP from DA user bob, and another "user" under a different IP for Da user fred.
There are a few other issues at play, namely the multi-IP system that supports both shared and owned IPs, backups, changing IPs, and the ability to support other ftp daemons. etc.. it gets quite messy quickly.
I've been toiling over the issue for some time now, and I believe that option 3 of the versions entry here:
http://www.directadmin.com/features.php?id=1134
is likely going to be the best option. It's quite simple, adds far more simplicity to the system, allows for any ftp daemon you want, and solves the mentioned ftp login issues with the multi-IP system.
The only catch is that we'd lose the ability to have just "user" logins for added ftp accounts (the DA usernames would not be affected, they'd renamed "username", since they're not unique to any domain, and only unique to the server)
In any case, Option 3 is an ultimatum in that the Admin must decide if he wants the "user" format. If he does, he'd lose the ability to have the multi-IP system, since it's too complex with the ftp setup we've got. If he doesn't need the "user" format (small price to pay in my mind), then he gains all the added benefits of support for multi-IP (which would work better with the added simplicity) and support for any ftp daemon he'd like.
If this option is added, we would likely have it the new default. Support for pureftp would then likely be added to custombuild.
Nothing is yet set in stone, so I'd like feedback on the "user" ftp login format.. how badly people need it, or if it's a reasonable sacrifice for all of the other benefits (I don't think any other CP would have it, in combined with the multi-ip system anyway due to the complexity of it all)
Let me know what you guys think.
John
Thanks for the info. The ExtAuth may indeed be a solution to the seperate password file problem.
The issue is that for "owned" IPs, the main domain of a User has the ability to create ftp account names with just "user", and no trailing @domain.com. Proftpd supports VirtualHosts, just like apache does, hence you can have "user" under an IP from DA user bob, and another "user" under a different IP for Da user fred.
There are a few other issues at play, namely the multi-IP system that supports both shared and owned IPs, backups, changing IPs, and the ability to support other ftp daemons. etc.. it gets quite messy quickly.
I've been toiling over the issue for some time now, and I believe that option 3 of the versions entry here:
http://www.directadmin.com/features.php?id=1134
is likely going to be the best option. It's quite simple, adds far more simplicity to the system, allows for any ftp daemon you want, and solves the mentioned ftp login issues with the multi-IP system.
The only catch is that we'd lose the ability to have just "user" logins for added ftp accounts (the DA usernames would not be affected, they'd renamed "username", since they're not unique to any domain, and only unique to the server)
In any case, Option 3 is an ultimatum in that the Admin must decide if he wants the "user" format. If he does, he'd lose the ability to have the multi-IP system, since it's too complex with the ftp setup we've got. If he doesn't need the "user" format (small price to pay in my mind), then he gains all the added benefits of support for multi-IP (which would work better with the added simplicity) and support for any ftp daemon he'd like.
If this option is added, we would likely have it the new default. Support for pureftp would then likely be added to custombuild.
Nothing is yet set in stone, so I'd like feedback on the "user" ftp login format.. how badly people need it, or if it's a reasonable sacrifice for all of the other benefits (I don't think any other CP would have it, in combined with the multi-ip system anyway due to the complexity of it all)
Let me know what you guys think.
John
- Status