# vsftpd, pure-ftpd, or else?

## midnite

A typical need for a web hosting server - web based user registration with ftp upload accounts.

My server uses Apache + PHP + MySQL.

i have tried pure-ftpd before. But i want to try a new ftp daemon this time. i came across vsftpd. i was attracted by his claim "Very Secure".

For convenience, of course we want everything to be automatic. Users register on a web page. Data stored into the MySQL database. Then the ftp server can accept login with the username and password just specified in the MySQL database. And of course, chroot-ed into their own directory.

i have been searching solutions to this setting for a whole day. i have a few links to share:vsftpd + MySQL: http://knol.google.com/k/aihedanmu-adili/vsftp-mysql-virtual-user-configuration/dd1hcwzb71x3/5#

vsftpd + MySQL (chinses version of previous): http://soft.zdnet.com.cn/software_zone/2007/1007/538537.shtml

vsftpd + MySQL: http://www.digitalnerds.net/featured/vsftpd-with-mysql-backend/

vsftpd + MySQL (chinese): http://blog.chinaunix.net/u/7546/showart_691662.html

vsftpd + MySQL (chinese): http://linux.chinaunix.net/techdoc/database/2008/05/12/1002371.shtml

PureFTPd + MySQL: http://www.howtoforge.com/pureftpd_mysql_virtual_hosting* it's not my preference to find chinese sites. Yet not much resources are talking about this issue, strangely.

Here are my questions,What is the different between auth sufficient ... (from URL d) and auth required ... (from URL a)?

As we may find in URL (d), it has many attributes in the line auth sufficient ... and account sufficient .... Are there any attributes are not shown? Is there any documentation for what attributes we can specify?

As i found from those resources, vsftpd seems do not allow us to specify different root directories for different virtual users by MySQL table entries. Is it the only way to have TOTALLY different chroot directories for different users, is setting up user_config_dir and specifying different configurations for different users in separated files respectively? It is definitely not scalable  :Sad: 

In the man vsftpd.conf, do the default anon_umask=077 and local_uamsk=077 mean 0077?

From URL f, i can see that PureFTPd supports MySQL a lot batter than vsftpd does, as we can specify MYSQLGetDir, MySQLGetBandwidthUL, MySQLGetBandwidthDL, MySQLGetQTASZ from MySQL table entries (or am i missing anything for vsftpd?). And also, PureFTPd says it is security first too! My doubt is, can vsftpd achieve those settings by MySQL table entries? And also, is vsftpd essentially outperform PureFTPd on security?

Last but not least, is there any ftp daemon else fit the above requirements - use MySQL authentication, specific chroot, secure, performance, and easy to configure?

Thanks very much. Any input will be greatly appreciated!!!!!

----------

## VinzC

1 and 2. See http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/old/pam-4.html

The difference is «required» makes authentication fail if the plugin (ldap, mysql, file,...) fails. If the module succeds the next module in the chain is involved. With «sufficient» authentication succeeds if the module succeeds and none of the previous «required» modules failed. A failure with a «sufficient» module will not make authentication fail but just use the next module in the chain.

Indeed vsftp stands for very secure. This means vsftp core was target with security in mind, i.e. reduce exploits as much as possible on the server. Remember that FTP doesn't prevent from stealing passwords over the Internet.

Also vsftp uses PAM for authentication. Since PAM allows for using a database, vsftp may work with mysql. See pam_mysql for more information. I've already installed vsftp with LDAP authentication (through PAM, of course). It should also work fine with MySQL.

----------

