osxsux.net

• welcome
• blog
• projects

• guestbook
• contact
• links
• login

 

...back to page 1 - ...back to page 2

putting it all together...

Recap of the pure-ftpd installation chores:

• Install pure with mysql support
• Create a startup script with appropriate switches - I have demonstrated xinetd here, but other options are detailed in the pure-ftpd documentation
• Create a pureftpd-mysql.conf file

Overview of the script installation:

• Download, unzip, and modify the config file
• Upload or save to a secured directory on your server
• use your browser to go to http://www.yourserver.com/securedirectory/userman3.php

my user manager

There is a partially working demo of the interface on page 1, this describes the installation and configuration the script. Shouldn't be a big deal if you've worked a little with mysql and php. This assumes that you're installing on a *nix server, and that you have a mysql server available (duh). This also assumes you have a webserver on the machine, otherwise you can't run this script :-)

The zip file contains 3 files, it's tiny, 6k, get it here:

• userman_config.php - you need to edit this file to include database particulars and a few site specific details. It needs to be kept in the same directory as the main script (or, for experienced php users, you know where it can go)
• userman-css - just a stylesheet that makes it pretty. Feel free to play around.
• userman3.php - the main script that you will open in a web browser (securing the script to be covered below)

The only file to edit is userman_config.php. It also contains the table schema you will need. Use your favourite db GUI (phpMyAdmin does it all) to create the table. The config file should be self-explanatory.

Upload or save the 3 files to a common, secure directory on your server. If everything went to plan, you should be able to add a user, try logging in as that user, and you should see that a directory has been created.

security

I need my user manager to be accessable to all members of my intranet, but obviously don't want anyone outside accessing it. htaccess seems to suffice, password protection alone might be enough, but I also restrict by ip to the internal 192.168.0. network. Any experts looking at this while find lots of security issues with this implementation, but like I said earlier, I'm not a bank. I run pure on a dedicated box, a little P2 500 that I picked up for under $100, so if the server was compromised in some way, really not a big deal. But that's the nature of my business, maybe not yours, so it's up to you to judge the applicablity of my solution to your environment. In the 2 years I've been running this setup, there has never been an incident.

I choose cleartext passwords because it's very common for clients to forget their login/password, and I (or anyone in the department) needs to be able to look them up easily. In this implementation, passwords are never transmitted over the the public internet, so I'm not concerned about sniffing and such.

You should keep the virtual root of your ftp server outside of you webserver root. This (I think) eliminates the possibility of an upload and execution of a malicious script from the internet.

That's all folks !

I hope you have found this information useful. I prepared this while trying to refresh my memory as to exactly how I had set this up 2 years ago, which, of course had not been documented anywhere. Now it is. You can contact me for help or bugs with the script portion of this or report inaccuracies or suggestions for improvement to this document. Thanks for taking the time to get this part!

changelog:

• packaged for human consumption Aug 31 2005
• I was previously using a dadabik interface to manage the database, I wrote my own Jul 2005, but the pureftpd configuration hasn't changed in 2 years.

 

...back to page 1 - ...back to page 2

 

site contents © bryanh except as noted within. Thursday August 28th 2008