pjbriggs/proftpd.conf-extract

## proftpd.conf-extract
ServerName			"Galaxy FTP File Upload"
ServerType			standalone
DefaultServer			on
PidFile                         /var/run/proftpd/proftpd-galaxy.pid

# Port 21 is the standard FTP port.
Port				21

# Don't use IPv6 support by default.
UseIPv6				off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				077

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances			30

# Set the user and group under which the server will run.
User				nobody
Group				nobody

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

# Automatically create home directory if it doesn't exist
CreateHome                      on dirmode 700

# Allow users to overwrite their files
AllowOverwrite                  on

# Allow users to resume interrupted uploads
AllowStoreRestart               on

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

# Bar use of RETR (download) since this is not a public file drop
<Limit RETR>
  DenyAll
</Limit>

# Do not authenticate against real (system) users
AuthPAM                         off

# Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
SQLPasswordEngine               on

# Set this if Galaxy user UID and/or GID are less than 999
SQLMinID			400

# Configuration that handles PBKDF2 encryption
# Set up mod_sql to authenticate against the Galaxy database
SQLEngine                       on
SQLBackend                      postgres
SQLConnectInfo                  galaxy_db@localhost:5432 <USERNAME> <PASSWORD>
SQLAuthTypes			PBKDF2
SQLPasswordPBKDF2		SHA256 10000 24
SQLPasswordEncoding             base64
SQLAuthenticate                 users

# For PBKDF2 authentication
# See http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.html
SQLPasswordUserSalt sql:/GetUserSalt

# Define a custom query for lookup that returns a passwd-like entry for PBKFD2
#  UID and GID should match your Galaxy user.
SQLUserInfo                     custom:/LookupGalaxyUser
SQLNamedQuery			LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/opt/galaxy/ftp_uploads/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

# Define custom query to fetch the password salt
SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"
	ServerName "Galaxy FTP File Upload"
	ServerType standalone
	DefaultServer on
	PidFile /var/run/proftpd/proftpd-galaxy.pid

	# Port 21 is the standard FTP port.
	Port 21

	# Don't use IPv6 support by default.
	UseIPv6 off

	# Umask 022 is a good standard umask to prevent new dirs and files
	# from being group and world writable.
	Umask 077

	# To prevent DoS attacks, set the maximum number of child processes
	# to 30. If you need to allow more than 30 concurrent connections
	# at once, simply increase this value. Note that this ONLY works
	# in standalone mode, in inetd mode you should use an inetd server
	# that allows you to limit maximum number of processes per service
	# (such as xinetd).
	MaxInstances 30

	# Set the user and group under which the server will run.
	User nobody
	Group nobody

	# To cause every FTP user to be "jailed" (chrooted) into their home
	# directory, uncomment this line.
	DefaultRoot ~

	# Automatically create home directory if it doesn't exist
	CreateHome on dirmode 700

	# Allow users to overwrite their files
	AllowOverwrite on

	# Allow users to resume interrupted uploads
	AllowStoreRestart on

	# Bar use of SITE CHMOD by default
	<Limit SITE_CHMOD>
	DenyAll
	</Limit>

	# Bar use of RETR (download) since this is not a public file drop
	<Limit RETR>
	DenyAll
	</Limit>

	# Do not authenticate against real (system) users
	AuthPAM off

	# Set up mod_sql_password - Galaxy passwords are stored as hex-encoded SHA1
	SQLPasswordEngine on

	# Set this if Galaxy user UID and/or GID are less than 999
	SQLMinID 400

	# Configuration that handles PBKDF2 encryption
	# Set up mod_sql to authenticate against the Galaxy database
	SQLEngine on
	SQLBackend postgres
	SQLConnectInfo galaxy_db@localhost:5432 <USERNAME> <PASSWORD>
	SQLAuthTypes PBKDF2
	SQLPasswordPBKDF2 SHA256 10000 24
	SQLPasswordEncoding base64
	SQLAuthenticate users

	# For PBKDF2 authentication
	# See http://dev.list.galaxyproject.org/ProFTPD-integration-with-Galaxy-td4660295.html
	SQLPasswordUserSalt sql:/GetUserSalt

	# Define a custom query for lookup that returns a passwd-like entry for PBKFD2
	# UID and GID should match your Galaxy user.
	SQLUserInfo custom:/LookupGalaxyUser
	SQLNamedQuery LookupGalaxyUser SELECT "email, (CASE WHEN substring(password from 1 for 6) = 'PBKDF2' THEN substring(password from 38 for 69) ELSE password END) AS password2,400,400,'/opt/galaxy/ftp_uploads/%U','/bin/bash' FROM galaxy_user WHERE email='%U'"

	# Define custom query to fetch the password salt
	SQLNamedQuery GetUserSalt SELECT "(CASE WHEN SUBSTRING (password from 1 for 6) = 'PBKDF2' THEN SUBSTRING (password from 21 for 16) END) AS salt FROM galaxy_user WHERE email='%U'"