Asterisk Blacklist Hobby webbhotell



Filed under: Server — Mathz @ 21:56

How to install and configure pure-ftpd

This is how to install and configure the pure-ftpd ftp server on your Ubuntu or Debian server or workstation.
First use apt to download and install the pure-ftpd package – it is available from default repositories :

root@box:~# apt-get install pure-ftpd
Setting up pure-ftpd (1.0.21-11ubuntu1) ...
Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -u 1000 -E -O clf:/var/log/pure-ftpd/transfer.log -B

As the latest line of apt output tells us, the server is already started with some default options passed to the binary via the command line.

The way to configure pure-ftpd is quite different from to other Debian / Ubuntu software. When installed as a service and started during the init process, pure-ftpd is invoked by a script called pure-ftpd-wrapper. What’s unusual is that instead of reading a single configuration file for all options, the script uses a directory full of one-line files. Let’s have a look in /etc/pure-ftpd/conf :

root@box:~# cd /etc/pure-ftpd/conf/
root@box:/etc/pure-ftpd/conf# ls -la
total 24K
-rw-r--r-- 1 root 36 2007-06-22 02:01 AltLog
-rw-r--r-- 1 root 5 2007-06-22 02:01 MinUID
-rw-r--r-- 1 root 4 2007-06-22 02:01 NoAnonymous
-rw-r--r-- 1 root 4 2007-06-22 02:01 PAMAuthentication
-rw-r--r-- 1 root 28 2007-06-22 02:01 PureDB
-rw-r--r-- 1 root 3 2007-06-22 02:01 UnixAuthentication

Each of those files describes a command-line option of the pure-ftpd server. For example, the file AltLog contains the format of, and path to, the tranfer log file :

root@box:/etc/pure-ftpd/conf# cat AltLog

Let’s now set some of the basic options by editing those one-liners (our server will listen to port 21 on all available interfaces, and will use IP and ports 4500-4600 for passive mode – don’t forget to forward those from your NAT router if you are behind one):

root@box:/etc/pure-ftpd/conf# echo ,21 > Bind
root@box:/etc/pure-ftpd/conf# echo > ForcePassiveIP
root@box:/etc/pure-ftpd/conf# echo 4500 4600 > PassivePortRange

Now for some recommended security stuff :

root@box:/etc/pure-ftpd/conf# echo yes > ChrootEveryone
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesRead
root@box:/etc/pure-ftpd/conf# echo yes > ProhibitDotFilesWrite
root@box:/etc/pure-ftpd/conf# echo yes > NoChmod
root@box:/etc/pure-ftpd/conf# echo yes > BrokenClientsCompatibility

Let’s also set some limits to avoid abuse :

root@box:/etc/pure-ftpd/conf# echo 4 > MaxClientsPerIP
root@box:/etc/pure-ftpd/conf# echo 20 > MaxClientsNumber

Now the important thing we need to decide is what user authorization method(s) our server will support. Options include Unix Authentication (anyone with a login account on the server will have ftp access), but I chose PureDB authentication, which involves a dedicated pure-ftpd “virtual users” base.
So let’s disable Unix and PAM auth, set the path to the PureDB user file, and add PureDB as an auth method by linking to it from the /etc/pure-ftpd/auth directory :

root@box:/etc/pure-ftpd/conf# echo no > PAMAuthentication
root@box:/etc/pure-ftpd/conf# echo no > UnixAuthentication
root@box:/etc/pure-ftpd/conf# echo /etc/pure-ftpd/pureftpd.pdb > PureDB
root@box:/etc/pure-ftpd/conf# ln -s /etc/pure-ftpd/conf/PureDB ../auth/50pure

Let’s now create a (system) user and group that will be bound to all ftp virtual users. For security reasons, that special user should have no home directory (-d /bin/null) and no shell access (-s /bin/false) :

root@box:/etc/pure-ftpd/conf# groupadd -g 2001 ftpgroup
root@box:/etc/pure-ftpd/conf# useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

We can now use the pure-pw command to add our first virtual user (don’t forget the “pure-pw mkdb” command : it is required to commit/confirm changes to the user file)

root@box:/etc/pure-ftpd/conf# pure-pw useradd myfirstuser -u ftpuser -d /var/ftp/public/
Enter it again:
root@box:/etc/pure-ftpd/conf# pure-pw mkdb

Let’s add TLS/SSL support and generate a private certificate (you will be asked to provide some information to put in the cert)
root@box:/etc/pure-ftpd/conf# apt-get install openssl
root@box:/etc/pure-ftpd/conf# echo 1 > TLS
root@box:/etc/pure-ftpd/conf# openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Generating a 1024 bit RSA private key
root@box:/etc/pure-ftpd/conf# chmod 600 /etc/ssl/private/pure-ftpd.pem

Let’s finally restart the server with our all-new config :

root@box:/etc/pure-ftpd/conf# /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -X -b -u 1000 -C 4 -E -S ,21 -x -c 20 -R -A -p 4500:4600 -O clf:/var/log/pure-ftpd/transfer.log -Y 1 -P -B

All done ! Enjoy a simple, robust and secure ftp server.

How to configure pure-ftpd-mysql on ubuntu:

Powered by WordPress