NOTES/Pure-FTPd

[ HOME | REFERENCE | FreeBSD | MySQL | PostgreSQL | Apache | qmail | PHP | Pure-FTPd ]

introduction

I don't use the FTP daemon that comes with FreeBSD. I don't like giving my FTP users system accounts. Instead, I use Pure-FTPd with MySQL or PostgreSQL to manage users. I also created a simple web-based FTP administration interface. It adds new users, deletes users, current FTP access. You can also edit users and define what IP addresses from what users are allowed to login.

As of 2003/06/12 the web administration tools are broken with PostgreSQL. I'm working on it, give it some time.

These NOTES were done with Pure-FTPd 1.0.19.


track

  1. ports
  2. configuration
  3. setting up directories
  4. administration

ports

Install from ports

# cd /usr/ports/ftp/pure-ftpd
# make install WITH_PGSQL=1 WITH_MYSQL=1 WITH_LANG=english
# make clean

Note: Both WITH_PGSQL and WITH_MYSQL options are shown. Use the option you want to use and remove the option you're not going to use.


configuration

Create a new group and user

# mkdir /usr/data/ftp
# pw groupadd ftp -g 2097
# pw useradd ftp -u 2097 -g ftp -G www -c "PureFTPd user management" -d /usr/data/ftp -s /sbin/nologin

Make user www a part of the ftp group

# pw usermod -n www -G ftp

Edit the Pure-FTPd configuration file

# cd /usr/local/etc
# cp pure-ftpd.conf.sample pure-ftpd.conf
# chmod 664 pure-ftpd.conf
# ee pure-ftpd.conf

Edit these four lines in in the configuration file

These are a requirement especially if you plan to use Twinwork's web-based Pure-FTPd administration client. The following options are highly recommended, but tune them to your usage.

Note: If there is a # in front of it, that means it's currently commented. Remove # to uncomment that line.

Create a directory for the stats log file

# mkdir -p /usr/data/logs/pureftpd

If you plan on using MySQL, continue reading. Otherwise, if you plan on using PostgreSQL, skip the MySQL section and continue.

Create a new database just for Pure-FTPd.

# mysqladmin -u root -p create pureftpd

You'll be prompt for MySQL's root's password. After entering it, the new database will be created.

Fetch Twinwork's pureftpd-mysql.sql file and populate the database with its required tables. This will also populate the database with the sessions table for Twinwork's web-based Pure-FTPd administration client.

# cd
# fetch http://notes.twinwork.net/bin/pureftpd-mysql.sql

Then insert it into MySQL

# mysql -u root -p < pureftpd-mysql.sql

Again, you'll be prompt for a password.

Create /usr/local/etc/pureftpd-mysql.conf

# ee /usr/local/etc/pureftpd-mysql.conf

Add the following

MYSQLSocket /tmp/mysql.sock
MYSQLUser ftp
MYSQLPassword ftp
MYSQLDatabase pureftpd
MYSQLCrypt md5
MYSQLGetPW SELECT password FROM users WHERE ((ip LIKE "%\R%") || (ip = '')) AND ident="\L"
MYSQLGetUID SELECT uid FROM users WHERE ident="\L"
MYSQLGetGID SELECT gid FROM users WHERE ident="\L"
MYSQLGetDir SELECT dir FROM users WHERE ident="\L"
MySQLGetBandwidthUL SELECT ulbandwidth FROM users WHERE ident="\L"
MySQLGetBandwidthDL SELECT dlbandwidth FROM users WHERE ident="\L"
MySQLTransactions On

Change the mode of this file so no one else can view except the owner

# chmod 600 /usr/local/etc/pureftpd-mysql.conf

Here are the directions to setup PureFTPd for PostgreSQL. You may skip this section if you configured for MySQL.

Create a new user.

# sudo -u pgsql createuser -E -P -A -D ftp

When it asks for the password, use ftp.

Create a new database.

# sudo -u pgsql createdb pureftpd

Fetch Twinwork's pureftpd-pgsql.sql file and populate the database with its required tables. This will also populate the database with the sessions table for Twinwork's web-based Pure-FTPd administration client.

# cd
# fetch http://notes.twinwork.net/bin/pureftpd-pgsql.sql

Then insert it into PostgreSQL

# sudo -u pgsql psql pureftpd < pureftpd-pgsql.sql

Create /usr/local/etc/pureftpd-pgsql.conf

# ee /usr/local/etc/pureftpd-pgsql.conf

Add the following

PGSQLServer localhost
PGSQLPort 5432
PGSQLUser ftp
PGSQLPassword ftp
PGSQLDatabase pureftpd
PGSQLCrypt md5
PGSQLGetPW SELECT Password FROM users WHERE ((ip LIKE '%\R%') OR (ip = '')) AND ident='\L'
PGSQLGetUID SELECT uid FROM users WHERE ident='\L'
PGSQLGetGID SELECT gid FROM users WHERE ident='\L'
PGSQLGetDir SELECT dir FROM users WHERE ident='\L'
PGSQLGetBandwidthUL SELECT ulbandwidth FROM users WHERE ident='\L'
PGSQLGetBandwidthDL SELECT dlbandwidth FROM users WHERE ident='\L'

Change the mode of this file so no one else can view except the owner

# chmod 600 /usr/local/etc/pureftpd-pgsql.conf


setting up directories

Create a few initial directories for your FTP site.

# mkdir /usr/data/ftp/home
# mkdir /usr/data/ftp/share
# mkdir /usr/data/ftp/upload

The home directory will contain all your users. The share directory is a directory that cannot be written by your users but can be read from. The upload directory is a directory where your users can read and write to.

Generally, you want ftp:ftp to own everything in /usr/data/ftp. If you plan to use Twinwork's web-based Pure-FTPd administration client, www would also need to own a certain amount of files. User www is also part of the ftp group and the mode of all files are 664. Directories found under /usr/data/ftp would be 775. That way www will also have read/write/execute permissions as user ftp.

Why? Web-based administration allows you to add new users and create default directories for that user. It also needs the ability to delete the user's home directory. That's also the reason why the umask for /usr/local/etc/pure-ftpd.conf is 113:002.

Give ftp:ftp ownership of /usr/data/ftp and change the mode of the directories.

# chown -R ftp:www /usr/data/ftp
# chmod -R 775 /usr/data/ftp

You might want to give /usr/data/ftp/share to root:wheel. That way your ftp users can't modify it, but they will be able to read from it.

# chown root:wheel /usr/data/ftp/share
# chmod 755 /usr/data/ftp/share

Create a public directory for your user accounts. This can be helpful if your users want to upload files and have other public users who do not have access to your FTP to retrieve them. They retrieve files via HTTP. First thing to do is create the public directory and give www:www access to it.

# mkdir /usr/data/www/machine.name.com/public
# chown www:www /usr/data/www/machine.name.com/public

Note: If the directory structure doesn't look familiar to you, please consult the Apache NOTES. Also, machine.name.com would be your default server website.

Edit /etc/httpd.conf

# ee /etc/httpd.conf

Search for the <IfModule mod_userdir.c> directive, and modify it to look similar like below

<IfModule mod_userdir.c>
UserDir /usr/data/www/machine.name.com/public
</IfModule>

Combined with Twinwork's web-based Pure-FTPd administration client, users can access their pub directories with http://machine.name.com/~user.

As of 2003/01/28, the template/public.php display function is broken. The FTP admnistration client will create the symbolic links for new users if you enable them in inc/ftp.conf.php. This is for future comparability when template/public.php gets fixed. The current public page can display files and properly link them, but if there are subdirectories and files within them, those will not be linked correctly. Please only put files in the pub directory and not other directories as a temporary work around.


administration

Fetch t.ftp.template.tar.bz2 from NOTES.


references

 


Valid XHTML 1.0!QUESTIONS/COMMENTS/CORRECTIONS? notes@twinwork.net
$NOTES: /pureftpd/, v.0.24 2010/12/11 13:44:34 PST /17123/ NkM$
Maintainer: Neafevoc K. Marindale