Install Pure-FTPd with mysql backend

# sh
apt-get install pure-ftpd-mysql

Create a unix user and a group that will run the ftp server

# sh
groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

Create a database and a table that will store virtual users account information

# sh
mysql -u root -p

GRANT SELECT ON pureftpd.* TO ftpd@localhost IDENTIFIED BY 'mypasswd';
FLUSH PRIVILEGES;
CREATE DATABASE pureftpd;
USE pureftpd;

CREATE TABLE users (
user varchar(30) NOT NULL,
password varchar(64) NOT NULL,
home varchar(128) NOT NULL,
uid smallint(5) NOT NULL default 2001,
gid smallint(5) NOT NULL default 2001,
bandwidth_limit_upload smallint(5) NOT NULL default 0,
bandwidth_limit_download smallint(5) NOT NULL default 0,
ip_allow varchar(15) NOT NULL default 'any',
quota smallint(5) NOT NULL default '0',
quota_files int(11) NOT NULL default 0,
active enum('yes','no') NOT NULL default 'yes',
PRIMARY KEY (user),
UNIQUE KEY User (user)
) TYPE=MyISAM;

INSERT INTO users (user, password, home) VALUES ('username', MD5('mypasswd'), '/home/username');

quit;

Configure Pure-ftpd (pico /etc/pure-ftpd/db/mysql.conf). Remove everything from the default configuration file and add these lines:

# sh
MYSQLSocket /var/run/mysqld/mysqld.sock
MYSQLUser ftpd
MYSQLPassword mypasswd
MYSQLDatabase pureftpd
MYSQLCrypt md5
MYSQLDefaultUID 2001
MYSQLDefaultGID 2001
MYSQLGetPW SELECT password FROM users WHERE user = "\L" AND active = "yes"  AND (ip_allow = "any" OR ip_allow LIKE "\R")
MYSQLGetDir SELECT home FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetBandwidthUL SELECT bandwidth_limit_upload FROM users WHERE user = "\L" AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetBandwidthDL SELECT bandwidth_limit_download FROM users WHERE user = "\L" AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetQTASZ SELECT quota FROM users WHERE user = "\L"AND active = "yes"  AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetQTAFS SELECT quota_files FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R") 

replace the password field by your own

Fine tuning

# sh
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

This will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory

# sh
echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir

This will make PureFTPd create a user’s home directory when the user logs in and the home directory does not exist yet.

# sh
echo "yes" > /etc/pure-ftpd/conf/DontResolve

This will make that PureFTPd doesn’t look up host names which can significantly speed up connections and reduce bandwidth usage.

Restart Pure-ftpd

# sh
/etc/init.d/pure-ftpd-mysql restart

Anonymous FTP

If you want to create an anonymous ftp account (an ftp account that everybody can login to without a password), you can do it like this:

First create a user ftp (with the homedir /home/ftp) and group ftp:

# sh
groupadd ftp
useradd -s /bin/false -d /home/ftp -m -c "anonymous ftp" -g ftp ftp

Then create the file /etc/pure-ftpd/conf/NoAnonymous which contains the string no:

# sh
echo "no" > /etc/pure-ftpd/conf/NoAnonymous

With this configuration, PureFTPd will allow anonymous logins.

Restart PureFTPd:

# sh
/etc/init.d/pure-ftpd-mysql restart

Then we create the directory /home/ftp/incoming which will allow anonymous users to upload files. We will give the /home/ftp/incoming directory permissions of 311 so that users can upload, but not see or download any files in that directory. The /home/ftp directory will have permissions of 555 which allows seeing and downloading of files:

# sh
cd /home/ftp
mkdir incoming
chown ftp:nogroup incoming/
chmod 311 incoming/
cd ../
chmod 555 ftp/

Now anonymous users can login, and they can download files from /home/ftp, but uploads are limited to /home/ftp/incoming (and once a file is uploaded into /home/ftp/incoming, it cannot be read nor downloaded from there; the server admin has to move it into /home/ftp first to make it available to others).

References

Created on 26-06-2008 by Eric le bihen

comments powered by Disqus