Pure-FTPd is a free (BSD-license), secure, production-quality and standard-conformant FTP server. It doesn't provide unnecessary bells and whistles but focuses on efficiency and ease of use. This guide provides a step-by-step process for installing and configuring Pure-FTPd on Ubuntu.
Prerequisites for Installing Pure-FTPd
Before proceeding with the installation, ensure you have:
- An Ubuntu server setup
- Access to a user account with
sudo
privileges
Step-by-Step Installation of Pure-FTPd
Updating System Packages
First, update your system's package list:
sudo apt update
Installing Pure-FTPd
Next, install Pure-FTPd using the following command:
sudo apt install pure-ftpd
Configuring Pure-FTPd for Enhanced Security
Setting Up a Secure Environment
Create a dedicated group for FTP users:
sudo groupadd ftpgroup
Create a user for Pure-FTPd:
sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser
Managing User Access
To add a user to the FTP server:
sudo pure-pw useradd [username] -u ftpuser -g ftpgroup -d /home/ftpusers/[username]
sudo pure-pw mkdb
Replace [username]
with the desired username.
Configuring TLS for Secure Data Transfer
Generate a self-signed certificate:
sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Modify the Pure-FTPd configuration to activate TLS:
echo 1 | sudo tee /etc/pure-ftpd/conf/TLS
sudo service pure-ftpd restart
Advanced Configuration Options
Here's a list of common settings that can be configured for Pure-FTPd in /etc/pure-ftpd/conf/ directory on Ubuntu. The config file name is in bold.
- AltLog: Specifies alternative logging methods. For instance, AltLog clf:/var/log/pureftpd.log will log transfers in W3C format.
- AnonymousOnly: When enabled (by creating a file named AnonymousOnly), it restricts the server to allow only anonymous logins.
- AntiWarez: If this file exists, users are forbidden to upload files that already exist on the server.
- AutoRename: Automatically renames uploaded files if a file with the same name exists.
- Bind: Binds the server to a specific IP address and port. For example, Bind 21 binds to port 21 on all available addresses.
- BrokenClientsCompatibility: Enables compatibility with FTP clients that do not strictly adhere to FTP standards.
- ChrootEveryone: If enabled, restricts all users to their home directory.
- CreateHomeDir: Automatically creates home directories if they do not exist when a user logs in.
- CustomerProof: Increases resilience against common mistakes made in client configurations and commands.
- Daemonize: When this file exists, Pure-FTPd will run as a daemon.
- DisplayDotFiles: Controls whether dot files (hidden files) are displayed or not.
- DontResolve: Prevents DNS resolution for logging and bandwidth control, which can improve performance.
- ExtAuth: Specifies an external program for user authentication.
- ForcePassiveIP: Forces the server to report a specific IP address to passive mode clients.
- FSCharset: Sets the file system character set, useful for non-ASCII filenames.
- IPv4Only or IPv6Only: Restricts the server to listen to IPv4 or IPv6 addresses only.
- KeepAllFiles: Prevents deletion of any files on the server.
- LDAPConfigFile: Specifies the path to the LDAP configuration file for authentication.
- LimitRecursion: Limits the recursion depth and number of files displayed in directory listings.
- MaxClientsNumber: Limits the maximum number of simultaneous clients.
- MaxClientsPerIP: Restricts the number of simultaneous connections from a single IP address.
- MaxDiskUsage: Limits the percentage of disk usage.
- MaxIdleTime: Sets the maximum idle time in minutes before disconnecting a client.
- MaxLoad: Disconnects clients or refuses new connections above a certain system load.
- MinUID: Sets the minimum UID for login. Users with a lower UID cannot log in.
- MySQLConfigFile: Specifies the path to the MySQL configuration file for database-based authentication.
- NoAnonymous: Disables anonymous logins if this file exists.
- NoChmod: Disables the CHMOD command on the server.
- NoRename: Prevents users from renaming files.
- PassivePortRange: Defines a range of ports for passive connections (e.g., 30000 35000).
- PerUserLimits: Sets limits on a per-user basis.
- PureDB: Specifies the path to the PureDB user database file.
- Quota: Sets user quota limits.
- SyslogFacility: Defines the syslog facility for logging.
- TLSCipherSuite: Specifies the allowed TLS ciphers for encrypted connections.
- TrustedGID: Specifies a list of trusted group IDs for login.
- UMask: Sets the default umask for file creation.
- UnixAuthentication: Enables authentication against the UNIX password database.
- UploadScript: Specifies a script to run after a successful upload.
This list covers the most commonly used configuration options but is not exhaustive. Always refer to the official Pure-FTPd documentation or use the
pure-ftpd-wrapper --help
command for the most accurate and comprehensive information.
Examples
Here is a list of Pure-FTPd settings in /etc/pure-ftpd/conf/ with examples to illustrate the types of values they accept:
- AltLog:
AltLog clf:/var/log/pureftpd.log
- Example:
clf:/var/log/pureftpd.log
- Example:
- AnonymousOnly: Enable by creating a file named
AnonymousOnly
.- No value needed.
- AntiWarez: Enable by creating a file named
AntiWarez
.- No value needed.
- AutoRename: Enable by creating a file named
AutoRename
.- No value needed.
- Bind:
Bind 21
- Example:
192.168.0.1,21
- Example:
- BrokenClientsCompatibility: Enable by creating a file named
BrokenClientsCompatibility
.- No value needed.
- ChrootEveryone: Enable by creating a file named
ChrootEveryone
.- No value needed.
- CreateHomeDir: Enable by creating a file named
CreateHomeDir
.- No value needed.
- CustomerProof: Enable by creating a file named
CustomerProof
.- No value needed.
- Daemonize: Enable by creating a file named
Daemonize
.- No value needed.
- DisplayDotFiles: Enable by creating a file named
DisplayDotFiles
.- No value needed.
- DontResolve: Enable by creating a file named
DontResolve
.- No value needed.
- ExtAuth:
ExtAuth /path/to/authenticator
- Example:
/usr/local/bin/myauth
- Example:
- ForcePassiveIP:
ForcePassiveIP 192.168.0.1
- Example:
192.168.0.1
- Example:
- FSCharset:
FSCharset utf-8
- Example:
utf-8
- Example:
- IPv4Only or IPv6Only: Enable by creating a file named
IPv4Only
orIPv6Only
.- No value needed.
- KeepAllFiles: Enable by creating a file named
KeepAllFiles
.- No value needed.
- LDAPConfigFile:
LDAPConfigFile /etc/pure-ftpd/ldap.conf
- Example:
/etc/pure-ftpd/ldap.conf
- Example:
- LimitRecursion:
LimitRecursion 10000 8
- Example:
10000 8
(10000 files, 8 levels deep)
- Example:
- MaxClientsNumber:
MaxClientsNumber 50
- Example:
50
- Example:
- MaxClientsPerIP:
MaxClientsPerIP 8
- Example:
8
- Example:
- MaxDiskUsage:
MaxDiskUsage 95
- Example:
95
(95 percent)
- Example:
- MaxIdleTime:
MaxIdleTime 15
- Example:
15
(15 minutes)
- Example:
- MaxLoad:
MaxLoad 4.0
- Example:
4.0
- Example:
- MinUID:
MinUID 1000
- Example:
1000
- Example:
- MySQLConfigFile:
MySQLConfigFile /etc/pure-ftpd/mysql.conf
- Example:
/etc/pure-ftpd/mysql.conf
- Example:
- NoAnonymous: Enable by creating a file named
NoAnonymous
.- No value needed.
- NoChmod: Enable by creating a file named
NoChmod
.- No value needed.
- NoRename: Enable by creating a file named
NoRename
.- No value needed.
- PassivePortRange:
PassivePortRange 30000 35000
- Example:
30000 35000
- Example:
- PerUserLimits:
PerUserLimits 8
- Example:
8
(8 simultaneous connections per user)
- Example:
- PureDB:
PureDB /etc/pure-ftpd/pureftpd.pdb
- Example:
/etc/pure-ftpd/pureftpd.pdb
- Example:
- Quota:
Quota 1000M
- Example:
1000M
(1000 Megabytes)
- Example:
- SyslogFacility:
SyslogFacility ftp
- Example:
ftp
- Example:
- TLSCipherSuite:
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
- Example:
HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
- Example:
- TrustedGID:
TrustedGID 1000
- Example:
1000
- Example:
- UMask:
UMask 133:022
- Example:
133:022
(Files: 133, Directories: 022)
- Example:
- UnixAuthentication: Enable by creating a file named
UnixAuthentication
.- No value needed.
- UploadScript:
UploadScript /path/to/script
- Example:
/usr/local/bin/uploadscript
- Example:
These examples should clarify how to configure various options in Pure-FTPd.
Monitoring and Maintenance
Regularly check logs in /var/log/pure-ftpd/
for any unusual activities or errors.