There is a new version of this tutorial available for Debian 10 (Buster).

The Perfect Server - Debian Squeeze (Debian 6.0) With BIND, Dovecot & Nginx [ISPConfig 3] - Page 5

15 Install PureFTPd And Quota

PureFTPd and quota can be installed with the following command:

apt-get install pure-ftpd-common pure-ftpd-mysql quota quotatool

Edit the file /etc/default/pure-ftpd-common:

vi /etc/default/pure-ftpd-common

Start mode is most likely already set to standalone and but make sure VIRTUALCHROOT=true is also defined like this:

[...]
STANDALONE_OR_INETD=standalone
[...]
VIRTUALCHROOT=true
[...]

It is likely that all lines are commented out, but it is worth checking /etc/inetd.conf for a line beginning with ftp stream tcp and comment it out. If the file or line do not exist then there is no need to edit or create it. This prevents inetd from trying to start ftp:

vi /etc/inetd.conf

Comment it out like this:

[...]
#:STANDARD: These are standard services.
#ftp    stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/pure-ftpd-wrapper
[...]

If you had to modify /etc/inetd.conf, restart inetd now:

/etc/init.d/openbsd-inetd restart

Now you can configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure protocol because all passwords and data are transferred in clear text. By using TLS the data transfers can be encrypted thus making FTP much more secure.

If you would like to allow FTP and TLS sessions run:

echo 1 > /etc/pure-ftpd/conf/TLS

In order to use TLS you must create an SSL certificate. Create the directory and generate the SSL certificate in /etc/ssl/private/ using the following commands:

mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Country Name (2 letter code) [AU]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) [Some-State]:
<-- Enter your State or Province Name.
Locality Name (eg, city) []:
<-- Enter your City.
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
<-- Enter your Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []:
<-- Enter your Organizational Unit Name (e.g. "IT Department").
Common Name (eg, YOUR name) []:
<-- Enter the Fully Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []:
<-- Enter your Email Address.

Then change the permissions of the SSL certificate and restart PureFTPd:

chmod 600 /etc/ssl/private/pure-ftpd.pem
/etc/init.d/pure-ftpd-mysql restart

Edit /etc/fstab by adding ,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 to the partition with the mount point /, can also be done on /var if you have a separate /var partition:

vi /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# / was on /dev/sda1 during installation
UUID=92bceda2-5ae4-4e3a-8748-b14da48fb297 /               ext3    errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       1
# swap was on /dev/sda5 during installation
UUID=e24b3e9e-095c-4b49-af27-6363a4b7d094 none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0

On a separate /var partition you can use usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 under options like this:

[...]
# / was on /dev/sda1 during installation
UUID=92bceda2-5ae4-4e3a-8748-b14da48fb297 /               ext3    errors=remount-ro 0       1
[...]
# /var was on /dev/sda3 during installation
UUID=be189fc3-b1b0-4e41-822c-6f81aa504bc1 /var            ext3    usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0 0       2
[...]

Please note that the UUIDs, paritions and file system types are likely differ on your system so do not change the to the ones in the example configuration.

To enable quota, run these commands:

mount -o remount /
quotacheck -avugm
quotaon -avug

If you enabled quota on /var then you might get a similar response on your terminal:

quotacheck: Scanning /dev/sda3 [/var] done
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Cannot stat old user quota file: No such file or directory
quotacheck: Cannot stat old group quota file: No such file or directory
quotacheck: Checked 335 directories and 3233 files
quotacheck: Old file not found.
quotacheck: Old file not found.
root@server1:~# quotaon -avug
/dev/sda3 [/var]: group quotas turned on
/dev/sda3 [/var]: user quotas turned on

 

16 Install BIND DNS Server

BIND can be installed as follows:

apt-get install bind9 dnsutils

 

17 Install Vlogger, Webalizer, And AWstats

Vlogger, webalizer, and AWstats can be installed as follows:

apt-get install vlogger webalizer awstats geoip-database

Open /etc/cron.d/awstats to edit it...

vi /etc/cron.d/awstats

... and comment out both cron jobs in that file:

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] && /usr/share/awstats/tools/update.sh
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] && /usr/share/awstats/tools/buildstatic.sh

 

18 Install Jailkit

Jailkit is needed only if you want to chroot SSH users. Jailkit must be installed before ISPConfig 3, it cannot be installed afterwards! It can be installed as follows:

apt-get install build-essential autoconf automake1.9 libtool flex bison debhelper
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.14.tar.gz
tar xvfz jailkit-2.14.tar.gz
cd jailkit-2.14
./debian/rules binary
cd ..
dpkg -i jailkit_2.14-1_*.deb
rm -rf jailkit-2.14*
Share this page:

1 Comment(s)