How to Install Pure-FTPd with TLS and virtual users on OpenSUSE Leap 42.1

Pure-FTPd is a free and lightweight FTP server based on Troll-FTPd, the development started in 2001 and it runs on many Unix-like OS including Linux, *BSD, Solaris, and HP-UX. Pure-FTPd has many features like virtual domains, chroot home directory, virtual users, TLS/SSL support, virtual quota and many more.

In this tutorial, I will show you how to install and configure pure-ftpd on OpenSUSE Leap 42.1. I will show you how to set-up pure-ftpd with TLS/SSL and then set-up virtual-users.

Prerequisite

  • OpenSUSE Leap 42.1
  • Root privileges
  • OpenSUSE, Zypper Knowledge

Step 1 - Install and Configure SuSEfirewall2

SuSEfirewall2 is a script to generate the firewall configuration in the file '/etc/sysconfig/SuSEfirewall2'. We will install SuSEfirewall2 and then open the ports for SSH and the FTP service.

Install SuSEfirewall2 with zypper:

zypper in SuSEfirewall2

Next, edit the configuration file '/etc/sysconfig/SuSEfirewall2' with vim:

vim /etc/sysconfig/SuSEfirewall2

Add the new services ssh and FTP to line 253:

FW_SERVICES_EXT_TCP="ssh ftp"

Save and exit.

Now Start SuSEfirewall2 with the systemctl command:

systemctl start SuSEfirewall2

Step 2 - Install and Configure Pure-FTPd

In this step, we will install pure-ftpd with OpenSSL for the TLS/SSL configuration and configure the pure-ftpd user and group.

Install the applications with zypper as shown below:

zypper in pure-ftpd openssl

Now add the new group 'ftpgroup' and the new user for the master 'FTP user' called 'ftpuser' to the group.

groupadd ftpgroup
useradd -g ftpgroup -d /dev/null -s /etc ftpuser

Go to the pure-ftpd directory and edit the configuration file 'pure-ftpd.conf' with the vim editor:

cd /etc/pure-ftpd/
vim pure-ftpd.conf

Change the value in line 81 to 'yes' for the disabling the anonymous user.

NoAnonymous                 yes

Uncomment line 131 to configure the backend. Pure-ftpd has support for MySQL, PostgreSQL, and LDAP as backend, but in this tutorial, we will use 'PureDB' for the backed.

PureDB                        /etc/pure-ftpd/pureftpd.pdb

Comment out the PAMAuthentication line to disable PAM authentication on line 141 as we will use PureDB as authentication source.

#PAMAuthentication             yes

Save and exit.

Step 3 - Configure TLS/SSL for Pure-FTPd

Generate a new self signed certificate file in the '/etc/ssl/private' directory with the openssl command:

openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem -days 365

Change the permissions of the certificate file to 0600:

chmod 600 /etc/ssl/private/pure-ftpd.pem

Next, go back to the pure-ftpd directory and edit the configuration file to enable TLS/SSL support for the client connection.

cd /etc/pure-ftpd/
vim pure-ftpd.conf

Uncomment line 439 to enable TLS.

TLS                      1

Uncomment line 449 and add a new option to make it more secure.

TLSCipherSuite           HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3

Uncomment line 445 to define the certificate file.

CertFile                 /etc/ssl/private/pure-ftpd.pem

Save and exit.

Now start pure-ftpd with the systemctl command:

systemctl start pure-ftpd

Step 4 - Configure Virtual Users

Pure-FTPd provides features to create and use virtual users instead of real system (Linux) users. Pure-FTPd provide several auth backends and the virtual user configuration depends on the backend that is used by the server. In step 2 we have set 'PureDB' as the backend.

We can create a new virtual user with the 'pure-pw' command provided by pure-ftpd. In this step, we will create a new virtual user named 'shiro' with directory '/srv/ftp/shiro' as the ftp home directory and the user is chrooted to that directory so that he can not access the other system directories.

Create the new virtual user with pure-pw:

pure-pw useradd shiro -u ftpuser -d /srv/ftp/shiro

Create the directory for the virtual user and change the owner of that directory to the master 'FTP user'.

mkdir -p /srv/ftp/shiro
chown -R ftpuser.ftpgroup /srv/ftp/shiro

Next, we must save the changes with command below:

pure-pw mkdb

Add a pure-pw user

Now the user shiro is ready to be used, we can useFTPp from the command line or FileZilla for GUI interface to connect to the server.

Note:

pure-pw has more command options, you can use 'pure-pw help' to see all the useful commands.

Step 5 - Testing

I will use the FTP command in the terminal for the testing. Open your terminal and type "ftp":

ftp

Next enter the pure-ftpd server ip:

open 192.168.43.69

Login with user 'shiro' and the password and then press 'Enter'.

Try to upload file with the 'put' command:

put picture.png mypict.png

Now you will see the file mypict.png on the server with the ls command below:

ls

FTP connection

Reference

Share this page:

2 Comment(s)