Monday, October 20, 2008

HowTo: Setup a Pure-FTPd server with virtual users on FreeBSD

Having setup a FTP server using FreeBSD's own FTPd I decided to explore other FTP server options, namely Pure-FTPd.

Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server.

This guide provides instructions for using the virtual user system to manage and control users. By using virtual users, FTP accounts can be administrated without affecting system accounts.

Let'
s initiate Pure-FTPd's installation by entering the following commands:
  • % su
  • # cd /usr/ports/ftp/pure-ftpd
  • # make config
A menu containing Pure-FTPd options will pop-up. In my case, I've opted to leave these options at their defaults.
  • # make install clean
  • # rehash
Having finished the installation process we now move into the configuration stage. We'll start by copying the sample configuration file and set the configuration options:
  • # cd /usr/local/etc
  • # cp pure-ftpd.conf.sample pure-ftpd.conf
  • # chmod 644 pure-ftpd.conf
The chmod command was run to be able to edit the file (default permissions are set to -r--r--r--).
  • # vi pure-ftpd.conf
VerboseLog yes
PureDB /usr/local/etc/pureftpd.pdb
CreateHomeDir yes
The CreateHomeDir option makes adding virtual users more easy by creating a user's home directory upon login (if it doesn't already exist).

We can either import users with system-level accounts (defined in /etc/master.passwd) at once or create new users manually. To import users that already exist on your system into the virtual user database, enter these commands:

  • # pure-pwconvert >> /usr/local/etc/pureftpd.passwd
  • # chmod 600 /usr/local/etc/pureftpd.passwd
  • # pure-pw mkdb
It should be noted that pure-pwconvert only imports accounts that have shell access. Accounts with the shell set to nologin have to be added manually.

To add users to the Pure-FTPd virtual user database manually, we need to create a system-level account that will be associated with virtual users. Create a new user named vftp like this:
  • # pw useradd vftp -s /sbin/nologin -w no -d /usr/home/vftp\
  • ? -c "Virtual FTP user" -m
Having done this we can now add users to the virtual users database using the commands below:
  • # pure-pw useradd user -u vftp -g vftp -d /usr/home/vftp/user
  • # pure-pw mkdb
Replace user with the desired username. With -d flag, the user will be chrooted. If you want to give user access to the whole filesystem, use -D instead of -d.

If you want to add additional users, just repeat the commands above with a different user.

To remove a user:
  • # pure-pw userdel user

Now to start Pure-FTPd:

  • # /usr/local/etc/rc.d/pure-ftpd onestart

Initiate a FTP connection to test the server:

  • % ftp localhost

Trying 127.0.0.1...
Connected to localhost.
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 13:39. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:username):
Now log in with a user account created as explained above. Commands such as ls, cp, pwd and less work just like in tcsh and bash shells. To quit the FTP session type exit.

To configure Pure-FTPd to start at boot time:

  • # echo 'pureftpd_enable="YES"' >> /etc/rc.conf
To restart Pure-FTPd and determine if it is running:
  • # /usr/local/etc/rc.d/pure-ftpd restart
  • # /usr/local/etc/rc.d/pure-ftpd status

Pure-FTPd provides useful features for personal users as well as hosting providers. I've only touched the tip of the iceberg so do take a look at the project's website for the excellent documentation that is available.

That's it for now. On a future post I'll explain how to setup Pure-FTPd for anonymous FTP access.

Resources:
http://www.pureftpd.org/project/pure-ftpd/doc

No comments: