Installing Pure-FTPd on Ubuntu 22.04

0
304
Pure-FTPd is a free (BSD-license), secure, production-quality and standard-conformant FTP server. It doesn’t provide unnecessary bells and whistles but focuses on efficiency and ease of use. This guide provides a step-by-step process for installing and configuring Pure-FTPd on Ubuntu.

Prerequisites for Installing Pure-FTPd

Before proceeding with the installation, ensure you have:

  • An Ubuntu server setup
  • Access to a user account with sudo privileges

Step-by-Step Installation of Pure-FTPd

Updating System Packages

First, update your system’s package list:

sudo apt update

Installing Pure-FTPd

Next, install Pure-FTPd using the following command:

sudo apt install pure-ftpd

Configuring Pure-FTPd for Enhanced Security

Setting Up a Secure Environment

Create a dedicated group for FTP users:

sudo groupadd ftpgroup

Create a user for Pure-FTPd:

sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser

Managing User Access

To add a user to the FTP server:

sudo pure-pw useradd [username] -u ftpuser -g ftpgroup -d /home/ftpusers/[username]
sudo pure-pw mkdb

Replace [username] with the desired username.

Configuring TLS for Secure Data Transfer

Generate a self-signed certificate:

sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Modify the Pure-FTPd configuration to activate TLS:

echo 1 | sudo tee /etc/pure-ftpd/conf/TLS
sudo service pure-ftpd restart

Advanced Configuration Options

Here’s a list of common settings that can be configured for Pure-FTPd in /etc/pure-ftpd/conf/ directory on Ubuntu. The config file name is in bold.

  • AltLog: Specifies alternative logging methods. For instance, AltLog clf:/var/log/pureftpd.log will log transfers in W3C format.
  • AnonymousOnly: When enabled (by creating a file named AnonymousOnly), it restricts the server to allow only anonymous logins.
  • AntiWarez: If this file exists, users are forbidden to upload files that already exist on the server.
  • AutoRename: Automatically renames uploaded files if a file with the same name exists.
  • Bind: Binds the server to a specific IP address and port. For example, Bind 21 binds to port 21 on all available addresses.
  • BrokenClientsCompatibility: Enables compatibility with FTP clients that do not strictly adhere to FTP standards.
  • ChrootEveryone: If enabled, restricts all users to their home directory.
  • CreateHomeDir: Automatically creates home directories if they do not exist when a user logs in.
  • CustomerProof: Increases resilience against common mistakes made in client configurations and commands.
  • Daemonize: When this file exists, Pure-FTPd will run as a daemon.
  • DisplayDotFiles: Controls whether dot files (hidden files) are displayed or not.
  • DontResolve: Prevents DNS resolution for logging and bandwidth control, which can improve performance.
  • ExtAuth: Specifies an external program for user authentication.
  • ForcePassiveIP: Forces the server to report a specific IP address to passive mode clients.
  • FSCharset: Sets the file system character set, useful for non-ASCII filenames.
  • IPv4Only or IPv6Only: Restricts the server to listen to IPv4 or IPv6 addresses only.
  • KeepAllFiles: Prevents deletion of any files on the server.
  • LDAPConfigFile: Specifies the path to the LDAP configuration file for authentication.
  • LimitRecursion: Limits the recursion depth and number of files displayed in directory listings.
  • MaxClientsNumber: Limits the maximum number of simultaneous clients.
  • MaxClientsPerIP: Restricts the number of simultaneous connections from a single IP address.
  • MaxDiskUsage: Limits the percentage of disk usage.
  • MaxIdleTime: Sets the maximum idle time in minutes before disconnecting a client.
  • MaxLoad: Disconnects clients or refuses new connections above a certain system load.
  • MinUID: Sets the minimum UID for login. Users with a lower UID cannot log in.
  • MySQLConfigFile: Specifies the path to the MySQL configuration file for database-based authentication.
  • NoAnonymous: Disables anonymous logins if this file exists.
  • NoChmod: Disables the CHMOD command on the server.
  • NoRename: Prevents users from renaming files.
  • PassivePortRange: Defines a range of ports for passive connections (e.g., 30000 35000).
  • PerUserLimits: Sets limits on a per-user basis.
  • PureDB: Specifies the path to the PureDB user database file.
  • Quota: Sets user quota limits.
  • SyslogFacility: Defines the syslog facility for logging.
  • TLSCipherSuite: Specifies the allowed TLS ciphers for encrypted connections.
  • TrustedGID: Specifies a list of trusted group IDs for login.
  • UMask: Sets the default umask for file creation.
  • UnixAuthentication: Enables authentication against the UNIX password database.
  • UploadScript: Specifies a script to run after a successful upload.

This list covers the most commonly used configuration options but is not exhaustive. Always refer to the official Pure-FTPd documentation or use the

pure-ftpd-wrapper --help

command for the most accurate and comprehensive information.

Examples

Here is a list of Pure-FTPd settings in /etc/pure-ftpd/conf/ with examples to illustrate the types of values they accept:

  • AltLog: AltLog clf:/var/log/pureftpd.log
    • Example: clf:/var/log/pureftpd.log
  • AnonymousOnly: Enable by creating a file named AnonymousOnly.
  • AntiWarez: Enable by creating a file named AntiWarez.
  • AutoRename: Enable by creating a file named AutoRename.
  • Bind: Bind 21
  • BrokenClientsCompatibility: Enable by creating a file named BrokenClientsCompatibility.
  • ChrootEveryone: Enable by creating a file named ChrootEveryone.
  • CreateHomeDir: Enable by creating a file named CreateHomeDir.
  • CustomerProof: Enable by creating a file named CustomerProof.
  • Daemonize: Enable by creating a file named Daemonize.
  • DisplayDotFiles: Enable by creating a file named DisplayDotFiles.
  • DontResolve: Enable by creating a file named DontResolve.
  • ExtAuth: ExtAuth /path/to/authenticator
    • Example: /usr/local/bin/myauth
  • ForcePassiveIP: ForcePassiveIP 192.168.0.1
  • FSCharset: FSCharset utf-8
  • IPv4Only or IPv6Only: Enable by creating a file named IPv4Only or IPv6Only.
  • KeepAllFiles: Enable by creating a file named KeepAllFiles.
  • LDAPConfigFile: LDAPConfigFile /etc/pure-ftpd/ldap.conf
    • Example: /etc/pure-ftpd/ldap.conf
  • LimitRecursion: LimitRecursion 10000 8
    • Example: 10000 8 (10000 files, 8 levels deep)
  • MaxClientsNumber: MaxClientsNumber 50
  • MaxClientsPerIP: MaxClientsPerIP 8
  • MaxDiskUsage: MaxDiskUsage 95
  • MaxIdleTime: MaxIdleTime 15
  • MaxLoad: MaxLoad 4.0
  • MinUID: MinUID 1000
  • MySQLConfigFile: MySQLConfigFile /etc/pure-ftpd/mysql.conf
    • Example: /etc/pure-ftpd/mysql.conf
  • NoAnonymous: Enable by creating a file named NoAnonymous.
  • NoChmod: Enable by creating a file named NoChmod.
  • NoRename: Enable by creating a file named NoRename.
  • PassivePortRange: PassivePortRange 30000 35000
  • PerUserLimits: PerUserLimits 8
    • Example: 8 (8 simultaneous connections per user)
  • PureDB: PureDB /etc/pure-ftpd/pureftpd.pdb
    • Example: /etc/pure-ftpd/pureftpd.pdb
  • Quota: Quota 1000M
    • Example: 1000M (1000 Megabytes)
  • SyslogFacility: SyslogFacility ftp
  • TLSCipherSuite: TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
    • Example: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
  • TrustedGID: TrustedGID 1000
  • UMask: UMask 133:022
    • Example: 133:022 (Files: 133, Directories: 022)
  • UnixAuthentication: Enable by creating a file named UnixAuthentication.
  • UploadScript: UploadScript /path/to/script
    • Example: /usr/local/bin/uploadscript

These examples should clarify how to configure various options in Pure-FTPd.

Monitoring and Maintenance

Regularly check logs in /var/log/pure-ftpd/ for any unusual activities or errors.

LEAVE A REPLY

Please enter your comment!
Please enter your name here