PureFTPD is a secure and easy to configure FTP server. It has all the features you usually need, like TLS encryption, virtual users, quotas and limits. The only downside is that PureFTPD is not easy to install on a virtual server because the default Debian package is compiled with some options that are not supported by the standard OpenVZ and Virtuozzo kernels. Therefore you need to recompile PureFTPD with some reasonable settings. In This post I will explain how to do that and do a basic service setup.
First you could try to install the default Debian package to check whether you need to recompile PureFTPD. This can be done via:
The following steps are needed to recompile the package with the necessary options to make it run on a virtual server. You only need to do these steps if you find the following message in your syslog when trying to connect to the ftp server:
In that case, make sure that you have enabled the Debian source repositories in your /etc/apt/sources.list
and fetch the source files via:
The source files have now been downloaded to your current directory. There should now some new files and a directory pure-ftpd-1.0.21
. Enter this directory and edit the file debian/rules
you should change the line starting with optflags
and add --without-capabilities
to that line, so that it looks like:
Now grab the dependencies needed to build the source and compile the Debian installation package:
The resulting Debian package should now have been built without errors and you can install it via:
The filename of the package might vary depending on the current patch level in the Debian repository.
When installing the package you will be asked whether to use a chrooted setup which you should do and if you prefer a standalone installation or inetd-based operation. For low volume sites I would prefer the inetd installation.
Now let’s get on to the configuration of PureFTPD. I prefer a setup using virtual users which are mapped to a central user account on the server. So I usually create a new account without a shell or home directory which belongs to the Apache user group to have access to hosted webs:
You can also use the existing user www-data
instead. In that case you need to enable that user account (on Debian/Ubuntu it has the user id 33) in the PureFTP config:
The configuration of PureFTP is done via distinct files in the directory /etc/pure-ftpd/conf
. Each file contains a single configuration setting and we can setup a decent configuration with the following commands:
With the above settings we disable all authentication methods except the internal PureFTPD user database. We also lock down each user into a chroot-environment and enable secure authentication via TLS. PureFTPD excepts a certificate in the file /etc/ssl/private/pure-ftpd.pem
. You could copy your apache certificate to that file, or generate a new one via:
The user administration and setup is now done with the PureFTPD tool pure-pw
. You can add a new user via:
The above command will ask you for a password and register the user which is mapped to the system user ftpuser
within PureFTPD. Every time you modify the user database you need to rebuild the PureFTPD user configuration via:
Now you should be able to connect to your server with secure authorization with the newly created user.
Leave a Reply