{"id":192,"date":"2013-04-15T08:02:00","date_gmt":"2013-04-15T06:02:00","guid":{"rendered":"http:\/\/icefront.info\/wp\/?p=192"},"modified":"2013-04-15T08:02:00","modified_gmt":"2013-04-15T06:02:00","slug":"set-up-a-ftp-server-pure-ftpd-mysql","status":"publish","type":"post","link":"https:\/\/icefront.info\/index.php\/2013\/04\/15\/set-up-a-ftp-server-pure-ftpd-mysql\/","title":{"rendered":"Set up a FTP server (pure-ftpd-mysql)"},"content":{"rendered":"<p>There are multiple reasons I recommend using <a href=\"http:\/\/www.pureftpd.org\" target=\"_blank\">pure-ftpd-mysql<\/a> as ftp service: can authenticate both physical and virtual (read from database) users. It&#8217;s highly but easily configurable.<\/p>\n<p>Installing:<\/p>\n<p><code>apt-get install pure-ftpd-mysql<\/code><\/p>\n<p>The configuration files are found at \/etc\/pure-ftpd.<\/p>\n<p>By default, pure-ftpd authenticates only users that has an uid 1000 or over. Thus root cannot authenticate (having uid of 0). By default, when the system was installed, a user was created and this has the uid of 1000, so you can authenticate with this user: go to an another computer (over LAN) and try to connect via a FTP client.<\/p>\n<p>To authenticate virtual users, first you need to set up\u00a0 the following:<\/p>\n<ul>\n<li>have access to MYSQL tables via ip, username and password<\/li>\n<li>create a table that has the following important fields: <em>username<\/em>, <em>password<\/em> (encoded as md5, sha1, crypt or password) and an optional field <em>ftp_enabled<\/em> that is 1 if the user&#8217;s FTP access it&#8217;s enabled.<\/li>\n<\/ul>\n<p>Edit the \/etc\/pure-ftpd\/db\/mysql.conf file and uncomment\/change the following lines:<\/p>\n<ul>\n<li>MYSQLServer <span style=\"color: #ff0000;\">ip-address<\/span> (leave 127.0.0.1 if localhost)<\/li>\n<li>MYSQLPort <span style=\"color: #ff0000;\">port<\/span> (leave 3306 if not changed)<\/li>\n<li>MYSQLUser <span style=\"color: #ff0000;\">mysql_username<\/span><\/li>\n<li>MYSQLPassword <span style=\"color: #ff0000;\">mysql_password<\/span><\/li>\n<li>MYSQLDatabase <span style=\"color: #ff0000;\">mysql_database_name<\/span><\/li>\n<li>MYSQLCrypt <span style=\"color: #ff0000;\">crypt<\/span> (md5, sha1, crypt or password)<\/li>\n<li>MYSQLGetPW <span style=\"color: #ff0000;\">SELECT `ftp_password` FROM `users` WHERE `username`=&#8221;\\L&#8221; AND `ftp_enabled`&gt;0 AND `account_status`=0<\/span><\/li>\n<li>MYSQLGetDir <span style=\"color: #ff0000;\">SELECT CONCAT(&#8216;\/var\/ftp\/&#8217;, LPAD(`id`, 8, &#8216;0&#8217;)) FROM `users` WHERE `username`=&#8221;\\L&#8221;<\/span><\/li>\n<\/ul>\n<p>Note on the last setting: pure-ftpd-mysql will create automatically a separate directory for each authenticated user in \/var\/ftp. The lpad function just pads the username with zeroes up to 8 characters. Obviously you can have anything here to name the user&#8217;s directory.<\/p>\n<h3>Important settings<\/h3>\n<p>To add startup options for the FTP service, go to \/etc\/pure-ftpd\/conf and create files named as the options in the documentation. Be careful, the documentation lists the options lowercase, but the configuration files needs to be named with capitalized words (would be nice to write the documentation correctly&#8230;). The files contain the respective options as text (yes, no, 1, 500, etc.)<\/p>\n<p>The following config files that have importance:<\/p>\n<ul>\n<li>\u00a0AllowDotFiles &#8211; yes|no; Allow anonymous users to read files\/directories starting with dot (hidden)<\/li>\n<li>CreateHomeDir &#8211; yes; It&#8217;s important to automatically create the home dir for virtual users<\/li>\n<li>CustomerProof &#8211; yes; Prevents your users against making bad &#8216;chmod&#8217; commands, that would deny access to files\/directories to themselves.<\/li>\n<li>DontResolve &#8211; yes; Prevent reverse DNS lookup. Useful to speed up the FTP connection (if the main DNS server is down or unreachable, the FTP connection slows down to crawl).<\/li>\n<li>MaxClientsNumber &#8211; XXX; Adjust this number according to the server capacity and number of expected clients.<\/li>\n<li>MaxClientsPerIP &#8211; X;<\/li>\n<li>MaxIdleTime &#8211; XX; In minutes.<\/li>\n<li>NoAnonymus &#8211; yes|no; Allow\/deny anonymous authentication.<\/li>\n<li>NoChmod &#8211; yes|no; Allow\/deny the chmod command.<\/li>\n<li>PAMAuthentication &#8211; yes|no; Allow\/deny authentication of physical users.<\/li>\n<li>PerUserLimits &#8211; X Y; X &#8211; max connections with the same username, Y &#8211; max anonymous connections.<\/li>\n<\/ul>\n<p>To apply the settings, restart the server<\/p>\n<p><code>\/etc\/init.d\/pure-ftpd-mysql restart<\/code><\/p>\n<p>If there are errors upon startup, you need to check the configuration file names or their content.<\/p>\n<p>You may read the full documentation at <a title=\"Pure-ftpd documentation\" href=\"http:\/\/download.pureftpd.org\/pub\/pure-ftpd\/doc\/README\" target=\"_blank\">pureftpd.org<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are multiple reasons I recommend using pure-ftpd-mysql as ftp service: can authenticate both physical and virtual (read from database) users. It&#8217;s highly but easily configurable. Installing: apt-get install pure-ftpd-mysql The configuration files are found at \/etc\/pure-ftpd. By default, pure-ftpd authenticates only users that has an uid 1000 or over. Thus root cannot authenticate (having [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-192","post","type-post","status-publish","format-standard","hentry","category-web"],"_links":{"self":[{"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/posts\/192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/comments?post=192"}],"version-history":[{"count":0,"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/posts\/192\/revisions"}],"wp:attachment":[{"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/media?parent=192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/categories?post=192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icefront.info\/index.php\/wp-json\/wp\/v2\/tags?post=192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}