HowTo: Setup a Pure-FTPd server with virtual users on FreeBSD
This guide provides instructions for using the virtual user system to manage and control users. By using virtual users, FTP accounts can be administrated without affecting system accounts.
Let’s initiate Pure-FTPd’s installation by entering the following commands:
- % su
- # cd /usr/ports/ftp/pure-ftpd
- # make config
A menu containing Pure-FTPd options will pop-up. In my case, I’ve opted to leave these options at their defaults.
- # make install clean
- # rehash
Having finished the installation process we now move into the configuration stage. We’ll start by copying the sample configuration file and set the configuration options:
- # cd /usr/local/etc
- # cp pure-ftpd.conf.sample pure-ftpd.conf
- # chmod 644 pure-ftpd.conf
The chmod command was run to be able to edit the file (default permissions are set to -r–r–r–).
- # vi pure-ftpd.conf
VerboseLog yes
PureDB /usr/local/etc/pureftpd.pdb
CreateHomeDir yes
The CreateHomeDir option makes adding virtual users more easy by creating a user’s home directory upon login (if it doesn’t already exist).
We can either import users with system-level accounts (defined in /etc/master.passwd) at once or create new users manually. To import users that already exist on your system into the virtual user database, enter these commands:
- # pure-pwconvert >> /usr/local/etc/pureftpd.passwd
- # chmod 600 /usr/local/etc/pureftpd.passwd
- # pure-pw mkdb
It should be noted that pure-pwconvert only imports accounts that have shell access. Accounts with the shell set to nologin have to be added manually.
To add users to the Pure-FTPd virtual user database manually, we need to create a system-level account that will be associated with virtual users. Create a new user named vftp like this:
- # pw useradd vftp -s /sbin/nologin -w no -d /usr/home/vftp\
- ? -c “Virtual FTP user” -m
Having done this we can now add users to the virtual users database using the commands below:
- # pure-pw useradd user -u vftp -g vftp -d /usr/home/vftp/user
- # pure-pw mkdb
Replace user with the desired username. With -d flag, the user will be chrooted. If you want to give user access to the whole filesystem, use -D instead of -d.
If you want to add additional users, just repeat the commands above with a different user.
To remove a user:
- # pure-pw userdel user
Now to start Pure-FTPd:
- # /usr/local/etc/rc.d/pure-ftpd onestart
Initiate a FTP connection to test the server:
- % ftp localhost
Trying 127.0.0.1…
Connected to localhost.
220———- Welcome to Pure-FTPd [TLS] ———-
220-You are user number 2 of 50 allowed.
220-Local time is now 13:39. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:username):
Now log in with a user account created as explained above. Commands such as ls, cp, pwd and less work just like in tcsh and bash shells. To quit the FTP session type exit.To configure Pure-FTPd to start at boot time:
- # echo ‘pureftpd_enable=”YES”‘ >> /etc/rc.conf
To restart Pure-FTPd and determine if it is running:
- # /usr/local/etc/rc.d/pure-ftpd restart
- # /usr/local/etc/rc.d/pure-ftpd status
Pure-FTPd provides useful features for personal users as well as hosting providers. I’ve only touched the tip of the iceberg so do take a look at the project’s website for the excellent documentation that is available.
That’s it for now. On a future post I’ll explain how to setup Pure-FTPd for anonymous FTP access.
HowTo: Setup an Anonymous FTP server on FreeBSD
To test the speed differences between SFTP and FTP I decided to setup an anonymous FTP server on my trusted old 266 Mhz Celeron running FreeBSD 7.0.
The File Transfer Protocol (FTP) provides a simple and classic method for transferring files from one computer to another across the internet.
FreeBSD base install includes FTP server software, namely ftpd.
I’m fully aware of the security implications regarding FTP’s transmission of usernames and passwords in clear text hence the choice of an anonymous FTP server in real-only mode.
Let’s start by creating a ftp user:
- % su
- # adduser
Username: ftp
Full name: Anonymous FTP user
Uid (Leave empty for default):
Login group [ftp]:
Login group is ftp. Invite ftp into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash zsh nologin) [sh]: nologin
Home directory [/home/ftp]: /var/ftp
Use password-based authentication? [yes]: no
Lock out the account after creation? [no]: no
Username : ftp
Password :
Full Name : Anonymous FTP user
Uid : 1004
Class :
Groups : ftp
Home : /var/ftp
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (ftp) to the user database.
Add another user? (yes/no): no
Goodbye!
Anonymous FTP restricts access to the home directory of the user ftp. So let’s create an additional directory:
- # mkdir -p /var/ftp/pub
- # chown ftp:ftp /var/ftp/pub
From the point of view of the user /var/ftp is the root directory, and he cannot access any files outside of the ftp directory.
To display a welcome notice before users login edit the /etc/ftpwelcome file:
- # vi /etc/ftpwelcome
After a successful login the contents of the /etc/ftpmod file are displayed to the user.
- # vi /etc/ftpmod
Next let’s proceed by enabling the ftpd server in /etc/inetd.conf:
- # echo “ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -S -A -r” >> /etc/inetd.conf
In which:
-l default flag
-r read-only mode
-o write-only mode
-A anonymous FTP connections only
-S logging of all anonymous FTP activity
The -S flag allows logging to /var/log/ftpd, however the file needs to exist before ftpd can use it:
- # touch /var/log/ftpd
To start ftpd at boot time:
- # echo ‘inetd_enable=”YES”‘ >> /etc/rc.conf
Having finished the configurations steps we can start ftpd immediately by:
- # /ect/rc.d/inetd start
You can now log on to your FTP server by typing:
- # exit
- % ftp localhost
In which the username can be either ftp or anonymous and the password can be anything. Commands such as ls, cp, pwd and less work just like in tcsh and bash shells. To quit the FTP session type exit.
And we’re done 😉
Additional information:
FreeBSD Handbook
man ftpchroot
man ftpd
man chroot
man inetd