1. Download the pure-ftpd source code package and decompress it.
2. Compile, install, and prepare
Go to the decompressed source code directory.
# Configuring compilation parameters and laziness -- everything
./Configure -- with-everything -- with-language = simplified-chinese
# Compilation and Installation
Make
Make install
# Configuration Tool
Chmod 755 configuration-file/pure-config.pl
Cp config-file/pure-config.pl/usr/local/sbin/
Cp configuration-file/pure-ftpd.conf/etc/
# Configure the Automatic startup script, using the official compilation sample, which is indeed relatively general
Vi/etc/rc. d/init. d/pure-ftpd
#! /Bin/bash
#
# Script for the pure-ftpd FTP Server $ Revision: 1.3 $
#
# Chkconfig: 2345 85 15
# Description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# Processname: pure-ftpd
# Pidfile:/var/run/pure-ftpd.pid
# Config:/etc/pure-ftpd.conf
# Source function library.
./Etc/rc. d/init. d/functions
RETVAL = 0
# Path to the pure-ftp binaries.
Prog = pure-config.pl
Fullpath =/usr/local/sbin/$ prog
Pureftpwho =/usr/local/sbin/pure-ftpwho
Start (){
Echo-n $ "Starting $ prog :"
$ Fullpath/etc/pure-ftpd.conf -- daemonize
RETVAL =$?
[$ RETVAL = 0] & touch/var/lock/subsys/$ prog
Echo
}
Stop (){
Echo-n $ "Stopping $ prog :"
Kill $ (cat/var/run/pure-ftpd.pid)
RETVAL =$?
[$ RETVAL = 0] & rm-f/var/lock/subsys/$ prog
Echo
}
# See how we were called.
Case "$1" in
Start)
Start
;;
Stop)
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [-f/var/lock/subsys/$ prog]; then
Stop
# Avoid race
Sleep 3
Start
Fi
;;
Status)
Status $ prog
RETVAL =$?
If [-f $ pureftpwho] & [$ RETVAL-eq 0]; then
$ Pureftpwho
Fi
;;
*)
Echo $ "Usage: $ prog {start | stop | restart | condrestart | status }"
RETVAL = 1
Esac
Exit $ RETVAL
Modify execution permission
Chmod a + x/etc/rc. d/init. d/pure-ftpd
Go to the setup tool and Configure Automatic startup.
3. Set running options
Vi/etc/pure-ftpd.conf
# Refer to the translation of jeffwu on the chinaunix Station
# Restrict all users in their home directories. comment out the comment to avoid any restriction.
ChrootEveryone yes
# If the previous command is set to "yes", the following group members (GID) can be unrestricted. Other users are restricted in their home directories.
# Note: if the previous command is set to "no", the following group members (GID) can be unrestricted. Other users are restricted to their home directories.
# If you do not want to restrict any users to your home directory, you can comment out ChrootEveryone and TrustedGID.
# Or ChrootEveryone no, and comment the TrustedGID
# (The logic of foreigners is very different and user-friendly, but it is not easy to understand)
# This parameter must be used together with the previous parameter.
# TrustedGID 100
# Compatible with non-formal ftp clients, which are rare now. We recommend that you set it to no
BrokenClientsCompatibility no
# Maximum number of users simultaneously allowed
MaxClientsNumber 50
# Running as a daemon process (Fork in background)
Daemonize yes
# Number of users simultaneously connected to the same IP address
MaxClientsPerIP 8
# If you want to record all customer commands, set this command to "yes ".
VerboseLog no
# Even if the client does not send the '-a' option, it lists hidden files (files starting with dot-files ).
DisplayDotFiles yes
# It is only used as a public anonymous FTP and does not accept authenticated users.
AnonymousOnly no
# Anonymous connections are not allowed. Only Authenticated Users are allowed to use the connection, which is the opposite of the previous one.
NoAnonymous no
# Event level (auth, authpriv, daemon, ftp, security, user, local *) for writing system logs *)
# The default value is "ftp"; "none", which indicates that writing to system logs is prohibited.
SyslogFacility ftp
# Display fortune cookies)
# FortunesFile/usr/share/fortune/zippy
# Do not parse the host name in the log file. We recommend that you set it to yes to reduce system overhead.
DontResolve yes
# Maximum idle time allowed by the client (in minutes, 15 minutes by default)
MaxIdleTime 15
# LDAP configuration file (refer to README. LDAP)
# LDAPConfigFile/etc/pureftpd-ldap.conf
# MySQL configuration file (refer to README. MySQL)
# MySQLConfigFile/etc/pureftpd-mysql.conf
# Postgres configuration file (refer to README. PGSQL)
# PGSQLConfigFile/etc/pureftpd-pgsql.conf
# PureDB user database (refer to README. Virtual-Users)
PureDB/etc/pureftpd. pdb
# Note: setting any of the above authentication methods will block system user authentication, unless the following UnixAuthentication is enabled
# However, if no authentication method is set, pureftp uses system user authentication by default (the logic of foreigners is really different)
# Pure-authd socket path (refer to README. Authentication-Modules)
# ExtAuth/var/run/ftpd. sock
# If you want to enable the PAM Authentication Method, remove the comments in the following line.
# PAMAuthentication yes
# If you want to enable simple Unix system authentication (/etc/passwd), remove the following line of comment.
# UnixAuthentication yes
# Note: LDAP, MySQL, PAM, and other database Authentication and
# UnixAuthentication commands can only be used once. However, they can be used together. For example, if you use
# MySQLConfigFile and UnixAuthentication, the SQL server will be accessed. If the user name is not found
# If SQL authentication fails, another authentication will be attempted in/etc/passwd and/etc/shadow.
# If SQL authentication fails due to a wrong password, authentication will end here. Authentication methods are chained by the order they are given
# Connect.
# 'LS' command recursion restrictions. The first parameter indicates the maximum number of files displayed. The second parameter specifies the maximum subdirectory depth.
LimitRecursion 2000 8
# Can anonymous users create new directories?
AnonymousCanCreateDirs no
# If the system is loaded more than the following value, anonymous users are prohibited from downloading.
MaxLoad 4
# Adjust the firewall for the port range of the passive connection response.
# PassivePortRange 30000 50000
# Force a passive response (PASV/EPSV/SPSV replies) to an IP address ). -For NAT.
# Symbolic host names are also accepted for always ways with dynamic IP
# Addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio of anonymous users.
# AnonymousRatio 1 10
# The upload/download ratio of all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# Do not download files whose owner is "ftp. For example, files uploaded by anonymous users that are not verified by the local administrator.
AntiWarez yes
# The IP address and port of the Service listener. (All IP addresses and port 21 by default)
# Bind 127.0.0.1, 21
# Maximum bandwidth of anonymous users (KB/s ).
# AnonymousBandwidth 8
# Maximum bandwidth of all users (KB/s), including anonymous users.
# Use AnonymousBandwidth * or * UserBandwidth, both makes no sense.
# UserBandwidth 8
# Create the attribute mask value for the Directory and file. <File mask>: <directory mask>.
# The safest part is 177: 077, but it may cause maintenance difficulties.
Umask 133: 022
# The ID (UID) of the group to which the authenticated user is allowed to log on ).
# Note this setting. It is best not to set it to 0 (root can be logged on), and the nobody ID is usually 99.
Min uid 100
# Only Authenticated Users are allowed for FXP transmission.
AllowUserFXP yes
# Anonymous users and non-Anonymous Users are allowed to perform anonymous FXP transmission.
AllowAnonymousFXP no
# You cannot delete or write vertex files (files whose names start with '.'), even if the user is the file owner.
# If the TrustedGID command is not commented out, the user in the file group can access the dot-files ).
ProhibitDotFilesWrite no
# Prohibit reading vertex files (files whose names start with '.') (. history,. ssh ...)
ProhibitDotFilesRead no
# Never overwrite the file. When the uploaded file name already exists, it is automatically renamed, such as: file.1, file.2, file.3 ,...
AutoRename no
# Anonymous users are not allowed to upload new files (no = upload is allowed)
AnonymousCantUpload no
# Only allow non-Anonymous user connections from the following IP addresses. You can use this command to open several public IP addresses to provide anonymous FTP,
# Keep a private IP address protected by the firewall for remote management. You can also allow only one Intranet address for authentication.
# A pure anonymous FTP service is provided on an IP address.
# TrustedIP 10.1.1.1
# If you want to add a PID for each line of the log, remove the comment of the following line.
# LogPID yes
# Create an additional log file in Apache format, such:
# Fw.c9x.org-jedi [13/Dec/1975: 19: 36: 39] "GET/ftp/linux.tar.bz2" 200 21809338
# This log file can be processed by the www traffic analyzer.
# AltLog clf:/var/log/pureftpd. log
# Create an additional log file for the statistical report in an optimized format.
# AltLog stats:/var/log/pureftpd. log
# Create an additional log file in the standard W3C format. (Compatible with most commercial log analyzer)
# AltLog w3c:/var/log/pureftpd. log
# Do not accept the CHMOD command. Users cannot change the attributes of their files.
# NoChmod yes
# Allow users to restore and upload files, but not delete them.
# KeepAllFiles yes
# If the user's main directory does not exist, it is automatically created.
# CreateHomeDir yes
# Enable the virtual disk quota. The first number is the maximum number of files.
# The second number is the maximum total file size (unit: Mb ).
# Therefore, each user can only use 1000 files at, a total of 10 Mb.
# Quota 1000:10
# If your pure-ftpd is added with standalone support during compilation, you can change the pid File
. The default location is/var/run/pure-ftpd.pid.
# PIDFile/var/run/pure-ftpd.pid
# If your pure-ftpd is added with pure-uploadscript support during compilation, this command will make pure-ftpd
# Send information about new uploads to/var/run/pure-ftpd.upload.pipe, so pure-uploadscript
# You can read and call a script to handle new uploads.
# CallUploadScript yes
# This option is useful for servers that allow anonymous uploads. When/var/ftp is in/var, You need to reserve a certain disk space.
# To protect log files. When the disk partition exceeds X %, new uploads are not accepted.
MaxDiskUsage 99
# If you don't want your users to rename the file, set it to yes '.
# NoRename yes
# Is 'customer proof': workund und (workaround) against common customer errors, similar to the error of 'chmod 0 public_html.
# It is a valid command, but it will lead to ignorant customers setting their own files and will make your technical support busy with stupid questions.
# If you are sure that all your users have basic Unix knowledge, this feature will be useless. However, if you are a host provider
.
CustomerProof yes
# Concurrency restrictions for each user. This command starts only after the -- with-peruserlimits compilation option is added.
# Function. (The release of most binary versions is an example)
# Format: <maximum allowed processes for each user>: <maximum anonymous user process>
# For example, indicates that the same authenticated user can have up to three simultaneously active processes. At the same time, you can only have up to 20 anonymous user processes.
# PerUserLimits :20
4. User Management
# If puredb is enabled, at least one user must be added.
Add users
Pure-pw useradd xxx-u ing system user (not smaller than MinUid)-g ing system group-d user directory (-D indicates that the user directory is not locked) -m (required only when the puredb option is enabled)
Edit user
Pure-pw usermod xxx
Delete a user
Pure-pw userdel xxx
For the rest, see pure-pw help.
5. Start the service
/Etc/rc. d/init. d/pure-ftpd start