Installation and configuration of PureFTPd in Linux

1. Download the pure-ftpd source code package and decompress it.
2. Compile, install, and prepare
Go to the decompressed source code directory.
# Configuring compilation parameters and laziness -- everything
./Configure -- with-everything -- with-language = simplified-chinese
# Compilation and Installation
Make
Make install
# Configuration Tool
Chmod 755 configuration-file/pure-config.pl
Cp config-file/pure-config.pl/usr/local/sbin/
Cp configuration-file/pure-ftpd.conf/etc/
# Configure the Automatic startup script, using the official compilation sample, which is indeed relatively general
Vi/etc/rc. d/init. d/pure-ftpd
#! /Bin/bash
#
# Script for the pure-ftpd FTP Server $ Revision: 1.3 $
#
# Chkconfig: 2345 85 15
# Description: Pure-FTPd is an FTP server daemon based upon Troll-FTPd
# Processname: pure-ftpd
# Pidfile:/var/run/pure-ftpd.pid
# Config:/etc/pure-ftpd.conf

 

# Source function library.
./Etc/rc. d/init. d/functions

RETVAL = 0

# Path to the pure-ftp binaries.
Prog = pure-config.pl
Fullpath =/usr/local/sbin/$ prog
Pureftpwho =/usr/local/sbin/pure-ftpwho

Start (){
Echo-n $ "Starting $ prog :"
$ Fullpath/etc/pure-ftpd.conf -- daemonize
RETVAL =$?
[$ RETVAL = 0] & touch/var/lock/subsys/$ prog
Echo
}
Stop (){
Echo-n $ "Stopping $ prog :"
Kill $ (cat/var/run/pure-ftpd.pid)
RETVAL =$?
[$ RETVAL = 0] & rm-f/var/lock/subsys/$ prog
Echo
}

# See how we were called.
Case "$1" in
Start)
Start
;;
Stop)
Stop
;;
Restart)
Stop
Start
;;
Condrestart)
If [-f/var/lock/subsys/$ prog]; then
Stop
# Avoid race
Sleep 3
Start
Fi
;;
Status)
Status $ prog
RETVAL =$?
If [-f $ pureftpwho] & [$ RETVAL-eq 0]; then
$ Pureftpwho
Fi
;;
*)
Echo $ "Usage: $ prog {start | stop | restart | condrestart | status }"
RETVAL = 1
Esac
Exit $ RETVAL
Modify execution permission
Chmod a + x/etc/rc. d/init. d/pure-ftpd
Go to the setup tool and Configure Automatic startup.

3. Set running options
Vi/etc/pure-ftpd.conf
# Refer to the translation of jeffwu on the chinaunix Station

# Restrict all users in their home directories. comment out the comment to avoid any restriction.

ChrootEveryone yes

# If the previous command is set to "yes", the following group members (GID) can be unrestricted. Other users are restricted in their home directories.
# Note: if the previous command is set to "no", the following group members (GID) can be unrestricted. Other users are restricted to their home directories.
# If you do not want to restrict any users to your home directory, you can comment out ChrootEveryone and TrustedGID.
# Or ChrootEveryone no, and comment the TrustedGID
# (The logic of foreigners is very different and user-friendly, but it is not easy to understand)
# This parameter must be used together with the previous parameter.

# TrustedGID 100

# Compatible with non-formal ftp clients, which are rare now. We recommend that you set it to no

BrokenClientsCompatibility no

# Maximum number of users simultaneously allowed

MaxClientsNumber 50

# Running as a daemon process (Fork in background)

Daemonize yes

# Number of users simultaneously connected to the same IP address

MaxClientsPerIP 8

# If you want to record all customer commands, set this command to "yes ".

VerboseLog no

# Even if the client does not send the '-a' option, it lists hidden files (files starting with dot-files ).

DisplayDotFiles yes

# It is only used as a public anonymous FTP and does not accept authenticated users.

AnonymousOnly no

# Anonymous connections are not allowed. Only Authenticated Users are allowed to use the connection, which is the opposite of the previous one.

NoAnonymous no

# Event level (auth, authpriv, daemon, ftp, security, user, local *) for writing system logs *)
# The default value is "ftp"; "none", which indicates that writing to system logs is prohibited.

SyslogFacility ftp

# Display fortune cookies)

# FortunesFile/usr/share/fortune/zippy

# Do not parse the host name in the log file. We recommend that you set it to yes to reduce system overhead.

DontResolve yes

# Maximum idle time allowed by the client (in minutes, 15 minutes by default)

MaxIdleTime 15

# LDAP configuration file (refer to README. LDAP)

# LDAPConfigFile/etc/pureftpd-ldap.conf

# MySQL configuration file (refer to README. MySQL)

# MySQLConfigFile/etc/pureftpd-mysql.conf

# Postgres configuration file (refer to README. PGSQL)

# PGSQLConfigFile/etc/pureftpd-pgsql.conf

# PureDB user database (refer to README. Virtual-Users)

PureDB/etc/pureftpd. pdb

# Note: setting any of the above authentication methods will block system user authentication, unless the following UnixAuthentication is enabled
# However, if no authentication method is set, pureftp uses system user authentication by default (the logic of foreigners is really different)

# Pure-authd socket path (refer to README. Authentication-Modules)

# ExtAuth/var/run/ftpd. sock

# If you want to enable the PAM Authentication Method, remove the comments in the following line.

# PAMAuthentication yes

# If you want to enable simple Unix system authentication (/etc/passwd), remove the following line of comment.

# UnixAuthentication yes

# Note: LDAP, MySQL, PAM, and other database Authentication and
# UnixAuthentication commands can only be used once. However, they can be used together. For example, if you use
# MySQLConfigFile and UnixAuthentication, the SQL server will be accessed. If the user name is not found
# If SQL authentication fails, another authentication will be attempted in/etc/passwd and/etc/shadow.
# If SQL authentication fails due to a wrong password, authentication will end here. Authentication methods are chained by the order they are given
# Connect.

# 'LS' command recursion restrictions. The first parameter indicates the maximum number of files displayed. The second parameter specifies the maximum subdirectory depth.

LimitRecursion 2000 8

# Can anonymous users create new directories?

AnonymousCanCreateDirs no

# If the system is loaded more than the following value, anonymous users are prohibited from downloading.

MaxLoad 4

# Adjust the firewall for the port range of the passive connection response.

# PassivePortRange 30000 50000

# Force a passive response (PASV/EPSV/SPSV replies) to an IP address ). -For NAT.
# Symbolic host names are also accepted for always ways with dynamic IP
# Addresses.

# ForcePassiveIP 192.168.0.1

# Upload/download ratio of anonymous users.

# AnonymousRatio 1 10

# The upload/download ratio of all users.
# This directive superscedes the previous one.

# UserRatio 1 10

# Do not download files whose owner is "ftp. For example, files uploaded by anonymous users that are not verified by the local administrator.

AntiWarez yes

# The IP address and port of the Service listener. (All IP addresses and port 21 by default)

# Bind 127.0.0.1, 21

# Maximum bandwidth of anonymous users (KB/s ).

# AnonymousBandwidth 8

# Maximum bandwidth of all users (KB/s), including anonymous users.
# Use AnonymousBandwidth * or * UserBandwidth, both makes no sense.

# UserBandwidth 8

# Create the attribute mask value for the Directory and file. <File mask>: <directory mask>.
# The safest part is 177: 077, but it may cause maintenance difficulties.

Umask 133: 022

# The ID (UID) of the group to which the authenticated user is allowed to log on ).
# Note this setting. It is best not to set it to 0 (root can be logged on), and the nobody ID is usually 99.

Min uid 100

# Only Authenticated Users are allowed for FXP transmission.

AllowUserFXP yes

# Anonymous users and non-Anonymous Users are allowed to perform anonymous FXP transmission.

AllowAnonymousFXP no

# You cannot delete or write vertex files (files whose names start with '.'), even if the user is the file owner.
# If the TrustedGID command is not commented out, the user in the file group can access the dot-files ).

ProhibitDotFilesWrite no

# Prohibit reading vertex files (files whose names start with '.') (. history,. ssh ...)

ProhibitDotFilesRead no

# Never overwrite the file. When the uploaded file name already exists, it is automatically renamed, such as: file.1, file.2, file.3 ,...

AutoRename no

# Anonymous users are not allowed to upload new files (no = upload is allowed)

AnonymousCantUpload no

# Only allow non-Anonymous user connections from the following IP addresses. You can use this command to open several public IP addresses to provide anonymous FTP,
# Keep a private IP address protected by the firewall for remote management. You can also allow only one Intranet address for authentication.
# A pure anonymous FTP service is provided on an IP address.

# TrustedIP 10.1.1.1

# If you want to add a PID for each line of the log, remove the comment of the following line.

# LogPID yes

# Create an additional log file in Apache format, such:
# Fw.c9x.org-jedi [13/Dec/1975: 19: 36: 39] "GET/ftp/linux.tar.bz2" 200 21809338
# This log file can be processed by the www traffic analyzer.

# AltLog clf:/var/log/pureftpd. log

# Create an additional log file for the statistical report in an optimized format.

# AltLog stats:/var/log/pureftpd. log

# Create an additional log file in the standard W3C format. (Compatible with most commercial log analyzer)

# AltLog w3c:/var/log/pureftpd. log

# Do not accept the CHMOD command. Users cannot change the attributes of their files.

# NoChmod yes

# Allow users to restore and upload files, but not delete them.

# KeepAllFiles yes

# If the user's main directory does not exist, it is automatically created.

# CreateHomeDir yes

# Enable the virtual disk quota. The first number is the maximum number of files.
# The second number is the maximum total file size (unit: Mb ).
# Therefore, each user can only use 1000 files at, a total of 10 Mb.

# Quota 1000:10

# If your pure-ftpd is added with standalone support during compilation, you can change the pid File
. The default location is/var/run/pure-ftpd.pid.

# PIDFile/var/run/pure-ftpd.pid

# If your pure-ftpd is added with pure-uploadscript support during compilation, this command will make pure-ftpd
# Send information about new uploads to/var/run/pure-ftpd.upload.pipe, so pure-uploadscript
# You can read and call a script to handle new uploads.

# CallUploadScript yes

# This option is useful for servers that allow anonymous uploads. When/var/ftp is in/var, You need to reserve a certain disk space.
# To protect log files. When the disk partition exceeds X %, new uploads are not accepted.

MaxDiskUsage 99

# If you don't want your users to rename the file, set it to yes '.

# NoRename yes

# Is 'customer proof': workund und (workaround) against common customer errors, similar to the error of 'chmod 0 public_html.
# It is a valid command, but it will lead to ignorant customers setting their own files and will make your technical support busy with stupid questions.
# If you are sure that all your users have basic Unix knowledge, this feature will be useless. However, if you are a host provider
.

CustomerProof yes

# Concurrency restrictions for each user. This command starts only after the -- with-peruserlimits compilation option is added.
# Function. (The release of most binary versions is an example)
# Format: <maximum allowed processes for each user>: <maximum anonymous user process>
# For example, indicates that the same authenticated user can have up to three simultaneously active processes. At the same time, you can only have up to 20 anonymous user processes.

# PerUserLimits :20

4. User Management
# If puredb is enabled, at least one user must be added.
Add users
Pure-pw useradd xxx-u ing system user (not smaller than MinUid)-g ing system group-d user directory (-D indicates that the user directory is not locked) -m (required only when the puredb option is enabled)
Edit user
Pure-pw usermod xxx
Delete a user
Pure-pw userdel xxx
For the rest, see pure-pw help.

5. Start the service
/Etc/rc. d/init. d/pure-ftpd start