Ubuntu/debian offers three different pure-ftpd Deb installation packs, respectively, PURE-FTPD, Pure-ftpd-ldap, and Pure-ftpd-mysql, where LDAP and MySQL respectively represent PURE-FTPD Integrated with LDAP and MySQL, the other three packages are dependent on Pure-ftpd-common. If we don't need LDAP and MySQL, we can choose PURE-FTPD.
The code is as follows:
Apt-get Install Pure-ftp-common pure-ftpd
How to configure
Unlike most other daemons (daemon), the PURE-FTPD configuration is special: it does not read any configuration files, and the configuration options are implemented through command-line arguments. For example, the parameter '-h ' is designed to speed up the server by avoiding DNS queries. To enable this attribute, we only need to add it to the command line: Pure-ftpd-h. Alternative long parameters are also supported, and the following is an equivalent command pure-ftpd--dontresolve
For users who like profiles, PURE-FTPD has a solution: To parse the configuration file and convert it to command-line arguments through an encapsulation (wrapper) tool. First edit the profile pure-ftpd.conf according to your needs, and then start pure-config.pl/etc/pure-ftpd.conf with the following command. pure-config.pl is a Perl script that invokes PURE-FTPD based on a configuration file with the appropriate command-line options.
In Ubuntu/debian, developers took another wrapper approach: instead of using a single configuration file, they built a pure-ftpd directory under/etc, with Conf, Auth, DB, three directories and one named Pureftpd-alias-dir's file. Each configuration option exists as a file in the/etc/pure-ftpd/conf directory, with the option as the filename and the option value as the file content. For example, if you want to configure Anonymousonly=yes (allow only anonymous users), create a file named AnonymousOnly in/etc/pure-ftpd/conf with only one line: Yes.
In Ubuntu, we only focus on the last configuration.
Through PURE-FTPD's hand album We can get a detailed list of command line arguments and their explanations:
The code is as follows:
Through Pure-ftpd-wrapper's hand album we can get a list of available profile options:
The code is as follows:
Here is the second configuration file that we described earlier, which we can understand here as a third way. For example, to restrict all users in their home directory, create a file named Chrooteveryone in/etc/pure-ftpd/conf, and add a line to it: Yes.
# limit all users in their home directory
# If the previous instruction is set to ' no ', the members of the following group (GID) are not limited by the home directory. And the other users are
# will be limited to its own home directory. If you don't want to limit any users to your home directory, just comment out the Chrooteveryone
# and Trustedgid will be OK.
# Trustedgid 100
# Compatible with IE and other non-normalized FTP clients
# Maximum number of users who are allowed to connect at the same time
# as a daemon (Doemon) process run (Fork in background)
# Number of simultaneous users of the same IP allowed (Maximum count of SIM clients with the same IP address)
# If you want to record all the client commands, set this directive to ' yes '.
# This directive can is duplicated to also log server responses.
# hidden files (dot-files) are listed even if the client does not send the '-a ' option.
# Authentication users are not allowed-only as a public anonymous FTP.
# Anonymous connections are not allowed, only authenticated users are allowed to use them.
# Syslog Facility (auth, authpriv, daemon, FTP, security, user, local*)
# The default function (facility) is "FTP". "None" disables the log.
# Customizing the user's display information after login (Display fortune cookies)
# The host name is not resolved in the log file. If the log is not so detailed, use less bandwidth. In a very large number of visits
# site, set this instruction to "yes" if you don't have a DNS to work with.
# Maximum idle time allowed by client (minutes, default 15 minutes)
# LDAP configuration file (Reference README.) LDAP)
# MySQL configuration file (Reference README.) MySQL)
# Postgres configuration file (Reference README.) Pgsql)
# Puredb User Database (reference README.) Virtual-users)
# PURE-AUTHD Socket Path (reference README.) Authentication-modules)
# If you want to enable the PAM authentication method, remove the comments in the line below.
# pamauthentication Yes
# If you want to enable a simple Unix system authentication Method (/ETC/PASSWD), remove the comments from the line below.
# unixauthentication Yes
# Please note, ldapconfigfile, Mysqlconfigfile, Pamauthentication and
# unixauthentication These instructions can only be used once, but they can be mixed together. For example: if you use a
# Mysqlconfigfile and Unixauthentication, then SQL server will be accessed. If the user name is not found
# to make SQL authentication fail, you will try another authentication in/etc/passwd and/etc/shadow, if
# If the SQL authentication fails for the wrong password, the authentication will end here. Authentication methods are chained by the order in which they are given
# Pick it up.
# recursive limits for ' ls ' command. The first parameter gives the maximum number of files to display. The second parameter gives the maximum subdirectory depth.
Limitrecursion 2000 8
# Allow anonymous users to create a new directory?
# Anonymous users are not allowed to download if the system is loaded beyond the value below.
# The port range for the passive connection response. -For firewalling.
# PassivePortRange 30000 50000
# force an IP address to use a passive response (PASV/EPSV/SPSV replies). -For NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# FORCEPASSIVEIP 192.168.0.1
# Upload/download rate for anonymous users.
# anonymousratio 1 10
# Upload/download rate for all users.
# this directive superscedes the previous one.
# userratio 1 10
# does not accept downloads of files that are owned by FTP. For example, files that were not authenticated by the local administrator after the anonymous user was uploaded.
# The default encoding when the client logs on, the option to open the Windows login will not show the Chinese
# The IP address and port on which the service listens. (The default is all IP addresses and port 21)
# Bind 127.0.0.1,21
# Maximum bandwidth for anonymous users (KB/S).
# Anonymousbandwidth 8
# Maximum bandwidth for all users (KB/S), including anonymous users.
# Use Anonymousbandwidth *or* userbandwidth, both makes no sense.
# Userbandwidth 8
# New directory and file's property mask value. < file mask >;:< directory mask >;.
# 177:077 If you feel paranoid.
# The most group ID (UID) that the authenticated user allows to log in.
# Only authenticated users are allowed to transmit FXP.
# Allow anonymous FXP transmissions for anonymous and non-anonymous users.
# users cannot delete and write point files (files with file names beginning with '. '), even if the user is the owner of the file.
# If the TRUSTEDGID directive is enabled, the group of users to which the file belongs can access the point file (dot-files).
# prohibit read-point files (files with file names beginning with '. ') (. History,. SSH ...)
# never overwrite files. When the uploaded file, its filename already exists, automatically renamed, such as: File.1, file.2, file.3, ...
# do not accept anonymous users to upload new files (no = Allow upload)
# only non-anonymous user connections from the following IP addresses are allowed. You can use this command to open several public network IP to provide anonymous FTP,
# while preserving a private firewall-protected IP for remote administration. You can also only allow one intranet address to authenticate, while in the other
# An FTP service that provides pure anonymity on an IP.
# If you want to add PID for each row of the log, remove the comment for the line below.
# Logpid Yes
# Create an extra log file using an Apache-like format, such as:
# Fw.c9x.org-jedi [13/dec/1975] "get/ftp/linux.tar.bz2" 200 21809338
# This log file can be processed by the WWW Traffic Analyzer.
# Altlog Clf:/var/log/pureftpd.log
# Create an extra log file for the statistic report using the optimized format.
# Altlog Stats:/var/log/pureftpd.log
# Create an extra log file using the standard format of the PDF. (Compatible with most commercial log analyzer)
# Altlog W3c:/var/log/pureftpd.log
# do not accept the CHMOD command. Users cannot change the properties of their files.
# Nochmod Yes
# Allow users to recover and upload files, but not delete them.
# Keepallfiles Yes
# automatically created if the user's home directory does not exist.
# Createhomedir Yes
# Enable virtual disk quotas. The first number is the maximum number of files.
# The second number is the largest total file size in megabytes (MB).
# So, 1000:10 limit each user can only use 1000 files, a total of 10Mb.
# Quota 1000:10
# If your pure-ftpd is compiled with standalone server (standalone) support, you can change the PID file
# 's position. The default location is/var/run/pure-ftpd.pid.
# If your pure-ftpd is compiled with pure-uploadscript support, this command will make PURE-FTPD
# Send information about new uploads to/var/run/pure-ftpd.upload.pipe, so Pure-uploadscript
# you can read and then call a script to handle the new upload.
# Calluploadscript Yes
# This option is useful for servers that allow anonymous uploads. When/var/ftp is in/var, you need to keep some disk space
# to protect log files. When the disk partition is in use more than X, the new upload is not accepted.
# If you don't want your user to rename the file, set it to ' yes '.
# Norename Yes
# is ' Customer proof ': Workspace (workaround) against common customer error, similar to: ' chmod 0 public_html ' error.
# that is a valid command, however, will cause ignorant customers to set their own files that will keep your technical support busy with silly questions.
# This feature will be useless if you are convinced that all of your users have basic UNIX knowledge. However, if you are a host provider
# then, enable it.
# Concurrency restrictions for each user. This instruction is only available after you have added the--with-peruserlimits compilation option to compile
Role (most binary release versions are examples)
# format is: < per user maximum allowed process >;:< Max anonymous user process >;
# For example: 3:20 means that the same authenticated user can have a maximum of 3 simultaneous processes. And there can be up to 20 anonymous user processes at the same time.
# peruserlimits 3:20