Tutorial on installation and configuration of PURE-FTPD under Ubuntu system

Source: Internet
Author: User
Tags anonymous auth chmod comments config file size ftp perl script

Installation

Ubuntu/debian offers three different pure-ftpd Deb installation packs, respectively, PURE-FTPD, Pure-ftpd-ldap, and Pure-ftpd-mysql, where LDAP and MySQL respectively represent PURE-FTPD Integrated with LDAP and MySQL, the other three packages are dependent on Pure-ftpd-common. If we don't need LDAP and MySQL, we can choose PURE-FTPD.

The code is as follows:

Apt-get Install Pure-ftp-common pure-ftpd

How to configure

Unlike most other daemons (daemon), the PURE-FTPD configuration is special: it does not read any configuration files, and the configuration options are implemented through command-line arguments. For example, the parameter '-h ' is designed to speed up the server by avoiding DNS queries. To enable this attribute, we only need to add it to the command line: Pure-ftpd-h. Alternative long parameters are also supported, and the following is an equivalent command pure-ftpd--dontresolve

For users who like profiles, PURE-FTPD has a solution: To parse the configuration file and convert it to command-line arguments through an encapsulation (wrapper) tool. First edit the profile pure-ftpd.conf according to your needs, and then start pure-config.pl/etc/pure-ftpd.conf with the following command. pure-config.pl is a Perl script that invokes PURE-FTPD based on a configuration file with the appropriate command-line options.

In Ubuntu/debian, developers took another wrapper approach: instead of using a single configuration file, they built a pure-ftpd directory under/etc, with Conf, Auth, DB, three directories and one named Pureftpd-alias-dir's file. Each configuration option exists as a file in the/etc/pure-ftpd/conf directory, with the option as the filename and the option value as the file content. For example, if you want to configure Anonymousonly=yes (allow only anonymous users), create a file named AnonymousOnly in/etc/pure-ftpd/conf with only one line: Yes.

In Ubuntu, we only focus on the last configuration.

Configuration options

Through PURE-FTPD's hand album We can get a detailed list of command line arguments and their explanations:

Copy Code

The code is as follows:

Mans PURE-FTPD

Through Pure-ftpd-wrapper's hand album we can get a list of available profile options:

The code is as follows:

Mans Pure-ftpd-wrapper

Here is the second configuration file that we described earlier, which we can understand here as a third way. For example, to restrict all users in their home directory, create a file named Chrooteveryone in/etc/pure-ftpd/conf, and add a line to it: Yes.

# limit all users in their home directory

Chrooteveryone Yes

# If the previous instruction is set to ' no ', the members of the following group (GID) are not limited by the home directory. And the other users are

# will be limited to its own home directory. If you don't want to limit any users to your home directory, just comment out the Chrooteveryone

# and Trustedgid will be OK.

# Trustedgid 100

# Compatible with IE and other non-normalized FTP clients

Brokenclientscompatibility No

# Maximum number of users who are allowed to connect at the same time

Maxclientsnumber 50

# as a daemon (Doemon) process run (Fork in background)

Daemonize Yes

# Number of simultaneous users of the same IP allowed (Maximum count of SIM clients with the same IP address)

Maxclientsperip 8

# If you want to record all the client commands, set this directive to ' yes '.

# This directive can is duplicated to also log server responses.

Verboselog No

# hidden files (dot-files) are listed even if the client does not send the '-a ' option.

Displaydotfiles Yes

# Authentication users are not allowed-only as a public anonymous FTP.

AnonymousOnly No

# Anonymous connections are not allowed, only authenticated users are allowed to use them.

Noanonymous No

# Syslog Facility (auth, authpriv, daemon, FTP, security, user, local*)

# The default function (facility) is "FTP". "None" disables the log.

Syslogfacility FTP

# Customizing the user's display information after login (Display fortune cookies)

# Fortunesfile/usr/share/fortune/zippy

# The host name is not resolved in the log file. If the log is not so detailed, use less bandwidth. In a very large number of visits

# site, set this instruction to "yes" if you don't have a DNS to work with.

Dontresolve Yes

# Maximum idle time allowed by client (minutes, default 15 minutes)

MaxIdleTime 15

# LDAP configuration file (Reference README.) LDAP)

# ldapconfigfile/etc/pureftpd-ldap.conf

# MySQL configuration file (Reference README.) MySQL)

# mysqlconfigfile/etc/pureftpd-mysql.conf

# Postgres configuration file (Reference README.) Pgsql)

# pgsqlconfigfile/etc/pureftpd-pgsql.conf

# Puredb User Database (reference README.) Virtual-users)

# puredb/etc/pureftpd.pdb

# PURE-AUTHD Socket Path (reference README.) Authentication-modules)

# Extauth/var/run/ftpd.sock

# If you want to enable the PAM authentication method, remove the comments in the line below.

# pamauthentication Yes

# If you want to enable a simple Unix system authentication Method (/ETC/PASSWD), remove the comments from the line below.

# unixauthentication Yes

# Please note, ldapconfigfile, Mysqlconfigfile, Pamauthentication and

# unixauthentication These instructions can only be used once, but they can be mixed together. For example: if you use a

# Mysqlconfigfile and Unixauthentication, then SQL server will be accessed. If the user name is not found

# to make SQL authentication fail, you will try another authentication in/etc/passwd and/etc/shadow, if

# If the SQL authentication fails for the wrong password, the authentication will end here. Authentication methods are chained by the order in which they are given

# Pick it up.

# recursive limits for ' ls ' command. The first parameter gives the maximum number of files to display. The second parameter gives the maximum subdirectory depth.

Limitrecursion 2000 8

# Allow anonymous users to create a new directory?

Anonymouscancreatedirs No

# Anonymous users are not allowed to download if the system is loaded beyond the value below.

Maxload 4

# The port range for the passive connection response. -For firewalling.

# PassivePortRange 30000 50000

# force an IP address to use a passive response (PASV/EPSV/SPSV replies). -For NAT.

# Symbolic host names are also accepted for gateways with dynamic IP

# addresses.

# FORCEPASSIVEIP 192.168.0.1

# Upload/download rate for anonymous users.

# anonymousratio 1 10

# Upload/download rate for all users.

# this directive superscedes the previous one.

# userratio 1 10

# does not accept downloads of files that are owned by FTP. For example, files that were not authenticated by the local administrator after the anonymous user was uploaded.

Antiwarez Yes

Second file

# The default encoding when the client logs on, the option to open the Windows login will not show the Chinese

Clientcharset GBK

# The IP address and port on which the service listens. (The default is all IP addresses and port 21)

# Bind 127.0.0.1,21

# Maximum bandwidth for anonymous users (KB/S).

# Anonymousbandwidth 8

# Maximum bandwidth for all users (KB/S), including anonymous users.

# Use Anonymousbandwidth *or* userbandwidth, both makes no sense.

# Userbandwidth 8

# New directory and file's property mask value. < file mask >;:< directory mask >;.

# 177:077 If you feel paranoid.

Umask 133:022

# The most group ID (UID) that the authenticated user allows to log in.

Minuid 100

# Only authenticated users are allowed to transmit FXP.

ALLOWUSERFXP Yes

# Allow anonymous FXP transmissions for anonymous and non-anonymous users.

ALLOWANONYMOUSFXP No

# users cannot delete and write point files (files with file names beginning with '. '), even if the user is the owner of the file.

# If the TRUSTEDGID directive is enabled, the group of users to which the file belongs can access the point file (dot-files).

Prohibitdotfileswrite No

# prohibit read-point files (files with file names beginning with '. ') (. History,. SSH ...)

Prohibitdotfilesread No

# never overwrite files. When the uploaded file, its filename already exists, automatically renamed, such as: File.1, file.2, file.3, ...

Autorename No

# do not accept anonymous users to upload new files (no = Allow upload)

Anonymouscantupload No

# only non-anonymous user connections from the following IP addresses are allowed. You can use this command to open several public network IP to provide anonymous FTP,

# while preserving a private firewall-protected IP for remote administration. You can also only allow one intranet address to authenticate, while in the other

# An FTP service that provides pure anonymity on an IP.

#TrustedIP 10.1.1.1

# If you want to add PID for each row of the log, remove the comment for the line below.

# Logpid Yes

# Create an extra log file using an Apache-like format, such as:

# Fw.c9x.org-jedi [13/dec/1975] "get/ftp/linux.tar.bz2" 200 21809338

# This log file can be processed by the WWW Traffic Analyzer.

# Altlog Clf:/var/log/pureftpd.log

# Create an extra log file for the statistic report using the optimized format.

# Altlog Stats:/var/log/pureftpd.log

# Create an extra log file using the standard format of the PDF. (Compatible with most commercial log analyzer)

# Altlog W3c:/var/log/pureftpd.log

# do not accept the CHMOD command. Users cannot change the properties of their files.

# Nochmod Yes

# Allow users to recover and upload files, but not delete them.

# Keepallfiles Yes

# automatically created if the user's home directory does not exist.

# Createhomedir Yes

# Enable virtual disk quotas. The first number is the maximum number of files.

# The second number is the largest total file size in megabytes (MB).

# So, 1000:10 limit each user can only use 1000 files, a total of 10Mb.

# Quota 1000:10

# If your pure-ftpd is compiled with standalone server (standalone) support, you can change the PID file

# 's position. The default location is/var/run/pure-ftpd.pid.

# Pidfile/var/run/pure-ftpd.pid

# If your pure-ftpd is compiled with pure-uploadscript support, this command will make PURE-FTPD

# Send information about new uploads to/var/run/pure-ftpd.upload.pipe, so Pure-uploadscript

# you can read and then call a script to handle the new upload.

# Calluploadscript Yes

# This option is useful for servers that allow anonymous uploads. When/var/ftp is in/var, you need to keep some disk space

# to protect log files. When the disk partition is in use more than X, the new upload is not accepted.

Maxdiskusage 99

# If you don't want your user to rename the file, set it to ' yes '.

# Norename Yes

# is ' Customer proof ': Workspace (workaround) against common customer error, similar to: ' chmod 0 public_html ' error.

# that is a valid command, however, will cause ignorant customers to set their own files that will keep your technical support busy with silly questions.

# This feature will be useless if you are convinced that all of your users have basic UNIX knowledge. However, if you are a host provider

# then, enable it.

Customerproof Yes

# Concurrency restrictions for each user. This instruction is only available after you have added the--with-peruserlimits compilation option to compile

Role (most binary release versions are examples)

# format is: < per user maximum allowed process >;:< Max anonymous user process >;

# For example: 3:20 means that the same authenticated user can have a maximum of 3 simultaneous processes. And there can be up to 20 anonymous user processes at the same time.

# peruserlimits 3:20

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.