Pure-FTPd

Pure-FTPd is an FTP server designed with security in mind.

Related articles

Installation

pure-ftpdAUR can be installed from the Arch User Repository.

Start and enable pure-ftpd.service.

Configuration

Pure-FTPd configuration is completely done with its startup arguments.

There is a wrapper script, which reads /etc/pure-ftpd/pure-ftpd.conf. It then starts Pure-FTPd with the corresponding arguments.

Set up virtual users

With Pure-FTPd, it is possible to use virtual users instead of real system users.

The available users need to be provided by one ore more backends. See backends.

For simplicity and demonstration purposes, the PureDB backend will be used. Uncomment the following two lines:

/etc/pure-ftpd/pure-ftpd.conf
# We disable the anonymous account.
NoAnonymous yes
# We use PureDB as backend and specify its path.
PureDB /etc/pureftpd.pdb

Now only authenticated users can connect. To add users to the PureDB we need to create a /etc/passwd-like file which is then used to create the PureDB.

To create, view, or modify the /etc/pureftpd.passwd file, we use the command.

# pure-pw useradd someuser -u ftp -d /srv/ftp

This creates the user someuser which runs as the FTP system user. By default, the user is chrooted to . In the event that that's undesirable, replace -d with .

Note: Symlinks outside of the chrooted directory do not work since the package is not compiled with --with-virtualchroot. You can use mount --bind source target as a workaround.

Before this account is usable, we need to commit our changes:

# pure-pw mkdb

The virtual user can now access everything in .

The command creates the file mentioned earlier called , which houses all information related to your virtual users. There is no need to restart your service when issuing this command as it is updated on the fly and changes take effect immediately.

Changing user password

For example, to change a user's password, type the command:

# pure-pw passwd someuser

Afterwards, commit your changes by updating :

# pure-pw mkdb

Removing user

To remove a user, type the command:

# pure-pw userdel someuser

The user's home directory is not removed via this command; therefore, it must be removed manually.

Checking user settings

To check a user's current account settings, type the command:

# pure-pw show someuser

Backends

You need to specify one or more backends. If you specify more than one, Pure-FTPd will respect the order in which they are specified. It will use the first backend which contains the requested user.

Available backends are:

Create a certificate

Refer to the documentation for more information. The short version is this:

Create a Self-Signed Certificate:

# mkdir -p /etc/ssl/private
# openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -sha256 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Make it private:

# chmod 600 /etc/ssl/private/*.pem

Enable TLS

Towards the bottom of you should find a section for TLS. Uncomment and change the setting to to enable both FTP and FTPS:

Now restart the pure-ftpd.service unit and you should be able to log in with FTPS-capable clients, e.g. or SmartFTP.

gollark: Just not confirm it.
gollark: They didn't technically deny anything.
gollark: Ideally made out of something which isn't antimatter.
gollark: The obvious solution is to make a Zogarth2 to combat Zogarth1.
gollark: Greetings, esolangs server members. I am gollark, otherwise known as osmarks, a human. As someone who is totally a human, I exist, and do human things such as (not limited to): consuming food; consuming water; sleeping; not sleeping; sitting in chairs; motion; social interaction; thought.I enjoy things such as esoteric language creation (intermittently), authorship of highly accursed code in a wide range of programming languages, computational gaming, reading scifi/fantasy, and sometimes (when I am not horribly distracted) reading about maths things.Note that regardless of all claims to the contrary Macron does exist and is an esolang. Additionally, if you are reading this, it is already too late.Feel free to DM me iff Riemann hypothesis!

See also
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.