Pure-FTPD + pureadmin (Ftp server with gui)

Install ''Pure-FTPD'' with GUI

  1. Install the pure-ftpd package and the pureadmin package from the Universe Repository. 

    sudo apt-get install pure-ftpd pureadmin

  2. Then create the user group. 

    sudo groupadd ftpgroup

    and 

    sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser
    in the terminal.

  3. Next create your ftpuser directory 

    sudo mkdir /home/ftpusers

  4. Then to create a user directory for joe 

    sudo mkdir /home/ftpusers/joe
    (you can create a directory for each ftp user)

  5. Then to add user joe 

    sudo pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe

  6. Then to create you user database 

    sudo pure-pw mkdb

  7. Then 

    sudo ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd

    and 

    sudo ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb

    and 

    sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB
    which will create symbolic links between the respective files.

  8. Next you need to modify the permissions of /home/ftpusers directory and of any other subdirectories. The owner must be ftpuser while Group must be ftpgroup 

    sudo chown -hR ftpuser:ftpgroup /home/ftpusers/

  9. After doing that open up pureadmin in the terminal. 

    gksudo pureadmin
    and stop firestarter if it is installed.

NOTES

  • The user joe is used as an example, you can change user joe and/or add or remove other users through pureadmin.

You may need to restart PureFTPD before changes take effect. 

sudo /etc/init.d/pure-ftpd restart


SECURITY

  1. FTP is by nature a rather unsecure protocol. Add TLS support to prevent your sessions from being vulnerable to man-in-the-middle-attacks 

    sudo apt-get install openssl

  2. Enable TLS only mode in Pure-FTPd 

    sudo echo 2 > /etc/pure-ftpd/conf/TLS

    or for a less secure version that also accepts insecure FTP connections 

    sudo echo 1 > /etc/pure-ftpd/conf/TLS

  3. Make a private SSL key 

    sudo mkdir -p /etc/ssl/private/

  4. Create your key 

    sudo openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

  5. SSL certificates are inherently insecure if other users can read them. You must secure the certificate before it can be used by changing file permissions. 

    sudo chmod 600 /etc/ssl/private/pure-ftpd.pem

  6. And now you need to restart Pure-FTPd 

    /etc/init.d/pure-ftpd restart

AMAZON AWS SETTINGS

  1. If installing on an AWS server, you will need to configure IP address routing information specific to your server. If using the default UBUNTU server, use the following. Note that echo will not properly be able to edit a file unless you are in a sudo shell, which is why we use "sudo bash -c". 

    cd /etc/pure-ftpd/conf
sudo bash -c 'echo "35000 36000" > PassivePortRange'
sudo bash -c 'echo "YOURIPHERE" > ForcePassiveIP'
sudo bash -c 'echo "yes" > DontResolve'

    These commands will allow most programs, like FileZilla, to connect via FTP passive mode to the server. Amazon AWS servers use internal IP addresses starting with "10." for most things, and you will need to explicitly define this IP address for your FTP software to be able to communicate.

  2. Update your Amazon AWS Firewall settings. 

    "Custom TCP Range" 35000 36000
"Custom TCP Range" 21

TROUBLESHOOTING

You may be given one of these warnings when trying to connect to your server: 

 [WARNING] Can't login as [joe]: account disabled

 "Sorry, but I can't trust you"

These two warnings occur if your system set the UserID (UID) and/or GroupID (GID) associated with the ftpuser user below 1000. To see what the current values are, type the following at a shell: 

  • id ftpuser
    You'll be given something similar to the following: 
    uid=572(ftpuser) gid=972(ftpgroup) groups=972(ftpgroup)

    The actual numbers don't matter much, but they should be higher then 1000 for Pure-FTPD to be happy.
    To fix the UserID (UID) portion, open a shell and type: 

    sudo usermod -u 1021 -p -U ftpuser
    To fix the GroupID (GID): 
    sudo groupmod -g 1022 ftpgroup

Restart the Pure-FTPD daemon and you should be up and running.

Configuration

  1. View the readme file for more information about pure-ftpd. http://download.pureftpd.org/pub/pure-ftpd/doc/README

  2. Note that Ubuntu uses a wrapper script to launch pure-ftpd using your desired configuration. Some of the options you can use can be found at http://wiki.ggis.biz/index.php/Pure-FTPd_on_Ubuntu and are shown below. These are not defaults and may be insecure, so try to understand their usage first. These are meant to modify files in the /etc/pure-ftpd/conf directory.

echo 'yes' > ChrootEveryone

echo 'yes' > BrokenClientsCompatibility

echo '50' > MaxClientsNumber

echo '5' > MaxClientsPerIP

echo 'yes' > Daemonize

echo 'no' > VerboseLog

echo 'yes' > DisplayDotFiles

echo 'yes' > ProhibitDotFilesWrite

echo 'yes' > NoChmod

echo 'no' > AnonymousOnly

echo 'yes' > NoAnonymous

echo 'no' > PAMAuthentication

echo 'no' > UnixAuthentication

echo '/etc/pure-ftpd/pureftpd.pdb' > PureDB

echo 'yes' > DontResolve

echo '15' > MaxIdleTime

echo '2000 8' > LimitRecursion

echo 'yes' > AntiWarez

echo 'no' > AnonymousCanCreateDirs

echo '4' > MaxLoad

echo 'no' > AllowUserFXP

echo 'no' > AllowAnonymousFXP

echo 'no' > AutoRename

echo 'yes' > AnonymousCantUpload

echo 'yes' > NoChmod

echo '80' > MaxDiskUsage

echo 'yes' > CustomerProof

echo '0' > TLS

Original Ubuntu Forums thread: http://ubuntuforums.org/showthread.php?t=91052

Launch Pad Question: https://answers.launchpad.net/ubuntu/+source/pure-ftpd/+question/99048

PureFTP (last edited 2014-07-30 04:16:41 by 173-28-250-182)