Pure-FTPD + pureadmin (Ftp server with gui)

Install ''Pure-FTPD'' with GUI

1. Install the pure-ftpd package and the pureadmin package from the Universe Repository.

   sudo apt-get install pure-ftpd pureadmin

2. Then create the user group.

   sudo groupadd ftpgroup

   and

   sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser

   in the terminal.

3. Next create your ftpuser directory

   sudo mkdir /home/ftpusers

4. Then to create a user directory for joe

   sudo mkdir /home/ftpusers/joe

   (you can create a directory for each ftp user)

5. Then to add user joe

   sudo pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe

6. Then to create you user database

   sudo pure-pw mkdb

7. Then

   sudo ln -s /etc/pure-ftpd/pureftpd.passwd /etc/pureftpd.passwd

   and

   sudo ln -s /etc/pure-ftpd/pureftpd.pdb /etc/pureftpd.pdb

   and

   sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/PureDB

   which will create symbolic links between the respective files.

8. Next you need to modify the permissions of /home/ftpusers directory and of any other subdirectories. The owner must be ftpuser while Group must be ftpgroup

   sudo chown -hR ftpuser:ftpgroup /home/ftpusers/

9. After doing that open up pureadmin in the terminal.

   gksudo pureadmin

   and stop firestarter if it is installed.

NOTES

• The user joe is used as an example, you can change user joe and/or add or remove other users through pureadmin.

You may need to restart PureFTPD before changes take effect.

sudo /etc/init.d/pure-ftpd restart

SECURITY

1. FTP is by nature a rather unsecure protocol. Add TLS support to prevent your sessions from being vulnerable to man-in-the-middle-attacks

   sudo apt-get install openssl

2. Enable TLS only mode in Pure-FTPd

   sudo echo 2 > /etc/pure-ftpd/conf/TLS

or for a less secure version that also accepts insecure FTP connections

sudo echo 1 > /etc/pure-ftpd/conf/TLS

1. Make a private SSL key

   sudo mkdir -p /etc/ssl/private/

2. Create your key

   sudo openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

3. SSL certificates are inherently insecure if other users can read them. You must secure the certificate before it can be used by changing file permissions.

   sudo chmod 600 /etc/ssl/private/pure-ftpd.pem

4. And now you need to restart Pure-FTPd

   /etc/init.d/pure-ftpd restart

TROUBLESHOOTING

You may be given one of these warnings when trying to connect to your server:

 [WARNING] Can't login as [joe]: account disabled

 "Sorry, but I can't trust you" 

These two warnings occur if your system set the UserID (UID) and/or GroupID (GID) associated with the ftpuser user below 1000. To see what the current values are, type the following at a shell:

• id ftpuser

  You'll be given something similar to the following:

  uid=572(ftpuser) gid=972(ftpgroup) groups=972(ftpgroup)

  The actual numbers don't matter much, but they should be higher then 1000 for Pure-FTPD to be happy.
  To fix the UserID (UID) portion, open a shell and type:

  sudo usermod -u 1021 -p -U ftpuser

  To fix the GroupID (GID):

  sudo groupmod -g 1022 ftpgroup

Restart the Pure-FTPD daemon and you should be up and running.

Original Ubuntu Forums thread: http://ubuntuforums.org/showthread.php?t=91052

Launch Pad Question: https://answers.launchpad.net/ubuntu/+source/pure-ftpd/+question/99048