Install PureFTPd with virtual users
PureFTPd is a very lightweight daemon which has the ability to store the credentials in a mysql database. Installing it in Ubuntu 9.10 is pretty straight forward:
apt-get install pure-ftpd-mysql
We must also create the ftpuser and group that all the virtual users will be mapped to:
groupadd -g 2001 ftpgroup useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser
The next step is to create the actual database in which the virtual users are stored:
mysql -u root -p CREATE DATABASE pureftpd; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'ftpadmin'@'localhost' IDENTIFIED BY 'YOURPASSWORD'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO 'ftpadmin'@'localhost.localdomain' IDENTIFIED BY 'YOURPASSWORD'; FLUSH PRIVILEGES;
PureFTPd only needs one table, so go ahead and create it:
USE pureftpd; CREATE TABLE ftpd ( User varchar(16) NOT NULL default '', status enum('0','1') NOT NULL default '0', Password varchar(64) NOT NULL default '', Uid varchar(11) NOT NULL default '-1', Gid varchar(11) NOT NULL default '-1', Dir varchar(128) NOT NULL default '', ULBandwidth smallint(5) NOT NULL default '0', DLBandwidth smallint(5) NOT NULL default '0', comment tinytext NOT NULL, ipaccess varchar(15) NOT NULL default '*', QuotaSize smallint(5) NOT NULL default '0', QuotaFiles int(11) NOT NULL default 0, PRIMARY KEY (User), UNIQUE KEY User (User) ) TYPE=MyISAM; quit;
Once you exited the mysql command line interface you can configure pureftpd to look for users in the database:
MYSQLSocket /var/run/mysqld/mysqld.sock #MYSQLServer localhost #MYSQLPort 3306 MYSQLUser ftpadmin MYSQLPassword YOURPASSWORD MYSQLDatabase pureftpd #MYSQLCrypt md5, cleartext, crypt() or password() - md5 is VERY RECOMMENDABLE uppon cleartext MYSQLCrypt md5 MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
As you can see the password is encrytped with MD5, we can specify the individual user directory, as well as bandwidth, space and number of files permitted for each user.
The next step is to configure the actual daemon:
echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir echo "yes" > /etc/pure-ftpd/conf/DontResolve echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
Theese lines are self explanatory:
- ChrootEveryone bounds each user to his directory;
- CreateHomeDir automates the creation of the users directory upon login;
- DontResolve is a speed improvement that blocks hostname lookup;
- NoAnonymous disables the anonymous account.
/etc/init.d/pure-ftpd-mysql restart
That concludes the configuration of PureFTPd. The last thing you have to do is to create the virtual users. That can be accomplished with the following command:
mysql -u root -p USE pureftpd; INSERT INTO `ftpd` (`User`, `status`, `Password`, `Uid`, `Gid`, `Dir`, `ULBandwidth`, `DLBandwidth`, `comment`, `ipaccess`, `QuotaSize`, `QuotaFiles`) VALUES ('FIRSTUSER', '1', MD5('USERPASSWORD'), '2001', '2001', '/home/www.example.com', '100', '100', '', '*', '50', '0'); quit;
Don't forget to modify FIRSTUSER and USERPASSWORD from above.
