which pureftpd |
If you get an answer like /usr/bin/pureftpd or /usr/sbin/pureftpd go to step 3, otherwise go to step 2. Different distributions put it in different places and you may have to have root's $PATH to find it. That is, if it's in /usr/sbin or /usr/local/sbin, in some distributions, only root's $PATH looks in those directories--normal users only have a $PATH that sees /usr/bin and /usr/local/bin.
Some distributions, as well as FreeBSD, call it pure-ftpd rather than pureftpd. (FreeBSD also aliases it as ftpd.)
For help with installing take a look at our QND guide to installing software. If your distribution isn't covered, then you may have to install from source. Fear not, we have a QND guide for installing from source as well.
If you are following this guide, then, if installing from source, you will definitely want the option of virtualchroot so when installing, during the configure steps, be sure you use the option
--with-virtualchroot |
I was running this on a FreeBSD box. Some of the details may vary depending upon your operating system.
Let's say I have three users, john, robert and susan. I want the three of them to have access to a directory called shared. They will not have accounts on the BSD box, only FTP accounts.
First, we create an ftpuser system user and ftpgroup. For many Unix and Unix like systems the command is
groupadd ftpgroup useradd -g ftpgroup -d /dev/null -s /etc ftpuser |
For FreeBSD
pw groupadd ftpgroup pw useradd ftpuser -g ftpgroup -d /dev/null -s /etc |
A quick note on this. You might see an error on startup, either at the console or in /var/log/messages that it can't find the ftp account. This has to do with the -s flag, which disallows anonymous users to download files owned by 'ftp', the anonymous access account. In the pure-ftpd.conf file, it is the AntiWareZ option. The message is harmless, everything still works.
The users we add next will not be in /etc/passwd. Instead, we'll use pure-pw, pure-ftpd's own password database. First we'll add user john
pure-pw useradd john -u ftpuser -d /home/ftpusers/john |
We will create a password for him. The -d makes him chrooted. The /home/ftpusers/john directory doesn't have to be created, we're going to configure pure-ftpd to automatically create it when john logs in for the first time.
The pure-pw program reads a database file called pureftpd.pdb (by default). In FreeBSD, it will be created in /usr/local/etc. We'll now create the database.
pure-pw mkdb |
Now, we create robert. If we add -m to the pure-pw useradd line, pure-pw will automatically regenerate the database.
pure-pw useradd robert -u ftpuser -d /home/ftpusers/robert -m |
Next we look in /etc/ or /usr/local/etc/ in FreeBSD for the pure-ftpd.conf file. In FreeBSD, it is installed as pure-ftpd.conf.sample. Copy it to pure-ftpd.conf.
Most of it can be left at default settings. I make sure that the AnonymousOnly is set to no. I only want authenticated users.
The program can be started from the command line. In my case, I want it running when the system boots. For FreeBSD, it puts a script called pure-ftpd.sh in /usr/local/etc/rc.d and one adds the line
pureftpd_enable="YES" |
to /etc/rc.conf. Now the program will run at startup.
Note that the default pure-ftpd.conf file in FreeBSD looks for pureftpd.pdb in /etc rather than /usr/local/etc. Edit your pure-ftpd.conf file and change
PureDB user database (see README.Virtual-Users) # PureDB /etc/pureftpd.pdb |
to read
PureDB user database (see README.Virtual-Users) PureDB /usr/local/etc/pureftpd.pdb |
(The # sign in the default file is also removed, as shown.)
/usr/local/etc/rc.d/pure-ftpd.sh start |
The program starts, with a note of what flags it is using. First, I want to be sure that anonymous users can't log in so I start with
ftp localhost |
By default it will give the user name that I am using. I try typing anonymous only to have it rejected. I then try a few user accounts on the machine to make sure that it's rejecting them as well.
Now, I log in as john with his password. I see that it works. I log out by typing bye.
I see that I now have a /home/ftpusers directory and john's home directory has been created in there. I create my shared directory.
cd /home/ftpusers mkdir shared chmod -R 770 shared chown ftpusers:ftpgroup shared |
After logging in as robert and susan to create their directories, I now symlink shared to all three of them. I do this as root or with root privilege.
cd /home/ftpusers/john ln -s /usr/home/ftpusers/shared |
I repeat the process for robert and susan.
I've found, in FreeBSD at least, if I simply type ln -s ../shared, it doesn't work properly, I have to type the full path. (In FreeBSD, /home is actually a link to /usr/home.)
I test it by logging in as john and uploading something to shared. Then, I log in as susan and delete the file in shared. For my particular setup, this is necessary. You might not want to give your users such permissions. These are affected by the 770 permissions I've put on the shared directory. There is also a configuration option in pure-ftpd.conf to prohibit users deleting files.
Users might have trouble connecting through Internet Explorer. This is because IE, among others, tries to connect anonymously and may not give pure-ftpd the proper chance to request a username and password. One can, in the pure-ftp.conf file change the line BrokenClientsCompatibility from no to yes. This might or might not work, it seems to depend upon what version of IE that someone is using.
However, they should be able to use their browser by typing in an address like
ftp://john@ftpserver.example.com |
with john being the username and ftpserver.example.com being, obviously enough, the ftp server.
There are free ftp clients for both Windows and Mac. For Windows, our users have FileZilla and for Mac there is Cyberduck.
Additionally, in many installations, the program installs documentation in /usr/share/doc or /usr/local/share/doc.