...back to page 1 - skip to page 3...
install pure-ftpd
Download pure-ftpd. There are several versions available, so read the read-me's. For mysql support, to the best of my knowlege, you have to compile pure-ftpd on your system using the --with-mysql flag - you can't use the prebuilt binaries available. The biggest pain in the butt for me was trying to compile without the mysql development packages installed and I didn't read the read-me , wasting lots of time. Installation is well documented on the developers site, so I won't give it more space here.
startup switches
There are a couple of different methods of running pure-ftpd, I choose an xinetd setup - pure starts automatically on boot, all configuration is handled throught this file, seems very convenient to me. Here's what my pure-ftpd xinted file looks like (on a Red Hat/Fedora system, precise location of these directives may vary for other setups, but you can read the read-me's, right?), and I'll explain the server_args:
service ftp
{
socket_type = stream
server = /usr/local/sbin/pure-ftpd
protocol = tcp
server_args = -4 -A -E -b -j -F/etc/purebanner.txt
-l mysql:/etc/pureftpd-mysql.conf -l puredb:/etc/pureftpd.pdb
-l unix
user = root
wait = no
disable = no
}This tells xinetd to use pure-ftpd for the ftp service. Here's a breakdown of the server_args, which seem to work well on my server:
- -4 - simply tells pure to use IP4 addresses. This seems to be necessary on my system, your mileage may vary
- -A - chroot everyone except root
- -E - authenticated users only (no anonymous logins)
- -b - 'broken clients' - works well in allowing Win IE users to access via Internet Explorer, rather than a proper FTP client. Mac users can login but can download only with Safari or 'Connect to server' (that's a mac thing)
- -j - this is my favorite part. If a user logs on and their home directory does not exist, the directory will be created automatically. This is what makes my little system tick - a user is created with my php script, when they first login, their directory will not exist, so pure creates it. The location of their directory is dictated by the pureftpd-mysql.conf (below).
- -F is simply the login banner
- -l -directs pureftpd to use the specified authentication method(s) - there can be more than one, forming a chain - in this example mysql is checked first, then pureftp's own authentication database, then finally, system users. My approach in setting up my server is to have client users authenticated against the mysql database, and internal, trusted users authenticated by the puredb. Reason - client users should have access to only their own directory, while internal users need read/write access to all user directories, while not being root. I've been perpetually perplexed by umasks, UID's, GUID's, and unix permissions, this approach lets me set a single, default group and user ID for client users, while trusted internal users have their permissions set by the puredb. It works and my brain doesn't bleed over it.
I use the virtual server facility of pureftpd. To further explain the directory/user setup maybe this illustration will help. Setup of pure-pw and virtual users is detailed in yet another read-me on the developers site, and I've pretty much followed the directions there. So, to the system, there is effectively only one ftp user and group (ftpuser and ftpgroup, UID and GID 501, with a system home directory of /dev/null/, which effectively prohibits system logins)
- The virtual server directory is at
/home/myftpserver
- The 'internal' user (me and my staff) is the only user set through pure-pw, is chrooted to this directory, and has read-write access to all directories below.
- If a client user logs in, and is not found in the puredb, the mysqldb is checked. The last line of the pureftpd-mysql.conf file (below) specifies that, if a user matches, they will be placed in a directory always prefixed by /home/myftpserver/ followed by their username (their directory and username are always the same). If it is a new user, their directory won't exist, but the -j switch automagically creates one. So, if you added a new user named 'joe', he would be placed in the pureftpd generated directory the first time he logs in
/home/myftpserver/joe/
It's cool.
pureftpd-mysql.conf
#MYSQLServer localhost
#MYSQLPort 3306
MYSQLSocket /var/lib/mysql/mysql.sock
MYSQLUser yourMysqlUserNameHere
MYSQLPassword yourMysqlPasswordHere
MYSQLDatabase yourMysqlDatabaseHere
MYSQLCrypt cleartext
MYSQLGetPW SELECT password FROM pureftpusers WHERE username="\L"
MYSQLDefaultUID 501
MYSQLDefaultGID 501
MYSQLGetDir SELECT CONCAT("/home/myftpserver/",username) FROM pureftpusers WHERE username="\L"
The pureftpd-mysql.conf file (which you could pretty well name whatever you want, it's name and location is specified in the server startup -l args) is fairly straightforward, and details again are in a developers read-me . The first few lines are standard mysql database,username,password stuff. The MYSQLGetPW line tells pure the name of the database table to lookup usernames/passwords, and the MYSQLGetDir tells pure to place the the user in their respective directory, and to create the directory if it doesn't exist (ie., this is how pure knows where to put new user directories)
OK. I think that covers all the hard stuff. Now you just need an interface to manage the database table of users, and that's where my script comes in. If you're still interested, read on...
...back to page 1 - go to page 3...