USE THIS TUTORIAL IF YOU WANT TO INSTALL PURE-FTPD USING THE BINARY SOURCE
This tutorial will guide you step by step in the replacement of ProFTPD by Pure-FTPD. Most importantly, Pure-FTPD will force users to respect their disk quota, moreover, it is filled with loads of interesting options and much more advanced than ProFTPD.
This tutorial was successfully tested on a Ubuntu 8.04 LTS Server. Some of the code might need to be adapted for other distributions.
Backup all of the files we're going to modify :
cp /etc/ispcp/ispcp.conf /etc/ispcp/ispcp.conf.bak cp /var/www/ispcp/engine/quota/ispcp-dsk-quota /var/www/ispcp/engine/quota/ispcp-dsk-quota.bak
apt-get remove --purge proftpd
Remove any ProFTPD traces :
rm -rf /etc/proftpd && rm /etc/proftpd.conf
Download the necessary packages in order to compile Pure-FTPD :
apt-get install build-essential
Installing PAM headers in order to avoid any configuration problems :
apt-get install libpam0g-dev libssl-dev libxcrypt-dev
Installing libiconv library (optionnal) You can bypass this step if you wish. This library allows to change the encoding (charset) of the FTP server.
Info: http://www.gnu.org/software/libiconv
mkdir /usr/local/src/tar cd /usr/local/src/tar wget http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz cd ../ tar -zxf tar/libiconv-1.12.tar.gz cd libiconv-1.12 ./configure make make install
Installing MySQL headers used for authentification :
apt-get update && apt-get install libmysqlclient15-dev libpq-dev libpqxx-dev libldap2-dev
Installing the latest version :
cd /usr/local/src/tar wget http://download.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.21.tar.gz cd ../ tar -zxf tar/pure-ftpd-1.0.21.tar.gz cd pure-ftpd-1.0.21
Configuring PureFTPD :
./configure --prefix=/usr/local/pureftpd --without-inetd --without-capabilities --with-mysql --with-ldap --with-pgsql \ --with-paranoidmsg --with-altlog --with-pam --with-puredb --with-cookie --with-throttling --with-ratios --with-quotas --with-ftpwho \ --with-welcomemsg --with-extauth --with-uploadscript --with-virtualhosts --with-virtualchroot --with-diraliases \ --with-peruserlimits --with-language=english --with-tls --with-boring
The following detail the options chosen : http://download.pureftpd.org/pub/pure-ftpd/doc/README
Compiling and installing :
make && make install
Creating necessary folders in order to log PureFTPD :
mkdir /var/log/pure-ftpd mkdir /usr/local/pureftpd/etc mkdir /var/lock/subsys mkdir /var/run/pure-ftpd cd configuration-file/ cp pure-config.pl /usr/local/pureftpd/sbin/ cp pure-ftpd.conf /usr/local/pureftpd/etc/ cp /usr/local/src/pure-ftpd-1.0.21/pam/ftpusers /etc/ cp /usr/local/src/pure-ftpd-1.0.21/pam/pure-ftpd /etc/pam.d/ chmod +x /usr/local/pureftpd/sbin/pure-config.pl
Here is a working configuration file :
vim /usr/local/pureftpd/etc/pure-ftpd.conf
############################################################
# #
# Configuration file for pure-ftpd wrappers #
# #
############################################################
# If you want to run Pure-FTPd with this configuration
# instead of command-line options, please run the
# following command :
#
# /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
#
# Please don't forget to have a look at documentation at
# http://www.pureftpd.org/documentation.shtml for a complete list of
# options.
# Cage in every user in his home directory
ChrootEveryone yes
# If the previous option is set to "no", members of the following group
# won't be caged. Others will be. If you don't want chroot()ing anyone,
# just comment out ChrootEveryone and TrustedGID.
# TrustedGID 100
# Turn on compatibility hacks for broken clients
BrokenClientsCompatibility yes
# Maximum number of simultaneous users
MaxClientsNumber 100
# Fork in background
Daemonize yes
# Maximum number of sim clients with the same IP address
MaxClientsPerIP 4
# If you want to log all client commands, set this to "yes".
# This directive can be duplicated to also log server responses.
# VerboseLog no
# List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
# Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
# Disallow anonymous connections. Only allow authenticated users.
NoAnonymous yes
# Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
# The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
# Display fortune cookies
# FortunesFile /usr/share/fortune/zippy
# Don't resolve host names in log files. Logs are less verbose, but
# it uses less bandwidth. Set this to "yes" on very busy servers or
# if you don't have a working DNS.
DontResolve yes
# Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 5
# LDAP configuration file (see README.LDAP)
# LDAPConfigFile /etc/pureftpd-ldap.conf
# MySQL configuration file (see README.MySQL)
MySQLConfigFile /usr/local/pureftpd/etc/mysql.conf
# Postgres configuration file (see README.PGSQL)
# PGSQLConfigFile /etc/pureftpd-pgsql.conf
# PureDB user database (see README.Virtual-Users)
# PureDB /etc/pureftpd.pdb
# Path to pure-authd socket (see README.Authentication-Modules)
# ExtAuth /var/run/ftpd.sock
# If you want to enable PAM authentication, uncomment the following line
# PAMAuthentication yes
# If you want simple Unix (/etc/passwd) authentication, uncomment this
# UnixAuthentication yes
# Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
# UnixAuthentication can be used only once, but they can be combined
# together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
# the SQL server will be asked. If the SQL authentication fails because the
# user wasn't found, another try # will be done with /etc/passwd and
# /etc/shadow. If the SQL authentication fails because the password was wrong,
# the authentication chain stops here. Authentication methods are chained in
# the order they are given.
# 'ls' recursion limits. The first argument is the maximum number of
# files to be displayed. The second one is the max subdirectories depth
LimitRecursion 10000 3
# Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
# If the system is more loaded than the following value,
# anonymous users aren't allowed to download.
MaxLoad 4
# Port range for passive connections replies. - for firewalling.
# PassivePortRange 10000 10400
# Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
# Symbolic host names are also accepted for gateways with dynamic IP
# addresses.
# ForcePassiveIP 192.168.0.1
# Upload/download ratio for anonymous users.
# AnonymousRatio 1 10
# Upload/download ratio for all users.
# This directive superscedes the previous one.
# UserRatio 1 10
# Disallow downloading of files owned by "ftp", ie.
# files that were uploaded but not validated by a local admin.
AntiWarez yes
# IP address/port to listen to (default=all IP and port 21).
# Bind 127.0.0.1,21
# Maximum bandwidth for anonymous users in KB/s
# AnonymousBandwidth 8
# Maximum bandwidth for *all* users (including anonymous) in KB/s
# Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
# UserBandwidth 8
# File creation mask. <umask for files>:<umask for dirs> .
# 177:077 if you feel paranoid.
Umask 133:022
# Minimum UID for an authenticated user to log in.
MinUID 2000
# Allow FXP transfers for authenticated users.
AllowUserFXP yes
# Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
# Users can't delete/write files beginning with a dot ('.')
# even if they own them. If TrustedGID is enabled, this group
# will have access to dot-files, though.
ProhibitDotFilesWrite no
# Prohibit *reading* of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
# Never overwrite files. When a file whoose name already exist is uploaded,
# it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
# Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload yes
# Only connections to this specific IP address are allowed to be
# non-anonymous. You can use this directive to open several public IPs for
# anonymous FTP, and keep a private firewalled IP for remote administration.
# You can also only allow a non-routable local IP (like 10.x.x.x) to
# authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
# If you want to add the PID to every logged line, uncomment the following
# line.
#LogPID yes
# Create an additional log file with transfers logged in a Apache-like format :
# fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
# This log file can then be processed by www traffic analyzers.
AltLog clf:/var/log/pureftpd/transfers.log
# Create an additional log file with transfers logged in a format optimized
# for statistic reports.
# AltLog stats:/var/log/pureftpd.log
# Create an additional log file with transfers logged in the standard W3C
# format (compatible with most commercial log analyzers)
# AltLog w3c:/var/log/pureftpd.log
# Disallow the CHMOD command. Users can't change perms of their files.
NoChmod no
# Allow users to resume and upload files, but *NOT* to delete them.
#KeepAllFiles yes
# Automatically create home directories if they are missing
CreateHomeDir no
# Enable virtual quotas. The first number is the max number of files.
# The second number is the max size of megabytes.
# So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
# If your pure-ftpd has been compiled with standalone support, you can change
# the location of the pid file. The default is /var/run/pure-ftpd.pid
PIDFile /var/run/pure-ftpd/pure-ftpd.pid
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
#CallUploadScript yes
# This option is useful with servers where anonymous upload is
# allowed. As /var/ftp is in /var, it save some space and protect
# the log files. When the partition is more that X percent full,
# new uploads are disallowed.
MaxDiskUsage 95
# Set to 'yes' if you don't want your users to rename files.
#NoRename yes
# Be 'customer proof' : workaround against common customer mistakes like
# 'chmod 0 public_html', that are valid, but that could cause ignorant
# customers to lock their files, and then keep your technical support busy
# with silly issues. If you're sure all your users have some basic Unix
# knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
# Per-user concurrency limits. It will only work if the FTP server has
# been compiled with --with-peruserlimits (and this is the case on
# most binary distributions) .
# The format is : <max sessions per user>:<max anonymous sessions>
# For instance, 3:20 means that the same authenticated user can have 3 active
# sessions max. And there are 20 anonymous sessions max.
# PerUserLimits 3:20
# When a file is uploaded and there is already a previous version of the file
# with the same name, the old file will neither get removed nor truncated.
# Upload will take place in a temporary file and once the upload is complete,
# the switch to the new version will be atomic. For instance, when a large PHP
# script is being uploaded, the web server will still serve the old version and
# immediatly switch to the new one as soon as the full file will have been
# transfered. This option is incompatible with virtual quotas.
# NoTruncate yes
# This option can accept three values :
# 0 : disable SSL/TLS encryption layer (default).
# 1 : accept both traditional and encrypted sessions.
# 2 : refuse connections that don't use SSL/TLS security mechanisms,
# including anonymous sessions.
# Do _not_ uncomment this blindly. Be sure that :
# 1) Your server has been compiled with SSL/TLS support (--with-tls),
# 2) A valid certificate is in place,
# 3) Only compatible clients will log in.
# TLS 1
# Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
# By default, both IPv4 and IPv6 are enabled.
# IPV4Only yes
# Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
# By default, both IPv4 and IPv6 are enabled.
# IPV6Only yes
# UTF-8 support for file names (RFC 2640)
# Define charset of the server filesystem and optionnally the default charset
# for remote clients if they don't use UTF-8.
# Works only if pure-ftpd has been compiled with --with-rfc2640
# FileSystemCharset big5
# ClientCharset big5
Now, using PhpMyAdmin, create a new user, ISPCP_ftp. Type a strong password, since it will not be encrypted in the following file.
Give this new user permissions on the domain and ftp_user tables.
In PhpMyAdmin, type :
CREATE USER 'ISPCP_ftp'@'localhost' IDENTIFIED BY 'CHOOSE_PASSWORD'; GRANT SELECT ON `ispcp`.`domain` TO 'ISPCP_ftp'@'localhost'; GRANT SELECT ON `ispcp`.`ftp_users` TO 'ISPCP_ftp'@'localhost';
Make sure you replace CHOOSE_PASSWORD with the password you want!
Now, let's create the file that will fetch the FTP accounts via MySQL :
vim /usr/local/pureftpd/etc/mysql.conf
Paste the following code :
MYSQLSocket /var/run/mysqld/mysqld.sock MYSQLUser ISPCP_ftp MYSQLPassword SQL_PASSWORD MYSQLDatabase ispcp MYSQLCrypt crypt MYSQLGetPW SELECT passwd FROM ftp_users WHERE userid="\L" MYSQLGetUID SELECT uid FROM ftp_users WHERE userid="\L" MYSQLGetGID SELECT gid FROM ftp_users WHERE userid="\L" MYSQLGetDir SELECT homedir FROM ftp_users WHERE userid="\L" MySQLGetQTASZ SELECT domain.domain_disk_limit FROM domain,ftp_users WHERE ftp_users.userid="\L" and ftp_users.uid=domain.domain_uid
Make sure you replace SQL_PASSWORD with the with the password you chose above!
/usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf
Check your logs for any errors :
nano /var/log/syslog
From here on, you should be able to connect to the FTP as usual. If not, check your logs, there are probably errors!
If all is ok, we can continue.
Stop the PureFTP server :
ps auxw | grep pure-ftpd kill <PID>
vim /etc/init.d/pure-ftpd
Paste the following code :
#!/bin/sh
#
# Script de demarrage pour Pure-FTPd - Serveur FTP $Revision: 1.4 $
# /etc/init.d/pure-ftpd
#
# description: Pure-FTPd server est un serveur FTP base sur Troll-FTPd
# processname: pure-ftpd
# pidfile: /var/run/pure-ftpd/pure-ftpd.pid
# config: /usr/local/pureftpd/etc/pure-ftpd.conf
# stats: /usr/local/pureftpd/sbin/pure-ftpwho
# prog: /usr/local/pureftpd/sbin/pure-config.pl
RETVAL=0
# Chemin vers les executables de pure-ftpd.
prog=pure-config.pl
stat=pure-ftpwho
fullpath=/usr/local/pureftpd/sbin/$prog
pureftpwho=/usr/local/pureftpd/sbin/$stat
start() {
echo -n $"Starting : Pure-FTPd Server "
$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf
RETVAL=$?
[ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
echo
}
stop() {
echo -n $"Stopping : Pure-FTPd Server "
kill $(cat /var/run/pure-ftpd/pure-ftpd.pid)
RETVAL=$?
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/$prog
echo
}
restart() {
echo -n $"Restarting : Pure-FTPd Server..."
kill $(cat /var/run/pure-ftpd/pure-ftpd.pid)
RETVAL=$?
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/$prog
echo
sleep 2
$fullpath /usr/local/pureftpd/etc/pure-ftpd.conf
RETVAL=$?
[ $RETVAL = 0 ] && touch /var/lock/subsys/$prog
echo "Restarting Pure-FTPd : OK"
}
status() {
echo -n $"Status du serveur FTP"
RETVAL=$?
[ $RETVAL = 0 ] && /usr/local/pureftpd/sbin/pure-ftpwho -w >/var/www/virtual/votre_site/htdocs/ftpstatus.html
echo
}
# Commandes pour le serveur.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
restart
;;
status)
status $stat
RETVAL=$?
if [ -f $pureftpwho ] && [ $RETVAL -eq 0 ] ; then
$pureftpwho
fi
;;
*)
echo $"Usage: $prog {start|stop|restart|status}"
RETVAL=1
esac
exit $RETVAL
Chmod the newly created script :
chmod 755 /etc/init.d/pure-ftpd
Now you have access to the following commands :
/etc/init.d/pure-ftpd start /etc/init.d/pure-ftpd stop /etc/init.d/pure-ftpd restart /etc/init.d/pure-ftpd status
Make sure the FTP server starts every time the server reboots :
update-rc.d pure-ftpd defaults
By default, PureFTPD stores its logs in /var/log/syslog :
vim /etc/syslog.conf
At the end, add :
ftp.* /var/log/pure-ftpd/pure-ftpd.log
Restart the sysklogd deamon :
/etc/init.d/sysklogd restart
vim /etc/ispcp/ispcp.conf
Find :
CMD_DU = /usr/bin/du
Add, after :
CMD_QUOTACHECK = /usr/local/pureftpd/sbin/pure-quotacheck
vim /var/www/ispcp/engine/quota/ispcp-dsk-quota
Find :
my $sql = "select domain_id, domain_name from domain where domain_status = 'ok';";
Replace by :
my $sql = "select domain_id, domain_name, concat('vu',domain_uid) from domain where domain_status = 'ok';";
my $cmd_du = $main::cfg{'CMD_DU'};
my $cmd_quota = $main::cfg{'CMD_QUOTACHECK'};
Find :
my $disk_limit = @$_[2];
Replace :
my $domain_uid = @$_[2];
my $size = $cmd_du -sb $main::cfg{APACHE_WWW_DIR}/$domain_name;
my $quotacheck = $cmd_quota -u $domain_uid -d $main::cfg{APACHE_WWW_DIR}/$domain_name;
Restarting Pure-FTPD :
/etc/init.d/pure-ftpd-mysql restart
Restarting ispCP Omega :
/etc/init.d/ispcp_daemon restart
You're done! FTP should be running fine now ^^
Credits go to : http://forum.nuxwin.com/index.php?topic=1102.0