Pure-ftp and virtual user on Ubuntu

Pureftp is a simple and secure ftp server that supports virtual users that can be chrooted. That was I was looking for when I needed to provide some external access to my home server. However, as often, on Ubuntu things work a bit different then on other platforms and the documentation I found was only partial.

The basic installation is simple, then the documentation mention you need to create one user that can be used by all the virtual users.

# Install pure-ftpd
sudo apt-get install pure-ftpd
# add group for virtual users
sudo groupadd ftpgroup
# add ftp user for virtual user
sudo useradd -g ftpgroup -d /dev/null -s /etc

Before creating any virtual users you need to change the settings. The way the settings work is that the /etc/pure-ftpd/conf contains files that specify the settings. To enable the ChrootEveryone option you need to create a file with that name with the contents "on".

# Enable ChrootEveryone option
sudo echo on > /etc/pure-ftpd/conf/ChrootEveryone

What took me the longest to figure out is that the virtual users authentication is not enabled by default. To enable this you need to create a link in the auth folder to the PureDB.

# Enable the virtual user authentication
sudo ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/40PureDB
# And restart pure-ftpd
sudo /etc/init.d/pure-ftpd restart
Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -l pam -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -u 1000 -E -A -B

Make sure that the -l puredb:/etc/pure-ftpd/pureftpd.pdb is present, this is the option for the virtual users authentication and the - A as this is the chroot option.

After this you can pretty much follow the standard procedures:

# Create the user dir
mkdir /srv/ftp/joe
# Change the owner/group to the ftp user
sudo chown ftpuser:ftpgroup /srv/ftp/joe
# Create user joe with home directory /srv/ftp/joe
pure-pw useradd joe -u ftpuser -d /srv/ftp/joe
# Write changes to the database
pure-pw mkdb

After this you can login with the newly created user.

Leave a comment

Your email address will not be published. Required fields are marked *