Pure-FTPd is a free (BSD), secure, production-quality and standard-conformant FTP server.

This guide provides instructions for using the virtual user system to manage and control users. By using virtual users, FTP accounts can be administrated without affecting system accounts.

Let's initiate Pure-FTPd's installation by entering the following commands:

% su
# portsnap fetch update
# cd /usr/ports/ftp/pure-ftpd
# make config

A menu containing Pure-FTPd options will pop-up. In my case, I've opted to leave these options at their defaults.

# make install clean
# rehash

Having finished the installation process we now move into the configuration stage. We'll start by copying the sample configuration file and set the configuration options:

# cd /usr/local/etc
# cp pure-ftpd.conf.sample pure-ftpd.conf
# chmod 644 pure-ftpd.conf

The chmod command was run to be able to edit the file (default permissions are set to -r--r--r--).

# vi pure-ftpd.conf

VerboseLog yes
PureDB /usr/local/etc/pureftpd.pdb
CreateHomeDir yes

The CreateHomeDir option makes adding virtual users more easy by creating a user's home directory upon login (if it doesn't already exist).

We can either import users with system-level accounts (defined in /etc/master.passwd) at once or create new users manually. To import users that already exist on your system into the virtual user database, enter these commands:

# pure-pwconvert >> /usr/local/etc/pureftpd.passwd
# chmod 600 /usr/local/etc/pureftpd.passwd
# pure-pw mkdb

It should be noted that pure-pwconvert only imports accounts that have shell access. Accounts with the shell set to nologin have to be added manually.

To add users to the Pure-FTPd virtual user database manually, we need to create a system-level account that will be associated with virtual users. Create a new user named vftp like this:

# pw useradd vftp -s /sbin/nologin -w no -d /usr/home/vftp\
? -c "Virtual FTP user" -m

Having done this we can now add users to the virtual users database using the commands below:

# pure-pw useradd user -u vftp -g vftp -d /usr/home/vftp/user
# pure-pw mkdb

Replace user with the desired username. With -d flag, the user will be chrooted. If you want to give user access to the whole filesystem, use -D instead of -d.

If you want to add additional users, just repeat the commands above with a different user.

To remove a user:

# pure-pw userdel user

Now to start Pure-FTPd:

# /usr/local/etc/rc.d/pure-ftpd onestart

Initiate a FTP connection to test the server:

% ftp localhost

Trying 127.0.0.1...
Connected to localhost.
220---------- Welcome to Pure-FTPd [TLS] ----------
220-You are user number 2 of 50 allowed.
220-Local time is now 13:39. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:username):

Now log in with a user account created as explained above. Commands such as ls, cp, pwd and less work just like in tcsh and bash shells. To quit the FTP session type exit.

To configure Pure-FTPd to start at boot time:

# echo 'pureftpd_enable="YES"' >> /etc/rc.conf

To restart Pure-FTPd and determine if it is running:

# /usr/local/etc/rc.d/pure-ftpd restart
# /usr/local/etc/rc.d/pure-ftpd status

Pure-FTPd provides useful features for personal users as well as hosting providers. I've only touched the tip of the iceberg so do take a look at the project's website for the excellent documentation that is available.

Also see: http://machiel.generaal.net/index.php?subject=pureftpd&language=eng

Thanks tangram for the HowTo. I followed your instructions and set up a pure-ftpd server. On my computer I have 2 users. I imported users with system-level accounts like you describe, but in fact just one user was imported.
user1 is member of wheel group
user2 is member of user2 group

pure-ftpd imported just user2.
now user2 can connect, but user1 cannot

how can I add user1 to ftp users?
if one of the normal users change his password pure-ftpd change pasw for that user?

thanks

Hi hirohitosan,

I don't have access to my FreeBSD system right now. Give a couple of days and I'll get back to you. ;)

@ hirohitosan

Are the system account you want to import listed in /etc/master.passwd?

Users are imported from the system to the virtual user database by running:
# pure-pwconvert >> /usr/local/etc/pureftpd.passwd
# chmod 600 /usr/local/etc/pureftpd.passwd
# pure-pw mkdb

Do that notice that pure-pwconvert only imports accounts that have shell access. So account that have their shell set to nologin have to be added manually.

If a user changes his password I would assume that you need to update the database, however I haven't tried it myself.

How do you restrict user access of individual users when every user is member of the same system account(s) ftpuser and ftpgroup ?

I'm not sure I follow your question...

You add the users you want by:

# pure-pw useradd user -u vftp -g vftp -d /usr/home/vftp/user
# pure-pw mkdb

How do you restrict user access of individual users when every user is member of the same system account(s) ftpuser and ftpgroup ?
You may add (uncomment) in /usr/local/etc/pure-ftpd.conf next line
ChrootEveryone yes
to limit users his home direcotory.
You can add (uncomment) line
TrustedGID 100
to allow user with id<100 (for example, root) access to all file system (but, IMHO, would't do it by security reason).
To see currently connected user pure-ftpwho usable.
Also, port /usr/ports/www/usermanager (apache + php + mysql) usable for manage tonns of users.

I'm not sure I follow your question...

You add the users you want by:

# pure-pw useradd user -u vftp -g vftp -d /usr/home/vftp/user
# pure-pw mkdb

Yes, lets say you add user Bob. Now Bob will be member of the system accounts ftpuser and ftpgroup(following the pure-ftpd tutorial) when Bob uploads a file, the owner of that file will be the system account ftpuser and not the virtual user Bob.

In the HowTo I didn't refer any ftpuser or ftpgroup groups. It only mentions the creation of a system-level account that is then will be used to associate virtual users.

So assuming that you have a bob user that is part of the bob group (by default FreeBSD assign the user's own name as his primary group name), running:

# pure-pw useradd bob -u vftp -g vftp -d /usr/home/vftp/bob
# pure-pw mkdb

will add bob to the vftp Pure-FTPd virtual user database.

An file upload by bob will typically send the file to /home/bob/ and permissions such as:

-rw-r--r-- 1 bob bob 1131291 Apr 15 22:31 random-file

So yeah, the file owner will be bob and his primary group, in this case bob. The owner is the system account user bob.

Useful pure-pw commands are:
useradd adds a virtual users to the /usr/local/etc/pureftpd.passwd file
userdel to delete virtual users
show outuputs info on a specific user
list shows a list of users in /usr/local/etc/pureftpd.passwd

So then essentially, every file uploaded by an vftp user will have the same owner and group?

If bob, john and peter are added to the vftp Pure-FTPd virtual user database.

An file upload by john will typically send the file to /home/john/ and permissions such as:

-rw-r--r-- 1 john john 1131291 Apr 15 22:31 random-file

An file upload by peter will typically send the file to /home/peter/ and permissions such as:

-rw-r--r-- 1 peter peter 1131291 Apr 15 22:31 random-file

So then essentially, every file uploaded by an vftp user will have the same owner and group?

Yes.
(edit): I do not have the same setup, I use only one system account and the virtual users are chrooted in their own sub-directories.

okay. I would like to have several virtual users that had one shared directory, that everyone could access and then their own home directory in which only the owner had rw permissions. How would you accomplish that?

You can create one shared directory and symlinked it to every user's home directory. So, nobody can access files from other home directory and all users have (rw) access to "some_shared" directory.
It's would you like?

That might just work :)

@Business_Womant
There is umask directive in pure-ftpd.conf
# File creation mask. <umask for files>:<umask for dirs> .
Umask 113:002
## default was 133:022

This way uploaded files/directories will be rw for every user in the group.


Generally I would like to two more comments about chrooting:
PureFTPd by default uses "virtual-chroot" - this means that if there are symlinks leading outside of chroot - user could escape. I had this problem, and i solved it by removing line "--with-virtualchroot" from the Makefile before doing make install.
The second one is that there is a way to use per-user chroot, by adding "/./" to the homedir of the user. This is documented in pureftpd man pages. I am using this strategy for my users (not ChrootEveryone and TrustedGID)

In the HowTo I didn't refer any ftpuser or ftpgroup groups. It only mentions the creation of a system-level account that is then will be used to associate virtual users.

So assuming that you have a bob user that is part of the bob group (by default FreeBSD assign the user's own name as his primary group name), running:

# pure-pw useradd bob -u vftp -g vftp -d /usr/home/vftp/bob
# pure-pw mkdb

will add bob to the vftp Pure-FTPd virtual user database.

An file upload by bob will typically send the file to /home/bob/ and permissions such as:

-rw-r--r-- 1 bob bob 1131291 Apr 15 22:31 random-file

This is my problem the owner of the file uploaded by Bob is vsftp for me, and not Bob :\

Did you follow the steps in this tutorial or customized things? I've tested and an upload by bob ends up with bob's permissions.

Hi,

I think it is strange as well, i have done this before and it has always worked out nicely.

What if i doen have etc folder on my local?
Please help where i can have that...

Did you follow the steps in the HOWTO?

hi,can somebody write small fast step-by-step howto(i have read this tutorial but dont know how to set up rights for users and folders + shared folders for all users) , i am lost:

perhaps somethink more difficult in this ftpserver:



-> one shared upload folder for all users(can upload)
*delete (yes/no) (how to set up max MB ? )


->shared download folder (can download only)

->own folder to upload/download files (how to set max MB of the folder?)



*create admin user(he can everythink)

Hi,

I have a problem.
I connect with my user, but I can't upload and download a file.
How to configure this right ?

Thanks

What's exactly the problem? Logs, errors, configs would help troubleshooting.

Btw did you follow the HOWTO and came across an issue or is it just a generic Pure-FTPd problem? If it Pure-FTPd related better post in the appropriate forum section.

Hi,
i have some error message. When pure-ftpd starting "Unable to find the 'ftp' account" and when try to connect "Unable to read the indexed puredb file...". Where did i go wrong?

Did you follow the howto or deviate from it?

Yes i followed all the instructions from howto.

I create ftp account and now it's ok for starting. But only when connect to server get message "Unable to read the indexed puredb file..."

Run ls -l /usr/local/etc/pureftpd.pdb and post the output.

Btw, to create the ftp account did you use:
# pure-pw useradd randomnewuser -u vftp -g vftp -d /usr/home/vftp/randomnewuser
# pure-pw mkdb

For ls -l /usr/local/etc/pureftpd.pdb

-rw------- 1 root wheel 2188 May 2 13:21 /usr/local/etc/pureftpd.pdb

Trying with your command and some else but the message is the same.

Can you post the output of cat /var/log/xferlog?

For cat /var/log/xferlog all message are same.

May 2 13:21:18 newsyslog[611]: logfile first created
May 2 13:24:23 pure-ftpd: (?@192.168.1.21) [INFO] New connection from 192.168.1.21
May 2 13:24:23 pure-ftpd: (?@192.168.1.21) [ERROR] Unable to read the indexed puredb file (or old format detected) - Try pure-pw mkdb

hi

I installed pure-ftpd with Mysql in my fedora 12.
In have the following value in my pure-ftpd.conf file

# Cage in every user in his home directory
ChrootEveryone yes

It was created the user folders with permission 644.
But i need to change this to 775 at the time of creating the folder.


Any ideas?

If bob, john and peter are added to the vftp Pure-FTPd virtual user database.

An file upload by john will typically send the file to /home/john/ and permissions such as:

-rw-r--r-- 1 john john 1131291 Apr 15 22:31 random-file

An file upload by peter will typically send the file to /home/peter/ and permissions such as:

-rw-r--r-- 1 peter peter 1131291 Apr 15 22:31 random-file

I need to change [ rw-r--r-- ] to [ rw-rw--r-- ] at the time of creating the user's folder.
can any one help me ?

How come I can't add users with root uid and gid? Can I somehow change that in the config file?

babylonia# pure-pw useradd alen -u alen -g alen -d /usr/home/alen
You must give (non-root) uid and gid

I have a few questions about pure-ftpd.
1. How can I hide the default directory files on the ftp server?
2. Do you know where I can find the commands to edit my ftp server?

Maybe it's time to connect Pure-FTPD with MySQL and forget about user rights!
http://thecoolserver.blogspot.com/2011/05/connect-pure-ftpd-with-mysql-and-manage.html