Pure-FTPD Goodness
- May 14th, 2010
- Posted in How-To
- Write comment
In an attempt to find a quick and easy-to-deploy ftp service that supported SSL and FXP Site-to-Site transfers, I came across pure-ftpd. But, it wasn’t that easy from the start. After about 6 unsuccessful hours of trying to figure out a working configuration for vsftpd to support SSL and FXP transfers, I was left nothing of use. The next morning, I went on a search for an ftp server that was simple and chock full of features… thus, pure-ftpd was discovered.
So if you need to set up an ftp server with SSL and FXP support utilizing the Linux OS accounts for user authentication, here’s the simple guide to getting to the finish line.
Because I’m using Gentoo, I use emerge, but for other distributions, you can go here to get the source code releases and build from source. Also make sure you have the “ssl” USE flag set in Gentoo when you do this, so that you get the SSL support built-in.
emerge -v pure-ftpd
Once the source is built and pure-ftpd is installed, it gets even easier from here. In Gentoo, there are no supplemental configuration files to edit. All you have to do is edit the /etc/conf.d/pure-ftpd file. What’s even better is that you only have to pass the binary the appropriate option flags in order to get the functionality you want. These option flags can be found in the pure-ftpd man page. It’s a very detailed man page and is very useful, so utilize it for your own deployment.
# General server settings SERVER="-S [port to listen on]" MAX_CONN="-c [# of max global connections]" MAX_CONN_IP="-C [# of max connections per IP]" # Run as a daemon in the background DAEMON="-B" # Use this if using NAT (connected to a firewall, router, etc...) USE_NAT="-N" # Utilize Unix user authorization AUTH="-l unix" # More flags MISC_OTHER="-A -x -j -R -Z -w -p [start port]:[end port] -Y 3"
The MISC_OTHER flags consist of some default ones it set and ones I added. The ones I added that were vital were the following:
- -w allows FXP Site-to-Site transfers for non-anonymous users (-W will allow anonymous)
- -p specifies a port range for the PASV connection
- -Y sets the type of SSL to set for the server based on a number. 1 means SSL or Plaintext, 2 means SSL required but not for data, 3 means SSL required for everything including data
That’s it! Start the server up and it should be good to go. It’s that simple. Much love and props to the pure-ftpd developer, Frank Denis.
No comments yet.