Install FTP server with PureFTPd and MySQL on Debian
Install MySQL
> sudo apt-get install mysql-server
During the installation process, you will be prompted to set a password for the MySQL root user as shown below. Choose a strong password and keep it in a safe place for future reference. MySQL will bind to localhost (127.0.0.1) by default.
Install interactive process viewer Htop
Install and Setting Up phpMyAdmin
- Install the current version of phpMyAdmin:
1
sudo apt-get install phpmyadmin
You will be asked which server to automatically configure phpMyAdmin for. Select “apache2.” When asked to configure database for phpmyadmin with dbconfig-common, select yes.
Using MySQL
The standard tool for interacting with MySQL is the mysql
client which installs with the mysql-server
package. The MySQL client is used through a terminal.
* If you are more confortable with Gui interface so Phpmyadim was installed too (http://yourIP/phpmyadmin)
Root Login
- To log in to MySQL as the root user:
1
mysql -u root -p
- When prompted, enter the root password. You’ll then be presented with a welcome header and the MySQL prompt as shown below:
1
mysql>
Now we create a database called pureftpd and a MySQL user named pureftpd which the PureFTPd daemon will use later on to connect to the pureftpd database:
mysql -u root -p
mysql> CREATE DATABASE pureftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost’ IDENTIFIED BY ‘ftpdpass’;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost.localdomain’ IDENTIFIED BY ‘ftpdpass’;
FLUSH PRIVILEGES;
Next we create a custom mysql Table according to our needs and the options explained below …
CREATE TABLE `users` ( `Id` int(11) NOT NULL auto_increment, `User` varchar(32) NOT NULL default '', `Password` varchar(64) NOT NULL default '', `Uid` int(3) NOT NULL default '2001', `Gid` int(3) NOT NULL default '2001', `Dir` varchar(255) NOT NULL default '', `QuotaSize` int(4) NOT NULL default '250', `ULBandwidth` int(2) NOT NULL default '100', `DLBandwidth` int(2) NOT NULL default '100', PRIMARY KEY (`ID`), UNIQUE KEY `User` (`User`) );
Column | Description |
---|---|
user | The name of the virtual PureFTPd user |
status | 0 or 1. 0 means the account is disabled, the user cannot login. |
password | The password of the virtual user. Make sure you use MySQL’s encrypt function to save the password in encrypted form |
uid | The userid of the ftp user you created at the end of step two (e.g. 2001). |
gid | The groupid of the ftp group you created at the end of step two (e.g. 2001). |
dir | The home directory of the virtual PureFTPd user (e.g. /home/www.example.com). If it does not exist, it will be created when the new user logs in the first time via FTP. The virtual user will be jailed into this home directory, i.e., he cannot access other directories outside his home directory. |
ulbandwidth | Upload bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited. |
dlbandwidth | Download bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited. |
comment | You can enter any comment here (e.g. for your internal administration) here. Normally you leave this field empty. |
ipaccess | Enter IP addresses here that are allowed to connect to this FTP account. * means any IP address is allowed to connect. |
quotasize | Storage space in MB (not KB, as in ULBandwidth and DLBandwidth!) the virtual user is allowed to use on the FTP server. 0 means unlimited. |
quotafiles | amount of files the virtual user is allowed to save on the FTP server. 0 means unlimited. |
Insert a new User in the Database / Note Password MD5 or ClearText :
INSERT INTO `users` ( `User` , `Password` , `Uid` , `Gid` , `Dir`, `Quotasize`,`ULBandwidth`, `ULBandwidth` ) VALUES ('web', MD5( 'PASS_FTP_USER' ) , '2001', '2001', '/home/ftp/users/U1', `250`, `0`, `0`);
Install PureFTPd With MySQL Support
> sudo apt-get install pure-ftpd pure-ftpd-common
> sudo apt-get install pure-ftpd-mysql
Then we create a ftp group (ftpgroup) and user (ftpuser) that all virtual users will be mapped to. Replace the group and userid 2001 with a number that is free on your system:
> groupadd -g 2001 ftpgroup > useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser
Assign Linux rights to the user Folder :
> sudo mkdir /home/ftpuser/test1
> sudo chown -R ftpuser:ftpgroup /home/ftpuser/test1
The configuration files of Pure-FTPd
All files on the FTP server are in / etc / pure-ftpd /, configuration files are in the “conf” folder and file for the database is in “db”.
Unlike users you can add or remove without restarting the server, when you edit a configuration file, remember to reload the configuration with the following command.
/etc/init.d/pure-ftpd-mysql force-reload
The configuration files are in / etc / pure-ftpd / conf.
The default configuration contains 7 files.
– AltLog: file to configure the location of logs
– FSCharset: file for setting the character encoding (UTF8 etc …)
– MINUID: file to indicate the minimum UID has access to the server.
– Noanonymous: file to indicate whether to allow or not the anonymous FTP.
– PAMAuthentication: file to indicate whether to allow or not authentication PAM.
– PureDB: file to specify the path to the database of virtual accounts.
– UnixAuthentication: file to indicate whether to allow or not the standard Unix authentication.
Additional files to create :
– MaxIdleTime : Set the timeout by adding a file called “MaxIdleTime” inside the conf directory The content of the file should be the number of minutes you like to set the timeout to be. Afterwards just restart your server.
echo 10 > /etc/pure-ftpd/conf/MaxIdleTime
– PassivePortRange
: If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian Linux :
echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd-mysql restart
Next Update the file /etc/pure-ftpd/conf/ChrootEveryone which simply contains the string yes, and which will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory
> echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
Next Update the file /etc/pure-ftpd/conf/NoAnonymous to forbid this type of connexion
> echo "yes" > /etc/pure-ftpd/conf/NoAnonymous
Next Update the file /etc/pure-ftpd/conf/MinUID which simply contains the string yes, and which will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory
> echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone
Also Update the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes. This will make PureFTPd create a user’s home directory when the user logs in and the home directory does not yet exist.
> echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir
Now we must configure PureFTPd as a standalone daemon (it is currently controlled by inetd). To do this, we open /etc/default/pure-ftpd-common and change the value of the parameter STANDALONE_OR_INETD to standalone:
> sudo nano /etc/default/pure-ftpd-common
Next, we modify /etc/inetd.conf and comment out the ftp line so that it looks like this:
#:STANDARD: These are standard services. #ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/proftpd
Now restart Inetd and PureFTPd mysql :
> /etc/init.d/openbsd-inetd restart > /etc/init.d/pure-ftpd-mysql restart
Configure PureFTPd with mysql
In the folder “conf”, edit the file MySQLConfigFile to put the path to the configuration file we will create: /etc/pure-ftpd/db/pure-ftpd-mysql.conf
Create the MySQL configuration file
Now we create the /etc/pure-ftpd/db/pure-ftpd-mysql.conf configuration file that will be used to indicate the connection information between the FTP server and MySQL.
nano /etc/pure-ftpd/db/pure-ftpd-mysql.conf
MYSQLSocket /var/run/mysqld/mysqld.sock #MYSQLServer localhost #MYSQLPort 3306 MYSQLUser pureftpd MYSQLPassword ftpdpass MYSQLDatabase pureftpd #MYSQLCrypt md5, cleartext, crypt() or password() - md5 is VERY RECOMMENDABLE uppon cleartext MYSQLCrypt md5 MYSQLGetPW SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetUID SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetGID SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MYSQLGetDir SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTASZ SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") MySQLGetQTAFS SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R") |
Make sure that you replace the string ftpdpass with the real password for the MySQL user pureftpd in the line MYSQLPassword! Please note that we use md5 as MYSQLCrypt method, which means we will store the users’ passwords as an MD5 string in the database which is far more secure than using plain text passwords!
For a more simple table in clear text without IP control ans status the content of this file is :
#Database connexion MYSQLServer 127.0.0.1 MYSQLUser pureftpd MYSQLPassword pwdftp MYSQLDatabase pureftpd#Parametres supplementaires MYSQLPort 3306 MYSQLSocket /var/lib/mysql/mysql.sock# Methode de cryptage du mot de passe # Parametres possible : 'crypt', 'md5' ou 'cleartext' pour afficher le mot de passe en clair. MYSQLCrypt cleartext# Requetes SQL permettant a Pure-FTPd de trouver les donnees dans la base MYSQLGetPW SELECT Password FROM users WHERE User="\L" MYSQLGetUID SELECT Uid FROM users WHERE User="\L" MYSQLGetGID SELECT Gid FROM users WHERE User="\L" MYSQLGetDir SELECT Dir FROM users WHERE User="\L" MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L" MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L" MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L" MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L" MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"
Think to Protect Access to Passwords mysql in File pure-ftpd-mysql.conf
> chmod 640 pure-ftpd-mysql.conf
Problem on CreateHomeDir :
When Virtual user try to connect :
they may get this error “Home directory not available – abort” even if they set CreateHomeDir to yes.
Solution:
the last existing in the home path should be own by root.
for example, we want to create somebody’s home directory when he log in, /home/ftpuser/somebody
then the last existing directory ‘ftpuer’ may look like this,
drwxr-xr-x 2 root ftpgroup 4096 2008-04-15 11:20 ftpuser
Showing Another example :
sudo mkdir /home/ftp
sudo chown root:groupftp /home/ftp
In case CreateHomeDir is set to no, Assign Linux rights to the user Folder :
> sudo mkdir /home/ftpuser/test1
> sudo chown -R ftpuser:ftpgroup /home/ftpuser/test1
Uninstall pure-ftpd-common
To remove just pure-ftpd-common package itself from Debian 7 (Wheezy) execute on terminal:
sudo apt-get remove pure-ftpd-common
Uninstall pure-ftpd-common and it’s dependent packages
To remove the pure-ftpd-common package and any other dependant package which are no longer needed from Debian Wheezy.
sudo apt-get remove --auto-remove pure-ftpd-common
Uninstall pure-ftpd-mysql too
apt-get --purge remove pure-ftpd-mysql
apt-get --purge remove pure-ftpd
Purging pure-ftpd-common
If you also want to delete configuration and/or data files of pure-ftpd-common from Debian Wheezy then this will work:
sudo apt-get purge pure-ftpd-common
To delete configuration and/or data files of pure-ftpd-common and it’s dependencies from Debian Wheezy then execute:
sudo apt-get purge --auto-remove pure-ftpd-common
Debian archive repository :
Anyway, when a config file for an installed package is missing, you can use the following command to force dpkg to reinstall original missing configuration files :
dpkg --force-confmiss -i /var/cache/apt/archives/pure-ftpd-mysql_1.0.24-1_i386.deb
When use want a complete removing of a package you need to purge it (usually it means removing also config files).
aptitude purge pure-ftpd-mysql
Assuming you don’t have done an:
apt-get clean
that remove the cache …
Starting ans checking service pure-ftpd
ps uaxf|grep pure-ftpd service pure-ftpd restart service pure-ftpd status
Remove a directory recursively with all files inside :
rm -rf mydir
Get a list of Open Ports in Linux
netstat -lntu
as replied by @askmish will give you list of services running on your system on tcp and udp ports where
-l
= only services which are listening on some port-n
= show port number, don’t try to resolve the service name-t
= tcp ports-u
= udp ports-p
= name of the program
You don’t need the ‘p’ parameter as you’re only interested in getting which ports are free and not which program is running on it.
This only shows which ports on your system are used up, though. This doesn’t tell you the status of your network e.g. if you’re behind NAT and you want some services to be accessible from outside. Or if the firewall is blocking the port for outside visitors. In that case, nmap comes to the rescue. WARNING: Use nmap only on networks which are under your control. Also, there are firewall rules which can block nmap pings, you’ll have to fiddle around with options to get correct results.
How to check Firewall Rules :
> iptables -L -v
https://www.youtube.com/watch?v=XMvprnhP6wI
Iptables Help :
https://help.ubuntu.com/community/IptablesHowTo