Install FTP server with PureFTPd and MySQL on Debian

Install MySQL

> sudo apt-get install mysql-server

During the installation process, you will be prompted to set a password for the MySQL root user as shown below. Choose a strong password and keep it in a safe place for future reference. MySQL will bind to localhost (127.0.0.1) by default.

Install interactive process viewer Htop

>sudo apt-get install htop
pureftpd004

Install and Setting Up phpMyAdmin

  1. Install the current version of phpMyAdmin:
    1
    sudo apt-get install phpmyadmin

    You will be asked which server to automatically configure phpMyAdmin for. Select “apache2.” When asked to configure database for phpmyadmin with dbconfig-common, select yes.

Using MySQL

The standard tool for interacting with MySQL is the mysql client which installs with the mysql-server package. The MySQL client is used through a terminal.
* If you are more confortable with Gui interface so Phpmyadim was installed too (http://yourIP/phpmyadmin)

Root Login

  1. To log in to MySQL as the root user:
    1
    mysql -u root -p
  2. When prompted, enter the root password. You’ll then be presented with a welcome header and the MySQL prompt as shown below:
    1
    mysql>

Now we create a database called pureftpd and a MySQL user named pureftpd which the PureFTPd daemon will use later on to connect to the pureftpd database:

mysql -u root -p
mysql> CREATE DATABASE pureftpd;

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost’ IDENTIFIED BY ‘ftpdpass’;

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON pureftpd.* TO ‘pureftpd’@’localhost.localdomain’ IDENTIFIED BY ‘ftpdpass’;

FLUSH PRIVILEGES;

Next we create a custom mysql Table according to our needs and the options explained below …

CREATE TABLE `users` (
 `Id` int(11) NOT NULL auto_increment,
 `User` varchar(32) NOT NULL default '',
 `Password` varchar(64) NOT NULL default '',
 `Uid` int(3) NOT NULL default '2001',
 `Gid` int(3) NOT NULL default '2001',
 `Dir` varchar(255) NOT NULL default '',
 `QuotaSize` int(4) NOT NULL default '250',
 `ULBandwidth` int(2) NOT NULL default '100',
 `DLBandwidth` int(2) NOT NULL default '100',
 PRIMARY KEY  (`ID`),
 UNIQUE KEY `User` (`User`)
);

 

Column Description
user The name of the virtual PureFTPd user
status 0 or 1. 0 means the account is disabled, the user cannot login.
password The password of the virtual user. Make sure you use MySQL’s encrypt function to save the password in encrypted form
uid The userid of the ftp user you created at the end of step two (e.g. 2001).
gid The groupid of the ftp group you created at the end of step two (e.g. 2001).
dir The home directory of the virtual PureFTPd user (e.g. /home/www.example.com). If it does not exist, it will be created when the new user logs in the first time via FTP. The virtual user will be jailed into this home directory, i.e., he cannot access other directories outside his home directory.
ulbandwidth Upload bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited.
dlbandwidth Download bandwidth of the virtual user in KB/sec. (kilobytes per second). 0 means unlimited.
comment You can enter any comment here (e.g. for your internal administration) here. Normally you leave this field empty.
ipaccess Enter IP addresses here that are allowed to connect to this FTP account. * means any IP address is allowed to connect.
quotasize Storage space in MB (not KB, as in ULBandwidth and DLBandwidth!) the virtual user is allowed to use on the FTP server. 0 means unlimited.
quotafiles amount of files the virtual user is allowed to save on the FTP server. 0 means unlimited.

Insert a new User in the Database / Note Password MD5 or ClearText :

INSERT INTO `users` ( `User` , `Password` , `Uid` , `Gid` , `Dir`, `Quotasize`,`ULBandwidth`, `ULBandwidth` )
VALUES ('web', MD5( 'PASS_FTP_USER' ) , '2001', '2001', '/home/ftp/users/U1', `250`, `0`, `0`);

Install PureFTPd With MySQL Support

> sudo apt-get install pure-ftpd pure-ftpd-common

> sudo apt-get install pure-ftpd-mysql

 

Then we create a ftp group (ftpgroup) and user (ftpuser) that all virtual users will be mapped to. Replace the group and userid 2001 with a number that is free on your system:

> groupadd -g 2001 ftpgroup
> useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

Assign Linux rights to the user Folder :
> sudo mkdir /home/ftpuser/test1

> sudo chown -R ftpuser:ftpgroup /home/ftpuser/test1

The configuration files of Pure-FTPd

All files on the FTP server are in / etc / pure-ftpd /, configuration files are in the “conf” folder and file for the database is in “db”.

Unlike users you can add or remove without restarting the server, when you edit a configuration file, remember to reload the configuration with the following command.

/etc/init.d/pure-ftpd-mysql force-reload

The configuration files are in / etc / pure-ftpd / conf.

The default configuration contains 7 files.

– AltLog: file to configure the location of logs

– FSCharset: file for setting the character encoding (UTF8 etc …)

– MINUID: file to indicate the minimum UID has access to the server.

– Noanonymous: file to indicate whether to allow or not the anonymous FTP.

– PAMAuthentication: file to indicate whether to allow or not authentication PAM.

– PureDB: file to specify the path to the database of virtual accounts.

– UnixAuthentication: file to indicate whether to allow or not the standard Unix authentication.
Additional files to create :
– MaxIdleTime : Set the timeout by adding a file called “MaxIdleTime” inside the conf directory The content of the file should be the number of minutes you like to set the timeout to be. Afterwards just restart your server.

echo 10 > /etc/pure-ftpd/conf/MaxIdleTime

PassivePortRange : If you run a firewall on your Linux server and want to use passive FTP connections, you have to define the passive port range in pure-ftpd and your firewall to ensure that the connections dont get blocked. The following example is for pure-ftpd on Debian Linux :

echo "40110 40210" > /etc/pure-ftpd/conf/PassivePortRange
/etc/init.d/pure-ftpd-mysql restart

pureftpd003

Next Update the file /etc/pure-ftpd/conf/ChrootEveryone which simply contains the string yes, and which will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory

> echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

Next Update the file /etc/pure-ftpd/conf/NoAnonymous to forbid this type of connexion

> echo "yes" > /etc/pure-ftpd/conf/NoAnonymous

Next Update the file /etc/pure-ftpd/conf/MinUID which simply contains the string yes, and which will make PureFTPd chroot every virtual user in his home directory so he will not be able to browse directories and files outside his home directory

> echo "yes" > /etc/pure-ftpd/conf/ChrootEveryone

Also Update the file /etc/pure-ftpd/conf/CreateHomeDir which again simply contains the string yes. This will make PureFTPd create a user’s home directory when the user logs in and the home directory does not yet exist.

> echo "yes" > /etc/pure-ftpd/conf/CreateHomeDir

pureftpd002

Now we must configure PureFTPd as a standalone daemon (it is currently controlled by inetd). To do this, we open /etc/default/pure-ftpd-common and change the value of the parameter STANDALONE_OR_INETD to standalone:

> sudo nano /etc/default/pure-ftpd-common

Next, we modify /etc/inetd.conf and comment out the ftp line so that it looks like this:

#:STANDARD: These are standard services.
#ftp    stream  tcp nowait  root    /usr/sbin/tcpd /usr/sbin/proftpd

Now restart Inetd and PureFTPd mysql :

> /etc/init.d/openbsd-inetd restart
> /etc/init.d/pure-ftpd-mysql restart

pureftpd001

Configure PureFTPd with mysql

In the folder “conf”, edit the file MySQLConfigFile to put the path to the configuration file we will create: /etc/pure-ftpd/db/pure-ftpd-mysql.conf
Create the MySQL configuration file

Now we create the /etc/pure-ftpd/db/pure-ftpd-mysql.conf configuration file that will be used to indicate the connection information between the FTP server and MySQL.

nano /etc/pure-ftpd/db/pure-ftpd-mysql.conf

MYSQLSocket      /var/run/mysqld/mysqld.sock
#MYSQLServer     localhost
#MYSQLPort       3306
MYSQLUser       pureftpd
MYSQLPassword   ftpdpass
MYSQLDatabase   pureftpd
#MYSQLCrypt md5, cleartext, crypt() or password() - md5 is VERY RECOMMENDABLE uppon cleartext
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetUID     SELECT Uid FROM ftpd WHERE User="\L" AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetGID     SELECT Gid FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MYSQLGetDir     SELECT Dir FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthUL SELECT ULBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetBandwidthDL SELECT DLBandwidth FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTASZ   SELECT QuotaSize FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")
MySQLGetQTAFS   SELECT QuotaFiles FROM ftpd WHERE User="\L"AND status="1" AND (ipaccess = "*" OR ipaccess LIKE "\R")

Make sure that you replace the string ftpdpass with the real password for the MySQL user pureftpd in the line MYSQLPassword! Please note that we use md5 as MYSQLCrypt method, which means we will store the users’ passwords as an MD5 string in the database which is far more secure than using plain text passwords!

For a more simple table in clear text without IP control  ans status the content of this file is :

#Database connexion
MYSQLServer 127.0.0.1
MYSQLUser pureftpd
MYSQLPassword pwdftp
MYSQLDatabase pureftpd#Parametres supplementaires
MYSQLPort 3306
MYSQLSocket /var/lib/mysql/mysql.sock# Methode de cryptage du mot de passe
# Parametres possible : 'crypt', 'md5' ou 'cleartext' pour afficher le mot de passe en clair.
MYSQLCrypt cleartext# Requetes SQL permettant a Pure-FTPd de trouver les donnees dans la base
MYSQLGetPW SELECT Password FROM users WHERE User="\L"
MYSQLGetUID SELECT Uid FROM users WHERE User="\L"
MYSQLGetGID SELECT Gid FROM users WHERE User="\L"
MYSQLGetDir SELECT Dir FROM users WHERE User="\L"
MySQLGetQTASZ SELECT QuotaSize FROM users WHERE User="\L"
MySQLGetRatioUL SELECT ULRatio FROM users WHERE User="\L"
MySQLGetRatioDL SELECT DLRatio FROM users WHERE User="\L"
MySQLGetBandwidthUL SELECT ULBandwidth FROM users WHERE User="\L"
MySQLGetBandwidthDL SELECT DLBandwidth FROM users WHERE User="\L"

 

Think to Protect Access to Passwords mysql in File pure-ftpd-mysql.conf

> chmod 640 pure-ftpd-mysql.conf

Problem on CreateHomeDir :

When Virtual user try to connect :
they may get this error “Home directory not available – abort” even if they set CreateHomeDir to yes.

Solution:
the last existing in the home path should be own by root.
for example, we want to create somebody’s home directory when he log in, /home/ftpuser/somebody
then the last existing directory ‘ftpuer’ may look like this,

drwxr-xr-x 2 root ftpgroup 4096 2008-04-15 11:20 ftpuser

Showing Another example :

sudo mkdir /home/ftp

sudo chown root:groupftp /home/ftp
pureftpd005

In case CreateHomeDir is set to no, Assign Linux rights to the user Folder :
> sudo mkdir /home/ftpuser/test1

> sudo chown -R ftpuser:ftpgroup /home/ftpuser/test1

 

Uninstall pure-ftpd-common

To remove just pure-ftpd-common package itself from Debian 7 (Wheezy) execute on terminal:

sudo apt-get remove pure-ftpd-common

Uninstall pure-ftpd-common and it’s dependent packages

To remove the pure-ftpd-common package and any other dependant package which are no longer needed from Debian Wheezy.

sudo apt-get remove --auto-remove pure-ftpd-common

Uninstall pure-ftpd-mysql too

apt-get --purge remove pure-ftpd-mysql
apt-get --purge remove pure-ftpd

Purging pure-ftpd-common

If you also want to delete configuration and/or data files of pure-ftpd-common from Debian Wheezy then this will work:

sudo apt-get purge pure-ftpd-common

To delete configuration and/or data files of pure-ftpd-common and it’s dependencies from Debian Wheezy then execute:

sudo apt-get purge --auto-remove pure-ftpd-common

Debian archive repository :

Anyway, when a config file for an installed package is missing, you can use the following command to force dpkg to reinstall original missing configuration files :

dpkg --force-confmiss -i /var/cache/apt/archives/pure-ftpd-mysql_1.0.24-1_i386.deb

When use want a complete removing of a package you need to purge it (usually it means removing also config files).

aptitude purge pure-ftpd-mysql

Assuming you don’t have done an:

apt-get clean

that remove the cache …

Starting ans checking service pure-ftpd

ps uaxf|grep pure-ftpd
service pure-ftpd restart
service pure-ftpd status

Remove a directory recursively with all files inside :
rm -rf mydir

Get a list of Open Ports in Linux

netstat -lntu

as replied by @askmish will give you list of services running on your system on tcp and udp ports where

  • -l = only services which are listening on some port
  • -n = show port number, don’t try to resolve the service name
  • -t = tcp ports
  • -u = udp ports
  • -p = name of the program

You don’t need the ‘p’ parameter as you’re only interested in getting which ports are free and not which program is running on it.

This only shows which ports on your system are used up, though. This doesn’t tell you the status of your network e.g. if you’re behind NAT and you want some services to be accessible from outside. Or if the firewall is blocking the port for outside visitors. In that case, nmap comes to the rescue. WARNING: Use nmap only on networks which are under your control. Also, there are firewall rules which can block nmap pings, you’ll have to fiddle around with options to get correct results.

How to check Firewall Rules :

>  iptables -L -v

https://www.youtube.com/watch?v=XMvprnhP6wI

Iptables Help :

https://help.ubuntu.com/community/IptablesHowTo

 

extradrmtech

Since 30 years I work on Database Architecture and data migration protocols. I am also a consultant in Web content management solutions and medias protecting solutions. I am experienced web-developer with over 10 years developing PHP/MySQL, C#, VB.Net applications ranging from simple web sites to extensive web-based business applications. Besides my work, I like to work freelance only on some wordpress projects because it is relaxing and delightful CMS for me. When not working, I like to dance salsa and swing and to have fun with my little family.

You may also like...