How to Install Pure-FTPd on Ubuntu 22.04

by

Pure-FTPd is a free, secure, and efficient FTP server, licensed under the BSD license. Designed for production use, it emphasizes simplicity and reliability without unnecessary features. This guide will walk you through the installation and configuration of Pure-FTPd on Ubuntu.

Prerequisites for Installing Pure-FTPd

Before you begin the installation, ensure you have the following:

  • An Ubuntu server setup
  • Access to a user account with sudo privileges

Step-by-Step Installation of Pure-FTPd

Updating System Packages

Start by updating your system’s package list:

sudo apt update

Installing Pure-FTPd

To install Pure-FTPd, use the following command:

sudo apt install pure-ftpd

Configuring Pure-FTPd for Enhanced Security

Setting Up a Secure Environment

Create a dedicated group for FTP users:

sudo groupadd ftpgroup

Create a user for Pure-FTPd:

sudo useradd -g ftpgroup -d /dev/null -s /etc ftpuser

Managing User Access

To add a user to the FTP server, run:

sudo pure-pw useradd [username] -u ftpuser -g ftpgroup -d /home/ftpusers/[username]
sudo pure-pw mkdb

Replace [username] with your preferred username.

Configuring TLS for Secure Data Transfer

Generate a self-signed certificate by executing:

sudo openssl req -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Then, modify the Pure-FTPd configuration to enable TLS:

echo 1 | sudo tee /etc/pure-ftpd/conf/TLS
sudo service pure-ftpd restart

Advanced Configuration Options

Below are common settings you can configure in the /etc/pure-ftpd/conf/ directory on Ubuntu. Configuration file names are given in bold.

  • AltLog: Configures alternative logging methods, e.g., AltLog clf:/var/log/pureftpd.log for W3C format logging.
  • AnonymousOnly: Allows only anonymous logins when enabled.
  • AntiWarez: Prohibits uploading of files that already exist on the server.
  • AutoRename: Automatically renames files if a matching name exists.
  • Bind: Binds the server to specific IP addresses and ports, e.g., Bind 21.
  • BrokenClientsCompatibility: Ensures compatibility with non-compliant FTP clients.
  • ChrootEveryone: Restricts users to their home directories when enabled.
  • CreateHomeDir: Automatically creates user home directories upon login.
  • CustomerProof: Provides resilience against common mistakes in client configurations and commands.
  • Daemonize: Runs Pure-FTPd as a daemon when enabled.
  • DisplayDotFiles: Determines if hidden files (dot files) are shown.
  • DontResolve: Improves performance by preventing DNS resolution for logging.
  • ExtAuth: Specifies external programs for user authentication.
  • ForcePassiveIP: Specifies which IP address the server reports to passive mode clients.
  • FSCharset: Sets the file system character set (useful for non-ASCII filenames).
  • IPv4Only or IPv6Only: Restricts server addresses to IPv4 or IPv6.
  • KeepAllFiles: Prevents deletion of files on the server.
  • LDAPConfigFile: Points to the LDAP configuration file for authentication.
  • LimitRecursion: Controls recursion limits in directory listings.
  • MaxClientsNumber: Sets maximum simultaneous clients.
  • MaxClientsPerIP: Restricts simultaneous connections per IP address.
  • MaxDiskUsage: Defines maximum allowable disk space usage percentage.
  • MaxIdleTime: Sets time limit for client inactivity.
  • MaxLoad: Manages client connections based on server load.
  • MinUID: Sets minimum user ID for authentication.
  • MySQLConfigFile: Specifies MySQL config file for database authentication.
  • NoAnonymous: Disables anonymous logins when enabled.
  • NoChmod: Disables the CHMOD command.
  • NoRename: Prevents file renaming.
  • PassivePortRange: Defines range of ports for passive mode connections.
  • PerUserLimits: Controls connection limits on a per-user basis.
  • PureDB: Specifies PureDB user database file path.
  • Quota: Sets user quota limits.
  • SyslogFacility: Designates syslog facility for logging purposes.
  • TLSCipherSuite: Specifies TLS ciphers for secure connections.
  • TrustedGID: Lists trusted group IDs for authentication.
  • UMask: Configures default umask for file and directory creation.
  • UnixAuthentication: Enables UNIX password database authentication.
  • UploadScript: Designates script to execute post-upload.

For full details, consult the official Pure-FTPd documentation or run:

pure-ftpd-wrapper --help

Examples

Below are examples illustrating configurations in the /etc/pure-ftpd/conf/ directory:

  • AltLog: Example: clf:/var/log/pureftpd.log
  • AnonymousOnly: No value needed, activate by creating a file.
  • AntiWarez: No value needed, activate by creating a file.
  • AutoRename: No value needed, activate by creating a file.
  • Bind: Example: 192.168.0.1,21
  • BrokenClientsCompatibility: No value needed, activate by creating a file.
  • ChrootEveryone: No value needed, activate by creating a file.
  • CreateHomeDir: No value needed, activate by creating a file.
  • CustomerProof: No value needed, activate by creating a file.
  • Daemonize: No value needed, activate by creating a file.
  • DisplayDotFiles: No value needed, activate by creating a file.
  • DontResolve: No value needed, activate by creating a file.
  • ExtAuth: Example: /usr/local/bin/myauth
  • ForcePassiveIP: Example: 192.168.0.1
  • FSCharset: Example: utf-8
  • IPv4Only or IPv6Only: No value needed, activate by creating a file.
  • KeepAllFiles: No value needed, activate by creating a file.
  • LDAPConfigFile: Example: /etc/pure-ftpd/ldap.conf
  • LimitRecursion: Example: 10000 8 (files, levels)
  • MaxClientsNumber: Example: 50
  • MaxClientsPerIP: Example: 8
  • MaxDiskUsage: Example: 95 (percent)
  • MaxIdleTime: Example: 15 (minutes)
  • MaxLoad: Example: 4.0
  • MinUID: Example: 1000
  • MySQLConfigFile: Example: /etc/pure-ftpd/mysql.conf
  • NoAnonymous: No value needed, activate by creating a file.
  • NoChmod: No value needed, activate by creating a file.
  • NoRename: No value needed, activate by creating a file.
  • PassivePortRange: Example: 30000 35000
  • PerUserLimits: Example: 8 (connections per user)
  • PureDB: Example: /etc/pure-ftpd/pureftpd.pdb
  • Quota: Example: 1000M (Megabytes)
  • SyslogFacility: Example: ftp
  • TLSCipherSuite: Example: HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
  • TrustedGID: Example: 1000
  • UMask: Example: 133:022 (Files, Directories)
  • UnixAuthentication: No value needed, activate by creating a file.
  • UploadScript: Example: /usr/local/bin/uploadscript

These examples show how to configure different options in Pure-FTPd.

Monitoring and Maintenance

Regularly monitor /var/log/pure-ftpd/ for unusual activities or errors.

FAQ

What is Pure-FTPd?

Pure-FTPd is a free, secure, and efficient FTP server that complies with applicable standards. It is designed for simplicity in production environments.

Which operating systems are compatible with Pure-FTPd?

Primarily designed for Unix-like operating systems, Pure-FTPd can be installed on various Linux distros, including Ubuntu.

How does Pure-FTPd ensure security?

Pure-FTPd offers several security features such as virtual users, chrooted environment, and support for TLS/SSL encryption.

Can Pure-FTPd be used for commercial purposes?

Yes, being BSD-licensed, Pure-FTPd can be freely used, modified, and distributed for commercial purposes.

Where can I find official documentation for Pure-FTPd?

The official documentation is available on the Pure-FTPd project website or by using the command pure-ftpd --help in your terminal.