Autorem následujícího návodu je Jon LaBass. Originální WWW v anglickém jazyku.
In order to have virtual user accounts, we need a database of some sort. You can compile Pure-FTPd to work with MySQL, but we are going to use puredb because it was written specifically for use with Pure-FTPd.
| # cd /usr/ports/databases/puredb # make install distclean # cd /usr/ports/ftp/pure-ftpd # make install distclean |
First, we need to rename the configuration file and make an entry to rc.conf to make the daemon start.
| # cd /usr/local/etc # mv pure-ftpd.conf.sample pure-ftpd.conf # echo 'pureftpd_enable=“YES“' >> /etc/rc.conf |
Because we are authenticating virtual users, we need to change only a few lines in the config file. Of course, the configuration file offer a lot of options for you to tweat for your own system. Below are just a couple of requirements and recommendations for use with this guide. So, make sure you have the following lines:
| # nano -w pure-ftpd.conf ChrootEveryone yes PureDB /usr/local/etc/pureftpd.pdb Umask 177:077 AllowUserFXP no CreateHomeDir yes TLS 1 |
Now it is time to generate a self-signed SSL Certificate for use with Pure-FTPd. You can use a signed one if you want, but make sure the name of it is pure-ftpd.pem
| # mkdir -p /etc/ssl/private # openssl req -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem # chmod 600 /etc/ssl/private/*.pem |
Pure-FTPd will start upon system startup, but you can always issue:
| # /usr/local/etc/rc.d/pure-ftpd.sh start |
Now that Pure-FTPd is up and running, it is time to create and
manage our users. Virtual user information is created and
modified with pure-pw and the info is authenticated against /usr/local/etc/pureftpd.passwd and the puredb in /usr/local/etc/pureftpd.pdb. Since the virtual users do not really exist system-wide, we need to create an
actual user and group for filesystem read/write access. You
could even use an existing user/group, but to completely isolate the
ftp users, we will create new ones.
| # pw groupadd ftpgroup # pw useradd ftpusers -c “Virtual FTP Users“ -g ftpgroup -d /dev/null -s /sbin/nologin # mkdir /usr/home/ftpusers |
If you plan on running anonymous ftp, then you have to create the system ftp account and it's home directory like the following and any recursive directories need to be owned by ftp, not ftpusers. This means anonymous ftp cannot be regulated as a virtual account.
| # pw useradd ftp -c “Anonymous FTP“ -d /usr/home/ftpusers/ftp -s /sbin/nologin # mkdir /usr/home/ftpusers/ftp # mkdir /usr/home/ftpusers/ftp/incoming # mkdir /usr/home/ftpusers/ftp/pub # chown ftpusers:ftpgroup /usr/home/ftpusers/ftp # chown ftp:ftpgroup /usr/home/ftpusers/ftp/* # chmod 0755 /usr/home/ftpusers/ftp/incoming # chmod 0555 /usr/home/ftpusers/ftp/pub |
Now that we have a system user/group, we can add our virtual users to be in the same user group. This only becomes a security issue if you do not chroot everyone to stay in their home directory. To simply create a user that has default throttling:
| # pure-pw useradd daniel -u ftpusers -d /usr/home/ftpusers/daniel -m Password: Enter it again: |
The user, daniel, has been created with the UID of ftpusers and the home directory of /usr/home/ftpusers/daniel and this information is mirrored to /usr/local/etc/pureftpd.pdb with the -m flag. If you want daniel to have access to the entire system directory, use the -D flag instead of -d. If you ever get errors about a user not being found, you can always fix that by creating the database with:
| # pure-pw mkdb |
Now, what if you have a system user that should be able to
FTP? There are two ways of doing this. You can
edit /usr/local/etc/pure-ftpd.conf to include UnixAuthentication,
but the recommended way is to add your existing system accounts to
pureftpd.passwd. This is recommended because their ftp
access can then be throttled or managed.
| # pure-pwconvert >> /usr/local/etc/pureftpd.passwd |
Modifying user information uses the same flags as adding users, but you would use usermod instead. So, let's change daniel's parameters so he can only save 10 files and upload at 20 kbps:
| # pure-pw usermod daniel -n 10 -T 20 -m |
To view the set parameters for daniel, we can issue:
| # pure-pw show daniel Login : daniel Password : $2a$07$2GsgzvrRTdAT9ld3bi.rPuIT1bfnfzJx1tqAn49uwHRPn3vfOEhUW UID : 1003 (ftpusers) GID : 1003 (ftpgroup) Directory : /home/ftpusers/daniel/./ Full name : Download bandwidth : 0 Kb (unlimited) Upload bandwidth : 20 Kb (enabled) Max files : 10 (enabled) Max size : 0 Mb (unlimited) Ratio : 0:0 (unlimited:unlimited) Allowed local IPs : Denied local IPs : Allowed client IPs : Denied client IPs : Time restrictions : 0000-0000 (unlimited) Max sim sessions : 0 (unlimited) |
Deleting users is quite simple as well:
| # pure-pw userdel daniel -m |
After modifying a user's parameters, restarting Pure-FTPd is not necessary. Just make the change and it goes into effect immediately. For more information, check out the manpages or find the usage by not specifying any parameters:
| # pure-pw |
Now you are all set up. Try it out with using regular FTP and then FTP over SSL.
• povídání o FreeBSD
• začínáme s FreeBSD
• FreeBSD - základní kroky
• Sun Solaris - základní kroky
• Linux - základní kroky
• Windows - základní kroky
Hrátky s operačními systémy
• FreeBSD router
• FreeBSD ve firmě
• FreeBSD porty - jak na ně?
• vytváření FreeBSD balíčku
• instalace NetBSD
Počítačové sítě
• StarHill
• esej o bezdrátových sítích
• pasivní restranslace
• tvorba sítí typu ethernet
• Pure-FTPd + SSL + VA
• Samba a její nastavení
• Apache SSL - htaccess - PHP
• DHCP server
• Nessus
Lokalizace
• manuály FreeBSD
• RONJA
• Pure-FTPd
• nastavení Pure-FTPd
Software
• Visual Basic
• Acrobat Reader 5 a FreeBSD
• logovací démon - syslogd
Jednočipy
• programátor PIC
Různé
• mé konfigurační soubory