Introduction
While vsftpd offers powerful permission configurations, it can be complex for general users. Having used vsftpd for years, I recently decided to try Pure-FTPd on a VPS requiring FTP service.
Installing Pure-FTPd
On CentOS 7, install using yum:
yum install pure-ftpd -yConfiguring Pure-FTPd
The main configuration file is /etc/pure-ftpd/pure-ftpd.conf. Below are key settings.
Core Security & Access Control
- ChrootEveryone: Set to
yesto restrict users to their home directories. - NoAnonymous: Set to
yesto disable anonymous login. - PAMAuthentication: Set to
yesto enable PAM authentication. - MinUID: Set to
1000to allow only system users with UID ≥ 1000 (typical for regular users in CentOS/RHEL 7). - UseFtpUsers: Set to
noif using MinUID for restriction.
Connection & Performance
- MaxClientsNumber: Maximum concurrent connections (e.g.,
10). - MaxClientsPerIP: Max connections per IP (e.g.,
8). - PassivePortRange: Port range for passive mode (e.g.,
31888 36888). Ensure firewall allows this range. - Daemonize: Set to
yesto run as a daemon.
Logging & Filesystem
- VerboseLog: Set to
nounless detailed command logging is needed. - AltLog: Enable for transfer logs (e.g.,
clf:/var/log/pureftpd.log). - FileSystemCharset & ClientCharset: Set both to
UTF-8for non-ASCII filename support. - Umask: File creation mask (e.g.,
133:022).
Other Common Options
- PureDB: Uncomment and set to
/etc/pure-ftpd/pureftpd.pdbfor virtual user database. - IPV4Only: Set to
yesif only IPv4 is needed. - CreateHomeDir: Set to
noto disable automatic home directory creation.
Backup the original configuration file after changes.
Creating System User & Group
Create a dedicated system user and group for FTP service:
groupadd -f ftpgroup
useradd -g ftpgroup ftpuserManaging Virtual Users
Pure-FTPd uses a virtual user system stored in a separate database.
Adding a Virtual User
Create a virtual user ftpnow mapped to system user ftpuser with FTP root directory:
pure-pw useradd ftpnow -u ftpuser -d /whoisyourdaddy -mYou will be prompted to set a password. The -m option writes to the PureDB database.
Setting Directory Permissions
Assign ownership of the FTP root directory:
chown ftpuser:ftpgroup /whoisyourdaddy -RUpdating the User Database
Rebuild the database index after user changes:
pure-pw mkdbOther User Management Commands
- Delete user:
pure-pw userdel ftpnow -m(home directory remains; delete manually) - Change password:
pure-pw passwd ftpnow -m - View user info:
pure-pw show ftpnow
Service Management
Use systemctl on CentOS 7+:
- Start:
systemctl start pure-ftpd.service - Stop:
systemctl stop pure-ftpd.service - Restart:
systemctl restart pure-ftpd.service - Status:
systemctl status pure-ftpd.service - Enable at boot:
systemctl enable pure-ftpd.service
Troubleshooting: 530 Login Authentication Failed
Check system logs if this error occurs:
cat /var/log/messages | grep pure-ftpdA common cause is the mapped system user's UID being lower than the MinUID value (default 1000).
Solutions:
- Ensure the mapped system user (e.g.,
ftpuser) has UID ≥MinUID(check withid ftpuser). - Alternatively, adjust the
MinUIDvalue inpure-ftpd.conf(not recommended to set too low, e.g., 0).
Conclusion
Pure-FTPd offers a clear configuration structure and detailed options, making it more intuitive than vsftpd in some scenarios. Its virtual user system enhances security by separating FTP accounts from system accounts. For users needing a secure, manageable FTP server, Pure-FTPd is a solid choice.