How to setup PureFTP with MySQL and TLS authentication on Ubuntu Xenial (16.04)
I used ProFTPd for a long time. However on the previus Ubuntu LTS (Trusty) ProFTPd was already buggy, shutting down by itself, which I corrected with a script.
On Xenial, situation become worse, with the product stopping but not shutting down. On the other end I could never setup ProFTPd for passive ftp transfers and TLS never worked properly since MLSD command failed with TLS authentication.
So, I decided to give PureFTP a try. I had to search for information on many different sites since the main site has no information on the obscure files used in the configuration directory. Those are transcriptions of the command-line options with a distinct syntax.
I found out that the installation is straight-forward and repeatable when you know the steps to take and the product works like a charm, so I decided to share the installation process with the community.
I assume you will use phpmyadmin in what MySQL operations are concerned and are familiar with it, so I will be providing an sql file for the single needed database, and assume InnoDB or other transactional engine. If you are using MyISAM, just comment the last sentence on the provided mysql.conf(MySQLTransactions On). All bash commands must be preceded with sudo or you may start a root session with su.
1. Install the software
# apt-get install pure-ftpd-mysql
2. Setup user and group
# groupadd -g 2001 ftpgroup
# useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser
3. Setup the database
Now using phpmyadmin on the server tab create an user called pureftpd, note the password you choose and click on "Create database with same name and grant all privileges.".
Load this file and unpack it.
On the left-pane go to the pureftpd database just created and click on "Import". Select the file you just unpacked. You should end up with a pupulated database with a single table where:
User is the user name
status is 0 inactive 1 active
Password is the password, encrypted in MD5 (choose MD5 after you enter the password on the varchar(64) dropdown. Change the password on the test user provided or it will never work
Uid and Gid will be 2001 (created on steps above)
Dir should point to the dir where you have the files. Either that dir is set to be owned by the user/group created (chown ftpuser.ftpgroup "dir") or you might just add ftpuser to your www-data group if we are talking about apache-served files.
ULBandwidth and DLBandidth are the limits in kb/s for the upload/download maximum bandwidths, 0 means no limit
comment should serve your internal purposes for user identification
QuotaSize is the maximum space an user is allowed to upload
QuotaFiles is the maximum number of files an user is allowed to upload
# cp /etc/pure-ftpd/db/mysql.conf /etc/pure-ftpd/db/mysql.conf.old
4. Configure pureFTP
Load this file and unpack it.
Copy the mysql.conf inside the db directory to /etc/pure-ftpd/db/
Please change the string my_password on the mysql.conf file, MYSQLPassword field, to the password you defined when you created the user with mysqladmin
Load this file and unpack it.
Copy all files inside the conf directory to /etc/pure-ftpd/conf/
It is assumed in these files that passive ports are 50000-50010 (PassivePortRange), no passive mode forcing (no ForcePassiveIP file, if you want that create one and leave your IP there in a single line), no automatic creation of user home directory (CreateHomeDir), no name resolution (DontResolve), no display of hidden files (DisplayDotFiles), no local user authentication (PAMAuthentication), all users jailed in their home directory (ChrootEveryone). I increased the maximum number of files per folder and the maximum directory depth (LimitRecursion) to 5000/50. If you want to change those refer to the documentation.
# aptitude install openssl
5. Install ssl certificate
# openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem
-days 3650 will create you a certificate for 10 years...
# chmod /etc/ssl/private/pure-ftpd.pem
And at last...
6. Putting it to work
# service pure-ftpd-mysql restart
Well, it should work...
Installation of the above is entirely on your risk.
