Pure-ftpd administration – suse blog suse communities binary representation


In this article I am going to cover setting up virtual users and administrating user accounts conversion aud usd. Some of the tasks we will look at are; chrooting users, setting upload/download limits, restricting IP access and many other tasks. Pure-FTPd is an excellent service that provides a rich set of features and a high level of security as it is regularly audited for security vulnerabilities, Pure-FTPd also provides server messages in multiple languages which helps administrators that don’t natively speak English. Installing Pure-FTPd

The Pure-FTPd daemon can be installed from the SUSE installation disks. To check that it is not currently installed you can issue the “ rpm” command with the following qualifiers “-q pure-ftpd” this will query the RPM database for the pure-ftpd package, as shown in Figure 1.

linux-1reo:~ # rpm -q pure-ftpd

When you query the database for Pure-FTPd and nothing is returned you will need to install the daemon using the YaST utility either issue the command “ yast” or “ yast2” depending on your preference of interface.

Once Pure-FTPd has been installed you can start the service by using either the “ service” command or the “ rcpure-ftpd” as shown in Figure 1.1. linux-1reo:~ # /sbin/service pure-ftpd start

On a side note, whenever you make changes to the Pure-FTP daemon you are require to restart the daemon for the changes to take effect. Firewall configuration

Once Pure-FTPd has been successfully installed you will need to configure the passive ports and the actual FTP port (21) on the firewall and in the “pure-ftpd.conf” configuration file which is located in the “/etc/pure-ftpd” directory.

The first step to do is define what port range we are going to use for passive connections, in the “pure-ftpd.conf” file the default is 30000 – 50000 which is fine all you need to do is uncomment the “PassivePortRange 30000 50000” directive as shown in Figure 1.2. …

Once this has been uncommented you will need to restart the Pure-FTPd daemon stock market futures tomorrow. When you have restarted the Pure-FTPd daemon you will need to open the port range in the firewall as shown in Figure 1.3. linux-1reo:~ # iptables -I INPUT 2 -p tcp –dport 30000:50000 -j ACCEPT

The first rule shown in Figure 1.3 opens the passive port range for TCP connections, the second command does the same accept it opens the port range for UDP connections live quotes commodity futures market. The third rule opens port 21 for TCP connections and rule four opens port 21 for UDP connections.

Once the ports have been opened you can FTP from another machine to the server and login as the anonymous user. Once you have logged in as the anonymous user you can issue the “ ls” command and you should be able see two directory “.” and “..” as shown in Figure 1.4. If you issued the “ ls” command and it stalled on “227 Entering Passive Mode (192,168,0,5,133,40)” message you have not configured the firewall correctly. [damian@server2 ~]$ ftp 21

Once the firewall has been configured you will need to edited two important directives within the “pure-ftpd.conf” configuration file. The first directive is “PureDB”, by default this directive has been commented out, you will need to uncomment this directive. The second directive is “AnonymousOnly” this directive needs to be set to “no” otherwise Pure-FTPd will only allow anonymous logins.

The next step is to create a user and group that virtual users will be assigned to gold price history chart. This will reduce the total number of user IDs (UID) and group IDs (GID) that will be stored in the “/etc/passwd” file, as each virtual user needs a UID and a GID. The command used to create a group is “ groupadd” as shown in Figure 2. linux-1reo:~ # groupadd virftp

Once the “virftp” group has been created the next step is to create a user which will house all virtual users usd to rm. The user we will create is “virftp” as shown in Figure 2.1. linux-1reo:~ # useradd -g virftp -d /srv/home -s /bin/false virftp

Once the user and group have been successfully created you will need to create a home directory for the “virftp” user as shown in Figure 2.2. linux-1reo:~ # mkdir /srv/home

Once the “virftp” user and group has been created you can begin to create virtual users. When creating the first virtual users you will need to issue the “ pure-pw mkdb” command which creates the virtual user(s) database binary to number. The user we will create in this article is “damian”. The command we will be using is “ pure-pw useradd” as shown in Figure 3. linux-1reo:~ # pure-pw useradd damian -u virftp -g virftp -d /srv/home/damian

Once the user has been created there home directory needs to be created manually and needs the user and group owner of “virftp” as shown in Figure 3.1. linux-1reo:~ # mkdir /srv/home/damian

Once the user has been successfully created and there home directory has been created and has the appropriate permissions set you can now login as that user. The “ pure-pw mkdb” dose not need to be issued again after the first user has been created as the “-m” qualifier will update the database automatically the box nyc dress code. Chrooting users

When adding virtual users to your system by default they are automatically chrooted however, if this is not what you want you can use the “-D” qualifier which will not chroot user into their home directory. Upload/Download limiting

Setting upload and download limits is very simple as there are only two simple qualifiers that control upload and download speeds. The two qualifiers that control the upload and download speeds are; “-t” for download and “-T” for upload. Setting download limit

In this article we are going to limit the user “damian” to 10Kbps even though the network speed is 100Mbps euro dollar exchange rate bloomberg. The command to modify the user is “ pure-pw” along with the “usermod” argument, as shown in Figure 4. linux-1reo:~ # pure-pw usermod damian -t 10 -m

Once you have set the download limit to 10Kbps you can view this by issuing the “ pure-pw” command with the “show” argument, as shown in Figure 4.1. linux-1reo:~# pure-pw show damian

Once the download limit has been set you should connect to your FTP server and download a test file, if all has gone well the user should not be able to download faster than 10Kpbs. Setting upload limit

We are now going to limit the user “damian” to 10Kbps, similar to what we have done with the download speed. The command we are going to use is “ pure-pw” along with the “usermod” argument as shown in Figure 4.2. linux-1reo:~ # pure-pw usermod damian -T 10 -m

Once the upload limit has been set you can view the effect by using the “pure-pw” command with the “show” argument as shown in Figure 4.1. IP Restrictions

Restricting access based on IP addresses is very simple ringgit to usd exchange rate. The qualifier that is used to block IP addresses is “-R” followed by the IP address as shown in Figure 5. linux-1reo:~# pure-pw usermod damian -R -m

The example shown in Figure 5 will deny access to the host trying to login as the user “damian” even if the user enters the correct password they will be denied access. Time restrictions

Setting time restrictions is very easy with Pure-FTP. The time notation that Pure-FTP uses is 24 hour, so to allow the user “damian” to access the FTP server between 1PM and 5PM you would enter the time as follows “1300-1700” as shown in Figure 6. linux-1reo:~ # pure-pw usermod damian -z 1300-1700 -m

The Pure-FTP daemon provides a utility called: “ pure-ftpwho” which allows you to see what activities are happening on your FTP server such as; who is logged in, what they are doing, were they are connecting from. Figure 7 shows the output of the “ pure-ftpwho” command. linux-1reo:~ # pure-ftpwho

When dealing with virtual users you may also find you want to reset certain fields such as download/upload limits, time restrictions and any of the other fields. The way you set set the values is by supplying two quotes (”) with the qualifier as shown in Figure 7.1. linux-1reo:~ # pure-pw usermod damian -R ” -m

The Pure-FTP daemon has shown that it is very powerful and very feature rich allowing administrators to easily manage their users and apply strict policy. I would also recommend visiting the Pure-FTP website [1] as they provide guides on setting Pure-FTP up with MySQL and PostgreSQL binary search tree. Reference