Pure-FTPd with MySQL backend

Posted: June 11, 2011 by Hacking & Relax in Linux

Pure-FTPd is a free, secure, production-quality and standard-conformant FTP server. It doesn’t provide useless bells and whistles, but focuses on efficiency and ease of use. It provides simple answers to common needs, plus unique useful features for personal users as well as hosting providers.

In this tutorial we’ll install Pure-FTPd with MySQL backend.

Install Pure-FTPd with mysql backend
apt-get install pure-ftpd-mysql

Create user and group used to run the ftp server
groupadd -g 2001 ftpgroup
useradd -u 2001 -s /bin/false -d /bin/null -c "pureftpd user" -g ftpgroup ftpuser

Create database and a table that will store user information
mysql -u root -p
GRANT SELECT ON ftpd.* TO vhosts@localhost IDENTIFIED BY 'mypasswd';
USE ftpd;

user varchar(30) NOT NULL,
password varchar(64) NOT NULL,
home varchar(128) NOT NULL,
bandwidth_limit_upload smallint(5) NOT NULL default 0,
bandwidth_limit_download smallint(5) NOT NULL default 0,
ip_allow varchar(15) NOT NULL default 'any',
quota smallint(5) NOT NULL default '0',
quota_files int(11) NOT NULL default 0,
active enum('yes','no') NOT NULL default 'yes',
UNIQUE KEY User (user)

INSERT INTO users (user, password, home) VALUES ('username', MD5('mypasswd'), '/home/username');


You will be able to control bandwidth limits and quotas for each user. Using zero for these fields will allow unlimited use of resources. The bandwidth limits are specified in KB/s and the quota in MB.

Configure Pure-ftpd (pico /etc/pure-ftpd/db/mysql.conf). Remove everything from the default configuration file and add these lines:
MYSQLSocket /var/run/mysqld/mysqld.sock
MYSQLUser vhosts
MYSQLPassword mypasswd
MYSQLDatabase ftpd
MYSQLCrypt md5
MYSQLDefaultUID 2001
MYSQLDefaultGID 2001
MYSQLGetPW SELECT password FROM users WHERE user = "\L" AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MYSQLGetDir SELECT home FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetBandwidthUL SELECT bandwidth_limit_upload FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetBandwidthDL SELECT bandwidth_limit_download FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetQTASZ SELECT quota FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")
MySQLGetQTAFS SELECT quota_files FROM users WHERE user = "\L"AND active = "yes" AND (ip_allow = "any" OR ip_allow LIKE "\R")

Create these simple text files that will force the server to create home directories for users if they don’t exist and chroot the user to it’s home directory:

pico /etc/pure-ftpd/conf/ChrootEveryone

pico /etc/pure-ftpd/conf/CreateHomeDir

Since we are using pure-ftpd-mysql insted of pure-ftpd, make the following change (pico /usr/sbin/pure-ftpd-wrapper):
my $daemon = '/usr/sbin/pure-ftpd-mysql';

Restart Pure-ftpd
/etc/init.d/pure-ftpd-mysql restart

We’re all done. You should be able to make connections to the servers with your favorite FTP client.

Update – 29th October 2008

I’ve had problems with debian-minimal installations where the ftp server simply won’t start and doesn’t leave any trace in the log files. To fix that I had to make one minor change to the inetd config file (pico /etc/inetd.conf):

ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/pure-ftpd-mysql

Open the config file and in the ftp line, change pure-ftpd-wrapper to pure-ftpd-mysql

When done, restart inetd:

/etc/init.d/openbsd-inetd restart

Update – 20th April 2010

In lenny, use this command to restart the service or change the variable STANDALONE_OR_INETD to standalone in /etc/default/pure-ftpd-common:

/etc/init.d/openbsd-inetd restart


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s