in FreeBSD

How to install FTP Server (pure-ftp) on FreeBSD 10.1

This is 3rd post from virtual user hosting with FreeBSD 10 series. First two are located here :

  1. How to install virtual Ftp hosting with PureFTP on FreeBSD 10 : Part 1 – Setup
  2. How to install virtual Ftp hosting with PureFTP on FreeBSD 10 : Part 2 – TLS & Unix Auth

I restart the process using latest FreeBSD version at the moment : FreeBSD 10.1 using custom iso.

Some highlight from FreeBSD 10.1-RELEASE announcement :

  • The new console driver, vt(4), has been added.
  • Support for FreeBSD/i386 guests has been added to bhyve(4).
  • The bhyve(4) hypervisor now supports booting from a zfs(8) filesystem.
  • Support for SMP was added to the armv6 kernels and enabled by default in the configuration files for all platforms that contain multi-core CPUs.
  • Initial support for UEFI boot has been added for the FreeBSD/amd64 architecture.
  • Support has been added to cache geli(8) passphrases during system boot.
  • Support for the UDP-Lite protocol (RFC 3828) has been added to the IPv4 and IPv6 stacks.
  • The new filesystem automount facility, autofs(5), has been added.
  • The sshd(8) rc.d(8) startup script now generates ED25519 sshd(8) host keys if keys do not already exist when ssh_keygen_alg() is invoked.
  • OpenSSH has been updated to version 6.6p1.
  • The nc(1) utility has been updated to match the version in OpenBSD 5.5.
  • Sendmail has been updated to 8.14.9.
  • The unbound(8) caching resolver and ldns have been updated to version 1.4.22.
  • OpenPAM has been updated to Ourouparia (20140912).
  • OpenSSL has been updated to version 1.0.1j.
  • The pkg(8) package management utility has been updated to version 1.3.8.

Back to process 🙂

# uname -rsv
FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE #0 r274401: Tue Nov 11 22:51:51 UTC 2014     root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC

Update Package

# pkg update
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
………………………………..

…………………………………………

…………………………………………………..
Updating FreeBSD repository catalogue…
Fetching meta.txz: 100%   944 B   0.9k/s    00:01
Fetching digests.txz: 100%    2 MB 108.8k/s    00:19
Fetching packagesite.txz: 100%    5 MB  95.6k/s    00:56
Processing new repository entries: 100%
FreeBSD repository update completed. 23787 packages processed:
0 updated, 0 removed and 23787 added.

Install Ports

# portsnap fetch

# portsnap extract

# cd /usr/ports/ftp/pure-ftpd/

pure-ftpd-freebsd options

To reduce dependency compile process (download and install for each dependency), I ask for pkg help :

# pkg install dialog4ports mysql55-client perl5

Resume make install process of pure-ftp ports.

# make install

Check everything

# pkg info
dialog4ports-0.1.5_2           Console Interface to configure ports
mysql55-client-5.5.40          Multithreaded SQL database (client)
perl5-5.16.3_11                Practical Extraction and Report Language
pkg-1.3.8_3                    Package manager
pure-ftpd-1.0.36_3             Small, easy to set up, fast, and secure FTP server

Enable pureftp

#echo 'pureftpd_enable=YES' >>/etc/rc.conf

Since I want MySQL support for pure-ftp then I install MySQL server.

# pkg install mysql55-server

Enable MySQL server to start automatically after server reboot.

# echo 'mysql_enable=YES' >> /etc/rc.conf

Start MySQL server

# /usr/local/etc/rc.d/mysql-server start

According to pure-ftpd manual (mysql section).

Table structure for hold virtual user as follows :

CREATE TABLE users (
  User VARCHAR(16) BINARY NOT NULL,
  Password VARCHAR(64) BINARY NOT NULL,
  Uid INT(11) NOT NULL default '-1',
  Gid INT(11) NOT NULL default '-1',
  Dir VARCHAR(128) BINARY NOT NULL,
  PRIMARY KEY  (User)
);

Lets create that table.

# cat /etc/master.passwd | grep mysql
mysql:*:88:88::0:0:MySQL Daemon:/var/db/mysql:/usr/sbin/nologin

In my opinion Uid and Gid is 88. But as pure-ftpd manual said about 1000. I use it.

Ok, lets log in to MySQL database and insert user :

# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.40 Source distribution

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> create database ftp;
Query OK, 1 row affected (0.01 sec)

mysql> use ftp;
Database changed
mysql> CREATE TABLE users (
->   User VARCHAR(16) BINARY NOT NULL,
->   Password VARCHAR(64) BINARY NOT NULL,
->   Uid INT(11) NOT NULL default ‘-1’,
->   Gid INT(11) NOT NULL default ‘-1′,
->   Dir VARCHAR(128) BINARY NOT NULL,
->   PRIMARY KEY  (User)
-> );
Query OK, 0 rows affected (0.02 sec)

mysql> insert into users set User=’alamsyah’,Password=md5(‘123456′), Uid=1000,Gid=1000,Dir=’/home/ftpdata/alamsyah’;
Query OK, 1 row affected (0.00 sec)

mysql>

The command above work : log in to database, create database named ‘ftp’ . Choose database ‘ftp’. Create table named ‘users’ with its structure and insert data into the table.

At this stage pure-ftpd is running, MySQL server also running. Example user also take place.

Configuration

Create directory

# mkdir -p /home/ftpdata

To be able to read MySQL data, purfe-ftpd.conf need to know that.

# cd /usr/local/etc/

# mv pure-ftpd.conf.sample pure-ftpd.conf

# ee pure-ftpd.conf

remove # sign in front of MySQLConfigFile

from

# MySQL configuration file (see README.MySQL)

# MySQLConfigFile               /etc/pureftpd-mysql.conf

# CreateHomeDir               yes

into

# MySQL configuration file (see README.MySQL)

MySQLConfigFile               /usr/local/etc/pureftpd-mysql.conf

CreateHomeDir               yes

save the file.

Next step is create mysql configuration file and fill the data.

# mv pureftpd-mysql.conf.sample pureftpd-mysql.conf

# ee pureftpd-mysql.conf

The file content is well explained.

From these lines :

MYSQLUser       root

# Mandatory : user password. You must have a password.

MYSQLPassword   rootpw

# Mandatory : database to open.

MYSQLDatabase   pureftpd

# Mandatory : how passwords are stored
# Valid values are : “cleartext”, “crypt”, “sha1”, “md5” and “password”
# (“password” = MySQL password() function)
# You can also use “any” to try “crypt”, “sha1”, “md5” *and* “password”

MYSQLCrypt      cleartext

You need to change a few lines :

MysqlUser : root -> keep this as is.

MysqlPassword : not set yet, change to anything designed. For example ‘123456secret’.

MysqlDatabase : ftp (this database already created in above step).

MySQLCrypt : md5 (user alam in previous step use md5)

The rest is not changed.

save the file.

Next step is change mysql password for user root to : 123456secret.

# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.5.40 Source distribution

Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> update user set password=password(‘123456secret’) where user=’root’;
Query OK, 4 rows affected (0.00 sec)
Rows matched: 4  Changed: 4  Warnings: 0

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>

Test it

# ftp localhost
Trying 127.0.0.1:21 …
Connected to localhost.
220———- Welcome to Pure-FTPd [privsep] [TLS] ———-
220-You are user number 1 of 50 allowed.
220-Local time is now 13:42. Server port: 21.
220-IPv6 connections are also welcome on this server.
220 You will be disconnected after 15 minutes of inactivity.
Name (localhost:alam): alamsyah
331 User alamsyah OK. Password required
Password:
230 OK. Current restricted directory is /
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
229 Extended Passive mode OK (|||46398|)
150 Accepted data connection
drwxr-xr-x    2 1000       1000              512 Nov 22 13:42 .
drwxr-xr-x    2 1000       1000              512 Nov 22 13:42 ..
226-Options: -a -l
226 2 matches total
ftp>

If anything is not right then you may refer to log

# tail -f /var/log/messages

If you need to enable TLS you refer to 2nd post.

See you next time!