Howto use Pure-FTPd with daemontools
Author: Johannes Findeisen - 2004-06-28
Table of contents
- Requirements
- Why use pure-ftpd?
- Why use daemontools and tcpserver?
- Create service directory
- The supervise/pure-ftpd/run script
- Create tcp rules database (cdb)
- Create log directory and run file
- The /var/lib/supervise/pure-ftpd/log/run script
- Create logging directory
- Start the service
- Weblinks
1. Requirements
- A System with daemontools and ucspi-tcp installed.
- Pure-FTPd installed and working fine when started with the standard init scripts.
2. Why use pure-ftpd?
- Easy to configure
- Supports secure connections (SSL / TLS)
- Very fast.
- Easy to use with daemontools.
3. Why use daemontools and tcpserver?
- Reliable (it is absolutly reliable to start, stop or restart services with daemontools)
- Secure (tcpserver limits max simultanous connections and the host that are allowed to use the service)
- Softlimit (for limiting the maximum RAM usage for that process)
4. Create service directory
[hanez@phantom ~]$ su - [root@phantom ~]$ cd /var/lib/supervise [root@phantom supervise]$ mkdir pure-ftpd [root@phantom supervise]$ cd pure-ftpd [root@phantom pure-ftpd]$ touch run [root@phantom pure-ftpd]$ chmod 0755 run
5. The supervise/pure-ftpd/run script
You need to change the SERVICE_IP to the IP the server is listening on. I have reduced the maximum allowed simultanous connections to a minimum so if you need more you have to increase MAX_INCOMMING to your needs.
Another thing is to decrease the softlimit for that process. I have tried other possibilities but not all. Maybe Pure-FTPd is running fine with fewer RAM usage. Please report me your settings when you're trying this out.
#!/bin/sh
MAX_INCOMMING=10
MAX_CONNECTIONS_PER_USER=5
IDLE_TIME_MINUTES=5
SERVICE_IP=192.168.0.1
SERVICE_PORT=21
exec 2>&1
exec /usr/bin/softlimit -m 10000000 \
/usr/bin/tcpserver -vDRHl0 -x tcp.cdb \
-c ${MAX_INCOMMING} ${SERVICE_IP} ${SERVICE_PORT} \
/usr/sbin/pure-ftpd \
-S ${SERVICE_IP},${SERVICE_PORT} -c ${MAX_INCOMMING} -C ${MAX_CONNECTIONS_PER_USER} \
-k 90% -l pam -I ${IDLE_TIME_MINUTES} -A -x -E
6. Create tcp rules database (cdb)
[root@phantom pure-ftpd]$ touch tcp
Edit tcp so it fits to your needs. My file looks like this to allow everybody access to the FTP server:
:allow
Compile database:
[root@phantom pure-ftpd]$ tcprules tcp.cdb tcp.tmp < tcp
7. Create log directory and run file
[root@phantom pure-ftpd]$ mkdir log [root@phantom pure-ftpd]$ cd log [root@phantom log]$ touch run [root@phantom log]$ chmod 0755 run
8. The /var/lib/supervise/pure-ftpd/log/run script
#!/bin/sh exec setuidgid dnslog multilog t ./main
This requires, that there is a user called "dnslog" on your system. I use this username for logging in djbdns and are doing the same for Pure-FTPd and some other services. Feel free to change this to what you want but remember to use the same user when using the chown command in section 9.
9. Create logging directory
Now we need to make a dir where logfiles should be stored. I use something like /var/log/ftpd/supervise. /var/log/ftpd is on my system used to store log information produced directly by pure-ftpd. After this we need to make a symlink in our service directory of Pure-FTPd. Lets do the work:
[root@phantom log]$ mkdir /var/log/ftpd/supervise [root@phantom log]$ chown dnslog:root /var/log/ftpd/supervise [root@phantom log]$ ln -s /var/log/ftpd/supervise /var/lib/supervise/pure-ftpd/log/main
10. Start the service
[root@phantom log]$ ln -s /var/lib/supervise/pure-ftpd /service/pure-ftp
Please test if the service is running with the following command:
[root@phantom log]$ svstat /service/pure-ftpd/
The output should normally look like this:
/service/pure-ftpd/: up (pid 5451) 14 seconds
11. Weblinks
Comments
Please enter your comment here:
$Date: 2006-11-28 17:00:44 +0100 (Tue, 28 Nov 2006) $
