Requirements

  • A System with daemontools and ucspi-tcp installed.
  • Pure-FTPd installed and working fine when started with the standard init scripts.

Why use pure-ftpd?

  • Easy to configure
  • Supports secure connections (SSL / TLS)
  • Very fast.
  • Easy to use with daemontools.

Why use daemontools and tcpserver?

  • Reliable (it is absolutly reliable to start, stop or restart services with daemontools)
  • Secure (tcpserver limits max simultanous connections and the host that are allowed to use the service)
  • Softlimit (for limiting the maximum RAM usage for that process)

Create service directory

[hanez@phantom ~]$ su -
[root@phantom ~]$ cd /var/lib/supervise
[root@phantom supervise]$ mkdir pure-ftpd
[root@phantom supervise]$ cd pure-ftpd
[root@phantom pure-ftpd]$ touch run
[root@phantom pure-ftpd]$ chmod 0755 run

The supervise/pure-ftpd/run script

You need to change the SERVICE_IP to the IP the server is listening on. I have reduced the maximum allowed simultanous connections to a minimum so if you need more you have to increase MAX_INCOMMING to your needs.

Another thing is to decrease the softlimit for that process. I have tried other possibilities but not all. Maybe Pure-FTPd is running fine with fewer RAM usage. Please report me your settings when you're trying this out.

#!/bin/sh

MAX_INCOMMING=10
MAX_CONNECTIONS_PER_USER=5
IDLE_TIME_MINUTES=5
SERVICE_IP=192.168.0.1
SERVICE_PORT=21

exec 2>&1
exec /usr/bin/softlimit -m 10000000 \
/usr/bin/tcpserver -vDRHl0 -x tcp.cdb \
-c ${MAX_INCOMMING} ${SERVICE_IP} ${SERVICE_PORT} \
/usr/sbin/pure-ftpd \
-S ${SERVICE_IP},${SERVICE_PORT} -c ${MAX_INCOMMING} -C ${MAX_CONNECTIONS_PER_USER} \
-k 90% -l pam -I ${IDLE_TIME_MINUTES} -A -x -E

Create tcp rules database (cdb)

[root@phantom pure-ftpd]$ touch tcp

Edit tcp so it fits to your needs. My file looks like this to allow everybody access to the FTP server:

:allow

Compile database:

[root@phantom pure-ftpd]$ tcprules tcp.cdb tcp.tmp < tcp

Create log directory and run file

[root@phantom pure-ftpd]$ mkdir log
[root@phantom pure-ftpd]$ cd log
[root@phantom log]$ touch run
[root@phantom log]$ chmod 0755 run

The /var/lib/supervise/pure-ftpd/log/run script

#!/bin/sh
exec setuidgid dnslog multilog t ./main

This requires, that there is a user called "dnslog" on your system. I use this username for logging in djbdns and are doing the same for Pure-FTPd and some other services. Feel free to change this to what you want but remember to use the same user when using the chown command in the next section.

Create logging directory

Now we need to make a dir where logfiles should be stored. I use something like /var/log/ftpd/supervise. /var/log/ftpd is on my system used to store log information produced directly by pure-ftpd. After this we need to make a symlink in our service directory of Pure-FTPd. Lets do the work:

[root@phantom log]$ mkdir /var/log/ftpd/supervise
[root@phantom log]$ chown dnslog:root /var/log/ftpd/supervise
[root@phantom log]$ ln -s /var/log/ftpd/supervise /var/lib/supervise/pure-ftpd/log/main

Start the service

[root@phantom log]$ ln -s /var/lib/supervise/pure-ftpd /service/pure-ftp

Please test if the service is running with the following command:

[root@phantom log]$ svstat /service/pure-ftpd/

The output should normally look like this:

/service/pure-ftpd/: up (pid 5451) 14 seconds

Weblinks