Howto use Pure-FTPd with daemontools
Table of contents
- 1 Requirements
- 2 Why use pure-ftpd?
- 3 Why use daemontools and tcpserver?
- 4 Create service directory
- 5 The supervise/pure-ftpd/run script
- 6 Create tcp rules database (cdb)
- 7 Create log directory and run file
- 8 The /var/lib/supervise/pure-ftpd/log/run script
- 9 Create logging directory
- 10 Start the service
- 11 Weblinks
Requirements
- A System with daemontools and ucspi-tcp installed.
- Pure-FTPd installed and working fine when started with the standard init scripts.
Why use pure-ftpd?
- Easy to configure
- Supports secure connections (SSL / TLS)
- Very fast.
- Easy to use with daemontools.
Why use daemontools and tcpserver?
- Reliable (it is absolutly reliable to start, stop or restart services with daemontools)
- Secure (tcpserver limits max simultanous connections and the host that are allowed to use the service)
- Softlimit (for limiting the maximum RAM usage for that process)
Create service directory
su -cd /var/lib/supervisemkdir pure-ftpdcd pure-ftpdtouch runchmod 0755 run
The supervise/pure-ftpd/run script
You need to change the SERVICE_IP to the IP the server is listening on. I have reduced the maximum allowed simultanous connections to a minimum so if you need more you have to increase MAX_INCOMMING to your needs.
Another thing is to decrease the softlimit for that process. I have tried other possibilities but not all. Maybe Pure-FTPd is running fine with fewer RAM usage. Please report me your settings when you're trying this out.
#!/bin/shMAX_INCOMMING=10MAX_CONNECTIONS_PER_USER=5IDLE_TIME_MINUTES=5SERVICE_IP=192.168.0.1SERVICE_PORT=21exec 2>&1exec /usr/bin/softlimit -m 10000000 \/usr/bin/tcpserver -vDRHl0 -x tcp.cdb \-c ${MAX_INCOMMING} ${SERVICE_IP} ${SERVICE_PORT} \/usr/sbin/pure-ftpd \-S ${SERVICE_IP},${SERVICE_PORT} -c ${MAX_INCOMMING} -C ${MAX_CONNECTIONS_PER_USER} \-k 90% -l pam -I ${IDLE_TIME_MINUTES} -A -x -E
Create tcp rules database (cdb)
touch tcp
Edit tcp so it fits to your needs. My file looks like this to allow everybody access to the FTP server:
:allow
Compile database:
tcprules tcp.cdb tcp.tmp < tcp
Create log directory and run file
mkdir logcd logtouch runchmod 0755 run
The /var/lib/supervise/pure-ftpd/log/run script
#!/bin/shexec setuidgid dnslog multilog t ./main
This requires, that there is a user called "dnslog" on your system. I use this username for logging in djbdns and are doing the same for Pure-FTPd and some other services. Feel free to change this to what you want but remember to use the same user when using the chown command in the next section.
Create logging directory
Now we need to make a dir where logfiles should be stored. I use something like /var/log/ftpd/supervise. /var/log/ftpd is on my system used to store log information produced directly by pure-ftpd. After this we need to make a symlink in our service directory of Pure-FTPd. Lets do the work:
mkdir /var/log/ftpd/supervisechown dnslog:root /var/log/ftpd/superviseln -s /var/log/ftpd/supervise /var/lib/supervise/pure-ftpd/log/main
Start the service
ln -s /var/lib/supervise/pure-ftpd /service/pure-ftp
Please test if the service is running with the following command:
svstat /service/pure-ftpd/
The output should normally look like this:
/service/pure-ftpd/: up (pid 5451) 14 seconds