The only ftp server the amzn repository has is vsftpd. While, as the name suggests, vsftpd is supposed to be ‘very secure’ many other ftp servers have a comparable track record for security. Of these, pure-ftpd is easily configured and offers a wealth of features.
Pure-FTPd is easily configured, and as it comes with an easily customized spec file, is also easily made into a custom RPM for Amazon’s Linux [2011.02.1.1 (beta)].
A simple starting point is to install the ‘Development Tools’ – this is probably not a great idea for a production server, but is almost a necessity on a development machine.
yum groupinstall "Development Tools"
If you want mysql support, you will need to install
yum install mysql mysql-devel
You may need elevated privileges to compile/build/install (however, it isn’t recommended to perform builds as root):
The default configuration (i.e. what you would find in a distributed RPM) is:
./configure --with-everything --with-paranoidmsg --without-capabilities --with-virtualchroot --without-pam
Regardless of whether we wish to make/install or build an RPM, we need to get the source, I like working in /usr/local/src:
cd /usr/local/src wget ftp://ftp.pureftpd.org/pub/pure-ftpd/releases/pure-ftpd-1.0.32.tar.gz
Once you have the source, you can either make and install it, or build an RPM from which you can install. If you will be installing on multiple machines, the RPM method is far quicker as compilation only occurs once. The RPM method also has some advantages in terms of package management.
Compile and Install Pure-FTPd
(It is not necessary to compile and install pure-ftpd if you want to build the RPM)
Extract the tarball and change to the directory:
tar -xzvf pure-ftpd-*.tar.gz cd pure-ftpd-1.0.32
Run configure with the options you choose (for example, you could use the default, above) – the options below are my preference – I prefer using system quotas to virtual quotas, will be running in standalone, and authenticating against MySQL (the puredb is simply added in as an extra); TLS is added to support encryption. If you enable implicit-tls, it will result in the program only listening on the ftps port (990) and not on the ftp port (21).
./configure --with-sysquotas --with-throttling --with-puredb --with-mysql --with-tls --without-inetd --without-pam make && make install
Installs to: /usr/local/sbin
The init script and config files do not appear to be installed by default. The init script can be found in the contrib folder – copy it to /etc/init.d:
cp contrib/redhat.init /etc/init.d/pure-ftpd
The init script is a bit unusual, in that ‘status’ queries pure-config.pl instead of pure-ftpd, this appears to be one of the causes of ‘pure-config.pl dead but subsys locked’. Changing the status line from ‘status $prog’ to ‘status pure-ftpd’ appears to remedy this.
Building the RPM
(we left of with the source code downloaded to /usr/local/src)
Extract the tarball (we need the spec file):
tar -xzvf pure-ftpd-*.tar.gz
Due to the init script behaving a bit oddly, you may want to modify it before building your RPM. Edit/replace the
contrib/redhat.init file, and remake the tarball.
cp pure-ftpd-*.tar.gz /usr/src/rpm/SOURCES/ cd pure-ftpd-1.0.32
To build with the default options (mentioned above) simply run:
rpmbuild --bb pure-ftpd.spec
If you want to customize your RPM, define each option, using ‘0’ to disable, or ‘1’ to enable. My preference is the following:
rpmbuild -bb --define 'with_mysql 1' --define 'with_extauth 0' --define 'with_diraliases 0' --define 'with_peruserlimits 0' --define 'with_largefile 0' --define 'with_tls 1' pure-ftpd.spec
The RPMs will be generated in /usr/src/rpm/RPMS/x86_64/ (on a 64bit platform)
Two files are created (
pure-ftpd-debuginfo-1.0.32-1.x86_64.rpm) the ‘debuginfo’ one is not needed. The total size is about 260KB.
You can install the RPM you have built by passing its path to yum (we include the –nogpgcheck option since we did not sign the RPM). The installed RPM provides the init script as well as the necessary config files.
yum --nogpgcheck install pure-ftpd-1.0.32-1.x86_64.rpm
At some point you will need a resticted user for pure-ftpd, which can be created with the following:
useradd -M -s /bin/nologin pure-ftpd
Don’t forget to open the correct ports in your security group or external machines will not be able to connect to pure-ftpd.