pure-ftpd/DOC/install_deb.txt

## ------------------------- INSTALLATION -------------------------

## - install pure-ftpd
## -
apt-get install pure-ftpd-common pure-ftpd



## - deamonize (standalone) / inetd
## -
## - in file /etc/default/pure-ftpd-common set:
## -    STANDALONE_OR_INETD=standalone
## -
perl -i -n -p -e 's#^([ ]*)(STANDALONE_OR_INETD=.*)#\1\#\# \2\nSTANDALONE_OR_INETD=standalone#g' \
   /etc/default/pure-ftpd-common


## ------------------------- CONFIGURATION -------------------------
## -
## - NOTICE:
## -    see /usr/sbin/pure-ftpd-wrapper for mapping of files in
## -    /etc/pure-ftpd/conf to commandline options of pure-ftpd
## -

ipv4="83.223.85.132"


## - IP-Adress and Port to bind (option -S [<ip address>,|<hostname>,] [<port>|<service name>])
## -
## - 
echo "${ipv4},21" > /etc/pure-ftpd/conf/Bind

## - Listen on IPv4 and IPv6
## -
echo ",21" > /etc/pure-ftpd/conf/Bind
#echo "::,21" > /etc/pure-ftpd/conf/Bind


## - Passive port range (option -p <first port>:<last port>)
## -
echo "50000 50400" > /etc/pure-ftpd/conf/PassivePortRange

## - Passive Mode (option -P <ip-address | hostname>)
## -
## - Force the specified IP address in reply to
## - a PASV/EPSV/SPSV command
## -
echo "" > /etc/pure-ftpd/conf/ForcePassiveIP
echo "$ipv4" > /etc/pure-ftpd/conf/ForcePassiveIP


## - Min UID (option -u <uid>)
## -
## - Don't allow uids below <uid> to log in. '-u 1' denies access
## - to root (safe), '-u 100' denies access to virtual accounts on 
## - most Linux distros
## -
echo "33" > /etc/pure-ftpd/conf/MinUID


## - Max disk usage (option -k <percentage>)
## -
## - Don't allow uploads if the partition is more than
## # <percentage>% full. For instance, "-k 95" will ensure your disks 
## - will never get filled more than 95% by FTP. No need for the "percent" 
## - sign after the number
## -
echo "80" > /etc/pure-ftpd/conf/MaxDiskUsage


## - SSL/TLS SUPPORT (option -Y <0|1|2|3>)
## -    0:no TLS 
## -    1:TLS+cleartext 
## -    2:enforce TLS 
## -    3:enforce encrypted data channel as well
## -
echo "1" > /etc/pure-ftpd/conf/TLS


## - only allow autheticated users (optio --E)
## -
## - Anonymous logins are NOT permitted
## -
echo "yes" > /etc/pure-ftpd/conf/NoAnonymous


## - Disallow uploads for annonymous users (option -i)
## -
echo "yes" > /etc/pure-ftpd/conf/AnonymousCantUpload


## - avoid host name resolution (option -H)
## -
## - "213.41.14.252" will be logged instead of "www.toolinux.com"
## -
echo "yes" > /etc/pure-ftpd/conf/DontResolve


## - LOGGING (option -f <facility> | none')
## -
echo "ftp" > /etc/pure-ftpd/conf/SyslogFacility


## - alternate logfile (-O <format>:<log file>)
## -    clf | Stats | W3C | xferlog
## -
echo "clf:/var/log/pure-ftpd/transfer.log"  > /etc/pure-ftpd/conf/AltLog


## - display dot-files (option -D)
## -
## -  List files beginning with a dot ('.') even when the client doesn't
## - append the '-a' option to the list command. A workaround for badly
## - configured FTP clients
## -
echo "yes" > /etc/pure-ftpd/conf/DisplayDotFiles


## - prohibit dot-file read (option -X)
## -
## - allow reading dot-files
## -
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesRead
## - don't allow reading dot-files
## -
echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesRead


## - prohibit dot-files write (option -x)
## -
## - allow writing dot-files
## -
echo "no" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite
## -
## - don't allow writing dot-files
## -
echo "yes" > /etc/pure-ftpd/conf/ProhibitDotFilesWrite



## - Customer Proof (Option -Z)
## -
## - protect customers against common mistakes (Option -Z)
## -
## - the '-Z' switch prevents your users against making bad 'chmod' 
## - commands, that would deny access to files/directories to themselves. 
## - The switch may turn on other features in the future. If you are a 
## - hosting provider, turn this on.
## -
echo "yes" > /etc/pure-ftpd/conf/CustomerProof


## ------------------------ AUTHENTICATION ------------------------



echo "/etc/pure-ftpd/pureftpd.pdb" > /etc/pure-ftpd/conf/PureDB
echo "no" > /etc/pure-ftpd/conf/UnixAuthentication
echo "no" > /etc/pure-ftpd/conf/PAMAuthentication

cd /etc/pure-ftpd/auth/
rm *
ln -s ../conf/PureDB 50pure

touch /etc/pure-ftpd/pureftpd.pdb
touch /etc/pure-ftpd/pureftpd.passwd

## - if moved from and existing server, place files
## -    pureftpd.passwd
## -    pureftpd.pdb
## - in folder /etc/pure-ftpd
## -



## - adduser
## - 
pure-pw useradd chris -u chris -g chris -d /home/chris
pure-pw mkdb



## ------------------------ CERTIFICATES ------------------------

## - place certificate (key+cert) named pure-ftpd.pem in folder 
## - /etc/ssl/private
## -
cat /usr/local/apache2/conf/wilcard.oopen.de-20110122.key /usr/local/apache2/conf/wilcard.oopen.de-20110122.crt > /etc/ssl/private/pure-ftpd.pem


## ------------------------ LOGGING ------------------------

## - redirect FTP messages to a file, say /var/log/pure-ftpd/ftp.log
## - 
## - add this line to your /etc/syslog.conf (/etc/rsyslog.conf)file:
## - 
## -    ftp.*  /var/log/pure-ftpd/ftp.log
## -
## - or create file /etc/rsyslog.d/pure-ftpd.conf:
## -
## -    ftp.*  -/var/log/pure-ftpd/ftp.log
## -    & ~
## -
## - then user -f option (see obove)
## -
## - then restart syslogging:
## -
## -    killall -HUP syslogd (killall -HUP rsyslogd)
## -
## - finally, if you do so, in file /etc/logrotate.d/pure-ftpd-common add
## - file
## -     /var/log/pure-ftpd/ftp.log
## -
## - add to options:
## -        sharedscripts
## -

## ------------------------ START pure-ftpd ------------------------

/etc/init.d/pure-ftpd start