My ftp user face error like this: FTP 127 Response: 500 I won't open a connection to xxx.xxx.xxx.xxx (only to yyy.yyy.yyy.yyy) This is the response of my server which captured by Wireshark in a windows ftp client. I enabled the VerboseLog in /etc/pure-ftpd.conf and there is line which says: #If you want to log all client commands, set this to "yes". #This directive can be specified twice to also log server responses. #VerboseLog yes So I edited my config file and brought the VerboseLog yes twice to log server response something like this: # If you want to log all client commands, set this to "yes". # This directive can be specified twice to also log server responses. VerboseLog yes VerboseLog yes However still I cannot find logs in /var/log/message for this error anywhere. Can somebody say what is wrong? P.S.: I want to have logs since I want to monitor the status of server and check if problem still arise or not. I'm not looking for capturing or snooping the interfaces as a temporary solution/workaround. Here is my /etc/pure-ftpd.conf: ############################################################ # # # Configuration file for pure-ftpd # # # ############################################################ # If you want to run Pure-FTPd with this configuration # instead of command-line options, please run the # following command : # # /usr/sbin/pure-ftpd /etc/etc/pure-ftpd.conf # # Online documentation: # https://www.pureftpd.org/project/pure-ftpd/doc # Restrict users to their home directory ChrootEveryone yes # If the previous option is set to "no", members of the following group # won't be restricted. Others will be. If you don't want chroot()ing anyone, # just comment out ChrootEveryone and TrustedGID. # TrustedGID 100 # Turn on compatibility hacks for broken clients BrokenClientsCompatibility no # Maximum number of simultaneous users MaxClientsNumber 250 # Run as a background process Daemonize No # Maximum number of simultaneous clients with the same IP address MaxClientsPerIP 20 # If you want to log all client commands, set this to "yes". # This directive can be specified twice to also log server responses. VerboseLog yes VerboseLog yes # List dot-files even when the client doesn't send "-a". DisplayDotFiles yes # Disallow authenticated users - Act only as a public FTP server. AnonymousOnly no # Disallow anonymous connections. Only accept authenticated users. NoAnonymous yes # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*) # The default facility is "ftp". "none" disables logging. SyslogFacility ftp,auth,authpriv,daemon,security,user # Display fortune cookies # FortunesFile /usr/share/fortune/zippy # Don't resolve host names in log files. Recommended unless you trust # reverse host names, and don't care about DNS resolution being possibly slow. DontResolve yes # Maximum idle time in minutes (default = 15 minutes) MaxIdleTime 15 # LDAP configuration file (see README.LDAP) # LDAPConfigFile /etc/pureftpd-ldap.conf # MySQL configuration file (see README.MySQL) # MySQLConfigFile /etc/pureftpd-mysql.conf # PostgreSQL configuration file (see README.PGSQL) # PGSQLConfigFile /etc/pureftpd-pgsql.conf # PureDB user database (see README.Virtual-Users) # PureDB /etc/pureftpd.pdb # Path to pure-authd socket (see README.Authentication-Modules) ExtAuth /var/run/ftpd.sock # If you want to enable PAM authentication, uncomment the following line # PAMAuthentication yes # If you want simple Unix (/etc/passwd) authentication, uncomment this # UnixAuthentication yes # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and # UnixAuthentication can be used specified once, but can be combined # together. For instance, if you use MySQLConfigFile, then UnixAuthentication, # the SQL server will be used first. If the SQL authentication fails because the # user wasn't found, a new attempt will be done using system authentication. # If the SQL authentication fails because the password didn't match, the # authentication chain stops here. Authentication methods are chained in # the order they are given. # 'ls' recursion limits. The first argument is the maximum number of # files to be displayed. The second one is the max subdirectories depth. LimitRecursion 10000 8 # Are anonymous users allowed to create new directories? AnonymousCanCreateDirs no # If the system load is greater than the given value, anonymous users # aren't allowed to download. MaxLoad 4 # Port range for passive connections - keep it as broad as possible. PassivePortRange 49152 65534 # Force an IP address in PASV/EPSV/SPSV replies. - for NAT. # Symbolic host names are also accepted for gateways with dynamic IP # addresses. # ForcePassiveIP 5.9.161.221 # Upload/download ratio for anonymous users. # AnonymousRatio 1 10 # Upload/download ratio for all users. # This directive supersedes the previous one. # UserRatio 1 10 # Disallow downloads of files owned by the "ftp" system user; # files that were uploaded but not validated by a local admin. AntiWarez yes # IP address/port to listen to (default=all IP addresses, port 21). Bind 21 # Maximum bandwidth for anonymous users in KB/s # AnonymousBandwidth 8 # Maximum bandwidth for *all* users (including anonymous) in KB/s # Use AnonymousBandwidth *or* UserBandwidth, not both. # UserBandwidth 8 # File creation mask. : . # 177:077 if you feel paranoid. Umask 133:022 # Minimum UID for an authenticated user to log in. # For example, a value of 100 prevents all users whose user id is below # 100 from logging in. If you want "root" to be able to log in, use 0. MinUID 100 # Allow FXP transfers for authenticated users. AllowUserFXP no # Allow anonymous FXP for anonymous and non-anonymous users. AllowAnonymousFXP no # Users can't delete/write files starting with a dot ('.') # even if they own them. But if TrustedGID is enabled, that group # will exceptionally have access to dot-files. ProhibitDotFilesWrite no # Prohibit *reading* of files starting with a dot (.history, .ssh...) ProhibitDotFilesRead no # Don't overwrite files. When a file whose name already exist is uploaded, # it gets automatically renamed to file.1, file.2, file.3, ... AutoRename no # Prevent anonymous users from uploading new files (no = upload is allowed) AnonymousCantUpload yes # Only connections to this specific IP address are allowed to be # non-anonymous. You can use this directive to open several public IPs for # anonymous FTP, and keep a private firewalled IP for remote administration. # You can also only allow a non-routable local IP (such as 10.x.x.x) for # authenticated users, and run a public anon-only FTP server on another IP. # TrustedIP 10.1.1.1 # To add the PID to log entries, uncomment the following line. # LogPID yes # Create an additional log file with transfers logged in a Apache-like format : # fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338 # This log file can then be processed by common HTTP traffic analyzers. AltLog xferlog:/etc/apache2/logs/domlogs/ftpxferlog # Create an additional log file with transfers logged in a format optimized # for statistic reports. AltLog stats:/var/log/pureftpd.log # Create an additional log file with transfers logged in the standard W3C # format (compatible with many HTTP log analyzers) # AltLog w3c:/var/log/pureftpd.log # Disallow the CHMOD command. Users cannot change perms of their own files. # NoChmod yes # Allow users to resume/upload files, but *NOT* to delete them. # KeepAllFiles yes # Automatically create home directories if they are missing # CreateHomeDir yes # Enable virtual quotas. The first value is the max number of files. # The second value is the maximum size, in megabytes. # So 1000:10 limits every user to 1000 files and 10 MB. # Quota 1000:10 # If your pure-ftpd has been compiled with standalone support, you can change # the location of the pid file. The default is /var/run/pure-ftpd.pid # PIDFile /var/run/pure-ftpd.pid # If your pure-ftpd has been compiled with pure-uploadscript support, # this will make pure-ftpd write info about new uploads to # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and # spawn a script to handle the upload. # Don't enable this option if you don't actually use pure-uploadscript. # CallUploadScript yes # This option is useful on servers where anonymous upload is # allowed. When the partition is more that percententage full, # new uploads are disallowed. MaxDiskUsage 99 # Set to 'yes' to prevent users from renaming files. # NoRename yes # Be 'customer proof': forbids common customer mistakes such as # 'chmod 0 public_html', that are valid, but can cause customers to # unintentionally shoot themselves in the foot. CustomerProof yes # Per-user concurrency limits. Will only work if the FTP server has # been compiled with --with-peruserlimits. # Format is: : # For example, 3:20 means that an authenticated user can have up to 3 active # sessions, and that up to 20 anonymous sessions are allowed. # PerUserLimits 3:20 # When a file is uploaded and there was already a previous version of the file # with the same name, the old file will neither get removed nor truncated. # The file will be stored under a temporary name and once the upload is # complete, it will be atomically renamed. For example, when a large PHP # script is being uploaded, the web server will keep serving the old version and # later switch to the new one as soon as the full file will have been # transferred. This option is incompatible with virtual quotas. # NoTruncate yes # This option accepts three values: # 0: disable SSL/TLS encryption layer (default). # 1: accept both cleartext and encrypted sessions. # 2: refuse connections that don't use the TLS security mechanism, # including anonymous sessions. # Do _not_ uncomment this blindly. Double check that: # 1) The server has been compiled with TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1 # Cipher suite for TLS sessions. # The default suite is secure and setting this property is usually # only required to *lower* the security to cope with legacy clients. # Prefix with -C: in order to require valid client certificates. # If -C: is used, make sure that clients' public keys are present on # the server. TLSCipherSuite HIGH # Certificate file, for TLS # CertFile /etc/ssl/private/pure-ftpd.pem # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) # By default, both IPv4 and IPv6 are enabled. # IPV4Only yes # Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4) # By default, both IPv4 and IPv6 are enabled. # IPV6Only yes # UTF-8 support for file names (RFC 2640) # Set the charset of the server filesystem and optionally the default charset # for remote clients that don't use UTF-8. # Works only if pure-ftpd has been compiled with --with-rfc2640 # FileSystemCharset big5 # ClientCharset big5

I add a pure-ftpd package in yocto build, and I tried to add a virtual user by following command:

#pure-pw useradd
#pure-pw mkdb

After that, I tried to login with FileZilla. But I always got authentication failed message. I only can login with root account and PW. Is there anyone know how to login pure-ftpd by creating a user account? Thanks. Eric

I installed pure-ftpd on Debian (Raspberry Pi), found the config file and managed to do basic configuration, disallow anonymous login, create a virtual user, call pure-pw mkdb and restart the server. But I can't login with this user. Instead I can login with a regular Linux user. I would like to reject regular users and only accept virtual users. I found that I should start the server with the -l parameter that specifies which logins should be accepted. This sounds great - if only I could find where the server is started. There is nothing in init.d and other known (to me) places that do such automatic daemon starts. As far as I know I did nothing to activate the daemon, this must have happened at the installation process. If someone could tell me where pure-ftpd is started, perhaps this would solve both of my problems. I wonder why a lot of stuff can be configured in the config file but such basic configuration like which users to accept must be set in a completely different way. What is the reason? Is pure-ftpd not the best choice for an ftp server that only should accept dedicated users with no relation to system users? #### Why FTP? I want to transfer images from my smartphone to the Raspberry Pi in the internal network, not accessible from outside. So FTP seems to be a good choice, especially because I expect a server that is described as "designed for security" to provide encrypted transfers too. With original configuration it seems to be open to every Linux user which makes me doubt this security a bit. #### Why this FTP server? I tried other FTP servers too but I didn't like they are tied to normal users. I don't want to add system users and assign home directories to them. I simply want to add two FTP users that can access one directory and save files as the user of this directory. I am not (yet) sure if this works, I'm going step by step and I am hanging at the virtual users for now. Documentation is not hard to find but most appears incomplete to me. In this case they all tell how to add a virtual user, but I had to search a while until I found I have to activate that. But no comment about *where* to activate that.

I'm trying to connect to a server via FTP and I'm having some problems. Server is a CentOS with Pure-FTPd. My usual client is lftp which on this server gets stuck at "Making data connection". All google results about this suggest setting ftp:ssl-allow no but that didn't help in my case. I also tried other clients and experienced the same behavior with ncftp and the graphical gnome gftp: connection is made but no data is transferred even for a simple ls. However, connection and data transfer work with basic ftp client and from a Perl script using Net::FTP module. Any suggestion on what options I can try to get the other clients working?

I'm wondering is there any alternative to FileZilla server in Linux? * I'm looking for a server with GUI manager which offers nearly zero configuration so I can run and manage FileZilla server within 5 min while PureFTPd needs at least 2 hrs and managing users and groups really painful, especially from a flat file. * I tried to use Pure-Admin (GTK manager for PureFTPd) and I found it really stupid by comparison to FileZilla GUI manager

I was practicing ftp but faced an issue: ls command isn't working on ftp> . Why? I checked on 2 remote servers but ls didn't work on either and gave different output when ls was executed. Please see below for the 2 remote boxes. The below shows my remote server where I installed vsftpd today. ravbholua@ravbholua-Aspire-5315:~$ ftp rs Connected to ravi.com. 220 (vsFTPd 3.0.2) Name (rs:ravbholua): 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> pwd 257 "/home/ravbholua" ftp> ls 500 Illegal PORT command. ftp: bind: Address already in use ftp> The below is for a different remote machine where I have to send some files. *But as ls on ftp> isn't working, how will I transfer files from my local box to that box because I can't be confirmed without ls whether the files have been transferred or not.* ravbholua@ravbholua-Aspire-5315:~$ ftp 125.21.153.140 Connected to 125.21.153.140. 220---------- Welcome to Pure-FTPd [TLS] ---------- 220-You are user number 1 of 10 allowed. 220-Local time is now 04:34. Server port: 21. 220-This server supports FXP transfers 220 You will be disconnected after 2 minutes of inactivity. Name (125.21.153.140:ravbholua): peacenews 331 User peacenews OK. Password required Password: 230 OK. Current restricted directory is / Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 200-FXP transfer: from 123.63.112.168 to 10.215.10.80 200 PORT command successful Please note that for the above machine, once I ran ls on ftp>, the prompt didn't come back. On both the remote machines, I got different output when executed ls on ftp>

I have PureFtpd on my CentOS Server. My users face error during ftp connections. > 421 Too many connections (8) from this IP I did configured my PureFtpd to resolve this issue. But in order to monitor how many users still face this issue, I could not find the log. I've enabled VerboseLog but there are no logs for this in /var/log/messages or I'm looking in the wrong place? Can any one say where can I check the request/response log or how can I enable it and where? ############################################################ # # # Configuration file for pure-ftpd # # # ############################################################ # If you want to run Pure-FTPd with this configuration # instead of command-line options, please run the # following command : # # /usr/sbin/pure-ftpd /etc/etc/pure-ftpd.conf # # Online documentation: # https://www.pureftpd.org/project/pure-ftpd/doc # Restrict users to their home directory ChrootEveryone yes # If the previous option is set to "no", members of the following group # won't be restricted. Others will be. If you don't want chroot()ing anyone, # just comment out ChrootEveryone and TrustedGID. # TrustedGID 100 # Turn on compatibility hacks for broken clients BrokenClientsCompatibility no # Maximum number of simultaneous users MaxClientsNumber 250 # Run as a background process Daemonize No # Maximum number of simultaneous clients with the same IP address MaxClientsPerIP 20 # If you want to log all client commands, set this to "yes". # This directive can be specified twice to also log server responses. VerboseLog no # List dot-files even when the client doesn't send "-a". DisplayDotFiles yes # Disallow authenticated users - Act only as a public FTP server. AnonymousOnly no # Disallow anonymous connections. Only accept authenticated users. NoAnonymous yes # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*) # The default facility is "ftp". "none" disables logging. SyslogFacility ftp # Display fortune cookies # FortunesFile /usr/share/fortune/zippy # Don't resolve host names in log files. Recommended unless you trust # reverse host names, and don't care about DNS resolution being possibly slow. DontResolve yes # Maximum idle time in minutes (default = 15 minutes) MaxIdleTime 15 # LDAP configuration file (see README.LDAP) # LDAPConfigFile /etc/pureftpd-ldap.conf # MySQL configuration file (see README.MySQL) # MySQLConfigFile /etc/pureftpd-mysql.conf # PostgreSQL configuration file (see README.PGSQL) # PGSQLConfigFile /etc/pureftpd-pgsql.conf # PureDB user database (see README.Virtual-Users) # PureDB /etc/pureftpd.pdb # Path to pure-authd socket (see README.Authentication-Modules) ExtAuth /var/run/ftpd.sock # If you want to enable PAM authentication, uncomment the following line # PAMAuthentication yes # If you want simple Unix (/etc/passwd) authentication, uncomment this # UnixAuthentication yes # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and # UnixAuthentication can be used specified once, but can be combined # together. For instance, if you use MySQLConfigFile, then UnixAuthentication, # the SQL server will be used first. If the SQL authentication fails because the # user wasn't found, a new attempt will be done using system authentication. # If the SQL authentication fails because the password didn't match, the # authentication chain stops here. Authentication methods are chained in # the order they are given. # 'ls' recursion limits. The first argument is the maximum number of # files to be displayed. The second one is the max subdirectories depth. LimitRecursion 10000 8 # Are anonymous users allowed to create new directories? AnonymousCanCreateDirs no # If the system load is greater than the given value, anonymous users # aren't allowed to download. MaxLoad 4 # Port range for passive connections - keep it as broad as possible. PassivePortRange 49152 65534 # Force an IP address in PASV/EPSV/SPSV replies. - for NAT. # Symbolic host names are also accepted for gateways with dynamic IP # addresses. # ForcePassiveIP 5.9.161.221 # Upload/download ratio for anonymous users. # AnonymousRatio 1 10 # Upload/download ratio for all users. # This directive supersedes the previous one. # UserRatio 1 10 # Disallow downloads of files owned by the "ftp" system user; # files that were uploaded but not validated by a local admin. AntiWarez yes # IP address/port to listen to (default=all IP addresses, port 21). Bind 21 # Maximum bandwidth for anonymous users in KB/s # AnonymousBandwidth 8 # Maximum bandwidth for *all* users (including anonymous) in KB/s # Use AnonymousBandwidth *or* UserBandwidth, not both. # UserBandwidth 8 # File creation mask. : . # 177:077 if you feel paranoid. Umask 133:022 # Minimum UID for an authenticated user to log in. # For example, a value of 100 prevents all users whose user id is below # 100 from logging in. If you want "root" to be able to log in, use 0. MinUID 100 # Allow FXP transfers for authenticated users. AllowUserFXP no # Allow anonymous FXP for anonymous and non-anonymous users. AllowAnonymousFXP no # Users can't delete/write files starting with a dot ('.') # even if they own them. But if TrustedGID is enabled, that group # will exceptionally have access to dot-files. ProhibitDotFilesWrite no # Prohibit *reading* of files starting with a dot (.history, .ssh...) ProhibitDotFilesRead no # Don't overwrite files. When a file whose name already exist is uploaded, # it gets automatically renamed to file.1, file.2, file.3, ... AutoRename no # Prevent anonymous users from uploading new files (no = upload is allowed) AnonymousCantUpload yes # Only connections to this specific IP address are allowed to be # non-anonymous. You can use this directive to open several public IPs for # anonymous FTP, and keep a private firewalled IP for remote administration. # You can also only allow a non-routable local IP (such as 10.x.x.x) for # authenticated users, and run a public anon-only FTP server on another IP. # TrustedIP 10.1.1.1 # To add the PID to log entries, uncomment the following line. # LogPID yes # Create an additional log file with transfers logged in a Apache-like format : # fw.c9x.org - jedi [13/Apr/2017:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338 # This log file can then be processed by common HTTP traffic analyzers. AltLog xferlog:/etc/apache2/logs/domlogs/ftpxferlog # Create an additional log file with transfers logged in a format optimized # for statistic reports. # AltLog stats:/var/log/pureftpd.log # Create an additional log file with transfers logged in the standard W3C # format (compatible with many HTTP log analyzers) # AltLog w3c:/var/log/pureftpd.log # Disallow the CHMOD command. Users cannot change perms of their own files. # NoChmod yes # Allow users to resume/upload files, but *NOT* to delete them. # KeepAllFiles yes # Automatically create home directories if they are missing # CreateHomeDir yes # Enable virtual quotas. The first value is the max number of files. # The second value is the maximum size, in megabytes. # So 1000:10 limits every user to 1000 files and 10 MB. # Quota 1000:10 # If your pure-ftpd has been compiled with standalone support, you can change # the location of the pid file. The default is /var/run/pure-ftpd.pid # PIDFile /var/run/pure-ftpd.pid # If your pure-ftpd has been compiled with pure-uploadscript support, # this will make pure-ftpd write info about new uploads to # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and # spawn a script to handle the upload. # Don't enable this option if you don't actually use pure-uploadscript. # CallUploadScript yes # This option is useful on servers where anonymous upload is # allowed. When the partition is more that percententage full, # new uploads are disallowed. MaxDiskUsage 99 # Set to 'yes' to prevent users from renaming files. # NoRename yes # Be 'customer proof': forbids common customer mistakes such as # 'chmod 0 public_html', that are valid, but can cause customers to # unintentionally shoot themselves in the foot. CustomerProof yes # Per-user concurrency limits. Will only work if the FTP server has # been compiled with --with-peruserlimits. # Format is: : # For example, 3:20 means that an authenticated user can have up to 3 active # sessions, and that up to 20 anonymous sessions are allowed. # PerUserLimits 3:20 # When a file is uploaded and there was already a previous version of the file # with the same name, the old file will neither get removed nor truncated. # The file will be stored under a temporary name and once the upload is # complete, it will be atomically renamed. For example, when a large PHP # script is being uploaded, the web server will keep serving the old version and # later switch to the new one as soon as the full file will have been # transferred. This option is incompatible with virtual quotas. # NoTruncate yes # This option accepts three values: # 0: disable SSL/TLS encryption layer (default). # 1: accept both cleartext and encrypted sessions. # 2: refuse connections that don't use the TLS security mechanism, # including anonymous sessions. # Do _not_ uncomment this blindly. Double check that: # 1) The server has been compiled with TLS support (--with-tls), # 2) A valid certificate is in place, # 3) Only compatible clients will log in. TLS 1 # Cipher suite for TLS sessions. # The default suite is secure and setting this property is usually # only required to *lower* the security to cope with legacy clients. # Prefix with -C: in order to require valid client certificates. # If -C: is used, make sure that clients' public keys are present on # the server. TLSCipherSuite HIGH # Certificate file, for TLS # CertFile /etc/ssl/private/pure-ftpd.pem # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6) # By default, both IPv4 and IPv6 are enabled. # IPV4Only yes # Listen only to IPv6 addresses in standalone mode (i.e. disable IPv4) # By default, both IPv4 and IPv6 are enabled. # IPV6Only yes # UTF-8 support for file names (RFC 2640) # Set the charset of the server filesystem and optionally the default charset # for remote clients that don't use UTF-8. # Works only if pure-ftpd has been compiled with --with-rfc2640 # FileSystemCharset big5 # ClientCharset big5

I have manually built the pure-ftpd on my Raspberry Pi and it runs perfectly fine when I invoke /etc/pure-config.pl /etc/pure-ftpd.conf from the command line. I'd like to run that simple command /etc/pure-config.pl /etc/pure-ftpd.conf in init.d like as if I'm running them at the command line. The official or the custom init.d startup scripts are no good for me because they try to run pure-ftpd directly i.e. without the /etc/pure-ftpd.conf file. I need to run it with the /etc/pure-ftpd.conf How to do it? Thanks.

I am having difficulty installing proftp or pureftp on centos 6. I have followed the typical instructions (alternatively ) which go like this # Add EPL repository rpm -iUvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # Install yum install proftpd # Alternatively yum install pure-ftpd The result is the same Loaded plugins: auto-update-debuginfo, fastestmirror, refresh-packagekit, security Setting up Install Process Loading mirror speeds from cached hostfile * base: centos.mirroring.pulsant.co.uk * extras: mirrors.clouvider.net * updates: centos.mirroring.pulsant.co.uk No package proftpd available. Error: Nothing to do Or as the case may be No package pure-ftpd available.

I have a debian with pure ftpd installed with virtual users. I used the documentation for my setup so the local account of pure ftpd is ftpuser:ftpgroup When a user uploads a file, the file is owned by ftpuser:ftpgroup. I want the uploaded file to be owned by another system user (mylocaluser). I added my virtual user this way : pure-pw useradd uploadimages -u mylocaluser -d /var/www/mysite/current/images

**Background** I want to change some options of Pure-FTPD. Since it has no config file, I need to add command line arguments. My system is Debian Stretch, which uses systemd. --- **What I tried** There is no pure-ftpd.service file in /etc/systemd/* nor in /usr/lib/systemd/*. I ran updatedb and then locate pure-ftpd which gave no results. Running systemctl status pure-ftpd (or other commands such as restart) works fine. Finally I found a way to make edits: systemctl edit pure-ftpd. As suggested by [another answer on this site](https://superuser.com/a/728962) , I typed [Service] \n ExecStart=/usr/sbin/pure-ftpd -my options and hit :wq. Systemd reloads the service and all is well. Running systemctl status pure-ftpd, it tells me: > pure-ftpd.service: Service has more than one ExecStart= setting, which is only allowed for Type=oneshot services. Refusing. I don't know what a oneshot service is. The documentation doesn't say when to use which, only "it is expected that the process has to exit before systemd starts follow-up units". I don't want systemd to wait for pure-ftpd to exit before starting other "units" (other services?) so that's not an option. Grepping for pure (grep -r pure) in both /etc/systemd and /usr/lib/systemd gives only the result that I made myself: /etc/systemd/system/pure-ftpd.service.d/override.conf. There does not appear to be a service file, yet it complains about a doubly defined ExecStart option. Calling /etc/init.d/pure-ftpd directly does not work either. Tracing that shell script, I see systemd hooked into this and hijacks it. I also ran strace systemd restart pure-ftpd. Scrolling through, this catches my eye: socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 3 connect(3, {sa_family=AF_UNIX, sun_path="/run/systemd/private"}, 22) = 0 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0AUTH EXTERNAL ", iov_len=15}, {iov_base="30", iov_len=2}, {iov_base="\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", iov_len=28}], msg_iovlen=3, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 45 sendmsg(3, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="l\1\4\1$\0\0\0\1\0\0\0\240\0\0\0\1\1o\0\31\0\0\0/org/fre"..., iov_len=176}, {iov_base="\21\0\0\0pure-ftpd.service\0\0\0\7\0\0\0repl"..., iov_len=36}], msg_iovlen=2, msg_controllen=0, msg_flags=0}, MSG_DONTWAIT|MSG_NOSIGNAL) = 212 ---------------------->---------------------->---------------------->---------------------->---------------------->--------------------------^^^ So it sends something about "\21\0\0\0pure-ftpd.service\0\0\0\7\0\0\0repl"... over a unix socket. And evidently, systemd gets what it's talking about. It appears to me as if there is a template service file which is used by default if the real one is absent. Attaching strace to the owner of /run/systemd/private (unsurprisingly: PID 1 / init), I see the authentication and the freedesktop message coming in, after which it immediately replies with an error message about the service not being properly loaded. It never checks for the existence of any files nor does it read from any. --- **Workarounds** - I can systemctl disable pure-ftpd and edit the init.d file so it doesn't hook into systemd. But that's just an ugly hack. There should be a better way. - After typing all this, I found [another answer](https://unix.stackexchange.com/a/298440/30731) describing that you can -- after all! -- do it via a config file and start pure-ftpd-wrapper (which is the default in the init.d script, but who knows whether systemd uses that). However, now I want to know the answer to the actual question: --- **Question** How do I provide additional command line options?

I have a Pure-FTPd server running with the virtualchroot-enabled binary. When I connect to the server with FileZilla, FileZilla shows a link overlay for symbolic links that point to folders, but I can navigate to those folders successfully. However, when I connect to the server with GNOME Files (Nautilus), GNOME Files shows a generic document icon for the link and gives the error This link cannot be used because its target "../relative/path/to/target" doesn't exist. when I try to navigate to it. It seems that FileZilla is letting the server handle the link while GNOME Files is trying to interpret the link itself. Can I change GNOME Files to treat the link as a normal directory?

I installed pureftpd on a VPS (ovh). I can list a small directory (by small I mean a directory with just some files) but if I try to list a big one containing maybe thousands of files, including directories I have a "Failed to retrieve directory listing" error message from filezilla client when I click on the "ps" directory : Command: USER xxxxx Response: 331 User xxxxx OK. Password required Command: PASS ************ Response: 230 OK. Current directory is / Command: OPTS UTF8 ON Response: 200 OK, UTF-8 enabled Status: Connected Status: Retrieving directory listing... Command: CWD /ps Response: 250 OK. Current directory is /ps Command: TYPE I Response: 200 TYPE is now 8-bit binary Command: PASV Response: 227 Entering Passive Mode (,156,188) Command: MLSD Response: 150 Accepted data connection Response: 226-Options: -a -l Response: 226 33 matches total Error: Connection timed out Error: Failed to retrieve directory listing From the command line I just have a never ending wait : ftp> cd ps 250 OK. Current directory is /ps ftp> ls 200 PORT command successful 150 Connecting to port 38359 I added this rules to iptables since I read it could fix the problem on my server : root@vpsxxx:/var/www/html# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate RELATED,ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate ESTABLISHED /* Allow passive inbound connections */ Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ctstate ESTABLISHED /* Allow ftp connections on port 20 */ ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 ctstate RELATED,ESTABLISHED /* Allow passive inbound connections */ I Added a fix port range for passive mode in pureftpd : root@xxx:/var/www/html# cat /etc/pure-ftpd/conf/PassivePortRange 40110 40210 root@xxx:/var/www/html# These are the permissions on my ps directory I'm trying to list : drwxr-xr-x 25 root root 4096 May 9 08:29 ps This is the iptables on my client os (Debian 8) : -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT It looks like everything I tried is useless and has no effect. I tried to analyse the traffic with wireshark and it looks like I get part of my directory listing in a FTP-DATA protocol packet but then something is going wrong but I don't know what... Just noticed I had the same problem with proftpd, I thought it would work better with pureftpd, but no :)

I would have an exam in few days about basic stuff on linux(I'm not familiar with linux therefore I'm studying for it). There would be two linux machines VM1 and VM2 on VMware, that connect via ethernet. I created on my PC this environment to prepare myself (two linux vms on vmware). the first task is to ping between both machines-that's easy.in the second task they asked to run some /start_ptpdis it built in linux command? or is it mean to run some external program?

I am trying to install pure-ftpd on my Fedora, but I'm getting this message: E: Couldn't find package pure-ftpd" Here is my full command line and the output: [roo@localhost ~]$ sudo apt-get install pure-ftpd [sudo] password for roo: Reading Package Lists... Done Building Dependency Tree... Done E: Couldn't find package pure-ftpd How to solve this issue ?

An FTP site allows anonymous access to a particular directory, and I would like to download a file from it. PureFTP and wget keep trying to login to the server's root directory, even when I give wget the fully qualified file, and the login fails accordingly. **How do I FTP directly to this subdirectory/file?**

Host: CentOS release 6.8 (Final) Server is freezing on a daily basis, usually around 5am. I cannot login to the terminal, and the Apache websites are inaccessible. Terminal shows following screen: Last logs in /var/logs/messages. Could the issue be related to cpanel and/or pure-ftpd? Sep 16 05:20:11 cpanel02 lfd: SYSLOG check [yyx5o4oClslObXL] Sep 16 05:20:32 cpanel02 kernel: [161487.262762] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.168.214.22 DST=5.9.124.53 LEN=191 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=33282 DPT=24441 LEN=171 UID=0 GID=0 Sep 16 05:20:34 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Sep 16 05:20:34 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__wnN9amQ1oxAGrn6WrdHNL1rXSkYwQ4wsRStiOtyrYRodnvmU0JQ9JiEe3113xkDw is now logged in Sep 16 05:20:34 cpanel02 pure-ftpd: (__cpanel__service__auth__ftpd__wnN9amQ1oxAGrn6WrdHNL1rXSkYwQ4wsRStiOtyrYRodnvmU0JQ9JiEe3113xkDw@127.0.0.1) [INFO] Logout. Sep 16 05:25:33 cpanel02 kernel: [161788.373406] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.168.214.22 DST=5.9.124.53 LEN=192 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=34193 DPT=24441 LEN=172 UID=0 GID=0 Sep 16 05:25:35 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Sep 16 05:25:35 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__Lcv6XAStC8q6sSKCi6qb6O4ipL63PO4e3VCNOhdcxXpAjA1FGaPSu2I1OM1nXSlw is now logged in Sep 16 05:25:35 cpanel02 pure-ftpd: (__cpanel__service__auth__ftpd__Lcv6XAStC8q6sSKCi6qb6O4ipL63PO4e3VCNOhdcxXpAjA1FGaPSu2I1OM1nXSlw@127.0.0.1) [INFO] Logout. Sep 16 05:30:12 cpanel02 lfd: SYSLOG check [xfL4KehGAgdKefc8] Sep 16 05:30:35 cpanel02 kernel: [162089.570555] Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=192.168.214.22 DST=5.9.124.53 LEN=191 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53415 DPT=24441 LEN=171 UID=0 GID=0 Sep 16 05:30:36 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1 Sep 16 05:30:36 cpanel02 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__1pmBiVuVLkyHFRZMAfB9aGpX5Z0akRMPNd0Wp9l49I6Raa6Dcp5C0YpI3V2js2sn is now logged in Sep 16 05:30:36 cpanel02 pure-ftpd: (__cpanel__service__auth__ftpd__1pmBiVuVLkyHFRZMAfB9aGpX5Z0akRMPNd0Wp9l49I6Raa6Dcp5C0YpI3V2js2sn@127.0.0.1) [INFO] Logout.

I am running pure-ftpd like this: /usr/sbin/pure-ftpd -A -c10 -B -C3 -z -D -e -fftp -H -I15 -lpam -L2000:8 -m4 -p30000:30100 -s -u40 -x -r -i -k99 -G -Z -Y1 -J'HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' but in syslog-ng monitoring I get an error: pure-ftpd: (?@?) [ERROR] SSL/TLS: Invalid TLSCipherSuite specified 'HIGH:MEDIUM:+TLSv1:!SSLv2:!SSLv3' I tried several variations without any luck. The only one that worked without a problem it was this one (in the configuration file): TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 then run: /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf Running: /usr/sbin/pure-ftpd -A -c10 -B -C3 -d -z -D -e -fftp -H -I15 -lpam -L2000:8 -m4 -p30000:30100 -s -u40 -x -r -i -k99 -G -Z -Y1 -JHIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 but with this one, only SSLv2 is disabled. I found this command at: http://download.pureftpd.org/pub/pure-ftpd/doc/README and there is says: > '-J ': Sets the list of ciphers that will be accepted for SSL/TLS connections. > For example: -J HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3 > Prefixing the list with -S: totally disables SSLv3. I think this -S might solve my problem but I can't figure out how to use it.

I am running pure-ftpd on raspbian, I need to pass it parameters to specify the port range for data connections, I read the following page here pure-ftpd faq it mentions that I can run the process directly like below.. Example: /usr/local/sbin/pure-ftpd -p 50000:50400 I believe the way to start and stop the services is as below sudo service pure-ftpd start How can I pass it parameters ?

I have a VPS running CentOS 6. I've tried multiple FTP servers but the following problem keeps me stuck. I want all users to have FTP access to their own folder in /home, so I configured Pure-FTPd to chroot all users except the admin account. This seems to work fine except the following which bugs me: When I use FileZilla to log in to the admin account (not chrooted), it lists /home/admin. When I navigate to the root directory, I can browse its files, but when I click back to the home folder, it's empty. The admin folder is now missing and i have to manually enter /home/admin to view the content again. So basically I cannot view or modify the home folder itself. I'm guessing a permission problem or FTP setting but I cannot find the answer.