Hello all, I need to configure a pure FTP server that is use for file storage server, And there will not be access to public user, It need to authentication file upload and download. How I setup a FTP server like this requirement with proper security? I want to use CENTOS for this server. please give me some tips about it. Thanks in advance .
You can use WHM, or get a server admin to install this for you from here: http://www.pureftpd.org/project/pure-ftpd
You need to install pure-ftp OR vsftpd. See to it that root user is not allowed to access the server. Enable access for FTP users on specific directories.
Use pure-ftp setup with virtual users. Edit pure-ftpd.conf, should be in /etc after you install it. # Config file for /etc/init.d/pure-ftpd ##Comment variables out to disable its features, or change the values in it... ## ## This variable must be uncommented in order for the server to start ## [COLOR="#FF0000"]IS_CONFIGURED="yes"[/COLOR] ## FTP Server,Port (separated by comma) ## ## If you prefer host names over IP addresses, it's your choice: ## SERVER="-S ftp.rtchat.com,21" ## IPv6 addresses are supported. ## !!! WARNING !!! ## Using an invalid IP will result in the server not starting, ## but reporting a correct start! ## SERVER="-S 192.168.0.1,21" ## By default binds to all available IPs. [COLOR="#FF0000"]SERVER="-S 2125"[/COLOR] ## Number of simultaneous connections in total, and per IP ## MAX_CONN="-c 30" MAX_CONN_IP="-C 10" ## Start daemonized in background ## DAEMON="-B" ## Don't allow uploads if the partition is more full then this var ## DISK_FULL="-k 90%" ## If your FTP server is behind a NAT box, uncomment this ## #USE_NAT="-N" ## Authentication mechanisms (others are 'pam', ...) ## ## Further infos can be found in the README file. ## AUTH="-l unix" [COLOR="#FF0000"]AUTH="-l puredb:/etc/pureftpd.pdb"[/COLOR] ## Change the maximum idle time (in minutes) ## ## If this variable is not defined, it will default to 15 minutes. #TIMEOUT="-I <timeout>'" ## Facility used for syslog logging ## ## If this variable is not defined, it will default to the 'ftp' facility. ## Logging can be disabled with '-f none'. #LOG="-f <facility>" ## Charset conversion support *experimental* ## ## Only works if USE "charconv" is enabled (only Pure-FTPd >=1.0.21). ## Set the charset of the filesystem. # CHARCONV="--fscharset <charset>" ## If you want to process each file uploaded through Pure-FTPd, enter the name ## of the script that should process the files below. ## man pure-uploadscript to learn more about how to write this script. # UPLOADSCRIPT="/path/to/uploadscript" ## Misc. Others ## ## MISC_OTHER="-A -x -j -R -Z" [COLOR="#FF0000"]MISC_OTHER="-A -D -Z -E -i -H"[/COLOR] Code (markup): AUTH="-l puredb:/etc/pureftpd.pdb" Virtual users is a simple mechanism to store a list of users, with their password, name, uid, directory, etc. It's just like /etc/passwd. But it's not /etc/passwd. It's a different file, only for FTP. create a system user for virtual users groupadd ftpgroup useradd -g ftpgroup -d /dev/null -s /etc ftpuser now you can create many virtual users, like this : pure-pw useradd joe -u ftpuser -d /home/ftpusers/joe [-m] Joe's password is asked twice. With -d, joe will be chrooted. If you want to give joe access to the whole filesystem, use -D instead of -d. You can delete joe account: pure-pw userdel joe [-m] Change his password: pure-pw passwd <login> [-m] have a look at joe info: pure-pw show <login> Don't forget to commit changes. When you use -m argument, changes are commited automaticaly; pure-pw mkdb Code (markup): This keeps you from using system users & folders owned by them, better security all around, note my changes highlighted in red.
Google is your friend, but I would recommend you just use sFTP rather than FTP, FTP is very insecure since the password is transmitted without encryption.