pureFTPd and Snow Leopard

I’ve been using pureFTPd on my Mac at least since OS X 10.4. I chose it primarily for two reasons. First, it has a large following, is actively developed, and is free; second, PureFTPd Manager was a very nice GUI for OS X that allowed you to very easily setup your server with a lot of options, manage it, and even watch it.
Unfortunately, this GUI no longer works with 10.6. At all.

Well, I thought, I can do this manually. And I could, but it was a long and sometimes hairy trip which took many wrong turns before leaving me at a working configuration.

Warning: there is a lot of bare-bones command-line compiling and Unix below. If the terminal shell scares you, stop reading now.

First, you need the current verison of Mac Ports and then you need to compile pureFTPd from the shell.

sudo /opt/local/bin/port install pureftpd

This will install pure-ftp and its supporting programs into /opt/local/sbin/ and /opt/local/bin

Now, you need to create a user account for the ftp, usually this is named something like ‘ftpuser’, but the exact name is unimportant.

1. Open up the System preferences, go to the Accounts pane, and click the ’+’ at the bottom of the account list. You might first have to “Click the lock to make changes.”
2. Under “New Account” change the type from “Standard” to “Sharing Only”.
3. Give the Account a Full Name (FTP Master is what I chose)
4. Give the account an Account Name (“ftpuser” was my choice)
5. Click the ‘key’ icon and have the system generate a very long password. You will never use this password, so make sure the “Quality” meter is completely full. (I went with 20 random characters). Copy the password from the suggestion and paste it into the “Verify” field.
6. Once the account is created, click the account in the list and chose ”Advanced Options…”
7. I like to set the UID number <500 so it matches the rest of the system users. I chose ’101′ and set the Group to ‘ftp’. Whatever number you chose, make a note of it.
8. If you are going to have multiple ftp users then set the home directory to the ‘root’ of the FTP users. For example, if you are going to have Sid and Nancy as virtual users in pureftp, you might want to set /Users/ftp/Sid and /Users/ftp/Nancy as their folders. If so, set this to /Users/ftp/, otherwise, set it to the path you will have your FTP files stored in. NB: this can be a path in another users’s directory (/Users/Chloe/ftp_files/) but be aware there will be permission issues if you do this.

For security it is very important that the ftp be running as a separate user with no privileges. You would not want to simply run pureFTPd as the users ’Chloe’ in the example above.

The best way to run pureFTPd is with virtual users, and the way to create virtual users is with the command-line tool pure-pw, but first we need to add the group ‘ftp’ to our grouplist.

In the terminal edit the file /etc/group and add an entry to it.

ftp:*:101:ftpuser

So, now we have a UID (User ID) and a GID (Group ID). For simplicity’s sake, these IDs match, but they are not related and the numbers could be entirely different. Now it’s time to create out virtual user.

Now, you need to make a decision on who can log in using FTP. I prefer to manage the ftp users using a separate database instead of letting anyone who has an account on the computer login, but the choice is yours and you can choose to do both.

If you’re going to create a database file for pureFTPd to use, this is when you want to do it. However, if you already have one from a previous version of the OS, then you can simply copy it.

NB: the actual files you are creating are placed in /etc/pure-ftpd/

The basic command takes the form:

/opt/local/bin/pure-pw useradd sid -u 101 -g 101 -d /Volumes/Oldman/files/

where ‘sid’ is the login name of the virtual user.

But pureftp has a lot of options, and I could issue a command like this:

/opt/local/bin/pure-pw useradd nancy -u 101 -g 101 \
-d /Volumes/Oldman/files/ -t 80K -T 300K -r 10.0.0.0/8 -y 3

which lets ‘nancy’ download at a max of 80K, upload at 300K, only login from 10.0.0.0-10.255.255.255 IPs and only have a maximum of 3 connections.
You can confirm the settings by issuing the following command:

/opt/local/bin/pure-pw show nancy

and you can make changes to a user with the command

/opt/local/bin/pure-pw usermod nancy [new options]

All of this is basic pureFTPd setup, but even once all this is done, OS X doesn’t know anything about pureFTPd yet. To get it ti actually work, you need to get into the /System folder.

You will then need to edit the System’s LaunchDaemon which is responsible for starting the ftp program when a user tries to ftp in. You might want to make a backup of this file, although if you tried to install pureftp previously, or tried to run PureFTPd Manager under Snow Leopard, the file is already destroyed.


<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>Label</key>
<string>org.pureftpd.macosx</string>
<key>Program</key>
<string>/opt/local/sbin/pure-ftpd</string>
<key>ProgramArguments</key>
<array>
<string>/opt/local/sbin/pure-ftpd</string>
<string>-C</string>
<string>4</string>
<string>-H</string>
<string>-i</string>
<string>-E</string>
<string>-w</string>
<string>-X</string>
<string>-Z</string>
<string>-lpuredb:/etc/pure-ftpd/pureftpd.pdb</string>
<string>-j</string>
<string>-Oclf:/var/log/pureftpd.log</string>
</array>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>Bonjour</key>
<true/>
<key>SockServiceName</key>
<string>ftp</string>
</dict>
</dict>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<false/>
</dict>
</dict>
</plist>


The file needs to be located at /System/Library/LaunchDaemons/ftp.plist the easiest way to do this is simply to issue the following command:

sudo nano /System/Library/LaunchDaemons/ftp.plist


Normally I stay far away from editing or changing anything at all in /System, but in this case it seems it’s the only way.

The program arguments I use are documented in the man page for pure-ftpd, the thing to be aware of (and in contradiction to the docs) is that you may NOT place spaces after the -l and -O flags. Basically, I allow a maximum p 4 connections per IP address (-C 4) I want IPs logged, not hostnames (-H), I want the home directory created if it doesn’t exist (-j) and I want everything logged to /var/log/pureftpd.log, and a few other options. You can set whatever options you want simply by adding more <string>-flag</string><string>options<string> pairs.

The log looks like this:

75.148.117.93 - nancy [13/Oct/2009:09:07:07 -0700] "GET /path/to/file.png" 200 12410

The ’200′ shows it was a successful file transfer and the 12410 is the size