Pure-FTP

To accomodate multiple FTP users on one of our servers without giving them actual user accounts on the server Pure-FTP was installed as it allows virtual users that are defined within a MySQL database.

The problem I encountered was that after setting the ChrootEveryone setting it meant that I was constrained to my home directory too. To rectify this I needed to create a user group that Pure-FTP would consider trusted. The server would then allow any user within that group to traverse the complete directory structure whilst all other users remained chrooted to their home directory. Creating the group and adding myself to it was easy enough:

groupadd trusted

tail -1 /etc/group

(this lists the newly created group and gives the gid that we will need later)

usermood -G trusted jigsaw

This added me to the trusted group I just created.

The problem now was how to get the Pure-FTP server to start with the option “-a 2002” (where 2002 is the gid of the newly created group) . After many hours messing around attempting to add the option into config files I finally had to hand-hack the /usr/sbin/pure-ftpd-wrapper file that had some of the options in it. I added the line:

push(@options, ‘-a’,’2002′)

This pushes the options I want into the switches array that gets sent to the server on startup. There must be a better way than this, but for now it works. I also needed to set the ChrootEveryone directive to no in the conf directory of Pure-FTP. Because the -a option is passed to the server at start up it will chroot everyone except members of the group that is specified by the supplied gid, in my case 2002.