Creating the ftp user
To use puredb as your authentication method and to create virtual users, you must first create one ftp user in your system:
$ sudo niutil -create / /users/ftpuser
### This creates a user in the NetInfo database
$ sudo niutil -createprop / /users/ftpuser uid 601
### Assigns user ID number. It can be any number over 501 that
### is not taken by another user.
$ sudo niutil -createprop / /users/users gid 20
### Group to which the user will belong. You could give it its own gid 601.
$ sudo niutil -createprop / /users/ftpuser home "/Users/ftpfolder"
### Assigns a home folder that you must create. The home folder doesn't
have to reside inside /Users.
$ sudo niutil -createprop / /users/ftpuser shell "/dev/null"
### For security reasons, don't give this user a shell.
$ sudo niutil -createprop / /users/ftpuser passwd "*"
### Blank password; you'll create it in the next step
$ sudo passwd ftpuser
### Make sure you give it a password to activate this account
Now create the user's home folder by typing mkdir /Users/ftpfolder, and set the ownership for it:
sudo chown ftpuser:staff /Users/ftpfolder
If you leave the home folder like this, without copying the template /System/Library/User Template/English.lproj, the FTP user won't show in your login window with the rest of the users. Let's give credit to the author of this hint for the previous steps...
Running pure-ftpd with xinetd
If pure-ftpd will be launched by xinetd when an FTP connection is established, then you must configure the /etc/xinetd.d/ftp configuration file. Here is my configuration:
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/pure-ftpd
server_args = -l puredb:/etc/pureftpd.pdb -A -C 10 -E -j -p 2500:2600 -P mydomain.com
protocol = tcp
groups = yes
#flags = REUSE IPv6
}
Here's a description of the various settings on server_args and elsewhere:
- -l -- Defines puredb as the authentication method and gives the server the location of the database.
- -A -- chroot everyone (Users cannot navigate out of their home folder. Read the man pages for pure-pw, so you can chroot individual users without having to chroot everyone)
- -C -- Maximun number of connections from one single IP. Assign a number according to your needs.
- -E -- No anonymous logins. Only users you create can connect.
- -j -- This is a cool feature. When a user establishes his or her first connection, if there is not a home folder for this user, the home folder is created automatically.
- -p -- For passive mode, I like to define just a few ports
- -P -- This is the host name or IP of your server, so the client can connect to retrieve data through the above specified ports once the connection has been established through port 21.
- #flags -- I could not connect to my ftp server while this flag was enabled. Therefore, I commented it out.
Let's create our first virtual user, whose name is Joe:
$ sudo pure-pw useradd Joe -u ftpuser -d /Users/ftpfolder/Joe
Enter your administrator password, and then enter the password for the user you're creating (you'll be prompted twice for it). Now you must rebuild the database for puredb to your server recognizes the new user:
$ sudo pure-pw mkdb
For more examples, and a complete guide to creating virtual users, check out this section of the Pure-FTPd website.Restart xinetd
Type sudo kill -HUP 'cat /var/run/xinetd.pid' to have your changes take effect. Connect to your server with this newly created user name and password.
Note: Check the man pages to run pure-ftpd in daemon mode without xinetd.

