Problems with running Pure-FTPd

kfiad · August 27, 2023, 7:13pm

I’m on 23.05 channel now. I installed Pure-FTPd to run FTP server on my machine, because I’m kinda familiar with it.

I could not found any options for that package. I had to use overrideAttrs to add PureDB support, however I’m still not sure if it is now available, because starting Pure-FTPd via systemd service gives that in log:

pure-ftpd[151275]: (?@?) [ERROR] Unknown authentication method: puredb:/path/to/pure-ftpd.pdb

BTW package did not contain systemd service file configuration.

I ended up with pure-ftpd.nix configuration file like this:

{ pkgs, config, ... }:

{
  environment.systemPackages = [
    (pkgs.pure-ftpd.overrideAttrs (oldAttrs: {
      configureFlags = oldAttrs.configureFlags ++ [ "--with-puredb" ];
    }))
  ];

  systemd.services.pure-ftpd = {
    description = "PureFTPD Server";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd --noanonymous --notruncate --login puredb:/path/to/pure-ftpd.pdb --prohibitdotfilesread --maxdiskusagepct 90% --bind 21 --chrooteveryone --nochmod --customerproof --dontresolve --passiveportrange 30000:30020";
      User = "ftp";
      Group = "ftp";
    };
  };

  users.extraGroups.ftp.gid = config.ids.gids.ftp;
  users.extraUsers.ftp = {
    uid = config.ids.uids.ftp;
    group = "ftp";
    description = "FTP user";
    home = "/path/to/ftp/root/";
  };

  networking.firewall.allowedTCPPortRanges = [ { from = 30000; to = 30020; } ];
}

What is more strange: I’ve created passwd and pdb files following Arch guide. Now when running:

$ pure-pw list -f /path/to/pure-ftpd.passwd

I get:

Unable to open the passwd file: No such file or directory

despite file existence and being (probably) valid password file.

Can anyone help me with setting up Pure-FTPd on NixOS?

kfiad · November 6, 2023, 7:12pm

Finally I have setup working Pure-FTPd instance with following configuration:

{ pkgs, config, ... }:

{
  nixpkgs.config.packageOverrides = pkgs:
  {
    pure-ftpd = pkgs.pure-ftpd.overrideAttrs (oldAttrs: {
        configureFlags = oldAttrs.configureFlags ++ [ "--with-puredb" ];
    });
  };

  systemd.services.pure-ftpd = {
    description = "PureFTPD Server";
    wantedBy = [ "multi-user.target" ];
    serviceConfig = {
      ExecStart = "${pkgs.pure-ftpd}/bin/pure-ftpd --noanonymous --notruncate --login puredb:/data/ftp/pure-ftpd.pdb --prohibitdotfilesread --maxdiskusagepct 90% --bind 2121 --chrooteveryone --nochmod --customerproof --dontresolve --passiveportrange 30000:30200";
    };
    environment = {
      PURE_PASSWDFILE = "/data/ftp/pure-ftpd.passwd";
      PURE_DBFILE = "/data/ftp/pure-ftpd.pdb";
    };
  };

  users.groups.ftp.gid = config.ids.gids.ftp;
  users.users.ftp = {
    uid = config.ids.uids.ftp;
    group = "ftp";
    description = "FTP user";
    home = "/data/ftp/";
  };

  networking.firewall.allowedTCPPortRanges = [ { from = 30000; to = 30200; } ];
  networking.firewall.allowedTCPPorts = [ 2121 ];
}

I have spent many hours (days?) on that, hopefully saving someone’s time

realsnick · December 3, 2023, 1:59am

Glad I find your code! Thank you for sharing! Have you had any updates? changes?

realsnick · December 3, 2023, 11:40am

@kfiad

I was trying to use it and after a couple of hours gave up…

i get this error from the service…

(?@?) [ERROR] Unknown authentication method: puredb:/data/ftp/pure-ftpd.pdb

but pure-pw works…

any ideas? thanks!

kfiad · December 3, 2023, 6:28pm

AFAIR this problem comes from lack of support for PureDB with default Nix Pure-FTPd package.

This the reason the following fragment:

  nixpkgs.config.packageOverrides = pkgs:
  {
    pure-ftpd = pkgs.pure-ftpd.overrideAttrs (oldAttrs: {
        configureFlags = oldAttrs.configureFlags ++ [ "--with-puredb" ];
    });
  };

is for.

Have you got this in your setup?

realsnick · December 4, 2023, 4:31pm

yes, i added this override but it doesn’t seem to really fix it

kfiad · December 5, 2023, 12:05am

Right…
Well, this will look like M$ Windows way of dealing with things, but… have you tried removing Pure-FTPd from your NixOS (assuming you work on this system) configuration, rebuilding, then executing nix-store --gc and then bringing Pure-FTPd package back into the system so it will be possibly forced to be (re-)build?

realsnick · December 14, 2023, 2:55pm

ill give that a try… thank you … yes im on nixos

Janik · December 14, 2023, 3:52pm

Sorry this is a bit off-topic but it’s common in nixpkgs for packages to not include systemd files since we use nixos modules to define systemd services and timers as you probably know.

kfiad:

AFAIR this problem comes from lack of support for PureDB with default Nix Pure-FTPd package.

This the reason the following fragment:
  nixpkgs.config.packageOverrides = pkgs:
  {
    pure-ftpd = pkgs.pure-ftpd.overrideAttrs (oldAttrs: {
        configureFlags = oldAttrs.configureFlags ++ [ "--with-puredb" ];
    });
  };
is for.

Have you got this in your setup?

You might consider upstreaming this to nixpkgs either as default (if it is a sane one) or as a feature flag.
Also congrats on being persistent and getting your deployment to work.

If you have the time and energy you could also write a module for pure-ftpd. The config seems relatively similar to most prometheus-exporter modules. If you end-up doing so feel free to ping me for review on github (Janik-Haag).