January 6, 2016

Pure-FTPD With FTPS Over TLS

I recently had to set up FTPS for a client as SFTP wasn’t an option. The benefit of FTPS with Pure-FTPD is the ability to save files as another user when uploading files. Here’s how to do it:


Give ourselves root privileges

sudo -i


For Debian/Ubuntu:

Update our aptitude cache

apt-get update

Install openssl and Pure-FTPD

apt-get install openssl pure-ftpd


For Centos/Fedora/Redhat

Update our yum cache

yum update

Install openssl and Pure-FTPD

yum install openssl pure-ftpd



Add a new user for which we want to use to log in, set their home directory that they’ll see when they log in and set their primary group as the owner of the files in that directory

adduser staging -d /var/www/wordpress -g nginx

Set a password for the new user, remember this as we’ll need to set it later to

passwd staging

The next two commands are important as they’ll display the users UID, which we need later on; make a note of both users’ UID

id staging
id nginx


Create the Pure-FTPD user database and set the details to the same as the adduser stage above, use the same password as the previous user creation also

pure-pw useradd staging -d /var/www/wordpress -u nginx
pure-pw mkdb


Make a new directory and create an SSL certificate, enter details as you wish when creating the SSL certificate, set Common Name to your servers hostname

mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pure-ftpd.pem -out /etc/ssl/private/pure-ftpd.pem

Make the certificate readable be root only

chmod 600 /etc/ssl/private/pure-ftpd.pem


Edit the Pure-FTPD config

vi /etc/pure-ftpd/pure-ftpd.conf

Uncomment and change TLS to 2 to allow only TLS connections


Uncomment the PureDB line to allow it to use our user

PureDB /etc/pure-ftpd/pureftpd.pdb

Change and set MinUID to the lowest UID from the “id staging and id nginx” command above, nginx will usually have the lower UID, but it depends on the users you’re going to use

MinUID 48


Restart PureFTPd

/etc/init.d/pure-ftpd restart


Connect using FTPS using SSL dependant on your client on port 21 as usual

Leave a Reply

Your email address will not be published. Required fields are marked *