pure-authd - External authentication agent for Pure-FTPd.
pure-authd [ -p
gid] [ -B
pure-authd is a daemon that forks an authentication program, waits for an
authentication reply, and feed them to an application server.
pure-authd listens to a local Unix socket. A new connection to that socket
should feed pure-authd the following structure:
(replace xxx with appropriate values) . localhost, localport and peer are
numeric IP addresses and ports. peer is the IP address of the remote client.
These arguments are passed to the authentication program, as environment
The authentication program should take appropriate actions to fetch account info
according to these arguments, and reply to the standard output a structure
like the following one:
- If xxx is 0, the user was not found (the next
authentication method passed to pure-ftpd will be tried) . If xxx is -1,
the user was found, but there was a fatal authentication error: user is
root, password is wrong, account has expired, etc (next authentication
methods will not be tried) . If xxx is 1, the user was found and
- The system uid to be assigned to that user. Must be >
- The primary system gid. Must be > 0.
- The absolute path to the home directory. Can contain /./
for a chroot jail.
- slow_tilde_expansion:xxx (optional, default is
- When the command 'cd ~user' is issued, it's handy to go to
that user's home directory, as expected in a shell environment. But
fetching account info can be an expensive operation for non-system
accounts. If xxx is 0, 'cd ~user' will expand to the system user home
directory. If xxx is 1, 'cd ~user' won't expand. You should use 1 in most
cases with external authentication, when your FTP users don't match system
users. You can also set xxx to 1 if you're using slow nss_* system
- throttling_bandwidth_ul:xxx (optional)
- The allocated bandwidth for uploads, in bytes per
- throttling_bandwidth_dl:xxx (optional)
- The allocated bandwidth for downloads, in bytes per
- user_quota_size:xxx (optional)
- The maximal total size for this account, in bytes.
- user_quota_files:xxx (optional)
- The maximal number of files for this account.
- ratio_upload:xxx (optional)
Only one authentication program is forked at a time. It must return
- radio_download:xxx (optional)
- The user must match a ratio_upload:ratio_download
- -u <uid>
- Have the daemon run with that uid.
- -g <gid>
- Have the daemon run with that gid.
- Fork in background (daemonization).
- -s </path/to/socket>
- Set the full path to the local Unix socket.
- -r </path/to/program>
- Set the full path to the authentication program.
- Output help information and exit.
To run this program the standard way type:
pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &
pure-ftpd -lextauth:/var/run/ftpd.sock &
- /usr/bin/my-auth-program can be as simple as:
- #! /bin/sh
Frank DENIS <j at pureftpd dot org>
, pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8)
pure-uploadscript(8) pure-statsdecode(8) pure-pw(8)
, RFC 2389
, RFC 2228
and RFC 2428