Proftpd config example

[wildweaselmi]

Here is an example of a basic proftp configuration file found

/etc/sysconfig/proftpd

# This is the ProFTPD configuration file


ServerName "ProFTPD server"

ServerIdent on "This is a Private FTP Server. Please leave if you are annoymous, or not a member of staff."

ServerAdmin ~snip~@gmail.com

ServerType			standalone

#ServerType			inetd

DefaultServer on

AccessGrantMsg "User %u logged in."

#DisplayConnect			/etc/ftpissue

#DisplayLogin			/etc/ftpmotd

#DisplayGoAway			/etc/ftpgoaway

DeferWelcome off


# Use this to excude users from the chroot

DefaultRoot /var/www !adm


# Use pam to authenticate (default) and be authoritative

AuthPAMConfig			proftpd

AuthOrder			mod_auth_pam.c* mod_auth_unix.c


# Do not perform ident nor DNS lookups (hangs when the port is filtered)

IdentLookups off

UseReverseDNS			off


# Port 21 is the standard FTP port.

Port 21


# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask 022


# Default to show dot files in directory listings

ListOptions "-a"


# See Configuration.html for these (here are the default values)

#MultilineRFC2228		off

#RootLogin			off

#LoginPasswordPrompt		on

#MaxLoginAttempts		3

#MaxClientsPerHost		none

#AllowForeignAddress		off	# For FXP


# Allow to resume not only the downloads but the uploads too

AllowRetrieveRestart on

AllowStoreRestart on


# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances			20


# Set the user and group that the server normally runs at.

User				ftp

Group				ftp


# Disable sendfile by default since it breaks displaying the download speeds in

# ftptop and ftpwho

UseSendfile			no


# This is where we want to put the pid file

ScoreboardFile			/var/run/proftpd.score


# Normally, we want users to do a few things.



AllowOverwrite on



	AllowAll



LoginPasswordPrompt on

AccessDenyMsg "You Fail"

AccessGrantMsg Welcome!

RootLogin off

UseFtpUsers on




# Define the log formats

LogFormat			default	"%h %l %u %t \"%r\" %s %b"

LogFormat			auth	"%v  %h %t \"%r\" %s"

LoginPasswordPrompt on

AccessDenyMsg "You Fail"



User ftp

UserAlias anonymous ftp

Group ftp



DefaultChdir /var/www

DeleteAbortedStores on

DisplayChdir README true

HiddenStor off

RootLogin off

AnonymousGroup ftp

AuthAliasOnly off

RequireValidShell off

UseFtpUsers on

AllowForeignAddress on


# TLS

# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html

#TLSEngine			on

#TLSRequired			on

#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem

#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem

#TLSCipherSuite			ALL:!ADH:!DES

#TLSOptions			NoCertRequest

#TLSVerifyClient		off

##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300

#TLSLog				/var/log/proftpd/tls.log


# SQL authentication Dynamic Shared Object (DSO) loading

# See README.DSO and howto/DSO.html for more details.

#

#  LoadModule mod_ban.c

#  LoadModule mod_ifsession.c

#  LoadModule mod_quotatab.c

#  LoadModule mod_quotatab_file.c

#  LoadModule mod_sql.c

#  LoadModule mod_sql_mysql.c

#  LoadModule mod_sql_postgres.c

#


# A basic anonymous configuration, with an upload directory.

#

#  User				ftp

#  Group				ftp

#  AccessGrantMsg		"Anonymous login ok, restrictions apply."

#

#  # We want clients to be able to login with "anonymous" as well as "ftp"

#  UserAlias			anonymous ftp

#

#  # Limit the maximum number of anonymous logins

#  MaxClients			10 "Sorry, max %m users -- try again later"

#

#  # Put the user into /pub right after login

#  #DefaultChdir			/pub

#

#  # We want 'welcome.msg' displayed at login, '.message' displayed in

#  # each newly chdired directory and tell users to read README* files. 

#  DisplayLogin			/welcome.msg

#  DisplayFirstChdir		.message

#  DisplayReadme			README*

#

#  # Some more cosmetic and not vital stuff

#  DirFakeUser			on ftp

#  DirFakeGroup			on ftp

#

#  # Limit WRITE everywhere in the anonymous chroot

#  

#	DenyAll

#  

#

#  # An upload directory that allows storing files but not retrieving

#  # or creating directories.

#  

#	AllowOverwrite		no

#	

#  	DenyAll

#	

#

#	

#  	AllowAll

#	

#  

#

#  # Don't write anonymous accesses to the system wtmp file (good idea!)

#  WtmpLog			off

#

#  # Logging for the anonymous transfers

#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default

#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth

#

#


# Configuration for mod_ban



  BanEngine on

  BanLog /var/log/proftpd/ban.log

  BanTable /var/run/proftpd/ban.tab


  # If the same client reaches the MaxLoginAttempts limit 2 times

  # within 10 minutes, automatically add a ban for that client that

  # will expire after one hour.

  BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00


  # Allow the FTP admin to manually add/remove bans

  BanControlsACLs all allow user ftpadm

you may first want to stop proftpd and then start it when you are done editing

/etc/init.d/proftpd stop