Настройка PROftpd

Файл “/etc/proftpd.conf”:

# This is a basic ProFTPD configuration file.

# It establishes a single server and a single anonymous login.

# It assumes that you have a user/group "nobody" and "ftp"

# for normal/anonymous operation.

ServerName   "ProFTPD Default Installation"

#ServerType   standalone

ServerType   inetd

DefaultServer   on

# Port 21 is the standard FTP port.

Port    21

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask    022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances   30

# Set the user and group that the server normally runs at.

User    nobody

Group    nogroup

# This next option is required for NIS or NIS+ to work properly:

#PersistentPasswd off

SystemLog   /var/log/proftpd.log

TransferLog   /var/log/xferlog

# Normally, we want files to be overwriteable.

<Directory /*>

  AllowOverwrite  on

</Directory>

# A basic anonymous FTP server configuration.

# To enable this, remove the user ftp from /etc/ftpusers.

<Anonymous ~ftp>

  RequireValidShell  off

  User    ftp

  Group    ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias   anonymous ftp

  # Limit the maximum number of anonymous logins

  MaxClients   50

  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin   welcome.msg

  DisplayChdir   .message

  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>

  # An upload directory that allows storing files but not retrieving

  # or creating directories.

  <Directory incoming/*>

    <Limit READ>

      DenyAll

    </Limit>

    <Limit STOR>

      AllowAll

    </Limit>

  </Directory>

</Anonymous>

Дополнительные настройки:

# Use the IANA registered ephemeral port range

PassivePorts 49152 65534

M

axClientsPerHost 1 "Sorry, you may not connect more than one time."

Results in: 530 Sorry, you may not connect more than one time.

MaxClientsPerUser 1 "Only one such user at a time."

Results in: 530 Only one such user at a time.

MaxLoginAttempts number

AuthOrder

AuthUserFile /etc/proftpd/auth/passwd

AuthGroupFile /etc/profile/auth/group

Формат файла “AuthUserFile”:

username:password:uid:gid:gecos:homedir:shell

Формат файла “AuthGroupFile”:

groupname:grouppasswd:gid:member1,member2,...memberN

Для использования только файлов “AuthUserFile” и “AuthGroupFile” используется директива “AuthOrder”.

Для создания ftp-пользователя используется скрипт “ftppasswd”.