# This sample configuration file illustrates configuring two # anonymous directories, and a guest (same thing as anonymous but # requires a valid password to login) ServerName "ProFTPD Server" ServerType standalone # Port 21 is the standard FTP port. Port 1021 # If you don't want normal users logging in at all, uncomment this # next section # # DenyAll # # Set the user and group that the server normally runs at. #User root #Group wheel User nobody Group nogroup #--lavr/pam #AuthPAMAuthoritative on #PersistentPasswd on #AuthPAM off #AuthPAMConfig ftp # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 10 # Set the maximum number of seconds a data connection is allowed # to "stall" before being aborted. TimeoutStalled 300 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # # Logging options # TransferLog /var/log/proftpd/xferlog # # Some logging formats # LogFormat default "%h %l %u %t \"%r\" %s %b" #LogFormat auth "%v [%P] %h %t \"%r\" %s" #LogFormat write "%h %l %u %t \"%r\" %s %b" # Our "basic" anonymous configuration, including a single # upload directory ("uploads") # #--lavr; this msg for , , AccessGrantMsg "Anonymous access granted for %u." # User nobody # Group nogroup User ftp Group operator #--lavr don't check /etc/shells & ftp-shell RequireValidShell off #--lavr: AnonRequirePassword off for , default=off AnonRequirePassword off #--lavr: AllowRetrieveRestart on [default] for , , #--lavr: AnonRatio foo1 foo2 foo3 for , , ,.ftpaccess #--lavr: Bind address for server config, #--lavr: ByteRatioErrMsg foo1 foo2 foo3 for , , ,.ftpaccess #--lavr: Class "name" limit|regex|ip value for server config, # see example: #Classes on #Class local limit 100 #Class default limit 10 #Class local regex .*foo.com #Class local ip 172.16.1.0/24 # #--lavr: Classes on|off for server config, # #--lavr: DefaultQuota foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: DefaultRoot directory [group-expression] for server config, , #--lavr: DefaultServer on|off for server config, # #--lavr: DeferWelcome on|off for server config, , # #--lavr: Deny ["from"] "all"|"none"|host|network[,host|network[,...]] # for # #--lavr: DenyAll for , , # #--lavr: DisplayConnect filename - when connect # #--lavr: DisplayGoAway filename - when limit or deny #%T Current Time #%F Available space on file system #%C Current working directory #%R Remote host name #%L Local host name #%u Username reported by ident protocol #%U Username originally used in login #%M Max number of connections #%N Current number of connections #%E Server admin's e-mail address #%x The name of the user's class #%y Current number of connections from the user's class #%z Max number of connections from the user's class # #--lavr: DisplayLogin filename for server config, , # #--lavr: DisplayQuit filename for server config, , # #--lavr: DisplayReadme filename or pattern for server config, , # #--lavr: ExtendedLog filename [[command-classes] format-nickname] for # server config, , # classes: NONE=No commands; AUTH=Authentication commands (USER, PASS) # INFO=Informational commands (PWD, SYST, etc) # DIRS=Directory commands (LIST, CWD, MKD, etc) # READ=File reading (RETR) # WRITE=File/directory writing or creation # MISC=Miscellaneous commands (SITE, etc) # ALL=default # #--lavr: FileRatioErrMsg foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: HostRatio foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: IdentLookups on|off for server config, , # try to define remote-user name # #--lavr: for # server config, , ,, , .ftpaccess # command: # CWD (Change Working Directory) # MKD (MaKe Directory) # RNFR (ReName FRom), RNTO (ReName TO # DELE (DELEte) # RMD (ReMove Directory) # RETR (RETRieve) # STOR (STORe) # additional command-group: # READ;WRITE;DIRS;ALL;LOGIN # #--lavr: LeechRatioMsg foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: LogFormat nickname "format-string" # default: LogFormat default "%h %l %u %t \"%r\" %s %b" # #--lavr: LoginPasswordPrompt on|off for server config, , , # #--lavr: MaxClients number|none [message] for server config, , ; # #--lavr: MaxClientsPerHost number|none [message] # for server config, , , # #--lavr: MaxInstances number - how many process-ftpd in standalone # #--lavr: MaxLoginAttempts number for server config, , # how many attempts for login-authenticate # #--lavr: Order allow,deny|deny,allow for # examp: Order allow,deny: # 1. Check Allow directives. If one or more apply, exit with result: # ALLOW # 2. Check Deny directives. If one or more apply, exit with result: # DENY # 3. Exit with default implicit ALLOW # examp: Order deny,allow # 1. Check Deny directives. If one or more apply, exit with result: # DENY # 2. Check Allow directives. If one or more apply, exit with result: # ALLOW # 3. Exit with default implicit: DENY # #--lavr: PersistentPasswd on|off see Guide # #--lavr: Port port-number for server config, # #--lavr: RateReadBPS byte_per_sec-number for server config, , ,, # #--lavr: RateReadFreeBytes number of bytes for server config, , ,, # #--lavr: RateReadHardBPS on/off for server config, , ,, # #--lavr: RatioFile foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: Ratios foo1 foo2 foo3 for , , ,.ftpaccess # #--lavr: ServerIdent On|Off [identification string] # #--lavr: SocketBindTight on|off # #--lavr: SyslogFacility facility-level # mode=AUTH[AUTHPRIV],CRON,DAEMON,KERN,LPR,MAIL,NEWS,USER,UUCP,LOCAL0,LOCAL1,LOCAL2,LOCAL3,LOCAL4,LOCAL5,LOCAL6,LOCAL7 # #--lavr: SystemLog filename|NONE # #--lavr: TimeoutIdle seconds - default=600 # #--lavr: TimeoutLogin seconds - default=300 # #--lavr: TimeoutStalled seconds - default=0 # #--lavr: TimeoutNoTransfer seconds - default=600 # #--lavr: UseFtpUsers on|off - see /etc/ftpusers # #--lavr: UseReverseDNS on|off # Allow logins if they are disabled above. #--lavr: Allow ["from"] "all"|"none"|host|network[,host|network[,...]] # see example, use in # # Order Allow,Deny # Allow from # 128.44.26.,128.44.26.,myhost.mydomain.edu,.trusted-domain.org # Deny from all # # #--lavr: AllowAll in , , , .ftpaccess # AllowAll # # Order allow,deny # Allow from all # Deny from .microsoft.com, .msn.com AllowAll # Maximum clients with message MaxClients 10 "Sorry, max %m users -- try again later" # User ftp # Group ftp # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Limit WRITE everywhere in the anonymous chroot DenyAll # An upload directory that allows storing files but not retrieving # or creating directories. # Normally, we want files to be overwriteable. AllowOverwrite on Umask 000 AllowAll AllowAll # Normally, we want files to be overwriteable. AllowOverwrite on Umask 000 DenyAll AllowAll