cvsextras 1b55c3
# This is the ProFTPD configuration file
965629
# $Id: proftpd.conf,v 1.6 2006/05/10 11:29:02 thias Exp $
cvsextras 1b55c3
cvsextras 1b55c3
ServerName			"ProFTPD server"
cvsextras 1b55c3
ServerIdent			on "FTP Server ready."
cvsextras 1b55c3
ServerAdmin			root@localhost
cvsextras 1b55c3
ServerType			standalone
cvsextras 1b55c3
#ServerType			inetd
cvsextras 1b55c3
DefaultServer			on
cvsextras 1b55c3
AccessGrantMsg			"User %u logged in."
cvsextras 1b55c3
#DisplayConnect			/etc/ftpissue
cvsextras 1b55c3
#DisplayLogin			/etc/ftpmotd
cvsextras 1b55c3
#DisplayGoAway			/etc/ftpgoaway
cvsextras 1b55c3
DeferWelcome			off
cvsextras 1b55c3
cvsextras 1b55c3
# Use this to excude users from the chroot
cvsextras 1b55c3
DefaultRoot			~ !adm
cvsextras 1b55c3
c74975
# Use pam to authenticate (default) and be authoritative
c74975
AuthPAMConfig			proftpd
c74975
AuthOrder			mod_auth_pam.c* mod_auth_unix.c
cvsextras 1b55c3
cvsextras 1b55c3
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
cvsextras 1b55c3
IdentLookups			off
cvsextras 1b55c3
UseReverseDNS			off
cvsextras 1b55c3
cvsextras 1b55c3
# Port 21 is the standard FTP port.
cvsextras 1b55c3
Port				21
cvsextras 1b55c3
cvsextras 1b55c3
# Umask 022 is a good standard umask to prevent new dirs and files
cvsextras 1b55c3
# from being group and world writable.
cvsextras 1b55c3
Umask				022
cvsextras 1b55c3
cvsextras 1b55c3
# Default to show dot files in directory listings
cvsextras 1b55c3
ListOptions			"-a"
cvsextras 1b55c3
cvsextras 1b55c3
# See Configuration.html for these (here are the default values)
cvsextras 1b55c3
#MultilineRFC2228		off
cvsextras 1b55c3
#RootLogin			off
cvsextras 1b55c3
#LoginPasswordPrompt		on
cvsextras 1b55c3
#MaxLoginAttempts		3
cvsextras 1b55c3
#MaxClientsPerHost		none
cvsextras 1b55c3
#AllowForeignAddress		off	# For FXP
cvsextras 1b55c3
cvsextras 1b55c3
# Allow to resume not only the downloads but the uploads too
cvsextras 1b55c3
AllowRetrieveRestart		on
cvsextras 1b55c3
AllowStoreRestart		on
cvsextras 1b55c3
cvsextras 1b55c3
# To prevent DoS attacks, set the maximum number of child processes
cvsextras 1b55c3
# to 30.  If you need to allow more than 30 concurrent connections
cvsextras 1b55c3
# at once, simply increase this value.  Note that this ONLY works
cvsextras 1b55c3
# in standalone mode, in inetd mode you should use an inetd server
cvsextras 1b55c3
# that allows you to limit maximum number of processes per service
cvsextras 1b55c3
# (such as xinetd)
cvsextras 1b55c3
MaxInstances			20
cvsextras 1b55c3
cvsextras 1b55c3
# Set the user and group that the server normally runs at.
cvsextras 1b55c3
User				nobody
cvsextras 1b55c3
Group				nobody
cvsextras 1b55c3
cvsextras 1b55c3
# This is where we want to put the pid file
cvsextras 1b55c3
ScoreboardFile			/var/run/proftpd.score
cvsextras 1b55c3
cvsextras 1b55c3
# Normally, we want users to do a few things.
cvsextras 1b55c3
<global>
cvsextras 1b55c3
  AllowOverwrite		yes
cvsextras 1b55c3
  <limit all="" site_chmod="">
cvsextras 1b55c3
    AllowAll
cvsextras 1b55c3
  </limit>
cvsextras 1b55c3
</global>
cvsextras 1b55c3
cvsextras 1b55c3
# Define the log formats
cvsextras 1b55c3
LogFormat			default	"%h %l %u %t \"%r\" %s %b"
cvsextras 1b55c3
LogFormat			auth	"%v [%P] %h %t \"%r\" %s"
cvsextras 1b55c3
b5b432
# TLS
b5b432
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
b5b432
#TLSEngine			on
b5b432
#TLSRequired			on
965629
#TLSRSACertificateFile		/etc/pki/tls/certs/proftpd.pem
965629
#TLSRSACertificateKeyFile	/etc/pki/tls/certs/proftpd.pem
b5b432
#TLSCipherSuite			ALL:!ADH:!DES
b5b432
#TLSOptions			NoCertRequest
b5b432
#TLSVerifyClient		off
b5b432
##TLSRenegotiate		ctrl 3600 data 512000 required off timeout 300
b5b432
#TLSLog				/var/log/proftpd/tls.log
b5b432
965629
# SQL authentication Dynamic Shared Object (DSO) loading
965629
# See README.DSO and howto/DSO.html for more details.
965629
#<ifmodule mod_dso.c="">
965629
#   LoadModule mod_sql.c
965629
#   LoadModule mod_sql_mysql.c
965629
#   LoadModule mod_sql_postgres.c
965629
#</ifmodule>
965629
cvsextras 1b55c3
# A basic anonymous configuration, with an upload directory.
cvsextras 1b55c3
#<anonymous ~ftp="">
cvsextras 1b55c3
#  User				ftp
cvsextras 1b55c3
#  Group				ftp
cvsextras 1b55c3
#  AccessGrantMsg		"Anonymous login ok, restrictions apply."
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # We want clients to be able to login with "anonymous" as well as "ftp"
cvsextras 1b55c3
#  UserAlias			anonymous ftp
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Limit the maximum number of anonymous logins
cvsextras 1b55c3
#  MaxClients			10 "Sorry, max %m users -- try again later"
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Put the user into /pub right after login
cvsextras 1b55c3
#  #DefaultChdir			/pub
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # We want 'welcome.msg' displayed at login, '.message' displayed in
cvsextras 1b55c3
#  # each newly chdired directory and tell users to read README* files. 
cvsextras 1b55c3
#  DisplayLogin			/welcome.msg
cvsextras 1b55c3
#  DisplayFirstChdir		.message
cvsextras 1b55c3
#  DisplayReadme			README*
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Some more cosmetic and not vital stuff
c74975
#  DirFakeUser			on ftp
c74975
#  DirFakeGroup			on ftp
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Limit WRITE everywhere in the anonymous chroot
cvsextras 1b55c3
#  <limit write="" site_chmod="">
cvsextras 1b55c3
#    DenyAll
cvsextras 1b55c3
#  </limit>
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # An upload directory that allows storing files but not retrieving
cvsextras 1b55c3
#  # or creating directories.
cvsextras 1b55c3
#  <directory uploads="" *="">
cvsextras 1b55c3
#    AllowOverwrite		no
cvsextras 1b55c3
#    <limit read="">
cvsextras 1b55c3
#      DenyAll
cvsextras 1b55c3
#    </limit>
cvsextras 1b55c3
#
cvsextras 1b55c3
#    <limit stor="">
cvsextras 1b55c3
#      AllowAll
cvsextras 1b55c3
#    </limit>
cvsextras 1b55c3
#  </directory>
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Don't write anonymous accesses to the system wtmp file (good idea!)
cvsextras 1b55c3
#  WtmpLog			off
cvsextras 1b55c3
#
cvsextras 1b55c3
#  # Logging for the anonymous transfers
cvsextras 1b55c3
#  ExtendedLog		/var/log/proftpd/access.log WRITE,READ default
cvsextras 1b55c3
#  ExtendedLog		/var/log/proftpd/auth.log AUTH auth
cvsextras 1b55c3
#
cvsextras 1b55c3
#</anonymous>
cvsextras 1b55c3