|
cvsextras |
59a0b03 |
# This is the ProFTPD configuration file
|
|
cvsextras |
e245999 |
# $Id: proftpd.conf,v 1.1 2004/02/26 17:54:30 thias Exp $
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
ServerName "ProFTPD server"
|
|
cvsextras |
59a0b03 |
ServerIdent on "FTP Server ready."
|
|
cvsextras |
59a0b03 |
ServerAdmin root@localhost
|
|
cvsextras |
59a0b03 |
ServerType standalone
|
|
cvsextras |
59a0b03 |
#ServerType inetd
|
|
cvsextras |
59a0b03 |
DefaultServer on
|
|
cvsextras |
59a0b03 |
AccessGrantMsg "User %u logged in."
|
|
cvsextras |
59a0b03 |
#DisplayConnect /etc/ftpissue
|
|
cvsextras |
59a0b03 |
#DisplayLogin /etc/ftpmotd
|
|
cvsextras |
59a0b03 |
#DisplayGoAway /etc/ftpgoaway
|
|
cvsextras |
59a0b03 |
DeferWelcome off
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Use this to excude users from the chroot
|
|
cvsextras |
59a0b03 |
DefaultRoot ~ !adm
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Use pam to authenticate by default
|
|
cvsextras |
59a0b03 |
AuthPAMAuthoritative on
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Do not perform ident nor DNS lookups (hangs when the port is filtered)
|
|
cvsextras |
59a0b03 |
IdentLookups off
|
|
cvsextras |
59a0b03 |
UseReverseDNS off
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Port 21 is the standard FTP port.
|
|
cvsextras |
59a0b03 |
Port 21
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Umask 022 is a good standard umask to prevent new dirs and files
|
|
cvsextras |
59a0b03 |
# from being group and world writable.
|
|
cvsextras |
59a0b03 |
Umask 022
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Default to show dot files in directory listings
|
|
cvsextras |
59a0b03 |
ListOptions "-a"
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# See Configuration.html for these (here are the default values)
|
|
cvsextras |
59a0b03 |
#MultilineRFC2228 off
|
|
cvsextras |
59a0b03 |
#RootLogin off
|
|
cvsextras |
59a0b03 |
#LoginPasswordPrompt on
|
|
cvsextras |
59a0b03 |
#MaxLoginAttempts 3
|
|
cvsextras |
59a0b03 |
#MaxClientsPerHost none
|
|
cvsextras |
59a0b03 |
#AllowForeignAddress off # For FXP
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Allow to resume not only the downloads but the uploads too
|
|
cvsextras |
59a0b03 |
AllowRetrieveRestart on
|
|
cvsextras |
59a0b03 |
AllowStoreRestart on
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# To prevent DoS attacks, set the maximum number of child processes
|
|
cvsextras |
59a0b03 |
# to 30. If you need to allow more than 30 concurrent connections
|
|
cvsextras |
59a0b03 |
# at once, simply increase this value. Note that this ONLY works
|
|
cvsextras |
59a0b03 |
# in standalone mode, in inetd mode you should use an inetd server
|
|
cvsextras |
59a0b03 |
# that allows you to limit maximum number of processes per service
|
|
cvsextras |
59a0b03 |
# (such as xinetd)
|
|
cvsextras |
59a0b03 |
MaxInstances 20
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Set the user and group that the server normally runs at.
|
|
cvsextras |
59a0b03 |
User nobody
|
|
cvsextras |
59a0b03 |
Group nobody
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# This is where we want to put the pid file
|
|
cvsextras |
59a0b03 |
ScoreboardFile /var/run/proftpd.score
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Normally, we want users to do a few things.
|
|
cvsextras |
59a0b03 |
<Global>
|
|
cvsextras |
59a0b03 |
AllowOverwrite yes
|
|
cvsextras |
59a0b03 |
<Limit ALL SITE_CHMOD>
|
|
cvsextras |
59a0b03 |
AllowAll
|
|
cvsextras |
59a0b03 |
</Limit>
|
|
cvsextras |
59a0b03 |
</Global>
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# Define the log formats
|
|
cvsextras |
59a0b03 |
LogFormat default "%h %l %u %t \"%r\" %s %b"
|
|
cvsextras |
59a0b03 |
LogFormat auth "%v [%P] %h %t \"%r\" %s"
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# TLS
|
|
cvsextras |
59a0b03 |
# Explained at http://www.castaglia.org/proftpd/modules/mod_tls.html
|
|
cvsextras |
59a0b03 |
#TLSEngine on
|
|
cvsextras |
59a0b03 |
#TLSRequired on
|
|
cvsextras |
59a0b03 |
#TLSRSACertificateFile /usr/share/ssl/certs/proftpd.pem
|
|
cvsextras |
59a0b03 |
#TLSRSACertificateKeyFile /usr/share/ssl/certs/proftpd.pem
|
|
cvsextras |
59a0b03 |
#TLSCipherSuite ALL:!ADH:!DES
|
|
cvsextras |
59a0b03 |
#TLSOptions NoCertRequest
|
|
cvsextras |
59a0b03 |
#TLSVerifyClient off
|
|
cvsextras |
59a0b03 |
##TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
|
|
cvsextras |
59a0b03 |
#TLSLog /var/log/proftpd/tls.log
|
|
cvsextras |
59a0b03 |
|
|
cvsextras |
59a0b03 |
# A basic anonymous configuration, with an upload directory.
|
|
cvsextras |
59a0b03 |
#<Anonymous ~ftp>
|
|
cvsextras |
59a0b03 |
# User ftp
|
|
cvsextras |
59a0b03 |
# Group ftp
|
|
cvsextras |
59a0b03 |
# AccessGrantMsg "Anonymous login ok, restrictions apply."
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # We want clients to be able to login with "anonymous" as well as "ftp"
|
|
cvsextras |
59a0b03 |
# UserAlias anonymous ftp
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Limit the maximum number of anonymous logins
|
|
cvsextras |
59a0b03 |
# MaxClients 10 "Sorry, max %m users -- try again later"
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Put the user into /pub right after login
|
|
cvsextras |
59a0b03 |
# #DefaultChdir /pub
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # We want 'welcome.msg' displayed at login, '.message' displayed in
|
|
cvsextras |
59a0b03 |
# # each newly chdired directory and tell users to read README* files.
|
|
cvsextras |
59a0b03 |
# DisplayLogin /welcome.msg
|
|
cvsextras |
59a0b03 |
# DisplayFirstChdir .message
|
|
cvsextras |
59a0b03 |
# DisplayReadme README*
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Some more cosmetic and not vital stuff
|
|
cvsextras |
59a0b03 |
# DirFakeUser on ftpadm
|
|
cvsextras |
59a0b03 |
# DirFakeGroup on ftpadm
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Limit WRITE everywhere in the anonymous chroot
|
|
cvsextras |
59a0b03 |
# <Limit WRITE SITE_CHMOD>
|
|
cvsextras |
59a0b03 |
# DenyAll
|
|
cvsextras |
59a0b03 |
# </Limit>
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # An upload directory that allows storing files but not retrieving
|
|
cvsextras |
59a0b03 |
# # or creating directories.
|
|
cvsextras |
59a0b03 |
# <Directory uploads/*>
|
|
cvsextras |
59a0b03 |
# AllowOverwrite no
|
|
cvsextras |
59a0b03 |
# <Limit READ>
|
|
cvsextras |
59a0b03 |
# DenyAll
|
|
cvsextras |
59a0b03 |
# </Limit>
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# <Limit STOR>
|
|
cvsextras |
59a0b03 |
# AllowAll
|
|
cvsextras |
59a0b03 |
# </Limit>
|
|
cvsextras |
59a0b03 |
# </Directory>
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Don't write anonymous accesses to the system wtmp file (good idea!)
|
|
cvsextras |
59a0b03 |
# WtmpLog off
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
# # Logging for the anonymous transfers
|
|
cvsextras |
59a0b03 |
# ExtendedLog /var/log/proftpd/access.log WRITE,READ default
|
|
cvsextras |
59a0b03 |
# ExtendedLog /var/log/proftpd/auth.log AUTH auth
|
|
cvsextras |
59a0b03 |
#
|
|
cvsextras |
59a0b03 |
#</Anonymous>
|
|
cvsextras |
59a0b03 |
|