Appendix B. Cookbook examples

Example B-1. Basic Configuration

# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName			"ProFTPD Default Installation"
ServerType			standalone
DefaultServer			on

# Port 21 is the standard FTP port.
Port				21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask				022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances			30

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite		on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
  User				ftp
  Group				ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients			10

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin			welcome.msg
  DisplayFirstChdir		.message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

</Anonymous>

Example B-2. VirtualHost Config

# This sample configuration file illustrates creating two
# virtual servers, and associated anonymous logins.

ServerName			"ProFTPD"
ServerType			inetd

# Port 21 is the standard FTP port.
Port				21

# Global creates a "global" configuration that is shared by the
# main server and all virtualhosts.

<Global>
  # Umask 022 is a good standard umask to prevent new dirs and files
  # from being group and world writable.
  Umask				022
</Global>

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Maximum seconds a data connection may "stall"
TimeoutStalled			300

# First virtual server
<VirtualHost ftp.virtual.com>

  ServerName			"Virtual.com's FTP Server"

  MaxClients			10
  MaxLoginAttempts		1

  # DeferWelcome prevents proftpd from displaying the servername
  # until a client has authenticated.
  DeferWelcome			on

  # Limit normal user logins, because we only want to allow
  # guest logins.
  <Limit LOGIN>
    DenyAll
  </Limit>

  # Next, create a "guest" account (which could be used
  # by a customer to allow private access to their web site, etc)
  <Anonymous ~cust1>
    User			cust1
    Group			cust1
    AnonRequirePassword		on

    <Limit LOGIN>
      AllowAll
    </Limit>

    HideUser			root
    HideGroup			root

    # A private directory that we don't want the user getting in to.
    <Directory logs>
      <Limit READ WRITE DIRS>
        DenyAll
      </Limit>
    </Directory>

  </Anonymous>

</VirtualHost>

# Another virtual server, this one running on our primary address,
# but on port 4000.  The only access is to a single anonymous login.
<VirtualHost our.ip.address>

  ServerName			"Our private FTP server"
  Port				4000
  Umask				027

  <Limit LOGIN>
    DenyAll
  </Limit>

  <Anonymous /usr/local/ftp/virtual/a_customer>

    User			ftp
    Group			ftp
    UserAlias			anonymous ftp

    <Limit LOGIN>
      AllowAll
    </Limit>

    <Limit WRITE>
      DenyAll
    </Limit>

    <Directory incoming>
      <Limit WRITE>
        AllowAll
      </Limit>
    </Directory>

  </Anonymous>

</VirtualHost>

Example B-3. Complex Configuration

#
# Virtual Hosting Server Configuration
# by M.Lowes <markl@ftech.net>
# for Frontier Internet Services Limited
#      (http://www.ftech.net/)
#
ServerName			"Master Webserver"
#
# Spawn from inetd?
#
#ServerType         inetd
#
# or maybe a standalone server...
#
ServerType          standalone
#
# don't give the server banner until _after_ authentication
#
DeferWelcome			off
#
# Some basic defaults
#
Port                  21
Umask                002
TimeoutLogin         120
TimeoutIdle          600
TimeoutNoTransfer    900
TimeoutStalled      3600
#
# No, I don't think we'll run as root!
#
User				ftp
Group				ftp
#
# This is a non-customer usable name, (ie they should be connecting via www.{domain})
# not 'hostname'.  Therefore let's dump them in a dummy account and wait for them to 
# scream.
#
DefaultRoot			/web/Legacy/
#
# Performance, let's do DNS resolution when we process the logs...
#
UseReverseDNS        off
#
# Where do we put the pid files?
#
ScoreboardFile			/var/run/proftpd
#
# Logging options
#
TransferLog			/var/spool/syslog/proftpd/xferlog.legacy
#
# Some logging formats
#
LogFormat         default "%h %l %u %t \"%r\" %s %b"
LogFormat			auth    "%v [%P] %h %t \"%r\" %s"
LogFormat			write   "%h %l %u %t \"%r\" %s %b"
#
# Global settings
#
<Global>
	DisplayLogin		   welcome.msg
	DisplayFirstChdir	   readme
	#
	# having to delete before uploading is a pain ;)
	#
	AllowOverwrite		   yes
	#
	# Turn off Ident lookups
	#
	IdentLookups         off
	#
	# Logging
	#
	# file/dir access
	#
	ExtendedLog		/var/spool/syslog/proftpd/access.log WRITE,READ write
	#
	#
	# Record all logins
	#
	ExtendedLog		/var/spool/syslog/proftpd/auth.log AUTH auth
	#
	# Paranoia logging level....
	#
   ##ExtendedLog    /var/spool/syslog/proftpd/paranoid.log ALL default
</Global>

#
# Deny writing to the base server...
#
<Limit WRITE>
	DenyAll
</Limit>


# --------------------------------------------
# Virtual Servers start here....
# 
# (Note: this is normally auto generated by a 
# script written in house).
# --------------------------------------------
#
# www.ftech.net.
# This is the default server
# Gets all the connections for www.{customer.domain}, 
# & www.ftech.net
#
<VirtualHost www.ftech.net>
	ServerAdmin		webmaster@Ftech.net
	ServerName		"Master Webserver"
	MaxLoginAttempts	2
	RequireValidShell	no
	TransferLog		/var/spool/syslog/proftpd/xferlog.www
	MaxClients		50
	DefaultServer		on
	DefaultRoot		~ !staff
	AllowOverwrite		yes

	#
	# No quickly do we kick someone out
	#
	TimeoutLogin			120
	TimeoutIdle			600
	TimeoutNoTransfer		900

	# --------------------------------------------
	# Got a Frontpage customer who keeps breaking things????
	#  - stick 'em in group fpage
	# --------------------------------------------
	<Directory ~/public_html>
	#
	# Block them from doing anything other than reading...
	#
		<Limit STOR RNFR DELE>
			DenyGroup fpage
		</Limit>	
	</Directory>
	#
	# ditto for ftp_root if it's there...
	#
	<Directory ~/ftp_root>
		<Limit STOR RNFR DELE>
			DenyALL
		</Limit>	
	</Directory>
	#
	# Limit by IP...
	#
	<Directory /web/zsl>
		<Limit ALL>
			Order Allow,Deny
			Allow 195.200.31.220
			Allow 212.32.17.0/26
			Deny ALL
		</Limit>
	</Directory>	

</VirtualHost>

# --------------------------------------------
#
# Legacy server, left in because some people
# haven't realised it's gone yet.  Shove 'em into 
# a dummy $home
#
<VirtualHost web-1.ftech.net>
ServerAdmin		webmaster@Ftech.net
ServerName		"Legacy Web Upload Server"
MaxLoginAttempts	2
RequireValidShell	no
MaxClients		50
DefaultRoot		~ !staff
MaxClients		2
AllowOverwrite		yes
TransferLog		/var/spool/syslog/proftpd/xferlog.web-1
</VirtualHost>

# --------------------------------------------
#
# ftp.ftech.net
#
<VirtualHost ftp.ftech.net>
ServerAdmin			ftpmaster@ftech.net
ServerName 			"Frontier Internet Public FTP Server"
TransferLog			/ftp/xferlog/ftp.ftech.net
MaxLoginAttempts		3
RequireValidShell		no
DefaultRoot			/ftp/ftp.ftech.net
AllowOverwrite			yes

#
# Auth files....
#
AuthUserFile			/var/conf/ftp/authfiles/passwd.ftp.ftech.net
AuthGroupFile			/var/conf/ftp/authfiles/group.ftp.ftech.net

# A basic anonymous configuration, no upload directories.
<Anonymous /ftp/ftp.ftech.net>
	User			ftp
  	Group			ftp
  	# We want clients to be able to login with "anonymous" as well as "ftp"
  	UserAlias		anonymous ftp
	RequireValidShell		no

	# Limit the maximum number of anonymous logins
  	MaxClients		50

  	# We want 'welcome.msg' displayed at login, and '.message' displayed
  	# in each newly chdired directory.

	<Directory pub/incoming>
		<Limit STOR>
			AllowAll
		</Limit>
		<Limit WRITE DIRS READ>
			DenyAll
		</Limit>
		<Limit CWD XCWD CDUP>
			AllowAll
		</Limit>
	</Directory>

	<Directory home>
		<Limit ALL>
			DenyAll
		</Limit>
	</Directory>

   #
   # Limit access to the mirrors to LINX 
   # only
   #
   <Directory mirrors>
      <Limit RETR>
         Order Allow,Deny
         Allow .uk, .ftech.net
         Allow .vom.org.uk
         Deny ALL
      </Limit>
   </Directory>

  	# Limit WRITE everywhere in the anonymous chroot
  	<Limit WRITE>
    		DenyAll
  	</Limit>


</Anonymous>

</VirtualHost>

# ----------------------------------------------------
# Virtual ftp with anon access, but no incoming
#
<VirtualHost ftp.foo1.com>
ServerAdmin             ftpmaster@foo1.com                     
ServerName              "Foo1 FTP Server"
TransferLog             /var/spool/syslog/xfer/ftp.foo1.com
MaxLoginAttempts        3
RequireValidShell       no
DefaultRoot             /ftp/ftp.foo1.com
User                    foo1
Group                   foo1
AllowOverwrite          yes

#
# Auth files....
#
AuthUserFile	/var/conf/ftp//authfiles/passwd.ftp.foo1.com
AuthGroupFile	/var/conf/ftp//authfiles/group.ftp.foo1.com

<Anonymous /ftp/ftp.foo1.com>
        User                    ftp
        Group                   ftp
        UserAlias               anonymous ftp
        RequireValidShell       no
        MaxClients              20
	<Limit WRITE>
		DenyAll
	</Limit>
</Anonymous>
</VirtualHost>


# ----------------------------------------------------
# ftp.foo2.com 
# Anon, no incoming, some private access areas 
#
<VirtualHost ftp.foo2.com>
ServerAdmin             ftpmaster@mcresearch.co.uk                     
ServerName              "MC Research FTP Server"
TransferLog             /var/spool/syslog/xfer/ftp.foo2.com
MaxLoginAttempts        3
RequireValidShell       no
DefaultRoot             /ftp/ftp.foo2.com
User                    foo2
Group                   foo2
AllowOverwrite          yes

#
# Auth files....
#
AuthUserFile	/var/conf/ftp//authfiles/passwd.ftp.foo2.com
AuthGroupFile	/var/conf/ftp//authfiles/group.ftp.foo2.com

<Anonymous /ftp/ftp.foo2.com>
        User                    ftp
        Group                   ftp
        UserAlias               anonymous ftp
        RequireValidShell       no
        MaxClients              20

	<Directory download>
		<Limit ALL>
			DenyAll
		</Limit>
	</Directory>
	<Limit WRITE>
		DenyAll
	</Limit>
</Anonymous>

	<Directory /ftp/ftp.foo2.com/pub>
		<Limit WRITE>
			AllowUser mcres
			DenyAll
		</Limit>
	</Directory>

	<Directory /ftp/ftp.foo2.com/download>
		<Limit ALL>
			AllowUser mcres
			AllowUser customer
			DenyAll
		</Limit>
	</Directory>
</VirtualHost>


# ----------------------------------------------------
# ftp.foo3.com
# 
#
<VirtualHost ftp.foo3.com>
ServerAdmin             ftpmaster@farrukh.co.uk                     
ServerName              "Farrukh FTP Archive"
TransferLog             /var/spool/syslog/xfer/ftp.foo3.com
MaxLoginAttempts        3
RequireValidShell       no
DefaultRoot             /web/farrukh2/ftp_root
User                    farrukh2
Group                   farrukh2
AllowOverwrite          yes

#
# Auth files....
#
AuthUserFile	/var/conf/ftp//authfiles/passwd.ftp.foo3.com
AuthGroupFile	/var/conf/ftp//authfiles/group.ftp.foo3.com

<Anonymous /web/farrukh2/ftp_root>
        User                    ftp
        Group                   ftp
        UserAlias               anonymous ftp
        RequireValidShell       no
        MaxClients              20

	<Directory pub/incoming/*>
		<Limit STOR>
			AllowAll
		</Limit>
		<Limit WRITE DIRS READ>
			DenyAll
		</Limit>
		<Limit CWD XCWD CDUP>
			AllowAll
		</Limit>
	</Directory>


	<Directory pub/Incoming/*>
		<Limit STOR>
			AllowAll
		</Limit>
		<Limit WRITE DIRS READ>
			DenyAll
		</Limit>
		<Limit CWD XCWD CDUP>
			AllowAll
		</Limit>
	</Directory>
	#
	# block access to the secure areas by anon...
	#
	<Directory fpub>
		<Limit ALL>
			DenyAll
		</Limit>
	</Directory>

	<Directory fgroup>
		<Limit ALL>
			DenyAll
		</Limit>
	</Directory>
	<Limit WRITE>
		DenyAll
	</Limit>
</Anonymous>

	#
	# define user based access
	#
	<Directory /web/farrukh2/ftp_root/fpub>
		<Limit ALL>
			AllowUser farrukh
			AllowUser fguest
			DenyAll
		</Limit>
	</Directory>

	<Directory /web/farrukh2/ftp_root/fgroup>
		<Limit ALL>
			AllowUser farrukh
			AllowUser fgroup
			DenyAll
		</Limit>
	</Directory>
</VirtualHost>


# ----------------------------------------------------
# ftp.foo4.com 
# anon, with incoming upload 
#
<VirtualHost ftp.foo4.com>
ServerAdmin             ftpmaster@teamwork.co.uk                     
ServerName              "Teamwork FTP Server"
TransferLog             /var/spool/syslog/xfer/ftp.foo4.com
MaxLoginAttempts        3
RequireValidShell       no
DefaultRoot             /ftp/ftp.foo4.com
User                    foo4
Group                   foo4
AllowOverwrite          yes

#
# Auth files....
#
AuthUserFile	/var/conf/ftp//authfiles/passwd.ftp.foo4.com
AuthGroupFile	/var/conf/ftp//authfiles/group.ftp.foo4.com

<Anonymous /ftp/ftp.foo4.com>
        User                    ftp
        Group                   ftp
        UserAlias               anonymous ftp
        RequireValidShell       no
        MaxClients              20

	<Directory pub/incoming/*>
		<Limit STOR>
			AllowAll
		</Limit>
		<Limit WRITE DIRS READ>
			DenyAll
		</Limit>
		<Limit CWD XCWD CDUP>
			AllowAll
		</Limit>
	</Directory>


	<Directory pub/Incoming/*>
		<Limit STOR>
			AllowAll
		</Limit>
		<Limit WRITE DIRS READ>
			DenyAll
		</Limit>
		<Limit CWD XCWD CDUP>
			AllowAll
		</Limit>
	</Directory>

	<Limit WRITE>
		DenyAll
	</Limit>
</Anonymous>
</VirtualHost>

# ----------------------------------------------------
# The end.... 
# ----------------------------------------------------


Example B-4.

Рейтинг@Mail.ru