Example B-1. Basic Configuration
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>Example B-2. VirtualHost Config
# This sample configuration file illustrates creating two
# virtual servers, and associated anonymous logins.
ServerName "ProFTPD"
ServerType inetd
# Port 21 is the standard FTP port.
Port 21
# Global creates a "global" configuration that is shared by the
# main server and all virtualhosts.
<Global>
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
</Global>
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Maximum seconds a data connection may "stall"
TimeoutStalled 300
# First virtual server
<VirtualHost ftp.virtual.com>
ServerName "Virtual.com's FTP Server"
MaxClients 10
MaxLoginAttempts 1
# DeferWelcome prevents proftpd from displaying the servername
# until a client has authenticated.
DeferWelcome on
# Limit normal user logins, because we only want to allow
# guest logins.
<Limit LOGIN>
DenyAll
</Limit>
# Next, create a "guest" account (which could be used
# by a customer to allow private access to their web site, etc)
<Anonymous ~cust1>
User cust1
Group cust1
AnonRequirePassword on
<Limit LOGIN>
AllowAll
</Limit>
HideUser root
HideGroup root
# A private directory that we don't want the user getting in to.
<Directory logs>
<Limit READ WRITE DIRS>
DenyAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
# Another virtual server, this one running on our primary address,
# but on port 4000. The only access is to a single anonymous login.
<VirtualHost our.ip.address>
ServerName "Our private FTP server"
Port 4000
Umask 027
<Limit LOGIN>
DenyAll
</Limit>
<Anonymous /usr/local/ftp/virtual/a_customer>
User ftp
Group ftp
UserAlias anonymous ftp
<Limit LOGIN>
AllowAll
</Limit>
<Limit WRITE>
DenyAll
</Limit>
<Directory incoming>
<Limit WRITE>
AllowAll
</Limit>
</Directory>
</Anonymous>
</VirtualHost>
Example B-3. Complex Configuration
#
# Virtual Hosting Server Configuration
# by M.Lowes <markl@ftech.net>
# for Frontier Internet Services Limited
# (http://www.ftech.net/)
#
ServerName "Master Webserver"
#
# Spawn from inetd?
#
#ServerType inetd
#
# or maybe a standalone server...
#
ServerType standalone
#
# don't give the server banner until _after_ authentication
#
DeferWelcome off
#
# Some basic defaults
#
Port 21
Umask 002
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
TimeoutStalled 3600
#
# No, I don't think we'll run as root!
#
User ftp
Group ftp
#
# This is a non-customer usable name, (ie they should be connecting via www.{domain})
# not 'hostname'. Therefore let's dump them in a dummy account and wait for them to
# scream.
#
DefaultRoot /web/Legacy/
#
# Performance, let's do DNS resolution when we process the logs...
#
UseReverseDNS off
#
# Where do we put the pid files?
#
ScoreboardFile /var/run/proftpd
#
# Logging options
#
TransferLog /var/spool/syslog/proftpd/xferlog.legacy
#
# Some logging formats
#
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
#
# Global settings
#
<Global>
DisplayLogin welcome.msg
DisplayFirstChdir readme
#
# having to delete before uploading is a pain ;)
#
AllowOverwrite yes
#
# Turn off Ident lookups
#
IdentLookups off
#
# Logging
#
# file/dir access
#
ExtendedLog /var/spool/syslog/proftpd/access.log WRITE,READ write
#
#
# Record all logins
#
ExtendedLog /var/spool/syslog/proftpd/auth.log AUTH auth
#
# Paranoia logging level....
#
##ExtendedLog /var/spool/syslog/proftpd/paranoid.log ALL default
</Global>
#
# Deny writing to the base server...
#
<Limit WRITE>
DenyAll
</Limit>
# --------------------------------------------
# Virtual Servers start here....
#
# (Note: this is normally auto generated by a
# script written in house).
# --------------------------------------------
#
# www.ftech.net.
# This is the default server
# Gets all the connections for www.{customer.domain},
# & www.ftech.net
#
<VirtualHost www.ftech.net>
ServerAdmin webmaster@Ftech.net
ServerName "Master Webserver"
MaxLoginAttempts 2
RequireValidShell no
TransferLog /var/spool/syslog/proftpd/xferlog.www
MaxClients 50
DefaultServer on
DefaultRoot ~ !staff
AllowOverwrite yes
#
# No quickly do we kick someone out
#
TimeoutLogin 120
TimeoutIdle 600
TimeoutNoTransfer 900
# --------------------------------------------
# Got a Frontpage customer who keeps breaking things????
# - stick 'em in group fpage
# --------------------------------------------
<Directory ~/public_html>
#
# Block them from doing anything other than reading...
#
<Limit STOR RNFR DELE>
DenyGroup fpage
</Limit>
</Directory>
#
# ditto for ftp_root if it's there...
#
<Directory ~/ftp_root>
<Limit STOR RNFR DELE>
DenyALL
</Limit>
</Directory>
#
# Limit by IP...
#
<Directory /web/zsl>
<Limit ALL>
Order Allow,Deny
Allow 195.200.31.220
Allow 212.32.17.0/26
Deny ALL
</Limit>
</Directory>
</VirtualHost>
# --------------------------------------------
#
# Legacy server, left in because some people
# haven't realised it's gone yet. Shove 'em into
# a dummy $home
#
<VirtualHost web-1.ftech.net>
ServerAdmin webmaster@Ftech.net
ServerName "Legacy Web Upload Server"
MaxLoginAttempts 2
RequireValidShell no
MaxClients 50
DefaultRoot ~ !staff
MaxClients 2
AllowOverwrite yes
TransferLog /var/spool/syslog/proftpd/xferlog.web-1
</VirtualHost>
# --------------------------------------------
#
# ftp.ftech.net
#
<VirtualHost ftp.ftech.net>
ServerAdmin ftpmaster@ftech.net
ServerName "Frontier Internet Public FTP Server"
TransferLog /ftp/xferlog/ftp.ftech.net
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.ftech.net
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp/authfiles/passwd.ftp.ftech.net
AuthGroupFile /var/conf/ftp/authfiles/group.ftp.ftech.net
# A basic anonymous configuration, no upload directories.
<Anonymous /ftp/ftp.ftech.net>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
RequireValidShell no
# Limit the maximum number of anonymous logins
MaxClients 50
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
<Directory pub/incoming>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory home>
<Limit ALL>
DenyAll
</Limit>
</Directory>
#
# Limit access to the mirrors to LINX
# only
#
<Directory mirrors>
<Limit RETR>
Order Allow,Deny
Allow .uk, .ftech.net
Allow .vom.org.uk
Deny ALL
</Limit>
</Directory>
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# Virtual ftp with anon access, but no incoming
#
<VirtualHost ftp.foo1.com>
ServerAdmin ftpmaster@foo1.com
ServerName "Foo1 FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo1.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo1.com
User foo1
Group foo1
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo1.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo1.com
<Anonymous /ftp/ftp.foo1.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo2.com
# Anon, no incoming, some private access areas
#
<VirtualHost ftp.foo2.com>
ServerAdmin ftpmaster@mcresearch.co.uk
ServerName "MC Research FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo2.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo2.com
User foo2
Group foo2
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo2.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo2.com
<Anonymous /ftp/ftp.foo2.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory download>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
<Directory /ftp/ftp.foo2.com/pub>
<Limit WRITE>
AllowUser mcres
DenyAll
</Limit>
</Directory>
<Directory /ftp/ftp.foo2.com/download>
<Limit ALL>
AllowUser mcres
AllowUser customer
DenyAll
</Limit>
</Directory>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo3.com
#
#
<VirtualHost ftp.foo3.com>
ServerAdmin ftpmaster@farrukh.co.uk
ServerName "Farrukh FTP Archive"
TransferLog /var/spool/syslog/xfer/ftp.foo3.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /web/farrukh2/ftp_root
User farrukh2
Group farrukh2
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo3.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo3.com
<Anonymous /web/farrukh2/ftp_root>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory pub/incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory pub/Incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
#
# block access to the secure areas by anon...
#
<Directory fpub>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Directory fgroup>
<Limit ALL>
DenyAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
#
# define user based access
#
<Directory /web/farrukh2/ftp_root/fpub>
<Limit ALL>
AllowUser farrukh
AllowUser fguest
DenyAll
</Limit>
</Directory>
<Directory /web/farrukh2/ftp_root/fgroup>
<Limit ALL>
AllowUser farrukh
AllowUser fgroup
DenyAll
</Limit>
</Directory>
</VirtualHost>
# ----------------------------------------------------
# ftp.foo4.com
# anon, with incoming upload
#
<VirtualHost ftp.foo4.com>
ServerAdmin ftpmaster@teamwork.co.uk
ServerName "Teamwork FTP Server"
TransferLog /var/spool/syslog/xfer/ftp.foo4.com
MaxLoginAttempts 3
RequireValidShell no
DefaultRoot /ftp/ftp.foo4.com
User foo4
Group foo4
AllowOverwrite yes
#
# Auth files....
#
AuthUserFile /var/conf/ftp//authfiles/passwd.ftp.foo4.com
AuthGroupFile /var/conf/ftp//authfiles/group.ftp.foo4.com
<Anonymous /ftp/ftp.foo4.com>
User ftp
Group ftp
UserAlias anonymous ftp
RequireValidShell no
MaxClients 20
<Directory pub/incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Directory pub/Incoming/*>
<Limit STOR>
AllowAll
</Limit>
<Limit WRITE DIRS READ>
DenyAll
</Limit>
<Limit CWD XCWD CDUP>
AllowAll
</Limit>
</Directory>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
</VirtualHost>
# ----------------------------------------------------
# The end....
# ----------------------------------------------------