ProFTPd Configuration

ProFTPd is available with many Linux distributions, including Debian, Mandrake, and Slackware. You can install it on other distributions by using another distribution's package or by installing from source code. In either of these cases, though, you'll need to deal with server startup issues, as described in Chapter 22, "Running Servers." Most distributions run ProFTPd from a SysV startup script. It can be run from a super server, though, and some configurations (such as Slackware's) run it this way by default.

ProFTPd is configured through the proftpd.conf file, which normally resides in /etc. This file's syntax closely resembles that of the Apache configuration file, described in Chapter 23, "Getting More from a Web Server." Lines may be comments that begin with hash marks (#) or directives, which take the following form:

Directive Value

ProFTPd also supports directive blocks, which are denoted by leading and trailing directive block names in angle brackets (<>). The leading directive block name often includes a value, and the trailing directive block indicator usually begins with a slash (/). For instance, the following lines appear in the default Mandrake ProFTPd configuration:

<Directory /> AllowOverwrite on </Directory>

These lines tell the system to apply the AllowOverwrite on directive within the root (/) directory—in other words, to apply it everywhere, unless another directive overrides this one in a specific subdirectory. Directive blocks usually define contexts, which support different sets of directives. Table 24.1 summarizes some of the directives you might want to adjust. This table is far from a complete listing of ProFTPd options, though. Consult the documentation on the ProFTPd website for more details.

Table 24.1 : Important ProFTPd Directives






Sets a descriptive name that ProFTPd delivers to clients when they connect.


standalone orinetd

Tells ProFTPd if it's running from a SysV or local startup script (standalone) or from a super server (inetd).



The username that ProFTPd uses to run.


Group name

The group that ProFTPd uses to run.


Username list

Gives the specified user or users access to a directory.


Username list

Denies the specified user or users access to a directory.


on or off

Specifies whether or not to deny access to the users listed in /etc/ftpusers. The default value ison, which is a useful security measure.





Two usernames

Tells ProFTPd to accept logins using the first specified username as if they were from the second specified username.


on or off

Specifies whether or not the user's account requires a valid shell specification.


on or off

Enables users to overwrite existing files, assuming they have write privileges to the target directory.


Directory name

Begins a context that applies to the specified directory tree.


Directory name

Begins a context that grants anonymous access to the specified directory tree. ProFTPd locks itself in a chroot jail within this directory tree.


Hostname or IP address

Begins a context that enables ProFTPd to respond differently to different network interfaces associated with the specified hostname or IP address.

The default ProFTPd configuration typically enables authenticated logins, so individuals who have accounts on the computer can use the system's FTP server. If you want to enable anonymous access, you may need to add an <Anonymous> directive block similar to this one:

<Anonymous /var/ftp> User ftp Group ftp

RequireValidShell off UserAlias anonymous ftp </Anonymous>

This configuration tells the system to accept logins as anonymous using the ftp account and to run as the user and group ftp. The RequireValidShell off line is necessary if the /etc/passwd entry for the ftp user specifies a shell that's not listed in /etc/shells. If the /etc/ftpusers file includes the ftp user, you may need to remove that entry from the ftpusers file.

Once you've changed the ProFTPd configuration, you must restart the server. This topic is covered in more detail in Chapter 22. Typically, you use a SysV startup script's restart option, as in:

# /etc/rc.d/init.d/proftpd restart

Note If you run ProFTPd from a super server, you don't need to explicitly restart it when you change its configuration. You must restart the super server or tell it to reload its configuration file if you want to enable or disable ProFTPd or change options you pass to it on the command line.

0 0

Post a comment