Running Linux, 5th Edition - Matthias Kalle Dalheimer [446]
Main server
The part of the configuration file that is not inside any other context. This is used for global server settings and is typically found at the beginning of the file.
This context is used for configuration details for an anonymous FTP server. By default, ProFTPD will allow anonymous access without a password and chroot() to the FTP directory. This context is used to specify configuration details on a per-directory basis. This is typically used to limit or give access. This context is used to control access to FTP commands and groups of FTP commands based on which user is trying to use them. This context is used with virtual hosting (i.e., having ProFTPD serving on multiple interfaces with different configurations). Directives in this context are used as if they were in the main server context, with the exception that they can be overridden by any With The following sections present two example configurations for ProFTPD: a basic Unix FTP server setup and a more advanced one in which ProFTPD is using its own user database. Basic Configuration The example configuration provides us with both an anonymous access area and access to the whole filesystem for regular users: ServerName "ProFTPD Default Installation" ServerType standalone ServerName specifies the banner text that the user sees when accessing the server. ServerType can be either standalone or inetd and specifies whether ProFTPD is listening for incoming connections by itself or is being run from (x)inetd. DefaultServer on Port 21 DefaultServer on means that our server configuration applies to all interfaces of the host, and Port specifies the port ProFTPD is listening to (port 21 is the standard FTP port): Umask 022 MaxInstances 30 User nobody Group nogroup AllowOverwrite on DenyAll Umask is equivalent to the umask setting in the shell. MaxInstances is the upper limit on concurrent ProFTPD child processes; this limits the number of simultaneous users to 30. User and Group specify the user and group ProFTPD will run under when not doing privileged operations or running with the privileges of an authenticated user. AllowOverwrite on means that users are allowed to overwrite writable files. The User ftp Group ftp UserAlias anonymous ftp MaxClients 10 DisplayLogin welcome.msg DisplayFirstChdir .message DenyAll This part of the configuration file sets up a read-only anonymous FTP in the FTP user's home directory (often /srv/ftp) running as user ftp, with a maximum of 10 simultaneous users. DisplayLogin welcome.msg will display the contents of the file welcome.msg as the login banner, and DisplayFirstChdir .message will display the contents of the file .message in the current directory when the user first cds into it. Advanced Configuration Here we look at a more complex setup in which the users allowed to log in to the FTP server are not taken from the regular Unix user database, but instead from a passwd file exclusive to ProFTPD. In addition, we provide limited anonymous access. The proftpd.conf file looks like this: ServerName "Acme ftp server" ServerType standalone DefaultServer on ServerIdent on "FTP Server ready." UseReverseDNS off IdentLookups off DeferWelcome on Port 21 MaxInstances 30 User ftp Group nogroup Umask 022 Order Deny,Allow AllowGroup ftpusers AuthPAM off AuthUserFile /etc/proftpd.passwd AuthGroupFile /etc/proftpd.group RequireValidShell off DefaultRoot ~ DirFakeUser