Proftpd

Proftpd

Install ProFTPD Server on Ubuntu

bash$ sudo apt-get install proftpd 

By default proftp configuration file is located in /etc/proftpd.conf. Change the following directives

--> ServerName — Configure the name displayed to connecting users

 ServerName “proftp server”

--> ServerIdent — Set the message displayed on connect

 ServerIdent on “Welcome to proftp server”

--> UseReverseDNS — Toggle rDNS lookups

 UseReverseDNS off

--> IdentLookups — Toggle ident lookups

 IdentLookups off

--> DefaultRoot — Sets default chroot directory

 DefaultRoot ~

--> RequireValidShell — Allow connections based on /etc/shells

 RequireValidShell off

--> MaxClients — Limits the number of users that can connect

 Maxclients 30

--> DenyFilter — Regular expression of command arguments to be blocked

 DenyFilter \*.*/

--> MaxClientsPerHost — Limits the connections per client machine

 MaxClientsPerHost 50

Check the configuration

bash$ sudo proftpd -td5 (checks configurations)

Starting the proftpd.

bash$ sudo /etc/init.d/proftpd start

Create User

Creating User Access by cd to /etc/proftpd and run this command:

bash$ sudo ftpasswd --passwd --name=ftpuser --uid=1010 --home=/home/ftp --shell=/bin/false

ftpasswd: --passwd: missing --gid argument: default gid set to uid

ftpasswd: creating passwd entry for user labu

ftpasswd: /bin/false is not among the valid system shells. Use of

ftpasswd: "RequireValidShell off" may be required, and the PAM

ftpasswd: module configuration may need to be adjusted.

Password:Enter password

Re-type password:Re-enter password

ftpasswd: entry created

Add the user to the ftpd group via this command:

bash$ sudo ftpasswd --group --name=ftpd --gid=1010 --member=labu --member=aura

ftpasswd: updating group entry for group ftpd

ftpasswd: entry updated

Proftpd Configuration

Add these lines to the /etc/proftpd/proftpd.conf:

# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.

# To really apply changes reload proftpd after modifications.

AllowOverwrite         on

AuthAliasOnly          on

UserAlias              ftpuser ftpuser

# Authentication using AuthUserFile

AuthUserFile           /etc/proftpd/ftpd.passwd

# AuthOrder to use mod_auth_file.c only, no local user allowed

AuthOrder mod_auth_file.c

ServerName "My FTP Server"

ServerType inetd

DeferWelcome on

MultilineRFC2228 on

DefaultServer on

ShowSymlinks off

TimeoutNoTransfer 600

TimeoutStalled 100

TimeoutIdle 2200

DisplayFirstChdir .message

ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debugging purposes to create log files

ExtendedLog /var/log/ftp/ftp.log

TransferLog /var/log/ftp/xferlog

SystemLog /var/log/ftp/syslog.log

#DenyFilter \*.*/

# Allow to restart a download

AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons

Port 2121

# To prevent DoS attacks, set the maximum number of child processes

# to 30. If you need to allow more than 30 concurrent connections

# at once, simply increase this value. Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances 8

# Set the user and group that the server normally runs at.

User www-data

Group www-data

# Umask 022 is a good standard umask to prevent new files and dirs

# (second parm) from being group and world writable.

Umask 022 022

PersistentPasswd off

MaxClients 8

MaxClientsPerHost 8

MaxClientsPerUser 8

MaxHostsPerUser 8

# Display a message after a successful login

AccessGrantMsg "welcome to my ftp server"

# This message is displayed for each access good or not

ServerIdent on "My ftp server"

# Set /home/FTP-shared directory as home directory

DefaultRoot /home/FTP-shared

# Lock all the users in home directory, # ***** really important *****

DefaultRoot ~

MaxLoginAttempts 3

#VALID LOGINS

<Limit LOGIN>

AllowUser ftpuser

DenyALL

</Limit>

<Directory /home/FTP-shared>

Umask 022 022

AllowOverwrite off

HideNoAccess on

<Limit ALL>

Order Allow,Deny

IgnoreHidden on

AllowUser userftp

Deny ALL

</Limit>

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

<Directory /home/FTP-shared/download/*>

Umask 022 022

AllowOverwrite off

<Limit ALL>

Order Allow,Deny

AllowUser ftpuser

Deny ALL

</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>

DenyAll

</Limit>

</Directory>

<Directory> /home/FTP-shared/upload/>

Umask 022 022

AllowOverwrite on

<Limit READ RMD DELE>

DenyAll

</Limit>

<Limit STOR CWD MKD>

AllowAll

</Limit>

</Directory>