Tag: proftpd

This was created off of:

yum -y install proftpd.x86_64

echo “/bin/false” >> /etc/shells

cd /home
sudo mkdir FTP-shared

sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false
sudo passwd userftp

cd /home/FTP-shared/
sudo mkdir download
sudo mkdir upload

cd /home
sudo chmod 755 FTP-shared
cd FTP-shared
sudo chmod 755 download
sudo chmod 777 upload

cp /etc/proftpd.conf /etc/proftpd.conf.orig

vi /etc/proftpd.conf

• # To really apply changes reload proftpd after modifications.
  AllowOverwrite on
  AuthAliasOnly on
  
  # Choose here the user alias you want !!!!
  UserAlias sauron userftp
  
  ServerName			"ChezFrodon"
  ServerType 			standalone
  DeferWelcome			on
  
  MultilineRFC2228 on
  DefaultServer			on
  ShowSymlinks			off
  
  TimeoutNoTransfer 600
  TimeoutStalled 100
  TimeoutIdle 2200
  
  DisplayChdir                    .message
  ListOptions                	"-l"
  
  RequireValidShell 		off
  
  TimeoutLogin 20
  
  RootLogin 			off
  
  # It's better for debug to create log files ;-)
  ExtendedLog 			/var/log/ftp.log
  TransferLog 			/var/log/xferlog
  SystemLog			/var/log/syslog.log
  
  #DenyFilter			\*.*/
  
  # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
  UseFtpUsers off
  
  # Allow to restart a download
  AllowStoreRestart		on
  
  # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
  Port				1980
  
  # To prevent DoS attacks, set the maximum number of child processes
  # to 30.  If you need to allow more than 30 concurrent connections
  # at once, simply increase this value.  Note that this ONLY works
  # in standalone mode, in inetd mode you should use an inetd server
  # that allows you to limit maximum number of processes per service
  # (such as xinetd)
  MaxInstances 8
  
  # Set the user and group that the server normally runs at.
  User                  nobody
  Group                 nobody
  
  # Umask 022 is a good standard umask to prevent new files and dirs
  # (second parm) from being group and world writable.
  Umask				022	022
  
  PersistentPasswd		off
  
  MaxClients 8
  MaxClientsPerHost 8
  MaxClientsPerUser 8
  MaxHostsPerUser 8
  
  # Display a message after a successful login
  AccessGrantMsg "welcome !!!"
  # This message is displayed for each access good or not
  ServerIdent                  on       "you're at home"
  
  # Lock all the users in home directory, ***** really important *****
  DefaultRoot ~
  
  MaxLoginAttempts    5
  
  #VALID LOGINS
  <Limit LOGIN>
  AllowUser userftp
  DenyALL
  </Limit>
  
  <Directory /home/FTP-shared>
  Umask 022 022
  AllowOverwrite off
  	<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
  	DenyAll
  	</Limit>
  </Directory>
  
  <Directory /home/FTP-shared/download/*>
  Umask 022 022
  AllowOverwrite off
  	<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
  	DenyAll
  	</Limit>
  </Directory>
  
  <Directory /home/FTP-shared/upload/>
  Umask 022 022
  AllowOverwrite on
  	<Limit READ RMD DELE>
        	DenyAll
      	</Limit>
  
      	<Limit STOR CWD MKD>
        	AllowAll
      	</Limit>
  </Directory>

You can do a syntax check with the following:

proftpd -td5