Introduction to ProFTP

Setup

  1. Install the core ProFTP package proftpd-1.2.2rc1-1.i386.rpm
  2. Depending on if you want ProFTP to run at boot time or on-demand, install either proftpd-standalone-1.2.2rc1-1.i386.rpm or proftpd-inetd-1.2.2rc1-1.i386.rpm

    Note: As the name implies, proftpd-inetd-1.2.2rc1-1.i386.rpm installs OK only if you are running inetd. Red Hat 7.x and other recent Linux distros replaced inetd with xinetd, so you'll have to remove the /etc/inetd.conf file that the RPM package just created, and add the following entry /etc/inetd.d/proftp:

    	service ftp
    	{
    	        flags           = REUSE
    	        socket_type     = stream
    	        instances       = 50
    	        wait            = no
    	        user            = root
    	        server          = /usr/sbin/proftpd
    	        #bind            = 
    	        log_on_success  = HOST PID
    	        log_on_failure  = HOST RECORD
    	}
    	
  3. Create a dummy user through useradd -c "FTP user" -s /bin/bash -d /home/dummy dummy. Set a password through passwd dummy if you want to set up a private FTP account (a.k.a. "guest account"); leave the password unset if you want to use this account as an anonymous FTP account.
  4. Edit /etc/proftpd.conf, and make sure a nobody:nobody system account exists with which ProFTP can run:
    	ServerName			"ProFTPD Default Installation"
    	ServerIdent			on "FTP Server ready."	
    	ServerType			inetd
    	DefaultServer			on
    	Port				21
    	Umask				022
    	MaxInstances			30
    	User				nobody
    	Group				nobody
    	DisplayConnect			/etc/proftpd.welcome 
    	DisplayLogin			welcome.msg
    	DisplayFirstChdir		.message
    	HideUser 			root
    
    	<Limit LOGIN>
    		Order allow,deny
    		Allow from 192.168.0.,.acme.com
    		Deny from all 
    	</Limit>
    
    	<Limit READ DIRS>
    		IgnoreHidden on
    	</Limit>
    
    	<Directory /*>
    	  AllowOverwrite                on
    	</Directory>
    	
    	<Anonymous ~dummy>
    	  User				dummy 
    	  Group				dummy 
    	  AnonRequirePassword		off 
    	  MaxClients			10
    	
    	  # Limit WRITE everywhere in the anonymous chroot
    	  <Limit WRITE>
    		DenyAll
    	  </Limit>
    	
    	</Anonymous>
    	
    Note: Don't let the word "Anonymous" fool you. It's used to set up both public and private folders. The only difference is whether the user is prompted for a real password (AnonRequirePassword on), or can type anything (AnonRequirePassword off).

Q&A

Permission denied when I use ls

How to set up a secure FTP server?

sftp or ssh tunnelling?

When browsing with FTPExplorer, it just sits there for about 30s before listing a directory

	Connecting to: Titanium
	Connection Established
	220 FTP Server ready.
	Connected to: Titanium
	USER ffaure
	331 Password required for ffaure.
	PASS
	230 Anonymous access granted, restrictions apply.
	SYST
	215 UNIX Type: L8
	PWD
	257 "/" is current directory.
	TYPE A
	200 Type set to A.
	PORT 192,168,204,51,18,144
	200 PORT command successful.
	LIST
	150 Opening ASCII mode data connection for file list.
	!!!!!!!!!! Here, FTPExplorer waits about 30s !!!!!!!!!!!!!!!
	226 Transfer complete.
	

Temp stuff

[root@linuxff i386]# rpm -qlp proftpd-1.2.1-2.i386.rpm 
/etc/pam.d/ftp
/home/ftp
/usr/bin/ftpcount
/usr/bin/ftpwho
/usr/man/man1/ftpcount.1.gz
/usr/man/man1/ftpwho.1.gz
/usr/man/man5/xferlog.5.gz
/usr/man/man8/ftpshut.8.gz
/usr/man/man8/proftpd.8.gz
/usr/sbin/ftpshut
/usr/sbin/in.proftpd
/usr/sbin/proftpd
/usr/share/doc/proftpd-1.2.1
/usr/share/doc/proftpd-1.2.1/API
/usr/share/doc/proftpd-1.2.1/COPYING
/usr/share/doc/proftpd-1.2.1/CREDITS
/usr/share/doc/proftpd-1.2.1/ChangeLog
/usr/share/doc/proftpd-1.2.1/Changes-1.2.0pre3
/usr/share/doc/proftpd-1.2.1/Configuration.html
/usr/share/doc/proftpd-1.2.1/FAQ-config.html
/usr/share/doc/proftpd-1.2.1/GetConf
/usr/share/doc/proftpd-1.2.1/NEWS
/usr/share/doc/proftpd-1.2.1/README
/usr/share/doc/proftpd-1.2.1/README.AIX
/usr/share/doc/proftpd-1.2.1/README.FreeBSD
/usr/share/doc/proftpd-1.2.1/README.LDAP
/usr/share/doc/proftpd-1.2.1/README.PAM
/usr/share/doc/proftpd-1.2.1/README.Solaris2.5x
/usr/share/doc/proftpd-1.2.1/README.Unixware
/usr/share/doc/proftpd-1.2.1/README.linux-privs
/usr/share/doc/proftpd-1.2.1/README.mod_sql
/usr/share/doc/proftpd-1.2.1/README.mod_wrap
/usr/share/doc/proftpd-1.2.1/README.modules
/usr/share/doc/proftpd-1.2.1/README.ports
/usr/share/doc/proftpd-1.2.1/README.ratio
/usr/share/doc/proftpd-1.2.1/ShowUndocumented
/usr/share/doc/proftpd-1.2.1/Undocumented.txt
/usr/share/doc/proftpd-1.2.1/development.notes
/usr/share/doc/proftpd-1.2.1/license.txt
/usr/share/doc/proftpd-1.2.1/mod_sample.c
/usr/share/doc/proftpd-1.2.1/rfc
/usr/share/doc/proftpd-1.2.1/rfc/draft-bonachea-sftp-00.txt
/usr/share/doc/proftpd-1.2.1/rfc/draft-ietf-ftpext-mlst-12.txt
/usr/share/doc/proftpd-1.2.1/rfc/draft-ietf-ftpext-sec-consider-02.txt
/usr/share/doc/proftpd-1.2.1/rfc/rfc0959.txt
/usr/share/doc/proftpd-1.2.1/rfc/rfc2228.txt
/usr/share/doc/proftpd-1.2.1/sample-configurations
/usr/share/doc/proftpd-1.2.1/sample-configurations/PFTEST.conf.in
/usr/share/doc/proftpd-1.2.1/sample-configurations/PFTEST.group
/usr/share/doc/proftpd-1.2.1/sample-configurations/PFTEST.install
/usr/share/doc/proftpd-1.2.1/sample-configurations/PFTEST.passwd
/usr/share/doc/proftpd-1.2.1/sample-configurations/PFTEST.shadow
/usr/share/doc/proftpd-1.2.1/sample-configurations/anonymous.conf
/usr/share/doc/proftpd-1.2.1/sample-configurations/basic.conf
/usr/share/doc/proftpd-1.2.1/sample-configurations/complex-virtual.conf
/usr/share/doc/proftpd-1.2.1/sample-configurations/virtual.conf
/usr/share/doc/proftpd-1.2.1/xferstats.holger-preiss
/var/run/proftpd

[root@linuxff i386]# rpm -qlp proftpd-inetd-1.2.1-2.i386.rpm 
/etc/proftpd.conf

[root@linuxff i386]# rpm -qlp proftpd-standalone-1.2.1-2.i386.rpm 
/etc/proftpd.conf
/etc/rc.d/init.d/proftpd


Permission denied when I use ls

When lauching ProFTPd through xinet, what do I need to add in /etc/xinetd.d/ ?

When logging in to the FTP server, I get the following: [root@linuxff /etc]# telnet localhost ftp

	Trying 127.0.0.1...
	Connected to Sybase1.
	Escape character is '^]'.
	Compiled-in modules:
	  mod_core.c
	  mod_auth.c
	  mod_xfer.c
	  mod_site.c
	  mod_ls.c
	  mod_unixpw.c
	  mod_log.c
	  mod_pam.c
	  mod_linuxprivs.c
	  mod_ratio.c
	  mod_readme.c
	Connection closed by foreign host.
	

Temp stuff

http://pdd.sourceforge.net/userguide/linked/userguide.html
http://pdd.sourceforge.net/faq/proftpdfaq-full.html
http://www.proftpd.org/docs/configuration.html 

Resources