ProFTPD-1.3.6
Installation of ProFTPD
For security reasons, you should install ProFTPD using an unprivileged user and group.
As the root
user:
groupadd -g 46 proftpd &&
useradd -c proftpd -d /srv/ftp -g proftpd \
-s /usr/bin/proftpdshell -u 46 proftpd &&
install -v -d -m775 -o proftpd -g proftpd /srv/ftp &&
ln -v -s /bin/false /usr/bin/proftpdshell &&
echo /usr/bin/proftpdshell >> /etc/shells
First, apply a patch containing various security fixes from the
upstream developers:
patch -Np1 -i ../proftpd-1.3.6-consolidated_fixes-1.patch
Install ProFTPD as an unprivileged
user by running the following commands:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run &&
make
This packages does not come with a usable test suite.
Now, as the root
user:
make install &&
install -d -m755 /usr/share/doc/proftpd-1.3.6 &&
cp -Rv doc/* /usr/share/doc/proftpd-1.3.6
Command Explanations
install -v -d -m775 -o proftpd -g
proftpd /srv/ftp: Create the home directory for
ProFTPD.
ln -v -s /bin/false
/usr/bin/proftpdshell: Set the default shell as a
link to an invalid shell.
echo /usr/bin/proftpdshell >>
/etc/shells: Fake a valid shell for compatibility
purposes.
Note
The above two commands can be omitted if the following directive
is placed in the configuration file:
RequireValidShell off
By default, proftpd will require that users logging in have valid
shells. The RequireValidShell directive turns off this
requirement. This is only recommended if you are setting up your
FTP server exclusively for anonymous downloads.
Note
Support for most of the dependency packages requires using
options passed to the configure script. View the
output from ./configure
--help for complete information about enabling
dependency packages.
Configuring ProFTPD
Config Files
/etc/proftpd.conf
Configuration Information
This is a simple, download-only sample configuration. See the
ProFTPD documentation in
/usr/share/doc/proftpd
and consult
the website at http://www.proftpd.org/ for example
configurations.
cat > /etc/proftpd.conf << "EOF"
# This is a basic ProFTPD configuration file
# It establishes a single server and a single anonymous login.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group proftpd
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, files should be overwritable.
<Directory /*>
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories.
<Anonymous ~proftpd>
User proftpd
Group proftpd
# Clients should be able to login with "anonymous" as well as "proftpd"
UserAlias anonymous proftpd
# Limit the maximum number of anonymous logins
MaxClients 10
# 'welcome.msg' should be displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
EOF
Contents
Installed Programs:
ftpasswd, ftpcount, ftpdctl, ftpmail,
ftpquota, ftpscrub, ftpshut, ftptop, ftpwho, in.proftpd
(symlink to proftpd), proftpd, and prxs
Installed Libraries:
None
Installed Directory:
/usr/{include,lib}/proftpd
Short Descriptions
proftpd
|
is the FTP daemon.
|
ftpcount
|
shows the current number of connections.
|
ftpdctl
|
is used to control the proftpd daemon while it is
running.
|
ftpasswd
|
is a Perl script designed to create and manage
AuthUserFiles and AuthGroupFiles of the correct format
for proftpd.
|
ftpmail
|
is a Perl script for sending email based on the proftpd
TransferLog.
|
ftpquota
|
is a Perl script designed to create and manage limits and
tally files for the mod_quotatab + mod_quotatab_file
module combination for proftpd.
|
ftpscrub
|
provides a way to scrub the scoreboard file on demand.
|
ftpshut
|
shuts down all proftpd
servers at a given time.
|
ftptop
|
displays running status on connections.
|
ftpwho
|
shows current process information for each session.
|
prxs
|
is a Perl script designed to compile and install
third-party modules, from source code, as DSO modules for
the installed proftpd.
|
Last updated on 2019-08-29 15:57:46 -0700