[submission] protfptd.html

Wed, 10 Apr 2002 07:11:01 -0700 


bugfix
Title: Installing ProFTPd








  

     
    
 
       
        
        
         
        
         
        
        
      Linux Step By Steps
    

     
  







Installing ProFTPD




From: M.W.Chang


Date: 18 March, 2002




This document describes the compile/install and configuration of a very basic ProFTPD service.




Grab the proftpd-1.2.4.tar.gz from Proftpd website. I am using Caldera OpenLinux 3.1, so I configured the package with these switches, and use checkinstall-1.5.1 to turn the package into an regular RPM for installation:





./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run
make -j 3
checkinstall -si make install
mkdir /home/ftp; chmod 753 /home/ftp; chown ftp:ftp /home/ftp
mkdir /home/ftpdown;chmod 555 /home/ftpdown; chown nobody:nobody /home/ftpdown





NOTE: checkinstall-1.5.1 would require you to enter the path to Caldera's RPM repository in /usr/src/OpenLinux.



Then I wrote the /etc/proftpd.conf by reading the /usr/src/proftpd-1.2.4/doc directory. My proftpd exhibits the following characteristics:


    

  • It will be a standalone daemon, started by /usr/sbin/proftpd. If you want to use inetd, make sure you edit /etc/inet.d/ftp, and use in.proftpd as daemon name.

  • Unlimited number of users can always upload (which you may not want that)

  • 3 users can download at any time, with bandwidth locked at 20000 kb/s. 

  • All uploads go to /home/ftp, and on one can download from it.

  • Users can download from /home/ftpdown only.

  • No users can login their home directory (well, I would study about it later)

  • Newly uploaded files are owned by ftp:ftp and cannot be downloaded by anyone. To allow files to be downloaded, chown nobody:nobody the_file and move them to /home/ftpdown.

  • The anonymous account is linked to a real user account ftp in /etc/passwd, with shell set to /bin/false.

  • To upload, users punch in ftp://111.222.333.444

  • To download, users punch in ftp:[EMAIL PROTECTED]







Proftpd generates a log file that's similar to the log file wu-ftpd. That means, you can use the xferstats script from wu-ftpd to analyze the log. I put the xferstats script in /usr/sbin. There is a newer version of xferstats. Search for it via google.com using keyword "xferstats" or try http://xferstats.off.net




To know the transfer rates, you may use SNMP tools like MRTG. One linux-sxs editor recommneded console tools pppstatus and ethstatus. You can find them in freshmeat.net!





Note that xferstats script cannot handle non-ASCII file names (for me, that means chinese)  properly and would give you a divide-by-zero error. When I saw that, I would delete the log entries. Hope someone could teach me how to fix the xferstats script.





# beginning of proftpd.conf
ServerName		"Anonymous Server"
ServerType		standalone
# if not switched on, won't answer calls from unknown destinations
DefaultServer	on

DefaultTransferMode	binary
ServerIdent		off
UseReverseDNS		no
DefaultRoot		~

# Port 21 is the standard FTP port.
Port			21

# If you don't want normal users logging in at all, uncomment this
# next section
<LIMIT LOGIN>
  DenyAll
</LIMIT>
# Set the user and group that the server normally runs at.
User			nobody
Group			nogroup

MaxInstances		10

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled		300

UseFtpUsers		off
RootLogin		off
IdentLookup		off
# you may want to have a separate file from the regular /etc/passwd
#AuthUserFile		/etc/proftpd-passwd

<Global>
  Umask                         022
  MaxClientsPerHost             1 "One connection per IP"
  RequireValidShell             off
  DirFakeGroup                  on      nobody
  DirFakeUser                   on      nobody
  DirFakeMode                   0440
</Global>

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin					welcome.msg
DisplayFirstChdir				.message

<Anonymous /home/ftpdown>
  <Limit LOGIN>
    AllowAll
  </Limit>
# you can use the alias as a password for your downloaders. :)
  UserAlias                     download ftp
#
# But if you really use a password, you need to encrypt the password 
# and paste the encrypted text below
# AnonRequirePassword           on
# UserPassword                  download _ouput from cli-crypt("password")_
#
  RequireValidShell             off
  MaxClients                    3 "550 Too Many Users (Limit=%m)"
  User                          ftp
  Group                         ftp
# you may not like the bandwidth control below
  RateReadBPS                   20000
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>

<Anonymous /home/ftp>
  <Limit LOGIN>
    AllowAll
  </Limit>
  UserAlias                     anonymous ftp
  User                          ftp
  Group                         ftp
  RequireValidShell             off
  AllowStoreRestart             on
  AllowOverwrite                on
  AllowForeignAddress           on
  <Limit REST STOR MKD APPE>
    AllowAll
  </Limit>
  <Limit RMD RNFR RNTO RETR DELE>
    DenyAll
  </Limit>
# Reject all files with leading periods or dashes:
  PathDenyFilter "(^|/)[-.]"
</Anonymous>
# end of proftpd.conf





cli-crypt-1.0.tar.gz is a package that can be downloaded 
from http://freshmeat.net
basically written for use with proftpd.

 



For your convinience, here's my /etc/logrotate.d/ftpd for Proftpd's logs:





# beginning of /etc/logrotate.d/ftpd
missingok

/var/log/xferlog {
  size=256k
  nocopytruncate
  postrotate
    /usr/bin/killall -HUP syslogd
  endscript
}

/var/log/ftp {
  daily
  rotate 7
  postrotate
    /usr/bin/killall -HUP syslogd
  endscript
}
# end of /etc/logrotate.d/ftpd





The following is a script to start/stop my proftpd daemon:





#!/bin/bash
NAME=proftpd
DAEMON=/usr/sbin/proftpd
case "$1" in
 start)
  echo -n "ftp start: "
  $DAEMON
  ;;
 stop)
  echo -n "ftp stop: "
  killall proftpd
  ;;
 *)
  echo "usage: $0 {start|stop}"
  exit 1
  ;;
esac
echo "."
exit 0

Reply via email to