Create a /home/ftp directory:
Code:
cd /home sudo mkdir ftp |
Create a user named ftp_user which will be used only for ftp access. This user don’t need a valid shell (more secure) therefore select /bin/false shell
for ftp_user and /home/ftp as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System -> Administration -> User -> Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
Code:
sudo useradd ftp_user -p your_password -d /home/ftp -s /bin/false sudo passwd ftp_user |
In ftp directory create a download and an upload directory:
Code:
cd /home/ftp/ sudo mkdir download sudo mkdir upload |
Now we have to set the good permissions for these directories:
Code:
cd /home sudo chmod 755 ftp cd ftp sudo chmod 755 download sudo chmod 777 upload |
3. OK, now go to the proftpd configuration file:
Code:
sudo gedit /etc/proftpd/proftpd.conf |
and edit your proftpd.conf file like that if it fit to your need:
Code:
# To really apply changes reload proftpd after modifications. AllowOverwrite on AuthAliasOnly on # Choose here the user alias you want !!!! UserAlias sauron userftp ServerName "Server_Name" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks off TimeoutNoTransfer 600 TimeoutStalled 100 TimeoutIdle 2200 DisplayFirstChdir .message ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want) Port 1980 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 PersistentPasswd off MaxClients 8 MaxClientsPerHost 8 MaxClientsPerUser 8 MaxHostsPerUser 8 # Display a message after a successful login AccessGrantMsg "welcome !!!" # This message is displayed for each access good or not ServerIdent on "you're at home" # Set /home/ftp directory as home directory DefaultRoot /home/ftp # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ MaxLoginAttempts 5 #VALID LOGINS AllowUser userftp DenyALL </Limit> <Directory /home/ftp> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory /home/ftp/download/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory> /home/ftp/upload/> Umask 022 022 AllowOverwrite on <Limit READ RMD DELE> DenyAll </Limit> <Limit STOR CWD MKD> AllowAll </Limit> </Directory> |
Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user: ftp_user
password: the one you’ve set for ftp_user
4. To start/stop/restart your server:
Code:
sudo /etc/init.d/proftpd start sudo /etc/init.d/proftpd stop sudo /etc/init.d/proftpd restart |
To perform a syntax check of your proftpd.conf file:
Code:
sudo proftpd -td5 |
To know who is connected on your server in realtime use “ftptop” command (use “t” caracter to swich to rate display), you can also use the “ftpwho”
command.