muhabdulhaq new document title

Create a user named ftp_user which will be used only for ftp access. This user don’t need a valid shell (more secure) therefore select /bin/false shell
for ftp_user and /home/ftp as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System -> Administration -> User -> Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
Code:

sudo useradd ftp_user -p your_password -d /home/ftp -s /bin/false
sudo passwd ftp_user

cd /home/ftp/
sudo mkdir download
sudo mkdir upload

cd /home
sudo chmod 755 ftp
cd ftp
sudo chmod 755 download
sudo chmod 777 upload

sudo gedit /etc/proftpd/proftpd.conf

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
 
# Choose here the user alias you want !!!!
UserAlias sauron userftp
 
ServerName "Server_Name"
ServerType standalone
DeferWelcome on
 
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
 
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
 
DisplayFirstChdir .message
ListOptions "-l"
 
RequireValidShell off
 
TimeoutLogin 20
 
RootLogin off
 
# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
 
#DenyFilter \*.*/
 
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
 
# Allow to restart a download
AllowStoreRestart on
 
# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980
 
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
 
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
 
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
 
PersistentPasswd off
 
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
 
# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"
 
# Set /home/ftp directory as home directory
DefaultRoot /home/ftp
 
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
 
MaxLoginAttempts 5
 
#VALID LOGINS
 
AllowUser userftp
DenyALL
</Limit>
 
<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
 
<Directory /home/ftp/download/*>
 
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
 
<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
 
DenyAll
</Limit>
 
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user: ftp_user
password: the one you’ve set for ftp_user

sudo /etc/init.d/proftpd start
sudo /etc/init.d/proftpd stop
sudo /etc/init.d/proftpd restart

To know who is connected on your server in realtime use “ftptop” command (use “t” caracter to swich to rate display), you can also use the “ftpwho”
command.