Re: Newbie Help with ProFTPd Config


Subject: Re: Newbie Help with ProFTPd Config
christopher.murtagh@mcgill.ca
Date: Mon Jul 09 2001 - 22:27:07 MDT


On Mon, 9 Jul 2001, Gord Busse wrote:
>I am hoping that some kind soul out there could guide me in the right
>direction and maybe even supply me with a sample proftpd.conf file
>skeleton that would help me along my way!

 Here's one (below). The DefaultRoot as '~' will keep users within their
namespace, and ProFTPD won't follow symlinks (which is good). One thing,
if you have a bunch of clients that you are giving ftp access only, and
you have given them a shell like /bin/noshell, make sure that the line
/bin/noshell is in your /etc/shells file otherwise they will get failed
authorizations every time. That one took me forever to figure out (the
docs are in pretty rough shape).

 Having said that, when you get a chance, have a look at the docs (but
they are a pain to read). ProFTPD has a bunch of interesting features,
unfortunately it has a pretty nasty past in terms of security, and many
people refuse to use it. You might want to check out ncftpd:

http://www.ncftpd.com/ncftpd/

 I haven't had a chance to try it yet, but I've heard good things about
it. Anyone here hear anything different?

Cheers,

Chris

-- 

Christopher Murtagh Webmaster / Sysadmin Web Communications Group McGill University Montreal, Quebec Canada

################ # This proftpd configuration establishes a single server # and *No* anonymous login.

ServerName "ProFTPD" ServerType inetd DefaultServer on DefaultRoot ~ MaxLoginAttempts 4

# Port 21 is the standard FTP port. Port 21

# Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable.

Umask 022

# To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd)

MaxInstances 30

# Set the user and group that the server normally runs at. User ftp Group ftp

# Normally, we want files to be overwriteable. <Directory /*> AllowOverwrite on </Directory>

#################



This archive was generated by hypermail 2a24 : Mon Jul 09 2001 - 22:27:49 MDT