ServerName "Gentoo FTP"
ServerType standalone
DeferWelcome off
DefaultServer on
AuthPAM off
AuthPAMConfig ftp

Port 666

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.

Umask 022

MaxInstances 30

# Set the user and group under which the server will run.

User nobody
Group nobody

# Normally, we want files to be overwriteable.
<Directory />
AllowOverwrite on
</Directory>



# chroot for all users of the group ftpuser
DefaultRoot ~ ftpuser

# grant login only for members of the group
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>

# disable root login and require a valid shell (from /etc/shells)
<Global>
RootLogin off
RequireValidShell on
</Global>

UseReverseDNS off
IdentLookups off

# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# logging

# every login
ExtendedLog /var/log/ftp_auth.log AUTH auth

# file/dir access
ExtendedLog /var/log/ftp_access.log WRITE,READ write


<IfModule mod_tls.c>
TLSEngine on
TLSLog /opt/var/proftpd/tls.log
TLSProtocol TLSv1

# Clients are required to use FTP over TLS when talking to this server
# off = clients can connect using insecure FTP or secure FTP/SSL
# on = clients can only connect using secure FTP/SSL
TLSRequired on

# Server's certificate
TLSRSACertificateFile /opt/etc/ftpd/server.crt
TLSRSACertificateKeyFile /opt/etc/ftpd/server.key

# CA the server trusts
TLSCACertificateFile /opt/etc/ftpd/ca.crt

# Authenticate clients that want to use FTP over TLS
# off = client SSL certificates are not requried
# on = client SSL certificates are required
TLSVerifyClient off
</IfModule>