LinuxQuestions.org - Config Proftpd

- Solaris / OpenSolaris (https://www.linuxquestions.org/questions/solaris-opensolaris-20/)

- - Config Proftpd (https://www.linuxquestions.org/questions/solaris-opensolaris-20/config-proftpd-381356/)

I installed ProFTPD successfully and It's working right now. Next step, I want to configure it more secure.

At this time, when user login to ftp server, they can go to uplevel and view all directories in my server. I wanna lock them in their Home folder so I enabled DefaultRoot in the config file.

Here is proftpd.conf

Code:

# This is a basic ProFTPD configuration file (rename it to 

# 'proftpd.conf' for actual use.  It establishes a single server

# and a single anonymous login.  It assumes that you have a user/group

# "nobody" and "ftp" for normal operation and anon.



ServerName                        "Test FTP Server"

ServerType                        standalone

DefaultServer                        on



# Port 21 is the standard FTP port.

Port                                21



# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                                022



# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd).

MaxInstances                        30



# Set the user and group under which the server will run.

User                                nobody

Group                                nogroup



# To cause every FTP user to be "jailed" (chrooted) into their home

# directory, uncomment this line.

DefaultRoot ~



# Normally, we want files to be overwriteable.

AllowOverwrite                on



# Bar use of SITE CHMOD by default

<Limit SITE_CHMOD>

  DenyAll

</Limit>



# A basic anonymous configuration, no upload directories.  If you do not

# want anonymous users, simply delete this entire <Anonymous> section.

#<Anonymous ~ftp> #do not want anonymous access

#  User                                ftp

#  Group                                ftp



  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias                        anonymous ftp



  # Limit the maximum number of anonymous logins

  MaxClients                        10



  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin                        welcome.msg

  DisplayFirstChdir                .message



  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>

#</Anonymous>

I don't want anonymous login also so I mark <Anonymous ~ftp> and </Anonymous>.

The proftpd.conf is located in /usr/local/etc/proftpd.conf. I aslo create a symbolic link to /etc folder

Code:

#ln -s /usr/local/etc/proftpd.conf /etc/proftpd.conf

Howerver, this configuration seem not to be loaded. I have to execute this command:

Code:

#/usr/local/sbin/proftpd -c /usr/local/etc/proftpd.conf

Restart server, everything is turned back default. I want proftpd process load this configuration everytime it's started.

Run

Code:

proftpd -V

to see what conf file it uses and copy or symlink your conf file there.
Alternativelly you can modify the proftpd startup script to use the "-c /usr/local/etc/proftpd.conf" option.

there's no option -V to see what conf is in used.

-v (not capital): show version

Code:

-bash-3.00# /usr/local/sbin/proftpd -v

 - ProFTPD Version 1.2.10

Perhaps 1.2.10 does not have that option. I have 1.3.0rc3 which uses -V to display settings.
Try "man proftpd" to see for a similar option.
Anyway you should take a look at your startup script to see how proftpd is started and modify it accordingly.

Finally, after I failed to edit the config file of 1.2.10, I moved to 1.3.0rc3. Now, I can edit the config as I want but new trouble comes.

ProFtp server can't start after server rebooted. I wanna make it autostart whenever server is restarted. How can I do.

Thx in avandce

If your new config is similar to that in your first post, which means that you run proftpd standalone then follow these instructions.
You can also use inetd to run proftpd as a daemon

The proftpd standalone init.d script will work on Solaris 10 (legacy support), but if you go the inetd way, you have to convert to the new service management facility model (inetconv, inetadm).

To jlliagre: What do I have to convert to the new service management facility model? Pls explain more for me what is my current and why should I have to convert to new one.

To Bathory: yes, I setup my proftpd in standalone mode. If I keep this configuration and follow the instructions in your site compare with I change it to Inetd in order to run as deamon, which way is better?

Thx all.

When I read These instructions , I'm not clearly some:

Quote:

3. Make sure to prepend a "#" to comment out the "ftp" line in /etc/inetd.conf:
#ftp stream tcp nowait root /usr/local/sbin/in.proftpd in.proftpd

I checked in my /etc/inetd.conf, there didn't have this line (only have tftp) so I don't have to comment this line as the instruction, rite.

Quote:

5. Create a ProFTPD startup/shutdown script in /etc/inetd.conf. Here is our /etc/init.d/proftpd script:

#!/bin/sh

case $1 in
'start' )
/usr/local/sbin/proftpd
;;
'stop' )
kill `ps -ef | grep proftpd | grep -v grep | awk '{print $2}'` > /dev/null 2>&1
;;
*)
echo "usage: $0 {start|stop}"
esac

This step makes me confused much. The script bellow has to typed into /etc/inetd.conf file or /etc/init.d/proftpd file. I guess it is /etc/init.d/proftpd but not make sense!!

:study:

You have to create that script in /etc/init.d and name it proftpd. Don't forget to

Code:

chmod +x /etc/init.d/proftpd

Then create the 2 symlinks and you're done. No need to edit /etc/inetd.conf.
If you ask my personal opinion, I prefer to start ftpd from inetd, cause this way I don't have another process always running.

oh, if i choose to start ftpd from inetd like you, the only thing which i have to do, is just simple change server type in proftpd.conf from standalone to inetd ?

You change "Servertype" to "inetd" in proftpd.conf and add the line:

Code:

ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/sbin/proftpd

in /etc/inetd.conf and restart inetd.
But this is for Solaris 8 so I cannot help you further for Solaris 10.
You have to do what jlliagre said. So read the man pages or search google for smf, inetconv, inetadm etc.

ok thx. I'm going to search and learn about smf, inetconv, inetadm... etc as jlliagre said after i can configure proftpd start automatically via standard init.d script, then i will try inetd way.

*Nix is so strange sothat I have to learn more. I'm lucky with all help from u.
:study:

Okay, I can make proftpd autostart now.

Next, assum I have 2 users: Hugo and Dave and I configured Default Root ~ so users are jailed into their Home folder.

I also have some folder as Ebooks, Tools and wanna share these folders to them. In Windows, I can create Virtual Folders and whenever user login to Ftp server, they will see the virtual folders. The content inside these virtual folder share to all. Hugo upload something, Dave can get it.

With Proftpd, how can i do like this? I can see only Virtual Host in Proftpd, not Virtual Folder there :(

I tried to create link for the public folders to Home folders of users but it didn't work.

If I use soft link, user can use these "link folder" when they telnet to server, else, they can't access in ftp session

I can't create hard link for directories.