Forum Moderators: bakedjake
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6on
# If set on you can experience a longer connection delay in many cases.
IdentLookupsoff
ServerName"proFTPD"
ServerTypestandalone
DeferWelcomeoff
MultilineRFC2228on
DefaultServeron
ShowSymlinkson
TimeoutNoTransfer600
TimeoutStalled600
TimeoutIdle1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter\*.*/
ServerLog /var/log/proftp/log
Umask 022
# Use this to jail all users in their homes
# DefaultRoot~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShelloff
# Port 21 is the standard FTP port.
Port21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances30
# Set the user and group that the server normally runs at.
Userculser
Groupusers
# Normally, we want files to be overwriteable.
AllowOverwriteon
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
PersistentPasswdon
# This is required to use both PAM-based authentication and local passwords
# AuthOrdermod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFileoff
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf
# Deny writing to the base server...
#
<Limit WRITE>
DenyAll
</Limit>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
<Limit LOGIN>
AllowUser culser
</Limit>
