Beyond Linux® From Scratch - Version 7.5

Chapter 20. Major Servers

ProFTPD-1.3.4d

Introduction to ProFTPD

The ProFTPD package contains a secure and highly configurable FTP daemon. This is useful for serving large file archives over a network.

This package is known to build and work properly using an LFS-7.5 platform.

Package Information

ProFTPD Dependencies

Optional

acl-2.2.52, libcap-2.24, Linux-PAM-1.1.8, MariaDB-10.0.8 or MySQL-5.6.16, OpenSSL-1.0.1f, PCRE-8.34, PostgreSQL-9.3.3 and to run tests Check-0.9.12 and Test::Unit-0.14

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/proftpd

Installation of ProFTPD

For security reasons, you should install ProFTPD using an unprivileged user and group. As the root user: 

groupadd -g 46 proftpd                             &&
useradd -c proftpd -d /srv/ftp -g proftpd \
        -s /usr/bin/proftpdshell -u 46 proftpd     &&

install -v -d -m775 -o proftpd -g proftpd /srv/ftp &&
ln -v -s /bin/false /usr/bin/proftpdshell          &&
echo /usr/bin/proftpdshell >> /etc/shells

Install ProFTPD as an unprivileged user by running the following commands: 

./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run &&
make

The tests for this package require a very old (2001) version of the Perl Module Test::Unit. Using the lastest version of this Test::Unit results in many failures (34/1089) although the program appears to run well. The tests take a long time (38 minutes, not CPU dependent) and are not recommended. To test the results anyway, issue: make check.

Now, as the root user: 

make install

Command Explanations

install -v -d -m775 -o proftpd -g proftpd /srv/ftp: Create the home directory for ProFTPD.

ln -v -s /bin/false /usr/bin/proftpdshell: Set the default shell as a link to an invalid shell.

echo /usr/bin/proftpdshell >> /etc/shells: Fake a valid shell for compatibility purposes.

[Note]

Note

The above two commands can be omitted if the following directive is placed in the configuration file: 

RequireValidShell off

By default, proftpd will require that users logging in have valid shells. The RequireValidShell directive turns off this requirement. This is only recommended if you are setting up your FTP server exclusively for anonymous downloads.

[Note]

Note

Support for most of the dependency packages requires using options passed to the configure script. View the output from ./configure --help for complete information about enabling dependency packages.

Configuring ProFTPD

Config Files

/etc/proftpd.conf

Configuration Information

This is a simple, download-only sample configuration. See the ProFTPD documentation in /usr/share/doc/proftpd and consult the website at http://www.proftpd.org/ for example configurations. 

cat > /etc/proftpd.conf << "EOF"
# This is a basic ProFTPD configuration file
# It establishes a single server and a single anonymous login.

ServerName                      "ProFTPD Default Installation"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service

MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            proftpd
Group                           proftpd

# Normally, files should be overwritable.
<Directory /*>
  AllowOverwrite                on
</Directory>

# A basic anonymous configuration, no upload directories.
<Anonymous ~proftpd>
  User                          proftpd
  Group                         proftpd
  # Clients should be able to login with "anonymous" as well as "proftpd"
  UserAlias                     anonymous proftpd

  # Limit the maximum number of anonymous logins
  MaxClients                    10

  # 'welcome.msg' should be displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayChdir                  .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>
</Anonymous>
EOF

Boot Script

Install the /etc/rc.d/init.d/proftpd init script included in the blfs-bootscripts-20140301 package. 

make install-proftpd

Contents

Installed Programs: ftpcount, ftpdctl, ftpasswd, ftpmail, ftpquota, ftpscrub, ftptop, ftpshut, ftpcount, ftpwho, and proftpd
Installed Libraries: None
Installed Directory: /usr/lib/proftpd

Short Descriptions

proftpd

is the FTP daemon.

ftpcount

shows the current number of connections.

ftpdctl

is used to control the proftpd daemon while it is running.

ftpasswd

is a Perl script designed to create and manage AuthUserFiles and AuthGroupFiles of the correct format for proftpd.

ftpmail

is a Perl script for sending email based on the proftpd TransferLog.

ftpquota

is a Perl script designed to create and manage limits and tally files for the mod_quotatab + mod_quotatab_file module combination for proftpd.

ftpscrub

provides a way to scrub the scoreboard file on demand.

ftpshut

shuts down all proftpd servers at a given time.

ftptop

displays running status on connections.

ftpwho

shows current process information for each session.

Last updated on 2014-02-21 02:34:59 -0800