Hello,

Thankyou for your guide,

Im having this problem, and i dont know what it means:
(the IPv4 gettaddrinfo 'MAINSERVER' bit)
http://xs216.xs.to/xs216/07254/proftpd-instal-problem.png

And had i mention same thing while trying ot install, so not sure about what the current users/passes are set to as default etc.

:(

First post your proftpd.conf and run a synthax check just to be sure that there's no errors in your proftpd.conf file :
proftpd -nd5

Here is the Config:
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "KALM-FTP-Server"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

And about the syntax check, does it return errors ?

Anyway, proftpd don't like complex name with special characters like "-" so i would advice you to choose a simple name instead then test again your server.

And about the syntax check, does it return errors ?

Anyway, proftpd don't like complex name with special characters like "-" so i would advice you to choose a simple name instead then test again your server.

Changed the name so config is now:


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "kalmftp"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


and screenshot of the test u said to do:

http://xs216.xs.to/xs216/07254/proftp-nd5.png

And if i use:


sudo /etc/init.d/proftpd start


IT comes up with:


david@MAINSERVER:~$ sudo /etc/init.d/proftpd start
Password:
* Starting ftp server proftpd - IPv4 getaddrinfo 'MAINSERVER' error: No address associated with hostname
- warning: unable to determine IP address of 'MAINSERVER'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'
[fail]
david@MAINSERVER:~$

Ok if "proftpd -nd5" give you erros then that's not worth to try to start the server because it's sure it will fail. I advice you to take the time to read this thread, if you would have read it before posting you would have surely found this post (post #41) where a user already had a similar problem and explained how to solve it, thanks for using the search function ;) :
http://ubuntuforums.org/showpost.php?p=2329159&postcount=409

Ok if "proftpd -nd5" give you erros then that's not worth to try to start the server because it's sure it will fail. I advice you to take the time to read this thread, if you would have read it before posting you would have surely found this post (post #41) where a user already had a similar problem and explained how to solve it, thanks for using the search function ;) :
http://ubuntuforums.org/showpost.php?p=2329159&postcount=409

Thanx for the link, I used the search, just not well enough:p

Anyway, proftpd -nd5 now gives:


root@MAINSERVER:~# proftpd -nd5
- mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
- parsing '/etc/proftpd/proftpd.conf' configuration
- <Directory /home/FTP-shared>: deferring resolution of path
- <Directory /home/FTP-shared/download/*>: deferring resolution of path
- <Directory /home/FTP-shared/upload/>: deferring resolution of path
- IPv6 getaddrinfo 'MAINSERVER' error: No address associated with hostname
localhost -
localhost - Config for kalmftp:
localhost - /home/FTP-shared/upload/
localhost - Limit
localhost - AllowAll
localhost - Limit
localhost - DenyAll
localhost - Umask
localhost - DirUmask
localhost - AllowOverwrite
localhost - AuthAliasOnly
localhost - UserAlias
localhost - ShowSymlinks
localhost - DisplayFirstChdir
localhost - ListOptions
localhost - RequireValidShell
localhost - RootLogin
localhost - TransferLog
localhost - UseFtpUsers
localhost - AllowStoreRestart
localhost - MaxClients
localhost - MaxClientsPerHost
localhost - MaxClientsPerUser
localhost - MaxHostsPerUser
localhost - AccessGrantMsg
localhost - /home/FTP-shared/download/*
localhost - Limit
localhost - DenyAll
localhost - Umask
localhost - DirUmask
localhost - AllowOverwrite
localhost - AuthAliasOnly
localhost - UserAlias
localhost - ShowSymlinks
localhost - DisplayFirstChdir
localhost - ListOptions
localhost - RequireValidShell
localhost - RootLogin
localhost - TransferLog
localhost - UseFtpUsers
localhost - AllowStoreRestart
localhost - MaxClients
localhost - MaxClientsPerHost
localhost - MaxClientsPerUser
localhost - MaxHostsPerUser
localhost - AccessGrantMsg
localhost - /home/FTP-shared
localhost - Limit
localhost - DenyAll
localhost - Umask
localhost - DirUmask
localhost - AllowOverwrite
localhost - AuthAliasOnly
localhost - UserAlias
localhost - ShowSymlinks
localhost - DisplayFirstChdir
localhost - ListOptions
localhost - RequireValidShell
localhost - RootLogin
localhost - TransferLog
localhost - UseFtpUsers
localhost - AllowStoreRestart
localhost - MaxClients
localhost - MaxClientsPerHost
localhost - MaxClientsPerUser
localhost - MaxHostsPerUser
localhost - AccessGrantMsg
localhost - Limit
localhost - AllowUser
localhost - DenyAll
localhost - AllowOverwrite
localhost - AuthAliasOnly
localhost - UserAlias
localhost - DeferWelcome
localhost - DefaultServer
localhost - ShowSymlinks
localhost - TimeoutNoTransfer
localhost - TimeoutStalled
localhost - TimeoutIdle
localhost - DisplayFirstChdir
localhost - ListOptions
localhost - RequireValidShell
localhost - TimeoutLogin
localhost - RootLogin
localhost - ExtendedLog
localhost - TransferLog
localhost - UseFtpUsers
localhost - AllowStoreRestart
localhost - UserID
localhost - UserName
localhost - GroupID
localhost - GroupName
localhost - Umask
localhost - DirUmask
localhost - MaxClients
localhost - MaxClientsPerHost
localhost - MaxClientsPerUser
localhost - MaxHostsPerUser
localhost - AccessGrantMsg
localhost - ServerIdent
localhost - DefaultRoot
localhost - DefaultRoot
localhost - MaxLoginAttempts
localhost - mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
localhost - deleting existing scoreboard '/var/run/proftpd/proftpd.scoreboard'
localhost - error setting IPV6_V6ONLY: Protocol not available
localhost - Failed binding to ::, port 1980: Address already in use
localhost - Check the ServerType directive to ensure you are configured correctly.
root@MAINSERVER:~#


And when u run "sudo /etc/init.d/proftpd start":
(I did not expect to work)

root@MAINSERVER:~# sudo /etc/init.d/proftpd start
* Starting ftp server proftpd - IPv6 getaddrinfo 'MAINSERVER' error: No address associated with hostname
[ OK ]
root@MAINSERVER:~#


the "IPv6 getaddrinfo 'MAINSERVER' error: No address associated with hostname" bit does not seem right :s

Thanx for your help so far btw.

From what i read on the proftpd forum the IPv6 error don't prevent the FTP server to work properly (i have it as well because i use IPv4 address) so you can just forget this one, you get this error because you don't use IPv6 address, anyway if you want to solve this error message read this post :
http://ubuntuforums.org/showpost.php?p=2295568&postcount=2

Newb question :D

Is there a FTP server for linux that you can share other HDDs/directories? When I had a Windows server running I used the old trustworthy FTP server G6 and in that you could just share whatever directory you wanted too and make links so you could see all the shared dirs in the root dir. Is this possible with some linux FTP server?

It is exactly what you do here, just mount the directoty/hdd you want in the dowload or upload directory and you are all done ;)
Look in the first post the mount command details are given

Hm ok ;) Sorry.. I guess I never looked hard enough, Ive checked various ftp servers and missed the fact that you mount what dirrs and HDDs you want =)

The tip is that the mount command allows you to mount a directory (even already mounted) in another one, this command don't overwritte the content of the destination directory it just kind of wrap it in your wanted download/upload directory.
That's why ultimatly the name and the place where you share the directory don't really matter because you can mount in what you want.

Hope my explanation make sense.

Good luck ;)

how can i change the ftp directory to /var/www? i want to upload files straight into the www directory

Please take the time to read the thread (or at least a part of) before posting, why should one take the time to answer your question when you don't take the time to find this answer in the thread (because the answer to your question is already in the thread).

To be quick either put "/var/www" as home directory for your ftpuser and adapt the directory section or like i said in my previous post (yes the one above your post) mount your /var/www directory in the upload directory.

First, I'd like to apologize if I'm posting a problem already met. I dug through this thread as much as I could (I even used the search functions just in case I missed anything). I thought I'd wait for an answer to this thread (http://ubuntuforums.org/showthread.php?t=467872&highlight=proftpd+socket), but it was empty for 3 weeks when I looked at it.

I'm having the same problem as that guy. Here's what mine says, specifically:

nate@nate-desktop:/$ proftpd
- notice: unable to bind to Unix domain socket at '/var/run/proftpd/test.sock': Permission denied
- notice: unable to listen to local socket: Address already in use
- Fatal: SystemLog: unable to redirect logging to '/var/log/proftpd/proftpd.log': Permission denied on line 87 of '/etc/proftpd/proftpd.conf'

Here's my proftpd.conf file:

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias bucketoclams userftp

ServerName "desknate"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User userftp
Group userftp

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /media/hdb1/FTP-Shared directory as home directory
DefaultRoot /media/hdb1/FTP-Shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /media/hdb1/FTP-Shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /media/hdb1/FTP-Shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /media/hdb1/FTP-Shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Sorry if that's a bit of an unruly way to display it. I have everything on a secondary, much larger hard drive in the box, which is why it's at /media/hdb1/FTP-Shared instead of just /home.

Just let me know if you need any more info. Thanks!

proftpd needs to be run as root and i think it may be the problem here, the command to start proftpd is :
sudo /etc/init.d/proftpd start

Hope it solves you problem.

Well, it kind of solved it. It showed me other things, and now I'm going through and finding info about them (all common errors, no need to repeat). Thanks!

Great, feel free to post questions, sometimes even when reading post containing the answer we are not sure of what to do so if you need some infos go on ;)

found this post very helpful but would like to know what these command do or at least be able to find a link to a listing of what they do....

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

some info on the rnrf and rnto and rnef would be great....

thanks again for the how to

found this post very helpful but would like to know what these command do or at least be able to find a link to a listing of what they do....

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>

some info on the rnrf and rnto and rnef would be great....

thanks again for the how toDon't forget the documentation in such case ;) :
http://www.proftpd.org/localsite/Userguide/linked/userguide.html

You will find what interest you in the LIMIT directive documentation :
http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html

I can not install proftpd. I get the following error messages:

----------------------------------------------------------------------------------------------

root@server:/home/brad# apt-get install proftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
proftpd-doc
The following NEW packages will be installed:
proftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/784kB of archives.
After unpacking 2331kB of additional disk space will be used.
X Error: BadDevice, invalid or uninitialized input device 169
Major opcode: 145
Minor opcode: 3
Resource id: 0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 169
Major opcode: 145
Minor opcode: 3
Resource id: 0x0
Failed to open device
Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
Preconfiguring packages ...
Selecting previously deselected package proftpd.
(Reading database ... 116567 files and directories currently installed.)
Unpacking proftpd (from .../proftpd_1.3.0-21ubuntu1_i386.deb) ...
Setting up proftpd (1.3.0-21ubuntu1) ...
X Error: BadDevice, invalid or uninitialized input device 169
Major opcode: 145
Minor opcode: 3
Resource id: 0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 169
Major opcode: 145
Minor opcode: 3
Resource id: 0x0
Failed to open device
Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
* Starting ftp server proftpd - IPv4 getaddrinfo 'server' error: No address associated with hostname
- warning: unable to determine IP address of 'server'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'
[fail]
invoke-rc.d: initscript proftpd, action "start" failed.
dpkg: error processing proftpd (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
proftpd
E: Sub-process /usr/bin/dpkg returned an error code (1)

I've managed to install proFTPd and it works just fine, except for one problem. When a computer from my LAN connects to my FTP server and downloads something, it is limited to 30KB/s... :( I don't know why it is so slow. Any ideas?

You can try to specify explicitlty the maximum transfer rate, for example :
TransferRate RETR 4096

Documentation :
http://www.proftpd.org/localsite/Userguide/linked/config_ref_TransferRate.html

Anyway this is strange, you shouldn't have such problems, i believe that by default it takes the maximum bandwidth it can.

Hi!
I used the default GPROFTPD configuration to set up my server, I added a user and am able to connect to the server from my own computer, but noone can connect from the outside.I don't have any routers or such things, and my friend who is trying to connect can ping me.he is using filezilla and gets the message "Waiting for welcome message..."and there it sits.
I could post my gproftpd.conf, but I really haven't touched a thing in it, everything is default.
Any help will be appreciated...

Data

what does this return?
sudo iptables -L

if there are any rules shown then you need to allow connections on the port you're using for your ftp server. Iptables is the main firewall for Ubuntu and many other Distribution. If you're not using a firewall, I'd ask you why in the heck not especially if you don't have a Hardware Firewall (router or the likes). If that still doesn't work, have your friend try a different client. Firefox has a free client (meaning he'd have to install Firefox first) as a plugin, it's called FireFTP. Check it out, it's actually a very usable client. If that doesn't work, there is most likely other free clients but I am not sure of them for Winbloz.

There is another thing i didn't see before, in the "<Directory> /home/ftp/upload/>" field, modify it like that : <Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
This will allow you to write in the upload directory.
Now for your login issue, try to login your gnome session with userftp in order to be sure that it's not a user creation problem. Check also that your home/ftp directory have 755 rights.

Hi frodon,

I've got a problem I thought I had passed, but I did not :-)

3 users accessing the download dir, but only one, that's me, aliased userftp2 can write, delete, rename and make all this an admin does, into this dir.
Here's my lines, but it doesn't work!
Can you help me ? Thanks a lot :-)

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser userftp2
AllowUser userftp3
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser userftp2
DenyAll
</Limit>
</Directory>

I'm not sure i'm not misunderstanding you but you should allow the real user in the directory not the alias name (the alias name don't matter).
You are also supposed to have a general "Limit LOGIN" section outside the "directory" section where you allow login from all the wanted user.

Thanks for the advice, but I figured it out.I had to use a port that is in the passive port range.I don't quite understand why this is so, but it works now :D

I'm not sure i'm not misunderstanding you but you should allow the real user in the directory not the alias name (the alias name don't matter).
You are also supposed to have a general "Limit LOGIN" section outside the "directory" section where you allow login from all the wanted user.

I'm sorry...my fault....my explanation was not so clear.!
userftp2 is not an alias, it's the real name....and so are userftp3 and userftp!
Limit LOGIN is set up correctly (I followed your guide, many months ago :-) )
My target is to allow userftp2 only to write, delete, rename etc in the "download" directory!
of contrary, userftp3 and userftp could not !

But now a new suspect is in my mind:

when I set up my ftp server, "/home/FTP-Shared" directory and "/home/FTP-Shared/download" directory were chmoded by 755 ! so the real owner is only the system user who did this (by using sudo, obviously), that's me!
I'll never be able to write in download dir. just because "userftp2" doesn't match the real system user (myself).

and the confirmation is that everyone can do eveything in "upload" dir., chmoded 777 :-)


Is this correct ?

Maybe this could be a good solution:

I could give userftp2 a valid shell for a little while....then I could switch to userftp2 by typing su userftp2 and chmod by 755 the download dir.
From now on, userftp2 will be the owner and will be able to do everything into that dir :-)
Last but not least, I could give him back a fake shell !

I'll give a try :-)

I have read through all the posts here, read some 3rd party sites, and formatted my ubuntu box twice to try to get SSL/TLS secure ftp working.

My ftp works fine without encryption, however with encryption I get these errors.

WinSock 2.0 -- OpenSSL 0.9.8b 04 May 2006
[R] Connecting to 192.168.1.102 -> IP=192.168.1.102 PORT=21
[R] Connected to 192.168.1.102
[R] 220 ProFTPD 1.3.0 Server (Restricted-Access) [::ffff:192.168.1.102]
[R] AUTH TLS
[R] 234 AUTH TLS successful
[R] Connected. Negotiating TLSv1 session..
[R] error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[R] Failed TLSv1 negotiation, disconnected
[R] Connection failed (Connection closed by client)
[R] Delaying for 120 seconds before reconnect attempt #1

Not quite sure...I have noticed other uses have had this similar problem, and any help would be much appreciated. Thank you in advance.

I have read through all the posts here, read some 3rd party sites, and formatted my ubuntu box twice to try to get SSL/TLS secure ftp working.

My ftp works fine without encryption, however with encryption I get these errors.

WinSock 2.0 -- OpenSSL 0.9.8b 04 May 2006
[R] Connecting to 192.168.1.102 -> IP=192.168.1.102 PORT=21
[R] Connected to 192.168.1.102
[R] 220 ProFTPD 1.3.0 Server (Restricted-Access) [::ffff:192.168.1.102]
[R] AUTH TLS
[R] 234 AUTH TLS successful
[R] Connected. Negotiating TLSv1 session..
[R] error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure
[R] Failed TLSv1 negotiation, disconnected
[R] Connection failed (Connection closed by client)
[R] Delaying for 120 seconds before reconnect attempt #1

Not quite sure...I have noticed other uses have had this similar problem, and any help would be much appreciated. Thank you in advance.

if you notice the handshake is attempting sslv3 and your server is using TLSv1, I am guessing the client you're using isn't using the correct encryption handshake protocol BUT with that said, I couldn't get TLS to work either. Kind of sucks if you ask me. Why don't you just tunnel in with SSH, that way all your ftp stuff will be encrypted within the SSH tunnel. I only have 1 port open, and that's for ssh and even that has Public/Private Key pair for authentification, so it's very secure. I then tunnel my x11vnc, my ftp, my mythweb all thru that tunnel.

I'm having trouble adding users.

I understand that multiple people can use the original user name, but I want some users to have a different home directory.

Can someone please explain how to successfully add users and be able to connect through smartftp

Thanks

You should find some examples in this thread, some users have posted configurations with several users and different home directory.

Hi
I have created proftp server on RHES, and it works fine, thanks to this post but I have some complaints when users try to log in. They say it is very slow when u try to log in and also when u browse the folders, some say it took them 2 min to log in. Download speed is good. Here is my profto conf file


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias user userftp
UserAlias admins administrator
UserAlias admin spejs

ServerName "Net Cable"
ServerType standalone
DeferWelcome on

MasqueradeAddress 89.185.223.5
#PassivePorts 50000 65534

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21


# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 100

# Set the user and group that the server normally runs at.
User nobody
#Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 1000
MaxClientsPerHost 1000
MaxClientsPerUser 1000
MaxHostsPerUser 1000

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "NetCable's Freeserver"

# Set /home/FTP-shared directory as home directory
# DefaultRoot /ftproot

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser spejs
AllowUser administrator
DenyALL
</Limit>

<Directory /ftproot/>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser spejs
Deny ALL
</Limit>


<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
Order Allow,Deny
AllowUser spejs
DenyAll
</Limit>
</Directory>

<Directory /ftproot/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser spejs
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser spejs
DenyAll
</Limit>
</Directory>

<Directory> /ftproot/upload/>
Umask 022 022
AllowOverwrite on


<Limit ALL>
Order Allow,Deny
AllowUser spejs
# AllowUser userftp
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

<Directory /admin/>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser administrator
Deny ALL
</Limit>


<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
Order Allow,Deny
AllowUser administrator
DenyAll

I have successfully installed proftpd and run it as root. It works fine when I connect to it from inside or outside my local network.
I want to change the permissions so that the server runs as non root. However when I run it, I get the following error.

anoopk@app1:~$ sudo -u ftpuser service proftpd start
open: Permission denied
* Starting ftp server proftpd - notice: unable to bind to Unix domain socket at '/var/run/proftpd/test.sock': Permission denied
- notice: unable to listen to local socket: Address already in use
app1.home.net - 127.0.1.1:75 masquerading as 75.58.60.212
app1.home.net - PRIVS_ROOT: unable to seteuid(): Operation not permitted
app1.home.net - PRIVS_ROOT: unable to setegid(): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to seteuid(PR_ROOT_UID): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to setegid(session.gid): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to seteuid(session.uid): Operation not permitted
app1.home.net - mod_delay/0.5: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory
app1.home.net - PRIVS_ROOT: unable to seteuid(): Operation not permitted
app1.home.net - PRIVS_ROOT: unable to setegid(): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to seteuid(PR_ROOT_UID): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to setegid(session.gid): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to seteuid(session.uid): Operation not permitted
app1.home.net - unable to set daemon groups: Operation not permitted
app1.home.net - PRIVS_ROOT: unable to seteuid(): Operation not permitted
app1.home.net - PRIVS_ROOT: unable to setegid(): Operation not permitted
app1.home.net - PRIVS_RELINQUISH: unable to seteuid(PR_ROOT_UID): Operation not permitted
open: Permission denied

I have attached my conf file for the configuration details.

I have also tried adding the ip to the iptables
sudo iptables -A INPUT -p tcp -m tcp --dport 75 -j ACCEPT


I have searched on google and havent found anything to point me in the right direction, not sure if I missed anything in the forums either.
Any help will be greatly appreciated.
Thanks in advance,

I want to change the permissions so that the server runs as non root. Why such a need ? It makes your computer more secure to require root rights to run or modify services

hi, i'm new to ubuntu 6.10 and i'm trying to setup an ftp on it and after I finish the setup I receive this error:


ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.

Setting up gproftpd (8.2.6-1) 3



here my config file


#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

ServerName "Debian"
ServerType inetd
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>



thx all for your help

The guide is for a standalone server no support is provided for the inetd mode. The line "ServerType inetd" shows that you are using the inetd mode.

I try using the standalone also & still giving me an error!

Then please give the error message, i can't guess what the problem is without error log.

I updated my conf file to use standalone and when I start the service here what I receive:

* Starting ftp server proftpd - IPv6 getaddrinfo 'ks351281.kimsufi.com' error: Name or service not known
[ ok ]

thx for your help!

As i explained several post ago this error don't prevent the good work of the FTP server, it is just that you don't use ipv6.
I think you will find some useful posts in this thread and for sure in the forum if you want to remove this error message.

ok and if I want to use the GUI, how can I start it, because now I want to create users?

sorry for all this questions, i'm very new to ubuntu.


thx again,

ok and if I want to use the GUI, how can I start it, because now I want to create users?

sorry for all this questions, i'm very new to ubuntu.


thx again,

sudo apt-get install gproftp

this will install the GUI version of proftp. However if you just want to simply add another user i don't think you need the GUI to do so....

if you want to learn Ubuntu, command line is the only way to go in my opinion anwyays, i'm still very unfamiliar with linux but i can say one thing i've learned alot more by punching out commands as i would of done by doing everythign thru GUI

Alright, so using the default port 21 I was able to get to work the FTP server once I opened up the port in my DI-604 Virtual Server list (public 21, private 21, ip - internal IP). But unfortunately(?) I have to use my external IP to connect.

Is using my external IP and port 21 to login a bad thing?

Does anyone else who has a DI-604 know how to use a different port and set up proftpd to work with the DI-604 settings?

Thanks

Why such a need ? It makes your computer more secure to require root rights to run or modify services

Basic security. Any service running as root is really dangerous. Its best to run it as a user with specific access rights so that critical access permissions are always followed.

Basic security. Any service running as root is really dangerous. Its best to run it as a user with specific access rights so that critical access permissions are always followed.Yes but anyone would be able to gain access easily and configure the FTP server to share other directories.
Anyway i think it would be good to ask this question in the proftpd forum, im' curious to know what the proftpd experts think of the question :
http://forums.proftpd.org/smf/

If you have any interesting feedback about this in the proftpd forum please share it with us :)

this password 530 error, how do I fix it?
No, I can't use the GUI way because this is on a server without GUI, I'm just using SSH + terminal to update things.

I'm adding the users with aliases and everything. The thing is that when I installed the server I added users without any problems, but if I try to change password or add users now it doesn't work :(

this password 530 error, how do I fix it?
No, I can't use the GUI way because this is on a server without GUI, I'm just using SSH + terminal to update things.

I'm adding the users with aliases and everything. The thing is that when I installed the server I added users without any problems, but if I try to change password or add users now it doesn't work :(THe 530 error is in general a problem with the user creation and especially the password so in general resetting the password solve the problem.

It is stange that you can't change the password however, it is not supposed to behave like that.

yes, It's very strange, can't add user or change password for current users.

The thing is, the user can login through bash but they get dissconnected because I set /bin/false

noob questions: how can i access to my FTP

when i write ftp://69.70.242.31/ or ftp://69.70.242.31/FTP-shared/ i get unable to connect to host

i did open a port on my router like that:
http://img381.imageshack.us/img381/1421/captureqw9.png

but i dont know if it is the right way, my local ip is 192.168.1.100 and my ip is 69.70.242.31 according to my router

ProFTP is running

EDIT: I can connect locally (127.0.0.1)

either you have a firewall rules on your Ubuntu machine, check with
sudo iptables -L
or you didn't forward the correct port? Plus if you have a router/firewall between you and the cable modem or dls connection, you need to be using passive mode I believe. There's always issues for newbies trying to get it to work thru a hardware firewall. You need to read the links at the bottom of the guide about opening up all ports from 1025 to 65535 or whatever it says, then adding a passive line within proftpd.conf. Just read the bottom of the guide where it talks about being behind a router. The problem is that the connection is done thru port 21 but I think the data connection is done on ports above 1024 so it doesn't work because you don't have those higher ports open (something along those lines). Also, I just ran nmap on your external ip address and it does NOT show port 21 open just so you know so you can't have forwarded port 21 on your router to your internal ip's address port 21. Also, what does this command return:
netstat -pant
you should be able to see something like 0.0.0.0:21, that means that your ftp server is listening on the external interface and not just to localhost. Good luck.

Yes but anyone would be able to gain access easily and configure the FTP server to share other directories.
Anyway i think it would be good to ask this question in the proftpd forum, im' curious to know what the proftpd experts think of the question :
http://forums.proftpd.org/smf/

If you have any interesting feedback about this in the proftpd forum please share it with us :)

Thanks frodon for your prompt replies :). I've posted to the proftpd forums, hopefully someone else has tried it before :guitar:

Thanks everybody for this valuable information ....

Hey guys...
I have been trying to get this to work but the only thing that I get when I give the start comand is a "FAIL"

This is my conf file:


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias jose userftp

ServerName "Monark"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


And this is when I run -td5:

monark@monark-desktop:/home/FTP-shared$ sudo proftpd -td5
Checking syntax of configuration file
- mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
- parsing '/etc/proftpd/proftpd.conf' configuration
- <Directory /home/FTP-shared>: deferring resolution of path
- <Directory /home/FTP-shared/download/*>: deferring resolution of path
- <Directory /home/FTP-shared/upload/>: deferring resolution of path
- IPv6 getaddrinfo 'monark-desktop' error: No address associated with hostname
monark-desktop -
monark-desktop - Config for Monark:
monark-desktop - /home/FTP-shared/upload/
monark-desktop - Limit
monark-desktop - AllowAll
monark-desktop - Limit
monark-desktop - DenyAll
monark-desktop - Umask
monark-desktop - DirUmask
monark-desktop - AllowOverwrite
monark-desktop - AuthAliasOnly
monark-desktop - UserAlias
monark-desktop - ShowSymlinks
monark-desktop - DisplayFirstChdir
monark-desktop - ListOptions
monark-desktop - RequireValidShell
monark-desktop - RootLogin
monark-desktop - TransferLog
monark-desktop - UseFtpUsers
monark-desktop - AllowStoreRestart
monark-desktop - MaxClients
monark-desktop - MaxClientsPerHost
monark-desktop - MaxClientsPerUser
monark-desktop - MaxHostsPerUser
monark-desktop - AccessGrantMsg
monark-desktop - /home/FTP-shared/download/*
monark-desktop - Limit
monark-desktop - DenyAll
monark-desktop - Umask
monark-desktop - DirUmask
monark-desktop - AllowOverwrite
monark-desktop - AuthAliasOnly
monark-desktop - UserAlias
monark-desktop - ShowSymlinks
monark-desktop - DisplayFirstChdir
monark-desktop - ListOptions
monark-desktop - RequireValidShell
monark-desktop - RootLogin
monark-desktop - TransferLog
monark-desktop - UseFtpUsers
monark-desktop - AllowStoreRestart
monark-desktop - MaxClients
monark-desktop - MaxClientsPerHost
monark-desktop - MaxClientsPerUser
monark-desktop - MaxHostsPerUser
monark-desktop - AccessGrantMsg
monark-desktop - /home/FTP-shared
monark-desktop - Limit
monark-desktop - DenyAll
monark-desktop - Umask
monark-desktop - DirUmask
monark-desktop - AllowOverwrite
monark-desktop - AuthAliasOnly
monark-desktop - UserAlias
monark-desktop - ShowSymlinks
monark-desktop - DisplayFirstChdir
monark-desktop - ListOptions
monark-desktop - RequireValidShell
monark-desktop - RootLogin
monark-desktop - TransferLog
monark-desktop - UseFtpUsers
monark-desktop - AllowStoreRestart
monark-desktop - MaxClients
monark-desktop - MaxClientsPerHost
monark-desktop - MaxClientsPerUser
monark-desktop - MaxHostsPerUser
monark-desktop - AccessGrantMsg
monark-desktop - Limit
monark-desktop - AllowUser
monark-desktop - DenyAll
monark-desktop - AllowOverwrite
monark-desktop - AuthAliasOnly
monark-desktop - UserAlias
monark-desktop - DeferWelcome
monark-desktop - DefaultServer
monark-desktop - ShowSymlinks
monark-desktop - TimeoutNoTransfer
monark-desktop - TimeoutStalled
monark-desktop - TimeoutIdle
monark-desktop - DisplayFirstChdir
monark-desktop - ListOptions
monark-desktop - RequireValidShell
monark-desktop - TimeoutLogin
monark-desktop - RootLogin
monark-desktop - ExtendedLog
monark-desktop - TransferLog
monark-desktop - UseFtpUsers
monark-desktop - AllowStoreRestart
monark-desktop - UserID
monark-desktop - UserName
monark-desktop - GroupID
monark-desktop - GroupName
monark-desktop - Umask
monark-desktop - DirUmask
monark-desktop - MaxClients
monark-desktop - MaxClientsPerHost
monark-desktop - MaxClientsPerUser
monark-desktop - MaxHostsPerUser
monark-desktop - AccessGrantMsg
monark-desktop - ServerIdent
monark-desktop - DefaultRoot
monark-desktop - DefaultRoot
monark-desktop - MaxLoginAttempts
monark-desktop - mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
Syntax check complete.
monark@monark-desktop:/home/FTP-shared$



Please any help I would like to get this to work so I will not get frustated... ](*,) ](*,) ](*,)

As i repeat every 3 or 4 posts (read the thread you will see more than 10 posts about this) the Ipv6 error don't prevent the FTP server to work so you can just ignore it, if you can't ignore this error message do as following :
http://ubuntuforums.org/showthread.php?p=2295568#post2295568

As i repeat every 3 or 4 posts (read the thread you will see more than 10 posts about this) the Ipv6 error don't prevent the FTP server to work so you can just ignore it, if you can't ignore this error message do as following :
http://ubuntuforums.org/showthread.p...68#post2295568


Yeah frodon I already ignored the error but what would be the cause of my problem???
when I put the start comand it just goes:

starting proftpd server [FAIL]


Could you be so kind to show me a way to find a debug log for this or is there anything else I would have to look into??

please help me.....

thanks anyways for replying.

What a better place to look for help that your "UBUNTU FORUMS"

If your server fail to start then you may have another problem, anyway first fix your Ipv6 hostname so we will be sure that it don't create problems on your computer.
As i said you can ignore the Ipv6 error except if you are using Ipv6 adresses.

So do as explained here (replace bohdan-ubuntu by monark-desktop in your case):
http://ubuntuforums.org/showpost.php?p=2295568&postcount=2

Then restart your server and post back here the errors log if your server still fail to start.

If your server fail to start then you may have another problem, anyway first fix your Ipv6 hostname so we will be sure that it don't create problems on your computer.
As i said you can ignore the Ipv6 error except if you are using Ipv6 adresses.

So do as explained here (replace bohdan-ubuntu by monark-desktop in your case):
http://ubuntuforums.org/showpost.php...68&postcount=2

Then restart your server and post back here the errors log if your server still fail to start.


Pardon my ignorance but where would i find the "error log"
or I just have to run -5td again and just see what it says???

Thank you so much fur your help... and time... and patience...

Just restart the server using a terminal, error messages should appear in the terminal if the server fail to start.
You can also run the proftpd -td5 command, it will give some more infos.

Just restart the server using a terminal, error messages should appear in the terminal if the server fail to start.
You can also run the proftpd -td5 command, it will give some more infos.


Thanks man, I will try that tonight and I will post back to let you know how it goes....

Hey Frodon!!!!

I got it working, I got rid of the ipv6 error and and my problem was that I did not read carefully your How To,
I just went through the tutorial again just to check that all the settings where fine and I found that I created the ftp user wrong and then when I got it running I got the 530 error but it is fixed now, and I even got it working with my dyndns.org account. Now my cousin in San Francisco can get into my FTP server and browse through the folders and I will have look into the encrypting (is this really necesary?) . Man this is great... The only thing now is to see if I can get it to upload faster, my cousin was getting a download rate of 40 kb/s, it would be great if there would be a way to speed this up a bit...
If anybody knows llet me know...

Thanks anyway...

(I will post back if I got any problem)

The upload speed depend of your connection, by default the FTP server will use all the upload bandwidth availables o maybe it is just that your connection can't do more.
About encryption, it's easy to set up and it increases the security because the basic FTP protocol transfer the username and password in plain text so if someone is listening your traffic he will get easily your FTP password and username.
When you set encryption all is encrypted including your username and password so can live in peace :)

Hey Frodon!!!!

I got it working, I got rid of the ipv6 error and and my problem was that I did not read carefully your How To,
I just went through the tutorial again just to check that all the settings where fine and I found that I created the ftp user wrong and then when I got it running I got the 530 error but it is fixed now, and I even got it working with my dyndns.org account. Now my cousin in San Francisco can get into my FTP server and browse through the folders and I will have look into the encrypting (is this really necesary?) . Man this is great... The only thing now is to see if I can get it to upload faster, my cousin was getting a download rate of 40 kb/s, it would be great if there would be a way to speed this up a bit...
If anybody knows llet me know...

Thanks anyway...

(I will post back if I got any problem)

I never could get the SSL encryption working. What I do is just use ssh tunnels for all my over the internet stuff like vnc and mythweb access. and for transferring files, I use WinSCP, it's free for Windows. You can also use any ftp client that has SFTP option. It'll use the ssh encrypted connection to transfer files back and forth. BUT, keep in mind that your ssh server makes your friend have access to your ENTIRE computer so hopefully he knows not to just move or delete stuff. There may even be a way to "block" off certain folder but most likely not. You'll need ssh server running on your Ubuntu machine, I set mine up with RSA Keys, then I just open port 22 on my router, then I use any ssh client to connect.

As far as how fast your friend downloads, I have that same problem! I have great download but horrible upload, so he is restricted to how ever fast your upload connection is. I am guessing it's around 320 Kilobits per second which equates to the 40 kilobytes that your friend is downloading at. Remember, kilobit is NOT the same as what files are stored in, Kilobytes or megabytes. The conversion is APPROX .125 to 1.

Well, I will try to put the encrypting and I will post back to tell how it goes...

BTW dannyboy79, what was your problem with TLS encryption, the certificate creation ?

Yes but anyone would be able to gain access easily and configure the FTP server to share other directories.
Anyway i think it would be good to ask this question in the proftpd forum, im' curious to know what the proftpd experts think of the question :
http://forums.proftpd.org/smf/

If you have any interesting feedback about this in the proftpd forum please share it with us :)

For others who want to run proftpd as non root, please follow this article

http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Nonroot.html

Mods: This might be a good link to be put on its own as a sticky post for others who might find it useful. I'll leave it to your best judgement. :)

BTW dannyboy79, what was your problem with TLS encryption, the certificate creation ?

it was with actually connecting. The cert creation worked fine. I could never connect with Filezilla, FireFTP, or Gftp. I even tried every different version of encryption I could like TLSv1 SSL or whatever all the options are within each of the clients. I also could never tell if my server was actually using the TLS enryption.

I'm wondering how many users had this problem as well, i suppose you tried the FTPES option in filezilla (this is the option i use on my box) ...
Did you find any other users on the proftpd forum with this issue ?

I'm wondering how many users had this problem as well, i suppose you tried the FTPES option in filezilla (this is the option i use on my box) ...
Did you find any other users on the proftpd forum with this issue ?

this was long ago, I spent days reviewing the proftpd forums trying to get my proftpd server working thru inited (or whatever the opposite of standalone was) along with encryption but never got it to work. No, I don't believe I did try that within Filezilla. I don't even use an ftp server anymore on my Ubuntu box. Since I am the only person wtih access I don't need to struggle with the setting up users, folders, access etc etc.

I just setup ssh with public/private key pairs with passphrase and use winscp from windows and or gftp (sftp) thru Ubuntu and instead of only having access to certain folders, I have access to everything. I would like to learn how to do it properly but right now I just don't have the time, I have plenty going on.

I have read through the very helpful guide and the posts and have managed to get my FTP server up and running. I have run into a bit of a problem though that I am hoping someone may be able to help me with.

Here is the situation, I also have a Ubuntu server running with proftpd running. I have a NAS that has a few directories that get backed up from my various other systems. I have mounted a few of these to directories within my ftp-shared directory. The problem is that there are a couple directories that I don't want to be available via ftp. To complicate things more these directories have spaces.

So I tried this:

<Directory /home/ftp-shared/backup/My Photos/>
<Limit ALL>
Deny ALL
</Limit>
</Directory>


and this:

<Directory /home/ftp-shared/backup/My\ Photos/>
<Limit ALL>
Deny ALL
</Limit>
</Directory>

But neither work. Any ideas? Thank you in advance.

I have read through the very helpful guide and the posts and have managed to get my FTP server up and running. I have run into a bit of a problem though that I am hoping someone may be able to help me with.

Here is the situation, I also have a Ubuntu server running with proftpd running. I have a NAS that has a few directories that get backed up from my various other systems. I have mounted a few of these to directories within my ftp-shared directory. The problem is that there are a couple directories that I don't want to be available via ftp. To complicate things more these directories have spaces.

So I tried this:

<Directory /home/ftp-shared/backup/My Photos/>
<Limit ALL>
Deny ALL
</Limit>
</Directory>


and this:

<Directory /home/ftp-shared/backup/My\ Photos/>
<Limit ALL>
Deny ALL
</Limit>
</Directory>

But neither work. Any ideas? Thank you in advance.

the folders are still showing up you're saying? also, you didn't specify the commands that are deny all for since you're using the limit option? try the hidenoaccess, you can read all about configuring proftpd here: http://chronos.cs.msu.su/proftpd/Configuration.html#HideNoAccess

Thanks for the suggestion I tried this:


<Directory /home/ftp-shared/backup/My\ Photos/>
Umask 022 022
AllowOverwrite off
HideNoAccess on
<Limit ALL>
Order Deny,Allow
Deny ALL
</Limit>
<Limit CWD>
Order Deny,Allow
Deny ALL
</Limit>
</Directory>


Yet I can still see the directory when I ftp in. I have tried lots of other combinations too. Then I got the idea of trying with a directory that did not have a space in it and sure enough it worked. So the problem is the space. Is there anyway to get proftpd to take that into account? I can not easily remove the space as it would mess other things up.

Thank you in advance.

Sean

I found this within 1 minute via google.

If the name of the directory contains spaces, you should enclose the entire directory name in quotations, e.g.:

<Directory "/path/to/My Directory">

Thanks for the info. On my search through google I only got 5 hits back and none of them were about what I wanted. I guess I was too specific in my search. Thanks again.

Sean

I have done what it says in the How to, but I cant login. The client tells me that I'm using either a wrong password or login. What should I do?

You should try to reset your password and see if you stil have the problem.

I still have the problem after a password restart.

ok, could you post your config file and the error log you get with your FTP client, don't forget to give some details about your configuration (firewall, router , ..).

I'm getting the 530 error and I can't figure out what the issue is... below is my .conf file:

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
UserAlias Nick userftp
AuthAliasOnly on

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShells off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser Nick
AllowUser guest
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser guest
AllowUser Nick
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup

# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

I can log in with the user 'Nick' but not guest. Any help would be greatly appreciated.

Your user guest has no alias name and the option "AuthAliasOnly on" allows only alias name to login, so either create an alias name for the user guest or disable the "AuthAliasOnly" option.

Otherwise try to reset the password, it often solve this problem :
sudo passwd guest

call me a n00b, because i call myself that and I am, but is all i have to is like below?:

# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
UserAlias Nick userftp
UserAlias guest userftp1
AuthAliasOnly on

or is there another way i have to set the alias?

i have done
sudo passwd guest

and reset the password but am still getting the 530 error.

Ok wait a minute, what are the names of the users you created and what login name do you use in your ftp client ?

I've tried using both userftp1 and guest, still no go.

I get an error saying that it can't find the proftpd package.

I've tried using both userftp1 and guest, still no go.Please answer my question first, i think your problem is just that in your LOGIN section you are allowing the alias name instead of the real user name.

I get an error saying that it can't find the proftpd package.This is more likely to be a repository problem, could you tell us which version of ubuntu you are using ?

I'm using 6.06

I'm getting the same problem with 6.06 when I try and get the gproftpd. I'm also a noobie :(

nvm

how do I know whether I'm connected to my ftp server via ssl or not? it seems to me that I'm not, even though I've set

TLSRequired on

also, when i'm setting up my ssl certificates, on the last step, i get this:

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=US/ST=Illinois/O=Internet Widgits Pty Ltd/CN=Calvin/emailAddress=MY_EMAIL_ADDR@gmail.com
error 18 at 0 depth lookup:self signed certificate
/C=US/ST=Illinois/O=Internet Widgits Pty Ltd/CN=Calvin/emailAddress=MY_EMAIL_ADDR@gmail.com
error 7 at 0 depth lookup:certificate signature failure
22235:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
22235:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:708:
22235:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:
calvin@calvin-desktop:/etc/ftpcert$

it tells me that i got a iv6 problem when i try to start it, how do i turn of ipv6? ipw4 shoud do in a lan right

hi frodon, i have just copied and pasted your howto but i still have an error. i've used mssm's proftd.conf because i am also using a router and a dynamic ip address from the dsl provider.(im using d-link 524 router) can u pls tell what im am going to do to fix
these errors?

* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftpd - IPv4 getaddrinfo 'abelardoom.dyndns.org' error: Name or service nome t known
- Fatal: MasqueradeAddress: unable to resolve "abelardoom.dyndns.org" on line 1 81 of '/etc/proftpd/proftpd.conf'

sudo nano /etc/proftpd/proftpd.conf

There's a line near the beginning where we can enable or disable IPv6, set it to off. That should fix it.

>sudo nano /etc/proftpd/proftpd.conf

>There's a line near the beginning where we can enable or disable >Pv6, set it to off. That should fix it.


is that ok to delete that line? i mean is it not needed by the program?
im sorry im just realy noob to linux.. thanks for the reply.

Hi,

I try to set up the TFT server but I received this message.

ZZZ@ZZZ-laptop:~$ sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd - IPv6 getaddrinfo 'andre-laptop' error: No address associated with hostname
[ OK ]
ZZZ@ZZZ-laptop:~$ sudo /etc/init.d/proftpd start
* Starting ftp server proftpd [fail]
ZZZ@ZZZ-laptop:~$



Help me please

>sudo nano /etc/proftpd/proftpd.conf

>There's a line near the beginning where we can enable or disable >Pv6, set it to off. That should fix it.


is that ok to delete that line? i mean is it not needed by the program?
im sorry im just realy noob to linux.. thanks for the reply.If your ISP don't use IPV6 adresses then for sure you can disable IPV6 support,

hi frodon, i have just copied and pasted your howto but i still have an error. i've used mssm's proftd.conf because i am also using a router and a dynamic ip address from the dsl provider.(im using d-link 524 router) can u pls tell what im am going to do to fix
these errors?

im done with the ipv6 thing:)

* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftd - IPv4 getaddrinfo 'abelardoom.dyndns.org' error: Name or service nome t known
- Fatal: MasqueradeAddress: unable to resolve "abelardoom.dyndns.org" on line 1 81 of '/etc/proftpd/proftpd.con

Hi new486dx,

I saw your post but unfortunately i am not really able to help you as i don't use a router and never used it so users who followed the guide and use a router are more likely to provide you the solution to your problem than me.
Don't forget also to search and maybe post your question on the proftpd forum, it is a really good place to learn more about proftpd and its configuration :
http://forums.proftpd.org/smf/

However my guess is that your problem is more related to your domain name and the way you set it rather than your proftpd.conf file. Are you able to ping successfully your domain name (abelardoom.dyndns.org) ?

it works fine now, but i can't ftp from the outside.

Thanks for a great howto!
Worked like a charm here.

I have got proftp setup but I can't seem to login to my site. This is the output that I am getting, can anyone see where I am going wrong please. Is it looking for mu ubuntu login and password or the one set up in proftp as neither work.

/home/FTP-shared-->ftp kmiles.co.uk
Connected to kmiles.co.uk.
220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change.
Name (kmiles.co.uk:kenneth): ken
331 Password required.
Password:
530 Permission denied
Login failed.

Thanks in advance.
Regards, Kenneth.

hi, i've got a problem, i tried to mount my usb drive to the folder "mount"

I have changed my config file

(added
<Directory> /media/disk>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
AllowAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
)

but i still get a 550 error when trying to get into my mounted directory (if nothing's mounted in there I can get in the folder)

Help please!

ok, i found out how to fix it, it didn't have to do anything with the ftp, just user restrictions

Hello. I use ubuntu feisty fawn of server edition.
I installed and set up the proftpd just you guys introduced above. But I don't think that mine is working correctly.
I can access to my server by typing ftp://localhost on the server machine which runs proftpd. But when I try to access from other computer which runs opensuse, I can't login. The other computer returns the message "Could not find server". I don't see why it happens. Could you help me?

Hello. I use ubuntu feisty fawn of server edition.
I installed and set up the proftpd just you guys introduced above. But I don't think that mine is working correctly.
I can access to my server by typing ftp://localhost on the server machine which runs proftpd. But when I try to access from other computer which runs opensuse, I can't login. The other computer returns the message "Could not find server". I don't see why it happens. Could you help me?For sure a firewall/router issue, check the configuration of both computers and verify that you have all the needed ports opened.

Thank you. I just discovered that if I type IP address in, I can access to the server. For instance, like 192.168.xx.x, then I can access to the server but if I type the name of computer which you need to type in at the instllation, it does not work.Could you give me some advices?

Thank you. I just discovered that if I type IP address in, I can access to the server. For instance, like 192.168.xx.x, then I can access to the server but if I type the name of computer which you need to type in at the instllation, it does not work.Could you give me some advices?I always use the IP to connect to my server so if you don't have a domain name for your computer i'm not sure if it is possible to reach your computer with something else than the IP.

BTW thanks for the how to. iam still having a little bit of an issue. i have my ftp server currently setup behind a router and have already configured the masquerade address and passive port. the issue iam running into is that from withing my network i can access the ftp site fine, but when i try to connect from outside my network i keep getting a permission denied error stating that i dont have enough permissions. the wierd part is that it does connect and authenticates but gives me the permission denied error (550 i think). i have attached my config file for review to see if iam missin anything. thanks

Hi!

I tried to follow the guide to the letter but still managed to get in trouble. Running proftpd gives me

vainio@Kepuinen:/$ sudo /etc/init.d/proftpd start
* Starting ftp server proftpd - IPv4 getaddrinfo 'Kepuinen' error: No address associated with hostname
- warning: unable to determine IP address of 'Kepuinen'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'
[fail]

I copied the file directly from the guide. What did I do wrong?

There's a problem in your proftpd.conf file surely with the server name, could post your config file here so we can review it ?

BTW thanks for the how to. iam still having a little bit of an issue. i have my ftp server currently setup behind a router and have already configured the masquerade address and passive port. the issue iam running into is that from withing my network i can access the ftp site fine, but when i try to connect from outside my network i keep getting a permission denied error stating that i dont have enough permissions. the wierd part is that it does connect and authenticates but gives me the permission denied error (550 i think). i have attached my config file for review to see if iam missin anything. thanks

Any ideas as to what may be the issue here. All help will be greatly appreciated

Frodon! This is a very clear how-to! However, I have run into a few problems... First, I'm not behind a firewall or anything like that - I host a number of websites off this computer and I have no problem accessing them. I do get the IPv6 notice when I start proFTPd - can't seem to fix it, so, here's my conf file, maybe you could provide some idea on how to get my address ftp://statmajor.info (which I own) to point to this. I did all the SSL/TSL stuff too, to make it more secure. Thanks!

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "ftp://statmajor.info"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell on

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "Welcome Mr. Ewing"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
#DefaultRoot /home/mark/Documents/School

# Lock all the users in home directory, ***** really important *****
#DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp,
AllowUser mark
</Limit>

<Directory /home/mark/Documents/School/*>
Umask 022 022
AllowOverwrite on
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD CWD MKD READ>
AllowAll
</Limit>
</Directory>

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient on
</IfModule>
<Global>
DeferWelcome on
MaxClients 5
ServerIdent on "Welcome Mr. Ewing"
AllowOverwrite on
RequireValidShell on
</Global>

Hi pofigster,

What is your problem exactly, the IPv6 error message or the access to your FTP server ?

For all you need is to make your domain name ftp://statmajor.info to point to the IP of your computer but if you already have some websites on this computer i guess it is already the case so you should already be able to access your FTP server using this domain name.

About your config file not much to say, it is not mandatory to put your domain name as server name because from my understanding the ServerName command is just to set a simple name for the server, i have another remark about your user called "mark" because you chose to allow this user to access to the server (AllowUser mark command) however like recommended in my guide the server allows only connection with alias names (AuthAliasOnly on command) so you would need to create an alias name for your user mark and login your server with this alias name.

Ok, I think the real problem is the IPv6 thing then, associating an address with my computer's name. I noticed in this thread that there's supposed to be something in the config file to edit? I couldn't find it.

Anyway, I've got ftp://statmajor.info pointing at this computer, but the login for userftp doesn't work (keeps asking for the password), I assumed the two were interconnected.

About the IPv6 error try this :
http://ubuntuforums.org/showthread.php?p=2295568#post2295568

frodon, that last post fixed the IPv6 warnings that were showing up. Still, though, everytime I try and login I get a 530 error. I double checked, I don't require a valid shell in the conf file, and the user I created on this computer, userftp, has the right folder as home and the right /bin/false shell. Any idea on why I simply cannot login?

Check the system rights of your /home/mark/Documents/School/ directory, it is an upload directory so the rights of this folder must be 777. Then if you still get this error try to set another password for the user several time and verify that you are using the alias name to login the server.

BTW i saw one huge security mistake in your config file, please uncomment the line "DefaultRoot /home/mark/Documents/School" it is what prevent a user from going outside your /home/mark/Documents/School directory so this is really important.

It works! Thanks for your help, I wasn't using the alias name to login...stoopid me.

Great, enjoy your encrypted FTP server ;)

Frodon - it's me again :( Ok, so the unencrypted FTP server is working great - but when I use Webmin to update the configuration file to include the TLS code (After getting it all set up like in the how-to) this is what I get:
Failed to apply FTP configuration :

Checking syntax of configuration file

Please provide passphrases for these encrypted certificate keys:
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.

Wrong passphrase for this key. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.

Wrong passphrase for this key. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (ftp://statmajor.info) server:

Passphrases do not match. Please try again.

Wrong passphrase for this key. Please try again.
mark-desktop - mod_tls/2.1.1: unable to use RSA certificate key in '/etc/ftpcert/server.key', exiting


How do I get the passphrases to match? I used the same passwords for both of the certificates, not the same as my login password though. Any help would be great! Thanks!

If you are not sure of your certificate password maybe it will be faster to recreate your certificate.
I never used webmin so i can't really help you about webmin related stuff.

Greetings everyone,

Decent how-to. I should note however, I needed to use the LATEST version of firezilla, in order to use the TLS compression. You may want to note that in the how-to.

But I have a question about a module that is not in the packaged version in the repos. I would really like to use the mod_shaper module, in order to limit the overall bandwidth usage of my crummy adsl connection. I looked at the "TransferRate RETR" control, but I realized that thats for a per connection basis, not to powerful at all.

Since I'm almost a total Linux n00b, could you give me an idea of how to recompile proftpd with the included mod_shaper module?

Much thanks to everyone, including the how-to's author!

-Adam

First are you sure it is not included ? Not loaded not necessarily mean not present. The list a modules you are loading when running proftpd is set in the /etc/proftpd/modules.conf file.
The command "proftpd -l" should return you the module list.

In addition TransferRate is not on a "connection basis" but on a command basis, for the moment i don't see the need to restrict the bandwidth other than for the RETR and STOR commands and maybe also the LIST command, other commands not being bandwidth eaters.

Will add a note about filezilla, i use the feisty repository version which Support for TLS encryption but i guess previous version don't, thanks for your feedback :)

Thanks frodon,

Yes, I'm pretty sure its not included. I check in the /usr/lib/proftpd directory, and its not listed.

Well, the reason why I want the mod_shaper is because i want to be able to set an upstream transfer rate in total. So if I have 60kb/s to spare, i want that entire 60kb/s to be allocated, no matter how many transfers are running.

As for the firezilla, I was referring to the windows version. I can't speak for the linux version because I don't use it, but version2 of firezilla just wouldn't connect to my TLS encrypted server! I was going nuts trying to figure it out, thinking it was a problem with the server configuration. Then I just decided to try the latest version (version3) of firezilla; it worked perfectly.

-Adam


First are you sure it is not included ? Not loaded not necessarily mean not present. The list a modules you are loading when running proftpd is set in the /etc/proftpd/modules.conf file.
The command "proftpd -l" should return you the module list.

In addition TransferRate is not on a "connection basis" but on a command basis, for the moment i don't see the need to restrict the bandwidth other than for the RETR and STOR commands and maybe also the LIST command, other commands not being bandwidth eaters.

Will add a note about filezilla, i use the feisty repository version which Support for TLS encryption but i guess previous version don't, thanks for your feedback :)

I've only been using Ubuntu for a year or so, and I've never tried setting up an FTP server, so this thread is invaluable...

I've stumbled through the HowTo, understanding probably half of it :)

I'm behind a router, and have tried to make those allowances in the proftpd.conf file.

When I try and connect using fireftp in Firefox, I can't connect, and don't get any useful information about why: "Unable to make a connection. Please try again."

Is there a log file, or...?

Where on Earth do I start looking to see what the problem is? :confused:

thanks for the great tut. I have one prob though. I cannot get the proftptools to work, I think I did the .bashrc correct, can you let me know. when I run ProftpTools from the terminal it does nothing.

Here is my .bashrc file.

ProftpTools_dir=/home/steve/downloads/ProftpTools-v1.0.2
export ProftpTools_dir
fi

nevermind, I fixed it, I had to remove that fi

Hey, great tutorial there I got through it just find I'm just running into a problem now I can't seem to solve.

I have this ftp server setup just for local file transfer between windows/linux mostly. I can connect to the server, browse the files, etc.. but If I want to create a new folder or upload a file I get a "550: Permission Denied" error.. I have chmod my ftp folder to 777 and still unsure what the problem is. Anyone know what might be wrong?


ftp> put /home/daniel/hmm.txt
local: /home/daniel/hmm.txt remote: /home/daniel/hmm.txt
200 PORT command successful
550 /home/daniel/hmm.txt: Permission denied
ftp>


I have copy/paste the .conf file from the tutorial so unless there is a mistake I think that is fine.

Any help is appreciated, thanks!


EDIT: I just chmod all directories to 777 including the ftp directory and its working fine now :/ .. I just had to specify a remote path because it was trying to upload to the wrong place.

Hi.
I'm a newbee to Linux world and Ubuntu is the first distro I tried. I want to make an ftp server, so I followed your steps literally for a start.
I manage to get almost everything going, but 1 thing I couldn't get it done is to make a symlink in the ftp-share directory to be accessable by the ftp user.

I want an ftpuser to access directory /home/ftp-share, /site/www, and /store/client
I already make ln -s command to make shortcut to www and client directory in ftp-share folder, but ftpuser cannot see them, what should I do?

Hi.
I'm a newbee to Linux world and Ubuntu is the first distro I tried. I want to make an ftp server, so I followed your steps literally for a start.
I manage to get almost everything going, but 1 thing I couldn't get it done is to make a symlink in the ftp-share directory to be accessable by the ftp user.

I want an ftpuser to access directory /home/ftp-share, /site/www, and /store/client
I already make ln -s command to make shortcut to www and client directory in ftp-share folder, but ftpuser cannot see them, what should I do?All is explained in the tutorial, symlink are not allowed with the config i provided as they decrease seriously the security of your FTP server.
This is the exact purpose of the section Misc > Useful tricks to let you mount where you need the directory you wish to share.

i can set permissions for users to upload to a particular directory but any subfolders in that directory do not inherit the permissions of the parent folder. Do i have to add something to my conf file for this to happen?

Thanks

hey what do i put here

# Set the user and group that the server normally runs at.
User nobody
Group nogroup


what should i put in user and group thanks

oh and as well whenever i start or restart i get these messeages
when i try to start it simply fails ?? and when i restart it gives me this messege

- IPv6 getaddrinfo 'server.gateway.2wire.net' error: No address associated with hostname

hey what do i put here

# Set the user and group that the server normally runs at.
User nobody
Group nogroup


what should i put in user and group thanksYou can leave it like that, that doesn't really matter for a standard use.

oh and as well whenever i start or restart i get these messeages
when i try to start it simply fails ?? and when i restart it gives me this messege

- IPv6 getaddrinfo 'server.gateway.2wire.net' error: No address associated with hostnameThis is explained everywhere in this thread.

ok thanks great guide i was a little spectical but i just ignored it and it worked

exept that when i login to the ftp i have acces to a different users home folder not the FTP-shared

??? how can i change this

thanks

The ftp server will login in the user home directory so if you didn't set the FTP-shared directory as home directory for your ftp user then it is normal.

I'm having some problems with this after upgrading to Gutsy - when starting the server without a wired network connection:
/etc/init.d/proftpd start
* Starting ftp server proftpd
- IPv4 getaddrinfo 'manetheren' error: No address associated with hostname
- warning: unable to determine IP address of 'manetheren'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'

With no or wireless connection, the server refuses to start. There is nothing in the conf that suggests anything about "manetheren" - which is indeed my hostname.

Completely removing and re-installing proftpd doesn't seem to do the trick...
any ideas?

-K

Your problem is not related to proftpd but to your network configuration, post here your /etc/hosts file, your problem is here.

cat /etc/hosts
127.0.0.1 manetheren.lan
127.0.1.1 manetheren.lan manetheren.lan

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts


remove ".lan" from the first entry?

I guess your host name may be different when you use your wireless connection, check this and if it is really the case just add your wireless specific host name to the file.

Hehe, that did it :D

When I had wireless, it asked for "manetheren", when I was using a wired connection, it was going on about "manetheren.lan". Added "manetheren" to hosts - it now works.

Thanks!
-K

Glad you got it working :)

wondering userftp is a group

so what does it mean if i add a user such as my default ubuntu user to that group
what effects will this have on my ftp?

btw great guide still working on setting it up heheeh
edit
do i type the computers private ip like this ftp://192................ ect
to view my ftp beacuse its not working for somereason ? i did exactly as u did even copied teh config but im not getting login page i also forwareded the ports

If you put your normal user to the userftp group (which have no sense IMO) this won't do anything as you normal user isn't allowed to login your ftp server except obviously if you add a line to allow it.

To access your ftp server i strongly advice you to use a FTP client (like fireftp, or filezilla) otherwise you have to use a browser which handle correctly ftp identification and you have to know how to enter your ftp address.

In a web browser the address to type is something like :
ftp://your_alias_name@192.***.***.***:your_ftp_port_numb er

ic well now i get the login page exept im using my alias and im using the password set for the group userftp and it still dont work gives me 530 error

You will see a bunch of posts in this thread about the 530 error, it means that there's a configuration problem.
That might come from the password, wrong username, wrong rights on your FTP shared directories, so check thoroughly your config and perform a search in this thread using "530 error" as key word, you will find a lot of useful informations.

ok ill do that but quick qestion before i do that ubuntu doesent let me login with userftp and the password
? is this a possible problem

That may be indeed, try to regenerate the password using "sudo passwd userftp".

sorry to bump , but im stuck

ive installed the server, configured it as best i can, all i did was change the server name to discovery

and when i come to access the server, it says unable to find it :S im using ftp://my ip address:21

is that correct?

my servers ip is 192.168.1.11 if it helps

edit: cant even view the server on the internal network too

edit 2: getting a 503 error saying incorrect details

so im really :S now

btw, the attached file had to have .doc added on the end, i coppied everything from the gedit cmd and saved it in a new file in the same program, hope it helps

edit 3: can view it internally, however the whole HDD is viewable, i only want certain folders to be viewable, not my whole HDD, also, still cant get external address to view it, even thou ive added the ports in my router :(

Sorry but you didn't followed the tutorial, there's no LIMIT LOGIN section, no directory section and even worst no DefaultRoot in your proftpd.conf command which is the reason nothing limits users from browsing your whole computer so your FTP server is really not safe for the moment.
So please read thoroughly the config file provided in the tutorial and take example on it.

As for you problem where you can't connect from the outside it is related to your network configuration first thing to check is your firewall and configure your rooter if you have one.

got it working now, i used the script on the 1st page and changed the details to suit my folders etc

nice is it safe to delet the folder named ftp with a file named welcome in it in /home


so whats the point of the download folder is i cant put stoff on it from my linux box or any other pc

also where can i find more information for like making the ftp-shared directory give more privilages such as move files from the folder to the desktop delet files from there and everythign related to that

thanks alot for helping a noob just got litnux little over 2 weeks ago and i already got ftp with public domain thank you very much and ur detication

also quick qestion when creating a new user do i have to add him from the users and groups and then add them to group user ftp?

can u explain i have authoraliaseonly set to off

but then i have john1 userftp set for my alias
john1 is also another acount i have that i use for all my ubuntu stuff
and i am able to login with john1 with authalias only to off but im not able to sign in with userftp
i played around with this forl ike 2 hours i could not figure it out please help

as well i set my upload lilmit like this

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
AllowAll
</Limit>
</Directory>
but it doesent let me delet stuff of of it ??????

Not sure to understand your first question, the point of the download directory is to be able to download only otherwise you have the upload directory. If you wish you can make only upload directories.

The following section is what restrict the access of your upload directory :
[CODE] <Limit READ RMD DELE>
DenyAll
</Limit>[/CODE
All the commands yo can use with the LIMIT command are detailed there :
http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html

About the new user creation my first question is why do need more than one ?
Otherwise to answer your question no it is not enough, you also have to set the home directory of this user to /home/FTP-shared, create an alias name for it in the proftpd.conf and allow this user in the LIMIT LOGIN section of your proftpd.conf file. But again i don't see the point creating more users except if you want to give them access to different directories.

Disabling authoraliaseonly makes you unprotected against telnet accesses, congrats you decreased the security of your server ;) (just joking :P)

For the rest you should really read the proftpd user guide and watch others configurations on the proftpd forum, links below :
http://www.proftpd.org/localsite/Userguide/linked/userguide.html
http://forums.proftpd.org/smf/

i see
but the wierd thing is that i can only set my alias to john if i set it to john1 and restart my server it wont let me login with it only with john i dono why this happens

i also tired with the limits to set it to all like this
<Limit ALL>
AllowAll
</Limit>
and it woulditn let me delete or upload no clue why can u just tell me how set the limits for a folder that can delet acces make folders upload transfer and everything ?? ive treid for soo long so frustrating

It don't work like that, an alias name is just an alias so you choose any name (choosing the name of an existing user as alias name is a bad idea IMO) you want as long as the user you set an alias name on is allowed in the proftpd.conf. About the LIMIT section you have to tell explicitly what command to allow like that for instance :
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ>
DenyAll
</Limit>

<Limit STOR CWD MKD RMD DELE>
AllowAll
</Limit>
</Directory>

Hello, I have set up ftp, as outlined, gained access from local network, but have reached a stumbling block from remote site. Following is output from filezilla on a windows box.
Status: Connecting to ***********:1980 ...
Status: Connected with ************:1980. Waiting for welcome message...
Response: 220 you're at home
Command: USER ******************
Response: 331 Password required for **********.
Command: PASS ******
Response: 230 welcome !!!
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (192,168,2,9,191,119).
Command: LIST
Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing
Command: REST 0
Error: Timeout detected!


Can anyone help explain the reason here? it obviously connects and then timesout or something!

Alex

I think your firewall or your router is blocking something it shouldn't block. Do you get the same result if you put your FTP server on port 21 ?

Hello!

I have a problem with proftpd that I have not experienced before - I used proftpd a couple of years ago, and it worked fine. Trying it in Gutsy now, however, seems to be problematic.

I have tried some different configurations, based on the default config-file modified by myself, and based on the config file that is suggested in the first post of this thread. They provide me with different problems, though:

After implementing the suggestion in the first post, I just simply can't login, neither with the actual username or the alias username. The only error message I get is that the password is incorrect. (And I have tried to remove the aliasing, same thing happens.)

With the default file, modified by myself, I get logged on to the system, but I cannot retrieve the list from the server - nothing happens here at all, until the timeout sets in and I get thrown out. (I'm not sure, but I think I also tried aliases here, but it gave the same result as without aliases.)
I have tried the things about PassivePorts and MasqueradeAddress, but without any luck. However, I am able to connect internally from the LAN with this configuration!

I have a D-link DI-604, if that rings any bell for anyone (which I did not have in the old days, btw).

Last comment: I also tried pure-ftp, but I was never able to connect on that one either. However, I _was_ able to connect internally within the LAN, just like default in proftpd...

It could be the same problem as chronographer above, but I am using port 21. Moreover, I guess it's the router, but what can I do about it? I'm not really used to routers... (and the router does not explain why I can't login at all when I use the config file as suggested in post #1)

HEllo

I tried using port 21, with a mac from a remote location and was able to see my directories but not transfer to and from them. I will try using filezilla when I next go to my brother-in-law's house and post the results.

So if I want to use port 1980 I guess I need to ensure forwarding is right in my router and firewall for 1980. I will report back, Thanks.

Hello. First off I would like to say thanks for all the information you provide in this thread. Very helpful. Secondly, I have 2 issues that I am trying to resolve:

First, I was wondering if it was possible to limit the space a user has. I have created a FTP server that myself and my friends can use, but I would like to allocate a specific amount (say 1GB or so) to each user, so I won't lose all my space.

Secondly, I tried to install ProftpTools, but every time I type ProftpTools into terminal, it asks me for my password, then stops. I don't think it's actually doing anything. :/

Thanks in advance!

1) you have the mod_quotas module for this purpose, here is the documentation i found about it :
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Quotas.html

2) ProftpTools is a script i wrote to ease common Proftpd admin operations, it is not made to work with TLS encription so if you are using it it may not work.
If you want to see some error log in your terminal and know what the problem is run directly the proftpd_tools.bash script.

Thank you for the help.

My 2nd problem was fixed, but I am still having trouble with the module....

server@Room212:/usr/lib/proftpd$ ./configure --with-modules=mod_quotatab:mod_quotatab_file
bash: ./configure: No such file or directory

is the terminal error I receive. I have little linux knowledge, and the documentation you sent me to was just too confusing for me to understand...

Why are you compiling proftpd ?

I think the version in the repositories already have the mod_quotas module compiled, if it is not loaded by default add the module name in /etc/proftpd/modules.conf and make sure to have the following line at the beginning of your proftpd.conf file :
Include /etc/proftpd/modules.conf

thank you for the help. I only have one more question....

using the quotatab module, I receive an error caused by the "QuotaOptions ScanOnLogin" directive. This occurs when i go to apply my changes. I receive this error:
- Fatal: unknown configuration directive 'QuotaOptions' on line 49 of '/etc/proftpd/proftpd.conf'

any help?

Unfortunately i have no knowledge about this module, i'm on the same level than you about this, however don't forget to post your question on the proftpd forum if you don't get the help you need here :
http://forums.proftpd.org/smf/

No ideas on how I should do with my router problem? To be precise, these are the last messages that get sent after it first connects to the server, using gftp (filezilla gives more or less exactly the same result):

Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PASV

227 Entering Passive Mode (192,168,0,42,141,110).
Cannot create a data connection: No route to host
Disconnecting from site 83.233.18.110

So I thought that perhaps if I tell the server which ports it may allow for PASV, and then open those ports, it would work - but the server doesn't seem to bother about what I type in after PassivePorts in .conf

Or is the numbers 141 and 110 above not ports? I don't have a clue..
Is there perhaps some way in which I can prevent the server from going into passive mode? How, in that case - have not been able to find anything, so far.. (must admit I haven't been looking too much either, have a deadline coming up.. >.< )

(btw, when I was using proftpd a couple of years ago, I think it was frodon who helped me get everything working back then.. =P )

Here is what says the proftpd userguide about it :
http://www.proftpd.org/localsite/Userguide/linked/config_ref_PassivePorts.html

If you perform a search in this thread you will find many useful informations like in this post which i linke in first page :
http://ubuntuforums.org/showpost.php?p=680702&postcount=81

Sorry but i think i can't help you more, i don't use a rooter so my knowledge about this kind of stuff is really limited.

look... i just started with gproftpd.....

i created the users and stuff.... i am able to connect in this account....


but when i creat another user... this user come back with 530 erro in 2 lines

530-Unable to set anonymus privigeles
530 Login error


what can be it ?

i want to have different accounts with diferentes floders for each one
my onw floder i am able to make, and with that username i can set anyfloder to see, but if i try creat another user, this user is unable to see anythigs and came back with erros 530...

any ideias ??

my proftpd.conf

ServerType standalone
DefaultServer on
Umask 022
ServerName "0.0.0.0"
ServerIdent on "My FTPD"
ServerAdmin Admin@this.domain.topdomain
IdentLookups off
UseReverseDNS off
Port 2121
PassivePorts 2000 2100
#MasqueradeAddress None
TimesGMT off
MaxInstances 30
MaxLoginAttempts 10
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
DisplayLogin welcome.msg
User nobody
Group nobody
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress off
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 100
TransferRate STOR 40
TransferRate STOU 40
TransferRate APPE 40
SystemLog /var/log/secure
RequireValidShell off
#gp_random_username_length 6
#gp_random_password_length 6
#gp_randomize_case lower
#gp_useradd_homedir_path /var/ftp
#gp_html_path /var/www/html/ftp.htm
#gp_welcome_name welcome.msg
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol TLSv1
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gproftpd/gproftpd.pem
</IfModule>
<IfModule mod_ratio.c>
Ratios off
SaveRatios off
RatioFile "/restricted/proftpd_ratios"
RatioTempFile "/restricted/proftpd_ratios_temp"
CwdRatioMsg "Please upload first!"
FileRatioErrMsg "FileRatio limit exceeded, upload something first..."
ByteRatioErrMsg "ByteRatio limit exceeded, upload something first..."
LeechRatioMsg "Your ratio is unlimited."
</IfModule>
<Limit LOGIN>
AllowUser arquivos
AllowUser chatuu
DenyALL
</Limit>

<Anonymous /home/chatuu/Desktop/ArquivosFTP>
User arquivos
Group ftp
AnonRequirePassword on
MaxClients 5 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST RETR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit STOR STOU APPE RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
DenyAll
</Limit>
</Anonymous>

<Anonymous /home/chatuu/Desktop/Henrique>
User chatuu
Group ftp
AnonRequirePassword on
MaxClients 5 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST RETR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit STOR STOU APPE RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
DenyAll
</Limit>
<Directory /home/chatuu/Desktop/ArquivosFTP>
AllowOverwrite on
<Limit LIST NLST STOR STOU APPE RETR MKD XMKD SITE_MKDIR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit RNFR RNTO DELE RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
DenyAll
</Limit>
</Directory>
</Anonymous>

I may be an idiot, but here it goes: I try to setup an FTP server with gproftpd, but I can't get the hostname/ip right. What should I put there? I have tried my local address, remote address, and my computer's linux "nickname". Also, if I am behind a firewall (in a linksys router) on a local network with several computers, what else should I configure? Should I leave the NAT setting alone? And if I should change the NAT setting, what do I put there? Sorry if it is very simple, but I can't figure it out no matter how much searches I do.

Hey, I've looked throughout this tutorial on how to set up my ftp. I copied the proftpd.conf file in the first post and editted a few lines around for myself however, I'm still getting that 530 error message when i try to log-in. On my network if my ip is xxx.xxx.xxx.2 I can log in to it from my own computer, but can't from someone elses. Any ideas?

@pj12345, this is a firewall/router problem, check your firewall and router settings and be sure that you are not blocking somethings which shouldn't be blocked.

If you have a router this may help :
http://ubuntuforums.org/showpost.php?p=680702&postcount=81

Hi Frodon, great guide and keep up the great work! :) My problem is that proftpd times out at exactly ten minutes every time I connect and transfer files on a remote computer. I use filezilla and fireftp (both work great with TLS by the way) to transfer the files. I have set up anonymous accounts as well as using my shell via TLS. If you need my proftpd.conf file I will shoot it in another reply. Thanks for all of your help!

after doing:
sudo apt-get install proftpd gproftpd
it asks me to insert some cd and press enter. I don't even have a cd-rom drive installed in this system. So I do:
sudo mount -o loop -t iso9660 ubuntu-7.10-desktop-i386.iso /cdrom
which works perfectly until I hit enter and then it unmounts the image and asks me to insert the CD again.

How do I make it install without a cd-rom drive? Why is it even asking me for a CD in the first place? That's lame. I would totally complain at the right people if I knew who that was. Not sure if it's entirely ubuntu's fault or if it's the proftpd.

I guess I will install a CD-ROM drive but any help is greatly appreciated in case I run into this kind of problem again in the future or if anyone knows which group is responsible.

Update: I mounted the .iso of the alternate install cd (the one I used to install with) and it worked. This reminds me a bit too much of MS windows... :(

This is not really a proftpd question. Just remove your cd link in your /etc/apt/source.list file or clicking repositories in synaptic, if you have an internet connection you don't need the cd.

sudo apt-get install proftpd

I tried the line shown above to install the proftpd and is not working. what does this like do and what is actually istalling and in what directory. Can I do manually isntead.

I was able to do everything else without a problem except for this line sudo apt-get install proftpd does anyone have any idea. I notice that I don't have any file in the init.d directory.

I will really appreciate your kind help.

Enable all the ubuntu repositories first (universe and multiverse), you will find many threads about it.

Hi, Im getting the following error:

- notice: unable to bind to Unix domain socket at '/var/run/proftpd/test.sock': No such file or directory
- notice: unable to listen to local socket: No such file or directory
- error: /media/Storage is a world writeable directory
- Fatal: SystemLog: you are attempting to log to a world writeable directory on line 32 of '/etc/proftpd/proftpd.conf'


I'm using the GUI method... I've also noticed that I cant set the default home directory to anything other than the default. Whenever I do and hit apply it just changes itself back.

Please help..

Hi I am a newbie to Ubuntu but ave managed to setup proftpd to allow 1 user ftp access to one of my home directories.

This user can download files, ammend them and then upload files with no problem, however if they upload a new file, then the user rights are set to -------w-. I have set the Umask to 022 as default, and to 775 in the <directory> section of the script... any ideas??

(hope this makes sense!

You should also set the same umask for your system, you can add this in your .basrc file present in your home directory.

not sure what you mean! I dont have .basrc in that directory :S

You have one in your own home directory. I mean that you should set the same umask for your whole ubuntu system as proftpd never overwrite your ubuntu system settings. That's why i told you that you should set a "umask 022" for your ubuntu system too.
You can type the command in the terminal directly or put it in your .bashrc file if you wish this command to be executed automatically each time you open your terminal.

Not sure it will solve your problem but it is something you should try first.

Wow, there is a ton of useful information and generous people here. Thanks very much!

I couldn't find the answer to this issue:

I seem to connect to my server from outside my LAN, but this error comes up:

Command: CWD /home/FTP-shared/
Response: 550 /home/FTP-shared/: No such file or directory
Error: Failed to retrieve directory listing

the /home/FTP-shared directory does exist though...any thoughts?

My guess is rights problems on this folder (if you didn't modify the original configuration i gave in first post, if you did please post it).
At the is step you are connected to your server which mean that you global config is ok however the user loged in don't have enough rights to see the directories there.

Check the rights of you FTP directories, it should be 777 for upload directories and 755 for download directories, 755 is enough for the FTP-shared directory.

@Frodon -- Thanks for your thoughts. I have slightly modified the original proftpd config file, maingly to change the port and UserAlias.

The permissions are ok on my installation, so I'm not sure what's wrong.

Here's the config file. Thanks again!

#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "mouse"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
TimeoutLogin 20

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DefaultRoot /home/FTP-shared
#IdentLookups off
#ServerIdent off

# Lock all the users in home directory, ***** really important *****
# DefaultRoot ~

RootLogin off

MaxLoginAttempts 3

UseFtpUsers off

DenyFilter \*.*/

# Allow to restart a download
AllowStoreRestart on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 2121

MaxInstances 8

MasqueradeAddress xxxxxxx.org
MasqueradeAddress xx.xxx.xxx175
PassivePorts 60000 60100

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome to the SFTP Server"

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
# MaxInstances 10

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
AuthAliasOnly on

UserAlias share userftp

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

Hum, you broke all the security of the server commenting the defaultroot line, users will be able to browse your whole computer if you comment this line, i prefer to warn you that it is in general a really unsafe configuration.

Except this your config file looks ok so i would check the directory permissions on your system.

Hum, you broke all the security of the server commenting the defaultroot line, users will be able to browse your whole computer if you comment this line, i prefer to warn you that it is in general a really unsafe configuration.

Except this your config file looks ok so i would check the directory permissions on your system.
Thanks Frodon. The permissions are all as you have written, but it still doesn't work :\ Same message about the directory not existing.

so, how do people connect to the ftp server if you do not have a static ip?

In this case use a domain name, dyndns can provide you one for free. To keep your domain name up to date you can use ddclient or the script made for dyndns, o think i have left some links about this in first post.

@mcleod9, it is strange, i don't see for the moment what could be wrong. I still think there's somewhere a too restrictive permission which block the directory listing. I will try to review this again as soon as i get some free time this week.

thanks for the tutorial, but i have a little problem

im trying to setup an FTP server so that i can backup a log from my router

i can login fine, but i cannot upload anything to the directory /data/FTP/ nor can i see anything within that directory from within my ftp client on another machine

here is the output form ls -la

drwxrwxrwx 2 wrt54g wrt54g 4096 2008-01-04 17:22 FTP



and here is my .conf

AllowOverwrite on
AuthAliasOnly off

UseReverseDNS off
IdentLookups off

# Choose here the user alias you want !!!!
UserAlias steve wrt54g

ServerName "server"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

#DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
#AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
#ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /data/FTP

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser wrt54g
DenyALL
</Limit>

<Directory /data/FTP>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

bump! :)

im so close to being done! does anyone see a problem with my above posted proftpd.conf, or is the problem somewhere else?

As usual check your directory rights (they must be 777), your directory in your proftpd.conf is defined as a download directory so you won't be able to upload in it according to your proftpd.conf. You should take example on the upload directory in the guide on first post to create your directory configuration in your proftpd.conf file.

And please don't bump the thread like that (3 times a day).

I'm considering setting up all this, but I have a question. I went ahead and created a userftp profile, and made the default directory for that user FTP-Shared, as the tutorial says. However, I'm not quite sure if this will do what I want it to do. What I would like to set up is two profiles: one for myself only, to remotely access all my documents on this computer remotely, and another for whatever guest user to read and write to whatever folder I choose. As it is now, I can't write to the FTP-Shared folder without sudo permissions, meaning that if I wanted to put a file in there for someone else to download through the guest account I would have to do it via command line. I would like to be able to do it so that I don't have to do that...so I could just drag-and-drop. I guess I'm looking to set up a slightly different menu structure in terms of the FTP access. I guess I primarily don't understand why creating a user profile with a separate home directory is advantageous...why couldn't I just create a subdirectory of my home folder (/home/dan) that the guest could read and write to, and make it so that that is the only one that they can access? If this makes any sense...what should I do?

Thanks,
Dan

As it is now, I can't write to the FTP-Shared folder without sudo permissions, meaning that if I wanted to put a file in there for someone else to download through the guest account I would have to do it via command line. I would like to be able to do it so that I don't have to do that...so I could just drag-and-drop. This is a write management question, my guide is more designed to mount the directory you want in the download and upload directory rathan using them directly. Anyway you can just set you as owner of these directories :
sudo chown -R your_username /home/FTP-shared
I guess I'm looking to set up a slightly different menu structure in terms of the FTP access. I guess I primarily don't understand why creating a user profile with a separate home directory is advantageous...Security of course. Doing this you're using a user with no rights on your system, no valid shell and locked in his home directory. You're somwhat creating a secure area for your FTP server.
why couldn't I just create a subdirectory of my home folder (/home/dan) that the guest could read and write to, and make it so that that is the only one that they can access? If this makes any sense...what should I do?It is possible but way less secure as you will have to use your personal account as login and thus give your personal password to your guest. Encryption is inescapable IMO if you do such thing.

I figured it was about security. I was thinking I would use the FTPS setup instead of regular FTP, but I will look into how I could keep it all to that one directory like you say. I figure you probably know better than I do in this area...:). I will have to do some research on FTPS just to see how it can be accessed from, say, other computers without Filezilla or something like that, but I'm pretty sure I can google up that info. I will also need to see if I can even get this to work in the first place, because last time I never quite got it working outside of my home network due to weirdness with the software on my home network router and the DSL modem. Hopefully I'll get that all figured out though...I'm sure if I have problems I will post back!

-Dan

The basic FTPS setting i propose in my guide will establish encrypted connection with users using a FTP client configured to use TLS encription but will also allow normal (unencrypted) connection for those who don't have a FTP client.

This is handled by the "TLSRequired off" parameter, i think this setting will give you the flexibility you are looking for.

Can someone tell me the basics to create a working FTP server using Gproftpd? The first post didn't help me at all. I have been messing around with the settings, yet nothing will work.

All right, I got everything set up, and the server runs. I have a problem though. When I start it up, here is what it says:
:~$ sudo /etc/init.d/proftpd start
* Starting ftp server proftpd blackdiamond - 127.0.1.1:1980 masquerading as 76.1.0.243
[ OK ]
However, the 127.0.1.1 address is not the correct IP address. According to my router, it should be 192.168.1.xxx. I'm pretty sure this computer is 192.168.1.102. How can I fix this? I did assign a static IP to this computer already, the 192 address. As far as I know that's the only issue, because I can't even access the server from within my home network, so at least for now I'm not having router/modem issues, though I'm almost positive I will when I get to that point...

Thanks,
Dan

Ok, so I got the ftp set up to work. I decided I wanted the ftps to work. The problem is that I am behind a firewall on my router. proftpd's website says this is because with the encrypted credentials the router gets confused with somethings. It says the solution is to set:

TLSRequired auth+data
instead of
TLSRequired off

The problem is when I do that (or just set it to auth) when I restart the server I get this error:
- Fatal: TLSRequired: bad parameter on line 95 of '/etc/proftpd/proftpd.conf'

auth and auth+data are supposed to be valid parameters for TLSRequired. Any suggestions?

I figured out how to fix my wrong-IP address problem by modifying the "hosts" settings in the network connection manager thing. I can now at least detect the FTP server with my laptop, but I get a 530 login error when I try to login. I was going to research this to see if I could figure it out but if anyone has suggestions that would be great as well...

-Dan

Ok, so I got the ftp set up to work. I decided I wanted the ftps to work. The problem is that I am behind a firewall on my router. proftpd's website says this is because with the encrypted credentials the router gets confused with somethings. It says the solution is to set:

TLSRequired auth+data
instead of
TLSRequired off

The problem is when I do that (or just set it to auth) when I restart the server I get this error:
- Fatal: TLSRequired: bad parameter on line 95 of '/etc/proftpd/proftpd.conf'

auth and auth+data are supposed to be valid parameters for TLSRequired. Any suggestions?

just noticed that the problem is that apt-get of proftpd only installs version 1.3.0 and the auth+data parameters are only handled in 1.3.1. I tried doing a manual build and install of the newest version, but still had issues. Looks like no SSL for me. :(

Ok, I'm still having 530 issues. I also cannot connect from my wifi-connected laptop within the network, so it's not a modem problem, and I don't think it's the router. I'm thinking it's either a configuration problem (I have checked the folder permissions) or a firewall problem somewhere. I understand that ubuntu has a built-in firewall somewhere? How can I check up on this and see if it's the issue? I'm going to try switching from port 1980 to port 21 but I'm not sure if that will help. When I do localhost it says that the Connection is refused, so I don't think I'm even getting in. Any clues?

-Dan

Hi, i followed the guide using the gproftpd set up. I have been having issues setting it up so that i can get to more than one directory with a single user.

how do I open up the FTP server?

very nice howto thanks :D

i have set up my domain name and it goes strait to my router how do i make it all forward to my server?

Hello

I used your Guide, Im currrently on Ubuntu Gutsy Gibbon. Created the directory /home/FTP-shared with the two download and upload subdirectories. The ftp works fine, tested it out on the LAN with filezilla.

Now I wanted to share my NTFS partition in the download folder so i used the code u posted which said something like


sudo mount -o /media/sda5 /home/FTP-shared/download


i restarted the FTP server and tried logging in with my ftp client. I can connect fine into the server but when i try to open the download directory it says


Error : 550. Permission Denied.


Please advise.

Much appreciated.
G.Mathews

The problem with NTFS is that it doesn't support unix rights system therefore the rights on it depends only on how you mounted the drive.
Keep in mind that when you mount a directory into another one it will have the rights of the source directory (here your NTFS directory).
So check the rights of the directory you are trying to mount, if they are not at minimum 755 then you have the cause of your issue.

I had proftpd working on 5.10, and I just removed that installation and installed 7.10. Copied over my .conf file from the old configuration, and I get the following message when attempting to restart the service.

* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd - IPv6 getaddrinfo 'basement' error: No address associated with hostname
[ OK ]

I am thinking it has something to do with /etc/hosts or an ip route table. Any thoughts????

This guide is awesome, and was very helpful when I set the ftp server up on 5.10, I am going to take notes this time, so I don't forget all the places I have to touch.

Thanks,

Rob

You will find the answer in previous posts in the thread, start a search on this thread using the "Search this thread" button under the poll with ipv6 as key word and you will find the posts which contain the fix.
Anyway this error message is not important if you don't use IPV6, so if you use srtandard IPV4 you can ignore it.

Hello

Thanks Frodon. But Im not exactly sure on how to go about it (still a newbie :)). How do i make the rights for my source directory (media/sda5/Stuff) the same as the /home/FTP-shared/download since it doesnt support Unix commands as you said.

Can you please give me a few instructions on how to proceed. Im using Gutsy so it auto mounts my NTFS drive (which is /dev/sda5) into /media/sda5.

Thanks again
G. Mathews

Auto-mount you said, um could you paste a sample of the output of the "ls -l /media/sda5/" command just to see how the automount mount your partition.
More likely the solution will be to either mount manualy your drive with the suitable command when you want to use it for your ftp or leave an autoexec script at the root of this drive containing the mount command to apply then select in your system mount options to execute autoexec files on removable devices when they exist.

Hello again

Sorry about the late reply was Valentines :lolflag:

Ok i was having a look at my /etc/fstab and i saw a line saying that my /dev/sda5 was mounted on /media/sda5 with Umask=007. I changed that to 022 saved it and rebooted.
I ran

sudo mount -o bind /media/sda5/Stuff /home/FTP-shared/download



and then restarted the ftp server.

I tried connecting with an ftp client again, and guess what, IT WORKED!!
I could access my mounted NTFS drive in the download folder.

But there is a slight problem. Since i have mounted it with the 022 rights I cant even copy anything onto my /media/sda5 partition on my machine.

Is it possible to mount something twice, as in create another line in fstab, using the same UUID as the /dev/sda5, then mount it in lets say for example /media/sda7, but this time using umask=022. Then i can leave the original line (the one with umask=007). using this way i can bind /media/sda7/Stuff onto /home/FTP-shared/download, but at the same time i have write access on the same drive using /media/sda5. In this way i can serve the partition with read access(/media/sda7) but I will have read and write access on my machine (/media/sda5)

Please let me know if it is safe to do so? It was just an idea, makes sense to me but lol, i just wanted to confirm before i tried it.

Thanks again mate
G. Mathews

I think you can just find a mask option which allows you to use your partition in all cases, maybe 777 i don't know. I have never used NTFS under linux so i can't really help you on this anyway i'm sure the solution exist.

i m unable to start my ftp server.....it shows fail....pls help me:confused:

Provide full error message and some proftp config details if you wish help please.

i performed all the steps you had said...
but when i gave start command...
it showed startin n then gave fail

- IPv6 getaddrinfo 'reehan-laptop' error: No address associated with hostname
reehan-laptop -

Are you kidding ?

Sorry reehan10, it is not you in particular but i'm a bit tired to answer this question every 10 posts, search in this thread the answer is everywhere.
To be exact you will find last iteration of this question just 9 post before !

Hey sorry friend....actually i m new to this site..so didnt read it...sorry and thanks...i ll read it
:-)

hey thanks a lot...donw with the ftp server n its working fine...
just one more thing...cant i access ftp server by name..i mean i m accessing it by ftp://ipaddr...cnt i do by instead a name???
pls do reply

If you wish a domain name there're some free domain name services available on internet the most known i think is dyndns. So you create a dmain name on dyndns then it will point on your IP, if you have a dynamic IP then use one of the scripts available to refresh your domain name automatically.

There's some infos a the end of the first post.

Installed filezilla. Tried logging in and I am getting a 500 Auth error.
I have FTPES selected. Tried the account and interactive options. No dice.

Any thoughts, or more info on configuration for filezilla. I followed the directions and am assuming that TLS is setup properly.

Thanks,

Splendid

Did you try with the computer running the server ?

If you tweaked you proftp config please post your proftpd.conf file so i can check it.

It should me mentioned that Webmin (http://www.webmin.com/) has pretty good support for proftpd (http://www.proftpd.org/) configuration.

Webmin is like other automatic configuration tools, like gproftpd though gproftpd tends to be more powerful, it can't do all and won't give you the result you expect if you don't put interest in getting some minimum FTP knowledge.
Webmin won't for example handle your FTP user creation, directory rights.

Even if these are interesting tools nothing is better than real knowledge :)

Frodon, Attached is proftpd.conf as requested.

Thanks,

Splendid



c/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on

Include /etc/proftpd/modules.conf

ServerName "basement"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSrsaCertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>


<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

Hum, you should give me some more details as your structure is not the one used in the tutorial. You have no <LIMIT LOGIN> section and you seem to be using the "user proftp" command to do the user restriction, in addition you have no <DIRECTORY> section and worst of the worst you are not locking the user in a directory which mean your whole system will be accessible which is really unsafe for a FTP server.
BTW you are using IPV6 for your internet connection ?

It was late when I was working on this. I guess maybe I did not look close enough at the proftpd.conf file in the tutorial.

I definitely was not planning to open this up and allow it too be so vulnerable. What do you suggest to do for user restriction?

Thanks for looking at this, and pointing out my deficiencies with the file. I appreciate it.

To limit the login no need to use "user" and "group" commands, i'm not even sure they can be used for this purpose.
Just use a <LIMIT LOGIN> section to choose what user will be able to access you FTP server (the first post config should give you a good example).
Then i think it is mandatory to lock the user in a specific directory otherwise your whole system will be accessible for this purpose use the "DefaultRoot /home/FTP-shared" command (change the directory path according to your need).
Finally to be more accurate add a directory section for each directory you wish to share so you can handle the rights on a per directory basis.

I have a few questions which I am not sure if they were covered.
73 pages is a lot to read. ^^;

So, here we go:

1) Is there a way to mount drives shared from a Windows machine through Samba and then set the ftp to allow users to get onto those?

2) Is it possible for more than one user to have the same home drive?
A little further explaination: I want to set users with access to the same folders, but I want different bandwidth caps on them. When I try to add two different users with the same home folder, proftpd doesn't start, telling me that the home folder is already in use or something to that effect.

3) How do I allow users to change to different drives without creating a new username? Is it the same as windows based ftp servers where they are simply shortcuts?

Thanks in advance for the help, guys.

Frodon, I am having problems again. Getting following message:

* Starting ftp server proftpd - mod_dso/0.4: module 'mod_tls.c' already loaded
- Fatal: LoadModule: error loading module 'mod_tls.c': File exists on line 16 of '/etc/proftpd/modules.conf'

This file is used to manage DSO modules and features.
#

# This is the directory where DSO modules reside

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

# LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_sql.c
LoadModule mod_ldap.c
LoadModule mod_sql_mysql.c
LoadModule mod_sql_postgres.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_ldap.c
"modules.conf" 31 lines, 741 characters

@splendid, it's because (according to post #727) you have the "Include /etc/proftpd/modules.conf" twice in your proftpd.conf.

@MoriyaMinakata:
1) Yes, you just need to set the good rights on this folder.

2)Yes, just create your user like you created the "userFTP" user then at him to the LIMIT login section and eventually give him an alias if you use alias names.

3)I don't understand the question sorry.

Frodon Thanks. That took care of problem. I am unable to FTP into the server. It seems like it is connecting through Filezilla, and then complains. I get a 550 error code. Any ideas where I might check. Have been reading through the forum and hav enot found anything yet.

Thanks,

Splendid

I would need the exact filezilla log and also test with some other FTP clients as it might be from the client. Of course check one more times your shared folder rights they must be 755 for download directories and 777 for upload directories, the files in the directories you share must have the good rights too.

Hey, Ive read the replies but I still got a 530 error,

after a second try to install proftpd, I just did what you wrote on the turorial, using your config and the same chmod /home/FTP-shared/ etc, but I still get 530, whats the problem?
Response: 220 you're at home
Command: USER breakz
Response: 331 Password required for breakz.
Command: PASS ******
Response: 530 Login incorrect.
Error: Unable to connect!

CHmods:
download 755
upload 777
FTP-shared 755

530 error as you should have read is the indicator of a mistake in the config, most often wrong directory rights or problem with password.
Check thoroughly your whole config and set a new password for your userFTP user it solve the problem in some cases (try either using GUI either using command line).

530 error as you should have read is the indicator of a mistake in the config, most often wrong directory rights or problem with password.
Check thoroughly your whole config and set a new password for your userFTP user it solve the problem in some cases (try either using GUI either using command line).

well Im using your config, havent changed anything in it :P I only changed sauron to breakz, thats all

Have you tested several password change using GUI and CLI ? Have you tested this on the same computer that run the server ?

Have you tested several password change ?

yes, tried it a few times..

Then search check more thoroughly to get what is wrong in your config, it's almost impossible for me to guess what is wrong on your config in this case, the person the most able to help you on this is yourself unfortunately.
Try to explain how you tested your server and maybe give details about your home network structure.

Okay, Ive got it working, Installed it to another dir,

anywayz, now Ive installed SSL/TSL for proftpd:
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol SSLv23
TLSOptions NoCertRequest
TLSRSACertificateFile /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient on
TLSRequired on
</IfModule>

is there a way to check if its working? I know on IRC when you install SSL, you need to do something with the ports to logon with SSL, is it the same way on proFTPD? I just wanna allow SSL clients

"TLSRequired on" directive indicates that only TLS encrypted connection will be allowed so you are sure with this setting to use encrypted connection, in addition you should also see in your FTP client log the "AUTH TLS" directive.

Hm, cant seem to find "Auth TLS" Pasting Client list:

Response: 220 you're at home
Command: USER ftpd
Response: 331 Password required for ftpd.
Command: PASS ******
Response: 230 welcome !!!
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...

I would say it is not running reading this log, are you sure you have added the "Include /etc/proftpd/modules.conf" line in your proftpd.conf file and that mod_tlc module is well listed in /etc/proftpd/modules.conf file ?
If not then your mod_tls module is not loaded and then not used.

modules.conf:
LoadModule mod_tls.c

proftpd.conf:
Include /etc/proftpd/modules.conf

quite strange huh? Ive tried to restart it but its still now working somehow hm..

Sorry i didn't see you did not used the instruction from the first post, I don't know for the instructions you use, i know mine are working and i support them however other instructions are not supported by me in this tutorial.

Don't know where you got these instructions but you should ask for support where you got them, not here.

I checked the Upload and Download directories. Needed to change permissions on the Upload directory, but still having problems. Tried accessing from Windows Explorer and get following msg:

Windows Cannot access this folder. Make sure you typed the file name correctly and that you have permission to access the folder.

Details
220 ProFTPD 1.3.0 Server (basement) [192.168.0.101]
550 SSL/TLS required on the control channel


Been searching through posts. Not sure what to do next.

proftpd.conf

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off

# Choose here the user alias you want!!!!
UserAlias rob userftp

ServerName "basement"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off

TimeoutLogin 20

RootLogin off

# Port 21 is the standard FTP port.
Port 1980

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 6000 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 192.168.0.101

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSrsaCertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>


<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>