Sorry stinger30au, we offer support for this tutorial only here.
General proftpd config debug belongs elsewhere.

Maybe drop your question in the proftpd forum if you don't get answers on ubuntuforums.


i got it sorted out

it was the router causing the issue. i had by suspicions it was

i had to adjust the firewall in the router to enable port 20 & 21 to be allowed

now the ftp server talks to the net and does what i wanted it to do

THX for this tutorial. I've been using samba on 8.04 but it doesn't work on jaunty any more. At least, not. So I decided to start using FTP again as I did on win long time ago. Samba was good because of streaming.

I think I set up my servers correctly. I can log on on both of them (jaunty x2) but the problem is that I can't see the folders that are supposed to be shared. I used Gadmin-proftpd to do that. First I got some error when I tried to add shared folder (something about "var/ftp missing") but I added folder anyway. But I can't see them.

The folders I want to share are on non system disks, but those disks are mounted under media folder automatically during boot. What am I missing?

Which error do you get exactly?
I have never used Gadmin-proftpd so I can't help you on that program. Could you post your /etc/proftd/proftd.conf?

I think there is no error, apart from that "missing var/ftp folder" wich occurs on selecting folder that I want to share through Gadmin-proftpd. But I believe my connection is OK. I can connect, but I don't see anything on the other side.

Here is the config file.........

ServerType standalone
DefaultServer on
Umask 022
ServerName "192.168.0.39"
ServerIdent on "tx1000"
ServerAdmin email@example.org
IdentLookups off
UseReverseDNS off
Port 21
PassivePorts 49152 65534
#MasqueradeAddress None
TimesGMT off
MaxInstances 30
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
DisplayLogin welcome.msg
DisplayChdir .message
User nobody
Group nobody
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress off
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 220
TransferRate STOR 250
TransferRate STOU 250
TransferRate APPE 250
SystemLog /var/log/secure
RequireValidShell off
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol SSLv23
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gadmin-proftpd/certs/cert.pem
TLSRSACertificateKeyFile /etc/gadmin-proftpd/certs/key.pem
TLSCACertificateFile /etc/gadmin-proftpd/certs/cacert.pem
TLSRenegotiate required off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
SaveRatios off
RatioFile "/restricted/proftpd_ratios"
RatioTempFile "/restricted/proftpd_ratios_temp"
CwdRatioMsg "Please upload first!"
FileRatioErrMsg "FileRatio limit exceeded, upload something first..."
ByteRatioErrMsg "ByteRatio limit exceeded, upload something first..."
LeechRatioMsg "Your ratio is unlimited."
</IfModule>
<Limit LOGIN>
AllowUser mario
DenyALL
</Limit>

<Anonymous /media/sda2/FTP tx1000>
User mario
Group mario
AnonRequirePassword on
MaxClients 400 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit LIST NLST RETR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit STOR STOU APPE RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
DenyAll
</Limit>
<Directory /media/sda2/dig it>
<Limit LIST NLST RETR PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit STOR STOU APPE RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR SITE SITE_CHMOD SITE_CHGRP MTDM >
DenyAll
</Limit>
</Directory>
</Anonymous>

Could you try to not use spaces in folder's name?

THX THX THX =D> I would never think about that. Never had any issues with that on windows.

If the problem was that, you can put the directory name between " if you want to use spaces in directory names.

Example:
<Anonymous "/media/sda2/FTP tx1000">

Good to know. I'll try some other time when I'll be setting up some ftp. Now I already renamed my folders and everything seems to be fine. Thanks again.

I'm not sure if this has already been asked and replied too. I don't want to read through 100+ pages :(

My question is, how do I specify a default directory for each user using the gui? If I create and add the directory when I'm creating a new user but how to I make a directory default for a user? There's no where that really says make default directory for user. I've tried a few different ways but nothing has worked

I want each user/computer in the house to have their own area where they don't see anyone else's files and for example the person is connecting whilst using Ubuntu (Places>Connect to server>FTP(With log in)) I want them to type in their own directory to connect to. And because its specified what directory they connect to on the server, it will reject anyother file path.

Hopefully I've explained it right :)

Cheers.:KS

Yep, don't forget the "search this thread feature" it allows you to find what you look for if it exists without reading the whole thread :)
About your issue unfortunately we don't really officialy provide support for using the GUI but some users using it may pop in with a solution.

If you are not text file allergic using the manual configuration is a better option as it allows painless debug and accurate configuration.

Good luck

I'm friends with a problem in time to restart the ftp, I copied exactly what was in the configuration of "frodon.
What can be?


/home/FTP-shared
root@server(0/8,2k)$sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd
- warning: the DisplayFirstChdir directive is deprecated and will be removed in
a future release. Please use the DisplayChdir directive.
- warning: handling possibly truncated configuration data at line 112 of '/etc/
proftpd/proftpd.conf'
[ OK ]

Hum check this line :
<Directory> /home/FTP-shared/upload/*>I think the character in red bold is maybe a typo of mine from last time i edited the post.

I made the change you said it was to get the ">" same as the error occurred on line 112.

I see by the error is happening in this part

<Directory /home/FTP-shared/upload/*>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>

</Directory>

Your log just report warning so i guess your server should be running anyway. As you use the default config which work for many users i think the issue might be elsewhere.

you have the original file?
with him because I got to ask for the password, but can not login in by not knowing the username and password.

If you get the now classic 530 login error perform a search in this thread and you will find the ;utiple ways of solving this issue. It mainly depends how you created your user.

I keep getting "550 SSL/TLS required on the control channel" when trying to connect. I don't want ftp enabled, just sftp. I'm using FileZilla as my client, and I've tried all sorts of theories I've found on various posts. What am I missing here?

In filezilla you must choose FTPES, SFTP is ftp in ssh tunnel. The tutorial explains how to set FTPS not SFTP.

I am having all sorts of problems with proftpd. I've searched this thread and the web in general, but I'm not sure how to word the question to find a solution.

First, I can not stop/restart the server using

sudo /etc/init.d/proftpd restart

I not only get no feedback in terminal after issuing init.d script, when I use the stop command, I am still able to make sFTP connections to the server. I even tried renaming the proftpd.conf file, to see if it would stop the server. but I was still able to make connections.

The conf file appears to work

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType inetd
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder *mod_auth_pam.c mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>


DefaultRoot /etal/ftp
IdentLookups off
ServerIdent on "FTP Server ready."

which brings me to my other question. I want to chroot users into /etal/ftp, but i also want to prevent them from searching up the filesystem from there. my efforts haven't prevented users from cd'ing up. even after changing permissions in the file system and limit command usage. I was hoping that solving the first problem would help out the second. any help would be awesome.

sFTP is FTP in ssh tunnel so this has nothing to do with proftpd but with your ssh server configuration.

I prefer pureftpd (http://en.wikipedia.org/wiki/Pureftpd) over this one any day.

Oh, man, this is driving me crazy!
I've been working on this for days, poring over this thread, and any related ones I could find.

I have a router, with a dynamic IP. I've assigned it a name from dyndns.com (gaygoyle.homelinux.org), and set up the router to automatically update.

I've set up the FTP user (ftp1) in "Users & Groups". I have the shell set to /bin/false.

I have port 1980 forwarded, as well as ports 60000-65535. I made sure that I had the proper IP for the machine that the ports were being forwarded to.

Also, I have the ftp directory (/home/ftp1) permissions set to 755.

Still, when I try to log in, both with the DynDNS address and the IP number, I get "connection refused". I'm using gFTP for the client. I tried this website (http://www.g6ftpserver.com/en/ftptest), too, and got a more verbose error:

* About to connect() to gargoyle.homelinux.org port 1980
* Trying 98.237.xxx.xxx... connected
* Connected to gargoyle.homelinux.org (98.237.xxx.xxx) port 1980
< 500 FTP server shut down (Tue Jun 16 09:29:22 2009 , Current connections will be dropped: Tue Jun 16 09:19:22 2009) -- please try again later
* This doesn't seem like a nice ftp-server response
* Closing connection #0

Here's my proftpd.conf:

AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron ftp1

ServerName "ChezFrodon"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/ftp1

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser ftp1
DenyALL
</Limit>

<Directory /home/ftp1>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp1/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp1/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

MasqueradeAddress gargoyle.homelinux.org
MasqueradeAddress 98.237.xxx.xxx

UseReverseDNS off
IdentLookups off

First thing try to set first your server on port 21 as it is often easier on he firewal side. BTW, do you run any firewall on your computer ?
Then to make it easier your can put AuthAliasOnly to off and then try to login directly with the username (i guess this won't really help but ...)

First thing try to set first your server on port 21 as it is often easier on he firewal side. BTW, do you run any firewall on your computer ?
Then to make it easier your can put AuthAliasOnly to off and then try to login directly with the username (i guess this won't really help but ...)

I tried it both ways, same error.
I also tried logging in with just the IP address.

How do I know if I have a firewall running?

If you haven't set on thne you should not have any. Are you trying to log in from the computer that runs the server ?

If not it is the thing to try to exclude any network config issue.

Are you trying to log in from the computer that runs the server ?

Yes.

Remove your /etc/shutmsg file and try again (i mean restart the server with /etc/init.d/proftp restart). If it still doesn't work re-install proftpd.

OK, this seems to be getting somewhere.
Now, I get this error:
* About to connect() to gargoyle.homelinux.org port 21
* Trying 98.237.xxx.xxx... connected
* Connected to gargoyle.homelinux.org (98.237.xxx.xxx) port 21
< 220 you're at home

> USER ftp1
< 331 Password required for ftp1

> PASS *****
< 530 Login incorrect.
* Access denied: 530
* Closing connection #0

I uninstalled and re-installed proftpd, which changed nothing. I changed the password for ftp1 in the Users & Groups control panel, and the command line. Still getting this error.

Perform a search in the thread with "530 error" as keyword and you should find the information you need.
It is the most common error setting proftpd, nothing serious, either your password has not been set correctly either your are using wrong username (e.g. using user name when alias is expected).

It seems to be logging in fine, if I use the alias "sauron" instead.
However, it kicks me right back out again:

* About to connect() to gargoyle.homelinux.org port 21
* Trying 98.237.xxx.xxx... connected
* Connected to gargoyle.homelinux.org (98.237.xxx.xxx) port 21
< 220 you're at home

> USER sauron
< 331 Password required for sauron

> PASS *****
< 230 welcome !!!

> PWD
< 257 "/" is the current directory
* Entry path is '/'

> CLNT Testing from http://www.g6ftpserver.com/ftptest from IP 98.237.xxx.xxx
< 500 CLNT not understood
* QUOT command failed with 500
* Connection #0 to host gargoyle.homelinux.org left intact

* Closing connection #0

Does this mean there's something wrong with the CLNT (client), proftpd?
I can't find too much information on error 500.
gFTP still gets "connection refused".

At this step, it's a problem with the client IMO. Try with a client like filezilla or gFTP.

At this step, it's a problem with the client IMO. Try with a client like filezilla or gFTP.

gFTP gives me
Cannot connect to gargoyle.homelinux.org: Connection refused
and Filezilla:
Status: Resolving address of gargoyle.homelinux.org
Status: Connecting to 98.237.xxx.xxx:21...
Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".

Yep i think the issue is on your network config either firewall, router or server port. Check everything you should have done a mistake somewhere.

I'm going to set up a simple ftp server in the next while, but I'm not sure how to set a password to it. How do I set one?

PS - Although it's on Ubuntu, the clients are all Windows users, in case this changes anything.

OK, this seems to be getting somewhere.
Now, I get this error:
* About to connect() to gargoyle.homelinux.org port 21
* Trying 98.237.xxx.xxx... connected
* Connected to gargoyle.homelinux.org (98.237.xxx.xxx) port 21
< 220 you're at home

> USER ftp1
< 331 Password required for ftp1

> PASS *****
< 530 Login incorrect.
* Access denied: 530
* Closing connection #0

I uninstalled and re-installed proftpd, which changed nothing. I changed the password for ftp1 in the Users & Groups control panel, and the command line. Still getting this error.

I had this exact same problem today, I found a tip that said using a smaller password. This worked for me. I went from 15 chars to 8 chars. I hope it wasn't just a coincidence :p

grts

I just had a '530 Login incorrect' error as well. However, it's already using a short password, and it's a new setup, so I'm pretty sure in my case I've done something wrong.

What does the your_password represent? The account's password, or a validitory one of your own? I tried using the same password for everything asa an experiment, and still got the 530 error.

Hi guys, Im a noob when it comes to this field so I installed the GUI. I was able to install it, configured the server, and added users. But then here comes the part where I will log onto the server. My server name is "Testftp.com" shall I type this one on my web browser? or is there a way for me to log into the server as a user?

I have a question...I have a permissions issue on uploading....downloading works like a charm...here is my error:

STOR /_Boston_ Foreplay-Long Time.mp3

550 /_Boston_ Foreplay-Long Time.mp3: Permission denied
Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PASV

227 Entering Passive Mode (xx,xxx,xxx,xxx,xxx,125).
LIST -aL

150 Opening ASCII mode data connection for file list
226 Transfer complete

I have changes permissions and all for this directory to no avail..,.any ideas?

-Make sure you have this inside proftpd.conf (preferably inside your upload directory section)
<limit STOR>
AllowAll
</limit>

-And make sure your upload folder is owned by root with 777 permision

Hello,
we have proftpd install on our sever previously.But i don't know how ot create new user or change passwd to new user also. Please let me know.

I have below lines in my proftpd.conf

DefaultRoot ~ftp/xyz abcftpadmin
DefaultRoot ~ftp/xyz/rumblefish rumblefish
DefaultRoot ~ftp/xyz/ryan ryan
DefaultRoot ~ftp/xyz/pliqftpguest pliqftpguest

Thanks
Chetan

chetan55:
Simply create the user on your system.

Option 1:
USing the GUI: System -> user and group -> Create new user.
Make sure the 'bin' is set to false.
Make also sure they have an alias set.

Option 2:
From the command line use: (if you use this method, make sure you have 'authaliasonly off' inside your proftpd.conf
create user -> 'sudo useradd UserNameHere -d UserHomeFolder -s /bin/false'
set password -> 'sudo passwd UserNameHere'

Option 3: (my way)
Edit the file /etc/adduser.conf
Set the variable you want
use the command 'sudo adduser UserNameHere
fill the requested field and voila

Keep in mind:
If you want each user to be 'locked' inside their home folde, simply replace all you 'defaultroot' lines posted above by 'defaultroot ~'

I suggest you revise Post #1 and check out post #992

Good luck

delete post please... misplaced post.

when my friend uploads files they appear in the directory with his permissions.... is there away they will always have mine?

You should try to modify the following lines:
# Set the user and group that the server normally runs at.
User nobody
Group nogroupI know this but i never really found a way to make them to have your normal user rights, i've not searched hard though. Anyway i would start trying to modify the above lines to match your user.

After read the posts :-s i have "503 not loggin in" yet
Please any idea?

Thanks for advance!

hi all, i went the easy way and installed proftpd using gproftpd. everything was a piece of cake and all is set up correctly.

however, when i connect to the ftp server, listing directory contents takes up to 2 minutes (even when the directory is empty) and many times it times out altogether. once i'm in the dir, copying files to/from it is very fast. it's literally only retrieving the list of files that is timing out on me.

any help would be greatly appreciated!

I have sucsessfully added my two users and when they logon they comes to /game dir

But both users can now go higher up, dont want then to have acess outside the /game


How do i acomplish that?

Reomove both DefaulRoot command and replace them by :
DefaultRoot /gameThis should lock your FTP users users in /game.

thanks for the great tutorial i was wondering how to get ProFTPD working :guitar:

Reomove both DefaulRoot command and replace them by :
DefaultRoot /gameThis should lock your FTP users users in /game.

Worked fine thanx

But i want to have /game for user x and /game/server for user y?

Then use the following command instead:
DefaultRoot ~It will lock each user in his home directory, then you set user x home directory to /game and user y home directory to /game/server.

Hi, I have 530 login failed too, :(

i try proftpd -n

it said

root@DNS:/# proftpd -n
- warning: the DisplayFirstChdir directive is deprecated and will be removed in a future release. Please use the DisplayChdir directive.
DNS.finalwave.com - Failed binding to ::, port 2110: Address already in use
DNS.finalwave.com - Check the ServerType directive to ensure you are configured correctly.



This is my proftpd.conf



# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias user1 userftps

ServerName "FTP"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 2110

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/share/ftp-test

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftps
DenyALL
</Limit>

<Directory /home/share/ftp-test>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/share/ftp-test/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/share/ftp-test/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>



thanks
qubew

Try on port 21 first, it's easier for debug.

Try on port 21 first, it's easier for debug.

okie, I try port 21 and get the same error.

Failed binding to ::, port 21: Address already in use

Tell us more on how you test your server (with which computer, which FTP client, how do you fill your FTP client, ...)

Tell us more on how you test your server (with which computer, which FTP client, how do you fill your FTP client, ...)

:)

i test on my pc (win XP) in same network with Filezilla

host : 192.168.1.145 (ubuntu server)
user : userftps
pass : xxxxxxx
port : 21


And I try telnet 192.168.1.145 21 from my pc
it's work,

Ok first thing to test is with filezilla on the pc that runs the server, if it work there then the issue is more likely on your network config and not from your FTP server config.

Ok first thing to test is with filezilla on the pc that runs the server, if it work there then the issue is more likely on your network config and not from your FTP server config.

I can connect Filezilla to other Ftp server (Buffalo Terra server ),

No no, i mean run filezilla on the same computer that runs the FTP server and try to login your FTP server, thus this will exclude any network issue.

No no, i mean run filezilla on the same computer that runs the FTP server and try to login your FTP server, thus this will exclude any network issue.

Oop! sorry


ftp 192.168.1.145
Connected to 192.168.1.145.
220 you're at home
Name (192.168.1.145:admins): userftps
331 Password required for userftps
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> quit
421 Login Timeout (20 seconds): closing control connection.
and this is the userftps's profile on /etc/passwd


userftps:x:1017:1021::/home/share/ftp-test:/bin/false
and this is file permission of the directory

root@DNS:/home/share# ls -lh
drwxrwxrwx 4 userftps root 4.0K 2009-10-05 15:28 ftp-test

root@DNS:/home/share/ftp-test# ls -lh
total 8.0K
drwxrwxrwx 2 userftps root 4.0K 2009-10-05 15:28 download
drwxrwxrwx 2 userftps root 4.0K 2009-10-05 15:28 upload

Ok, thanks for the details.

You must use the alias you set in the profrpd config instead of the username directly. In the config file "AuthAliasOnly on" command tells the FTP server to only accept alias names as login, the the command "UserAlias user1 userftps" set the alias name "user1" for the user "userftps" therefore you must use "user1" to login your FTP server. Any other login name will return 530 error.

Ok, thanks for the details.

You must use the alias you set in the profrpd config instead of the username directly. In the config file "AuthAliasOnly on" command tells the FTP server to only accept alias names as login, the the command "UserAlias user1 userftps" set the alias name "user1" for the user "userftps" therefore you must use "user1" to login your FTP server. Any other login name will return 530 error.

Ohh, that's it!!
Work now,

It's my mistake absolutely.

Many thanks Frodon

Subject: Error: 530 The server is full, hosting 5 users?

Hello,

I am on an Ubuntu Desktop (Kimsufi). Everything is good, but whenever I am downloading something from the ftp, the other user is not able to access the ftp with an error "530 The server is full, hosting 5 users".The apache2.conf file has maxclients set as 150.

Even GPROFTPD (gui for proftpd) doesn't have any options to configure it. How do I change the max # of connections for the server?

Thanks!

Modify this part to suit your needs :
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

Modify this part to suit your needs :
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

Do I add that in the .conf file? Nothing like that in the conf file.

If you don't have that in your config file then maybe you didn't follow the tutorial as the config file given in first post contains these commands.

I remind you just in case that no real support is offered for GProftpd in this thread, some users might be able to help you with it though.

For Beginners:
1- Install proftpd and gproftpd with synaptic or with this command :
Code:

sudo apt-get install proftpd gproftpd

2-Play with the GUI and set up quickly your server.
Beware no support is offered here for this tool but it shouldn't be too hard to use.

I did (1-) ... I found it unders system tools. >>

Now I need to fill in server address, server port.
I need to learn some basics about what I need to do to administer it and the consequences of my actions. Will the administrater email address be visible? What is an identity lookup. What access will a user have to my computer? Where do I put files I want to be available. If someone sends me a file, where will it go?

Pretty dumb I am but I am really glad that frodon has posted this.
I'll get smarter if I know where to read something, on my level.

I sincerely appreciate all assistance.

guys, i'm lost, please anyone take mercy and help me out:

i have set up proftpd as the tutorial said, a logged in etc.

but my goal is securing it with TLS and i've been reading this thread and all my eyes could find on the internet yet i don't know what i am doing wrong.

after i enable TLS, and do proftpd -td5 i get

Please provide passphrases for these encrypted certificate keys:
RSA key for the ***.***.***.***#2525 (Jerry) server:
Verifying - RSA key for the ***.***.***.***#2525 (Jerry) server:
hostname - mod_tls/2.1.2: passphrase locked into memory
Syntax check complete.

so i guess i'm ok with syntax - i will post conf file is required.

i try to log in using filezilla client from another machine but after TLS is on, bummer!

Connecting to ***.***.***.***:2525...
Status: Connection established, initializing TLS...
Error: Connection timed out
Error: Could not connect to server

and my ftp.log file says
::ffff:***.***.***.*** UNKNOWN root [03/Nov/2009:12:14:30 +0300] "" 550 -
::ffff:***.***.***.*** UNKNOWN root [03/Nov/2009:12:14:30 +0300] "OAOâ<YnI1?" 550 -
::ffff:***.***.***.*** UNKNOWN root [03/Nov/2009:12:14:41 +0300] "" 550 -
::ffff:***.***.***.*** UNKNOWN nobody [03/Nov/2009:12:18:06 +0300] "" 550 -
::ffff:***.***.***.*** UNKNOWN nobody [03/Nov/2009:12:18:17 +0300] "" 550 -
::ffff:***.***.***.*** UNKNOWN nobody [03/Nov/2009:12:18:17 +0300] "V mOa6ó"A)>Y3" 550 -

the root stuff is when i tried to run as root trying to troubleshoot the problem ( no fix though)

if you guys need more stuff from me i will provide. it's killing me and no ideea what i am doing wrong. running Ubuntu 8.10, ProFTPD Version 1.3.1 OpenSSL 0.9.8g libgnutls.so.26.4.5

](*,)

As usual describe you test process, the first test you must do is to login your FTP server from the same PC that runs the server and with a FTP client well configured (filezilla in FTPES mode for instance) with your firewall disabled.

If it works like that then your issue is related to network config or firewall.

the problem is Filezilla is GUI and i'm working on a server without X (connecting via ssh) and i could not find CLI clients that support TLS ( tried gftp but the *** keeps saying it was not compiled with SSL) it is quite off topic, but maybe advice in this direction?

my test is best described like :

test server running proftpd like the tutorial, just added

ServerType standalone
DeferWelcome on

UseReverseDNS off
IdentLookups off

TimeoutLogin 20

RootLogin off


MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
TimeoutLogin 20

to the config file,
where the TLS part is:

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

without TLS i cann conect and it works from remote machine ( my notebook runin winxp - filezilla)
after i put all the TLS part in, it becomes all blurry and nothing works

i mean, proftpd runs, it's just that i am not able to log in .

It can be network issue, anyway you can stilll try to re-create your TLS certificate just in case something went wrong with it.
I assume you've well configured your filezilla client on your notebook.

i think i should have mentioned this, the server is running in VMWare, not sure if this is an performance issue. anyway installed the Filezilla client on the Server running the VMWare, and now filezilla reports
"Server did not properly shut down TLS connection"
and log says
::ffff:***.***.***.*** UNKNOWN nobody [03/Nov/2009:13:22:52 +0300] "" 550 -

I did regenerate the certificates about 3 times, i cannot be a certificate thing.
Before, i installed FIlezilla Server (win32) and enabled TLS - all on my notebook to test filezilla client as reliable TLS client. as soon as i hit log in, i was prompted with certificate, i accepted it, and it was all sweet. After i found out Filezilla server is available only on win32 (wtf ?!) i stumbled upon proftpd and seemed like a winner solution.
i have zero experience with secure ftp servers so i suppose i am prone to mistakes in this regard.
appreciate all the help, but please indulge me a question:
what should happen upon successful connection ? will the ftp client be promoted with certificate?

from the win32 log,

2009-11-02 16:19:58 6716 0 Status: Connecting to ***.***.***.***:990...
2009-11-02 16:19:58 6716 0 Status: Connection established, initializing TLS...
2009-11-02 16:19:58 6716 0 Status: Verifying certificate...
2009-11-02 16:19:58 6716 0 Status: TLS/SSL connection established, waiting for welcome message...
2009-11-02 16:19:58 6716 0 Response: 220-FileZilla Server version 0.9.31 beta
2009-11-02 16:19:58 6716 0 Response: 220-written by Tim Kosse (Tim.Kosse@gmx.de)

so i guess that my problem is getting proftpd to talk to filezilla from what i gather.

frodon, when you say it can be a networking problem, what would you recommend i should check? maybe i am overlooking something :)

My TLS overall knowledge is not very high so i'm not sure to be able to help more. What i can say is that your configuration sounds good to me and that the proposed solution in the tutorial has been tested and works for many users.
On thing you can try is to post your issue on the proftpd forum too :
http://forums.proftpd.org/smf/

frodon, when you say it can be a networking problem, what would you recommend i should check? maybe i am overlooking something :)I'm thinking about the server firewall and the router forwarding the ports to the server. Except that i don't see what could prevent you from login on the network config side.

thank you very much for the support, i will post when i fix the problem and what i did to fix it.

after some log digging, i found this:
Nov 03 17:01:51 mod_tls/2.1.2[6556]: SSL/TLS required but absent on control channel, denying command

and "normal" filezilla trace looks like

Status: Connecting to x.y.z.k:21...
Status: Connection established, waiting for welcome message...
Trace: CFtpControlSocket::OnReceive()
Response: 220
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH Command OK. Initializing SSL
Status: Initializing TLS...
Trace: CTlsSocket::Handshake()

and mine looks like

Trace: ControlSocket.cpp(1056): CRealControlSocket::ContinueConnect(0p22f830) m_pEngine=0p19d1d28 caller=0p1a7fc68
Status: Connecting to ***.***.***.***:990...
Status: Connection established, initializing TLS...
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::Handshake()
Trace: CTlsSocket::OnRead()
Trace: CTlsSocket::Handshake()
Error: Connection timed out
Trace: CFtpControlSocket::ResetOperation(2114)
Trace: CControlSocket::ResetOperation(2114)
Error: Could not connect to server




my pfortpd.conf looks like




# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "Jerry"
ServerType standalone
DeferWelcome on
ServerIdent on "FTP Server ready."
DeferWelcome on
UseReverseDNS off
IdentLookups off

TimeoutLogin 20

RootLogin off


#MultilineRFC2228 on
#DefaultServer on
#ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
TimeoutLogin 20

# It's better for debug to create log files
ExtendedLog /var/log/proftpd/ftp.log
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/syslog.log

DisplayLogin welcome.msg
DisplayChdir .message
ListOptions "-l"

DefaultRoot /home/FTP-shared
#IdentLookups off
#ServerIdent off

# Lock all the users in home directory, ***** really important *****
# DefaultRoot ~

RootLogin off

MaxLoginAttempts 3

UseFtpUsers off

DenyFilter \*.*/

# Allow to restart a download
AllowStoreRestart on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 990

MaxInstances 8


PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome to the SFTP Server"

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
# MaxInstances 10

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
AuthAliasOnly on

UserAlias tom userftp

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
#DelayEngine off

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
TLSOptions NoCertRequest
TLSVerifyClient off
TLSRequired ctrl
TLSRenegotiate required off

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>




anything wrong ? :(

Now that i see your config again there's one thing i forgot to ask you to test. Put your server on port 21 just to test, i have seen users having issues with connection from servers not on standard FTP port.
Second thing is to check that you have "mod_tls.c" in your /etc/proftpd/modules.conf file.

now filezilla reports

17:41:12 Status: Connecting to ***.***.***.***:21...
17:41:12 Status: Connection established, waiting for welcome message...
17:41:12 Trace: CFtpControlSocket::OnReceive()
17:41:12 Response: 220 FTP Server ready.
17:41:12 Trace: CFtpControlSocket::SendNextCommand()
17:41:12 Command: USER tom
17:41:12 Trace: CFtpControlSocket::OnReceive()
17:41:12 Response: 550 SSL/TLS required on the control channel
17:41:12 Trace: CControlSocket::DoClose(64)
17:41:12 Trace: CFtpControlSocket::ResetOperation(66)
17:41:12 Trace: CControlSocket::ResetOperation(66)
17:41:12 Error: Could not connect to server
17:41:12 Trace: CFileZillaEnginePrivate::ResetOperation(66)


and less /etc/proftpd/modules.conf

#
# This file is used to manage DSO modules and features.
#

# This is the directory where DSO modules reside

ModulePath /usr/lib/proftpd

# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded

ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *

LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c

# Install proftpd-mod-mysql or proftpd-mod-pgsql to use this
#LoadModule mod_sql.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_ldap.c

#
# 'SQLBackend mysql' or 'SQLBackend postgres' directives are required
# to have SQL authorization working. You can also comment out the
# unused module here, in alternative.
#

# Install proftpd-mod-mysql to use this
#LoadModule mod_sql_mysql.c

# Install proftpd-mod-pgsql to use this
#LoadModule mod_sql_postgres.c

LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c

# Install proftpd-mod-ldap to use this
#LoadModule mod_quotatab_ldap.c

# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_quotatab_sql.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
# Install proftpd-mod-pgsql or proftpd-mod-mysql to use this
#LoadModule mod_wrap2_sql.c
LoadModule mod_dynmasq.c


# keep this module the last one
LoadModule mod_ifsession.c



:///

my guess is that i messed something up since i get no

Trace: CFtpControlSocket::OnReceive()
Response: 220
Trace: CFtpControlSocket::SendNextCommand()
Command: AUTH TLS
Trace: CFtpControlSocket::OnReceive()
Response: 234 AUTH Command OK. Initializing SSL

it just goes to the handshake ... but enough for today, i'm going home, live to fight another day

i have a breakthrough
http://forum.filezilla-project.org/viewtopic.php?f=2&t=13717&sid=d11ef82c0b1af7f53b3f743f6f6c25df

and for future concern, proftpd 1.3.1 and latest filezilla will not work ...

http://forum.filezilla-project.org/viewtopic.php?f=2&t=7688

hope it helps someone out there!

Wow, well done, i wasn't aware of this.

So if i summarise, those using Karmic Koala which include proftpd 1.3.2-3 should not have this issue, good to know.

Thank you very much for your contribution, i will try to find a place for this in first post.

Hello everybody.

For those of you that are faced for the first time with the concept of secure ftp server, and got through the thread so far, i thought i will post a copy of my 'proftpd.conf' as it can be quite a handful :)
i have
ubuntu 9.10
proftpd 1.3.2-3
filezilla 3.2.8.1

i followed all the steps presented in this very good guide, and it's working! w00t :D


here it goes!



# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "your server name goes here"
ServerType standalone
DeferWelcome on
ServerIdent on "FTP Server ready."
DeferWelcome on
UseReverseDNS on
IdentLookups off

TimeoutLogin 20

RootLogin off


MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200
TimeoutLogin 30

# It's better for debug to create log files
ExtendedLog /var/log/proftpd/ftp.log
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/syslog.log

DisplayLogin welcome.msg
DisplayChdir .message
ListOptions "-l"

DefaultRoot /home/FTP-shared
#IdentLookups off
#ServerIdent off

# Lock all the users in home directory, ***** really important *****
# DefaultRoot ~

RootLogin off

MaxLoginAttempts 3

UseFtpUsers off

DenyFilter \*.*/

# Allow to restart a download
AllowStoreRestart on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 5555

MaxInstances 8

#MasqueradeAddress xxxxxxx.org
#MasqueradeAddress xx.xxx.xxx175
#PassivePorts 60000 60100

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome to the SFTP Server"

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
# MaxInstances 10

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
AuthAliasOnly on

UserAlias ##yourfavoriteusername## userftp

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
#DelayEngine off

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1
#TLSCipherSuite ALL:!ADH:!DES
#TLSVerifyClient on
TLSRequired on
TLSRenegotiate required off
#TLSOptions NoCertRequest


# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>



enjoy

I can't get the service to run on any port. I've tried using 5555, 1980 and 21 but www.canyouseeme.org tells me the service is not running (I've opened the relevant ports in my router).

Any ideas?

make sure that your server runs in the first place, before anything else,

ps axf | grep proftpd
5087 pts/0 S+ 0:00 \_ grep proftpd
5071 ? Ss 0:00 proftpd: (accepting connections)

check config by using

#proftpd -td5
last line should be

#Syntax check complete.

Trying to set up the Proftpd server

I am at the point of installing the tools. I have the script installed. When I put Proftptools in the command line it comes back with nothing. I ran a locate for the file and found /home/bob2/.bashrc to find a file to put it in as suggested by your instructions..bob2@bob-desktop:~$ locate .bashrc
/etc/bash.bashrc
/etc/skel/.bashrc
/home/bob2/.bashrc
/usr/share/base-files/dot.bashrc
/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc
/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc

I posted ProftpTools_dir=/home/username/ProftpTools-v1.0.2
export ProftpTools_dir at the bottom of the filebob2@bob-desktop:~$ sudo cat /home/bob2/.bashrc
# ~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
# don't overwrite GNU Midnight Commander's setting of `ignorespace'.
HISTCONTROL=$HISTCONTROL${HISTCONTROL+,}ignoredups
# ... or force ignoredups and ignorespace
HISTCONTROL=ignoreboth

# append to the history file, don't overwrite it
shopt -s histappend

# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" ] && [ -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
fi

# set a fancy prompt (non-color, unless we know we "want" color)
case "$TERM" in
xterm-color) color_prompt=yes;;
esac

# uncomment for a colored prompt, if the terminal has the capability; turned
# off by default to not distract the user: the focus in a terminal window
# should be on the output of commands, not on the prompt
#force_color_prompt=yes

if [ -n "$force_color_prompt" ]; then
if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
# We have color support; assume it's compliant with Ecma-48
# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
# a case would tend to support setf rather than setaf.)
color_prompt=yes
else
color_prompt=
fi
fi

if [ "$color_prompt" = yes ]; then
PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
else
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
fi
unset color_prompt force_color_prompt

# If this is an xterm set the title to user@host:dir
case "$TERM" in
xterm*|rxvt*)
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
;;
*)
;;
esac

# enable color support of ls and also add handy aliases
if [ -x /usr/bin/dircolors ]; then
test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
alias ls='ls --color=auto'
#alias dir='dir --color=auto'
#alias vdir='vdir --color=auto'

alias grep='grep --color=auto'
alias fgrep='fgrep --color=auto'
alias egrep='egrep --color=auto'
fi

# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'

# Alias definitions.
# You may want to put all your additions into a separate file like
# ~/.bash_aliases, instead of adding them here directly.
# See /usr/share/doc/bash-doc/examples in the bash-doc package.

if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi

# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if [ -f /etc/bash_completion ] && ! shopt -oq posix; then
. /etc/bash_completion
fi
ProftpTools_dir=/home/username/ProftpTools-v1.0.2
export ProftpTools_dir
bob2@bob-desktop:~$

Maybe you just forgot to clocse your terminal and re-launch it so that the .bashrc is read again (with the update).

Anyway glad to see that some users use my old home made zenity script :)

EDIT: problem fixed

I am having problems adding users.

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias thomas userftp
UserAlias dale userftp
UserAlias tommy userftp
UserAlias linzi userftp


ServerName "ThompsonFTP"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group userftp

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /media/FamilyFiles/FTPShares

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser dale
AllowUser tommy
AllowUser linzi
DenyALL
</Limit>

<Directory /media/FamilyFiles/FTPShares>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
AllowUser userftp
AllowUser dale
AllowUser tommy
AllowUser linzi
DenyAll
</Limit>
</Directory>

<Directory /media/FamilyFiles/FTPShares/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
AllowUser userftp
AllowUser dale
AllowUser tommy
AllowUser linzi
DenyAll
</Limit>
</Directory>

<Directory /media/FamilyFiles/FTPShares/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
AllowUser userftp
AllowUser dale
AllowUser tommy
AllowUser linzi
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

You are making confusion between system user and alias names. What you allow in <Directory > section are system users not alias names.

You are making confusion between system user and alias names. What you allow in <Directory > section are system users not alias names.

I changed it back to this:

# Choose here the user alias you want !!!!
UserAlias thomas userftp

but I still can't log in as a different user. All the users have user accounts on the server and have been added to the userftp group.

Yep because you need to set an alias name for these new users withe the UserAlias command.

Ex:
UserAlias aliasname2 systemuser2

Yep because you need to set an alias name for these new users withe the UserAlias command.

Ex:
UserAlias aliasname2 systemuser2

Thank you, got it working.

I am unable to access the ftp shares from windows 7 on the same box as ubuntu 10.04 desktop and from windows xp on another box.

This is more likely a network/firewall config issue on either your FTP server or your windows computer (maybe both).

To ease the debug i strongly advice you to put your FTP server on port 21 as it is sometimes harder to use another port for FTP on the network/firewall config side.

This is more likely a network/firewall config issue on either your FTP server or your windows computer (maybe both).

To ease the debug i strongly advice you to put your FTP server on port 21 as it is sometimes harder to use another port for FTP on the network/firewall config side.

Hello,

I finally managed to get my local ftp server up and running, but there's is something I like to know.. I really did my best to locate the documentation somewhere but failed..

Is there any documentation on the parameters used within the <limit> section in the proftpd.conf?
[edit: sorry, this was really a noob question afterall, by monitoring the output screen in gftp, it came to mind that these are the commands given for certain actions... :biggrin:]

Lot's of thanx in advance :D

And another minor, maybe even irrelevant question.. Does the pass phrase for the ssl certificate need to be a rather long one, or can it be short like a 'normal' pass?

Cyberfloater

For documentation you should find all you need on the proftpd website there :
http://www.proftpd.org/localsite/Userguide/linked/userguide.html

For the password, i guess it's always better to have at least 8 characters but it's just a feeling not something i can demonstrate.

For documentation you should find all you need on the proftpd website there :
http://www.proftpd.org/localsite/Userguide/linked/userguide.html

For the password, i guess it's always better to have at least 8 characters but it's just a feeling not something i can demonstrate.

Thanks very much for your guide.

I have a few questions.

When I log into the userftp account from filezilla I am still able to open my main account's home folder. Is it possible to allow access to only two folders - download and upload? I don't want my friend's being able to see what is in my home folder.

How would I upload files to the download directory remotely? Would I be able to do this via ssh?

So I guess in short:

1. Limit userftp only to download and upload
2. Find a way to upload files to the 'download' folder remotely (e.g. ssh).

Also, if I create any more folders (e.g. in the download or upload folder) will I need to change my log or chmod then in any way?

Thanks :)

1- if you follow the tutorial your user will be locked into it's own home directory.
2- This is the purpose of the upload directory, if you want to be able to upload in the download directory as well take the upload directory as example to configure it.

1- if you follow the tutorial your user will be locked into it's own home directory.
2- This is the purpose of the upload directory, if you want to be able to upload in the download directory as well take the upload directory as example to configure it.

Thanks very much for your response.

I tried my best to follow this word for word; here is what my config file looks like:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf


# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType inetd
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

Regarding uploading - I want to be able to put files into the download directory somehow so that others can download them. Could this be achieved up uploading to the upload directory and then using vnc through an ssh tunnel to 'sudo nautilus' and copy and paste them to the download directory and then change group and ownership to userftp?

Or would it be possible to share the folder over my LAN so I can just log in from my mac using the userftp login and copy files over to it - or will that screw up my permissions?

Thanks for your help.

Ok, first jsut in case this is not clear, this thread is dedicated to the support of the tutorial in post #1 and not about Proftpd custom configurations in general.

Your proftpd.conf file is a custom/unknown one, i can't guaranty its security and won't provide support about it in this thread since it is unrelated to the proftpd.conf file posted in first post.

Ok, first jsut in case this is not clear, this thread is dedicated to the support of the tutorial in post #1 and not about Proftpd custom configurations in general.

Your proftpd.conf file is a custom/unknown one, i can't guaranty its security and won't provide support about it in this thread since it is unrelated to the proftpd.conf file posted in first post.

Oh I see,

Sorry I got a bit confused; should I replace the config file I have with the one you pasted in the first post?

In that case it gives me an error:

"unkown configuration directive 'DisplayFirstChdir' on line 20" of my proftpd.conf

It depends what you want to do, if the tutorial suit your needs then yes you should better follow the whole tutorial as we (all the users using it) have experience about this configuration and we are confident about the security of this configuration.

About DisplayFirstChdir error it seems latest proftpd version made this command obsolete so use DisplayChdir command instead, i will update first post accordingly.

It depends what you want to do, if the tutorial suit your needs then yes you should better follow the whole tutorial as we (all the users using it) have experience about this configuration and we are confident about the security of this configuration.

About DisplayFirstChdir error it seems latest proftpd version made this command obsolete so use DisplayChdir command instead, i will update first post accordingly.

I see, I've changed it and it runs :)

However, now I am not able to log into as I get a 530 access denied message. I think this is similar to what you mention on your first message - as I created the account via the command line.

Yes it happens often, it is either a configuration issue, a rights management issue on folders or password issue.

So check your folder rights and set another password for userftp using command line (see fist post), if you use the proftpd.conf file from first post with no modification then your FTP config shouldn't be the issue.

Yes it happens often, it is either a configuration issue, a rights management issue on folders or password issue.

So check your folder rights and set another password for userftp using command line (see fist post), if you use the proftpd.conf file from first post with no modification then your FTP config shouldn't be the issue.

Thanks for your patience and help.

I'm moving forward :p I'm able to log into and access the downloads and the uploads directory however I cannot open anything I have in the uploads directory. I have a look at permissions with nautilus and they are set as owner userftp, and group userftp. However I get the error: "550 no such file or directory"

If you want to access these directories with your own user the best way i think is to give your download and upload directory group access (read or/and write) and to make your user member of the userftp group.

By default, following the tutorial the rights on the download/upload directories are restrictive for highest security but for sure you can modify them for convenience, however i strongly advice you not to give more than group access.

If you want to access these directories with your own user the best way i think is to give your download and upload directory group access (read or/and write) and to make your user member of the userftp group.

By default, following the tutorial the rights on the download/upload directories are restrictive for highest security but for sure you can modify them for convenience, however i strongly advice you not to give more than group access.

Sorry forgive my english (French but learning :p) - I meant that when I login into my ftp account I am not able to access the files I have in my upload directory. E.g. I uploaded a picture just to test it out but when I try and download it I get '550 /upload/xxxx.jpg: No such file or directory".

Ok i see, by default read is denied in the upload directory according to the proftpd.conf given in first post.

Relevant section is :
<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Just modify it as follow :

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD READ>
AllowAll
</Limit>
</Directory>

My english is not perfect too ;)

Hello,

This is my first FTP build and everything seems to be good except a few last things.

Let me explain a little about my build:
- running the latest long term support ubuntu 8.4 I believe server so no gui
- proftpd does not allow you to manage virtual users so I was forced to create system users
- users are "jailed" via proftpd.conf to the "/home/baseuser/vendor" dir's, none have /bin access and use that path as their home dir as well
- each vendor is the owner of their dir and is a member of a vendors group so that the baseuser can allocate files to each users dir
- standard FTP xfer works fine each vendors

Problem:

SSL quit working


at first I could connect with either SSL or passive FTP
SSL quit working when I tried to force it at connection in proftpd.conf
I commented it back out and now SSL connections look like this:
220 ProFTPD 1.3.1 Server (The FTP Server) [::ffff:#.#.#.#] AUTH SSL
234 AUTH SSL successful
PBSZ 0
- I seem to connect but I can not access the dir's and it kicks me out immediately


Even when I uncomment the #Include /etc/proftpd/tls.conf section I have no luck. I shouldn't need it as I entered my own RSA info already.

Here is a close copy of my proftpd.conf file any help is appreciated:


#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on

ServerName "The FTP Server"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin /home/ftp/welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>


# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder *mod_auth_pam.c mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

# Choose a SQL backend among MySQL or PostgreSQL.
# Both modules are loaded in default configuration, so you have to specify the backend
# or comment out the unused module in /etc/proftpd/modules.conf.
# Use 'mysql' or 'postgres' as possible values.
#
#<IfModule mod_sql.c>
# SQLBackend mysql
#</IfModule>

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# Use this to jail all users in their homes
DefaultRoot ~

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
DisplayLogin ./home/ftp/welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory ./home/FTP/anonymous>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

#VALID LOGINS
<Limit LOGIN>
AllowUser baseuser
AllowUser vendor1
AllowUser vendor2
DenyALL
</Limit>

<Directory /home/FTP/baseuser>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser baseuser
Deny All
</Limit>

<Limit CDUP CWD LIST MDTM NLST PWD RNFR STAT XCUP XCWD XPWD>
AllowAll
</Limit>

<Limit APPE DELE MKD RMD RNTO STOR STOU XMKD XRMD>
AllowAll
</Limit>
</Directory>

<Directory /home/FTP/baseuser/vendor1>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser vendor1
AllowUser baseuser
Deny ALL
</Limit>

<Limit CDUP CWD LIST MDTM NLST PWD RNFR STAT XCUP XCWD XPWD>
AllowAll
</Limit>

<Limit APPE DELE MKD RMD RNTO STOR STOU XMKD XRMD>
AllowAll
</Limit>
</Directory>

<Directory /home/FTP-shared/baseuser/vendor2>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser vendor2
AllowUser baseuser
Deny ALL
</Limit>

<Limit CDUP CWD LIST MDTM NLST PWD RNFR STAT XCUP XCWD XPWD>
AllowAll
</Limit>

<Limit APPE DELE MKD RMD RNTO STOR STOU XMKD XRMD>
AllowAll
</Limit>
</Directory>

Ok i see, by default read is denied in the upload directory according to the proftpd.conf given in first post.

Relevant section is :
<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>Just modify it as follow :

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD READ>
AllowAll
</Limit>
</Directory>My english is not perfect too ;)

Thanks so much for your help :)

I have one final issue; now when I open the download and try and download a file the browser gets stuck on 'waiting' or a few seconds and then starts downloading with a speed of 0.1kB/s and claims it will take 400 days. Is this is a problem with my setup or my home internet connection?

Edit:

I just tried uploading and the speed was great, but downloading appears to be non existant.

Edit2:

This is really weird; after 20/30 seconds of 0kB/s it picks up to a very fast speed and then sticks at around 200kB/s

I have it configured as starting from inetd rather than standalone not sure if that might be the problem.

Edit3:

I've changed it to standalone (and commented out the ftp line in inetd.conf) however I still get a speed of 0 until it downloads the first 8 bytes, then it soars above my home's upload bandwidth limit (1.2MB/s) and returns to 200kB/s gradually. It is as if it is somehow 'buffering' it, as my home upload speed is around 250kB/s.

Also one more question :p

I want to samba share this folder so that other computers on my network can read and write to it. When I do this ubuntu asks me: "do you want nautilus to add these permissions to the folder automatically?". Will this screw up previously set permissions?

Thanks.

I don't know, i never tried this so maybe just try ans see how the rights are modified.

Hi and thanks for this really good howto
Ok this may sound really stupid but I managed to start the daemon in the terminal but what addree do I have to type in my web browser to access my shared files from anywhere? (I am a newb..)
I'm kinda stuck...if anobody could help it would be really cool
thanks;)

nice guide!

I'm having some problems I hoped you could troubleshoot for me.

(I have no Linux or other OS CLI experience, just thought you should know.)

After setting up proftpd.conf and trying to restart the FTP server, I am getting this error:

nicholas@Kids Computer:~$ sudo /etc/init.d/proftpd restart
sudo: unable to resolve host Kids Computer
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd
- warning: unable to determine IP address of 'Kids_Computer'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd/proftpd.conf'
[fail]

Here is my proftpd.conf:

148937

Like I said, I have NO experience with Linux or setting up FTP servers. I am currently a student and would like to host my work from home so I can access it from school.

If anyone would like to help me you can contact me at stayblind@gmail.com or my AIM is USDLatimer2003. I will also be checking back here.

Any help is appreciated. :)

Change the following lines :
UserAlias C.F userftp
ServerName "C.FTP"

One must choose simple names for these parameters (Don't use "." "-" "_" ...) to avoid problems.

Hi,
I've encountered an error whenever I tried to initiate a SFTP session on another PC and what I get is:

Status: Connecting to xx.xx.xx.xx...
Response: fzSftp started
Command: open "xxx@xx.xx.xx.xx" 22
Error: Could not connect to server
Status: Waiting to retry...


and,
i kept getting the "first attempt" of entering passphrase wrong, but the second attempt is always correct.

sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ OK ]
* Starting ftp server proftpd
Please provide passphrases for these encrypted certificate keys:
RSA key for the 127.0.1.1#21 (xxx) server:
Verifying - RSA key for the 127.0.1.1#21 (xxx) server:

Passphrases do not match. Please try again.
RSA key for the 127.0.1.1#21 (xxx) server:
Verifying - RSA key for the 127.0.1.1#21 (xxx) server:
[ OK ]


anyone know what happened?
is there a bug with the passphrase entering command?
first time always wrong passphrase but second will be correct. i'm very sure it's typo the first time... i've tried copy and paste the password when prompted... so there couldn't be any typo.

and the SFTP error too.

Curtis

Hello,

This is my first FTP build and everything seems to be good except a few last things.

Let me explain a little about my build:
- running the latest long term support ubuntu 8.4 I believe server so no gui
- proftpd does not allow you to manage virtual users so I was forced to create system users
- users are "jailed" via proftpd.conf to the "/home/baseuser/vendor" dir's, none have /bin access and use that path as their home dir as well
- each vendor is the owner of their dir and is a member of a vendors group so that the baseuser can allocate files to each users dir
- standard FTP xfer works fine each vendors

Problem:

SSL quit working


at first I could connect with either SSL or passive FTP
SSL quit working when I tried to force it at connection in proftpd.conf
I commented it back out and now SSL connections look like this:
220 ProFTPD 1.3.1 Server (The FTP Server) [::ffff:#.#.#.#] AUTH SSL
234 AUTH SSL successful
PBSZ 0
- I seem to connect but I can not access the dir's and it kicks me out immediately


Even when I uncomment the #Include /etc/proftpd/tls.conf section I have no luck. I shouldn't need it as I entered my own RSA info already.

Here is a close copy of my proftpd.conf file any help is appreciated:




I got the same problem with fireftp, everything shows succesfull but no directory listing and im not connected.

So I tried Filezilla with explicit SSL and BANG it works!
How do I get Fireftp to work as well tho?

Does Fireftp supports FTP with full TLS encryption ? I know filezilla does but i'm not sure about Fireftp.

I follwed the instruction precisely, but no luck with TLS/SSL connection. When i sniff the packets, i can see the username and passwd in plain text.

You shouldn't, check that you force the use of TLS encryption in your config.

I'm getting that 530 error with proftpd, and am at my wit's end trying to debug it.
This is a really excellent thread, however, so I hope someone could please help me to see the error of my ways. :/

I've attached my proftpd.conf file, which I attempted to resemble the example shown at the beginning of this thread.

To start with, there's my error message:
ftp -P 1024 avatar@184.73.199.128
Connected to 184.73.199.128.
220 ProFTPD 1.3.1 Server ready.
331 Password required for avatar
Password:
530 Login incorrect.
ftp: Login failed

Here's what my ftp directories look like:
drwxr-xr-x 2 root nogroup 4096 2010-03-23 18:14 ftp
drwxr-xr-x 4 root nogroup 4096 2010-04-02 15:02 FTP-shared

and in FTP-shared:
drwxr-xr-x 4 root nogroup 4096 2010-04-02 15:02 .
drwxr-xr-x 5 root root 4096 2010-04-02 14:56 ..
drwxr-xr-x 2 root root 4096 2010-04-02 15:02 download
drwxrwxrwx 2 root root 4096 2010-04-02 15:02 upload

I can start/stop proftpd fine, and I can see it is listening on port 1024 (this is at Amazon Web Services):
> netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 1217/apache2
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1120/sshd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 21309/postgres
tcp 0 0 10.252.46.20:22 67.173.232.99:49383 ESTABLISHED 1572/1
tcp 0 288 10.252.46.20:22 67.173.232.99:49373 ESTABLISHED 1531/0
tcp 0 0 10.252.46.20:21 67.173.232.99:50187 TIME_WAIT -
tcp6 0 0 :::1024 :::* LISTEN 2108/proftpd: (acce
tcp6 0 0 :::21 :::* LISTEN 26636/xinetd
tcp6 0 0 :::22 :::* LISTEN 1120/sshd
tcp6 0 0 :::5432 :::* LISTEN 21309/postgres
udp 0 0 127.0.0.1:32769 127.0.0.1:32769 ESTABLISHED 21309/postgres
udp 0 0 0.0.0.0:68 0.0.0.0:* 799/dhclient3



Any help will be much appreciated! (Trying to get this finished for a client!)

Thanks in advance,
Rick

Try to set it on port 21 for debug purpose, try to reset the password using command line, check directory rights, disable IPV6 if you don't need it.

These are the things i would try if i was in your case.

Can someone help me to tighten my security up. I dont wanna users to be able to browse through root dir. I don't know what shell to use. I have a Download and Upload map. I just want users to be able to browse through these dir's and nothing else.

the easiest i've seen

Can someone help me to tighten my security up. I dont wanna users to be able to browse through root dir. I don't know what shell to use. I have a Download and Upload map. I just want users to be able to browse through these dir's and nothing else.It's the purpose of the DefaultRoot command to define in which directory to lock users. Play with it to get what you're looking for.

Hello,
First of all, thank you for this great HOWTO!!

I had it working for a year, then i change the location of the folders to /var/www after that everything screwed up. I got the 530 Login incorrect, everytime i try to login. I tried to change the user accounts but that didnt work so i changed it back to the exact same thing as in your howto.

i have now recover it back to /home/userftp and the logins. But i still get the 530 Login incorrect.

Any ideas?

My system is Debian etch with no X and ProFTPD Version 1.3.0.

I really need help this.

Thanks

/Martin

Hello, thank you for your HOW TO.
Im newbie in proftpd configuration , I need your help. I'm trying to configure proftpd and I'd like to add new user, whom isn't created under ubuntu users and groups. I need special user, which can log in to my FTP but doesn't to UBUNTU. Please help I'm noob, sry for my eng. Please show my any example configuration.

I need special user, which can log in to my FTP but doesn't to UBUNTU. Please help I'm noob, sry for my eng. Please show my any example configuration.First thing why ?

Anyway standard proftpd config don't allow this however there is an alternative way to create FTP users which is not covered in this tutorial. See here for details:
http://www.proftpd.org/localsite/Userguide/linked/c572.html#AEN576

I'm using ProFTPd, and have followed http://ubuntuforums.org/showthread.php?t=79588.

I get 530 Login incorrect error, although I've quintuple-checked that alias, username, folder permissions, port and password are correct. Anyone know what to do?

My proftp.conf: http://paste.ubuntu.com/414711/

EDIT: I found the error, I put the conf in /etc/ instead of /etc/proftpd/. Maybe update first post to say Edgy eft and later?

Thanks for the guide, though.

Hey all, I seem to be having some troubles, not sure exactly what is going wrong. Can anyone take a look at my errors and see whats up? Thanks

mikey@ubuntu:~$ sudo apt-get install proftpd gproftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting proftpd-basic instead of proftpd
E: Couldn't find package gproftpd
mikey@ubuntu:~$ sudo apt-get install proftpd-basic
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
libstdc++6-4.3-dev libconvert-binhex-perl libqca2 libsoap-lite-perl libmime-types-perl libcrypt-ssleay-perl
libnet-ssleay-perl g++-4.3 libass1 libossp-uuid-perl libdvbpsi4 libmime-tools-perl libossp-uuid15 libx264-65
libio-stringy-perl libnet-google-perl libemail-date-format-perl nullmailer libphonon4 libmime-lite-perl
libfcgi-perl libid3tag0 libjcode-pm-perl libio-socket-ssl-perl libvlccore0 qt4-qtconfig libnet-libidn-perl
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
openbsd-inetd
Suggested packages:
proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite
The following NEW packages will be installed
openbsd-inetd proftpd-basic
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
Need to get 836kB of archives.
After this operation, 2,195kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Err http://gb.archive.ubuntu.com karmic/main openbsd-inetd 0.20080125-2ubuntu1
Cannot initiate the connection to gb.archive.ubuntu.com:80 (2a01:450:10:1::10). - connect (101: Network is unreachable) [IP: 2a01:450:10:1::10 80]
Err http://gb.archive.ubuntu.com karmic/universe proftpd-basic 1.3.2-3
Cannot initiate the connection to gb.archive.ubuntu.com:80 (2a01:450:10:1::10). - connect (101: Network is unreachable) [IP: 2a01:450:10:1::10 80]
Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/main/o/openbsd-inetd/openbsd-inetd_0.20080125-2ubuntu1_i386.deb Cannot initiate the connection to gb.archive.ubuntu.com:80 (2a01:450:10:1::10). - connect (101: Network is unreachable) [IP: 2a01:450:10:1::10 80]
Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/universe/p/proftpd-dfsg/proftpd-basic_1.3.2-3_i386.deb Cannot initiate the connection to gb.archive.ubuntu.com:80 (2a01:450:10:1::10). - connect (101: Network is unreachable) [IP: 2a01:450:10:1::10 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
mikey@ubuntu:~$


EDIT: this was fixed by gedit /etc/apt/sources.list and removing gb. from gb.archive.ubuntu.com

You should maybe include this in the FAQ as I am relatively sure it is a common problem among newbies like myself, took me the better part of 2 or 3 hours to figure this out, port conflicts, frustration is thy name.


ProFtpd...Unbindable port 21

http://ubuntuforums.org/archive/index.php/t-822706.html

The problem is the default FTP service installed in Ubuntu Server (yeah, I should've known) that you just comment out in the /etc/inetd.conf

Added to first post in last section, thanks for helping it is more than welcome :)

hello frodon

i wanna thank you for ya verryyy goood tutorial right here! :) but as you can imagine, i got also a lil problem with my proftpd.conf....so let me explain...

my conf-file is as like as yours!! only a few changes (port, servername, etc) :)

when i log in with my user "userftp" i can directly see /home/FTP-shared! soo thats fine, ok...BUT now...when i click to go "BACK" in the directories, i can navigate through the whole pc!!!!! please tell me how i can LOCK INTO HOMEDIRECTORY!!!?? because...in the proftpd.conf i see the line with the right commands!

sorry my ubuntu is in an virtual machine and i can't copy and paste ^^
i will post the conf-file....

thx for your help
p.s. i saw a line wich contains MAYBE the problem?! ...this here:

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> <---- maybe one of these have to be changed or somethin like that?!??

big big thx....
bye
Fil

Check the home directory you set for your ftp user, in the proftpd.conf file the Default DefaultRoot command is the one which define where to lock the user (either ~ for the users's home dir or a complete path).

hello frodon

i wanna thank you for ya verryyy goood tutorial right here! :) but as you can imagine, i got also a lil problem with my proftpd.conf....so let me explain...

my conf-file is as like as yours!! only a few changes (port, servername, etc) :)

when i log in with my user "userftp" i can directly see /home/FTP-shared! soo thats fine, ok...BUT now...when i click to go "BACK" in the directories, i can navigate through the whole pc!!!!! please tell me how i can LOCK INTO HOMEDIRECTORY!!!?? because...in the proftpd.conf i see the line with the right commands!

sorry my ubuntu is in an virtual machine and i can't copy and paste ^^
i will post the conf-file....

thx for your help
p.s. i saw a line wich contains MAYBE the problem?! ...this here:

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> <---- maybe one of these have to be changed or somethin like that?!??

big big thx....
bye
Fil

Have you put
DefaultRoot ~
in the config file?

hey guys!

yess, guys... i got the lines in my config-files!! thats why i'm about to get crazy!! :P
i have this

DefaultRoot ~

and i also tried the whole path, like u said, frodon!

DefaultRoot /home/FTP-shared

but no chance!! i can navigate trough my whole computer! :(

sorry....i forgot my conf.file...

-------------------------------------------------
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "mein ftp server"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "willkommen daheim"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
---------------------------------------------------------------------------------------------------------------

Can you attach the three log files?

I bet your ftp user (userftp) don't have "/home/FTP-shared" well set as home directory as the DefaultRoot ~ command will look this field to know where to lock the user.

hmmmm when i go to SYSTEM - USER AND GROUPS......i see my accounts...once my personally account (mcfil) and once the user "USERFTP". so, now when i click preferences, there is a field with "personally folder - /home/FTP-shared" <<<--- well, guys...so thats right!!! or not?!??

If there's no typo it should be right but i have seen some strangeness already with user creation. So either re-create your user or save it again then reboot, maybe things have not been updated.

okay i will try it...i've set the usercreation by your howto...via console..next time i will try to do it via GUI...let me test.....:)

thx a lot bye bye

//EDIT//

no chance, frodon! i tried...i've created "userftp" via GUI, edited new the proftpd.conf...nothin..still the same problem! its veryyy veeeerry strange! :(

no ideas?! :( i think i have to go back to windows server 2008! :((((

Hey All,

I am trying to figure out how to get the permissions for the ftp folders to work correctly.
I have 2 different users setup just for the FTP access userftp and user2 what I want to do is all userftp to download from the download folder only. And then user2 I want to allow them to upload files to the upload folder only. How do I do this? Below is a copy of my proftpd.conf file. Most of this file I have taken from other peoples posts on this forum and then made some changes to it.

Thanks

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias upload userftp

ServerName "McDade-Woodcock FTP Test Server"
ServerType standalone
DeferWelcome on

MasqueradeAddress my.ip.is.here
PassivePorts 60000 60100 #this is a range, not just two ports

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin on

# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (use it to ban users by
just writing their username in it)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security
reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's FTP Test Server"
# This message is displayed for each access good or not
ServerIdent on "McDade-Woodcock FTP Test Server"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~

MaxLoginAttempts 3

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Your config looks good, you just need to define an alias name for user2.

i added user2 as an UserAlias but when I restarted the FTP server I can't logon to the ftp site using any of the user logins. I get error 530. I have been messing with this thing all morning and I can't get it working. What am I doing wrong? ](*,)


#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias upload userftp
UserAlias upload user2

ServerName "McDade-Woodcock Test FTP Server"
ServerType standalone
DeferWelcome on

MasqueradeAddress 192.168.1.65
PassivePorts 60000 60100 #this is a range, not just two ports

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

RequireValidShell on

TimeoutLogin 20

#RootLogin on

# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (use it to ban users by
#just writing their username in it)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security
#reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's test FTP Server"
# This message is displayed for each access good or not
ServerIdent on "MWI ftp server"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~

MaxLoginAttempts 3

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
Allowuser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Ok, i think you missed a point about user alias and LIMIT LOGIN section.

In LIMIT LOGIN sections what you allow or deny is real system user(s) and each of these allowed system users should have an alias to login (when you login you use the alias name).
In your case your system users have both the same alias name "upload" so this can't work.

Hey Frodon,

Your last post makes total sense! Thanks for helping me understand that part of the conf file. I am pretty new to Ubuntu so this is all very interesting, new and frustrating! Thanks for your help!!! I am very grateful for it!

But.... It's still is not working. I changed the Alias to the following:

UserAlias download userftp
UserAlias upload user2

still no go.... :(
I even added my user user profile to the conf file as a test, with a Alias as well and still no go...

Could there be something wrong with the user profiles?

Thanks


#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias download userftp
UserAlias upload user2

ServerName "McDade-Woodcock Test FTP Server"
ServerType standalone
DeferWelcome on

#MasqueradeAddress 192.168.1.65
PassivePorts 60000 60100 #this is a range, not just two ports

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (use it to ban users by
#just writing their username in it)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security
#reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "Welcome to McDade-Woodcock's test FTP Server"
# This message is displayed for each access good or not
ServerIdent on "MWI ftp server"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~

MaxLoginAttempts 3

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
Allowuser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>
<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

I bet that your FTP server name is too complex, keep your server name as simple as possible and try again.

BTW, use QUOTE next time to post your config file, it's easier to read ;)

Still nothing. I changed ServerName to "MWI" and the ServerIdent to "MWI" as well and still nothing...

Ok, so if you have still the 530 error then it is either a directory rights, user password or home network issue.

Be sure to perform your test from the same computer that runs the server for debug.

good tutorial. works perfectly!

but, how can i add an anonymous user tu access ftp://mydomain.com without password ? like public one.

I have tried this scrips.The server works, but when authenticating The ftpuser (guest in my case) cant get access to FTP-shared .The ftp client (fireftp) never gets access.No error is displyed, so I think something must be wrong with the ownership of the folders.In my case the folder are owned by root .

Hi, when I attempt to activate gftpd with gadmin I get " - Fatal: TLSRSACertificateFile: '/etc/gadmin-proftpd/certs/cert.pem' does not exist on line 58 of '/etc/proftpd/proftpd.conf"
Any ideas on how to fix this? Thanks.

How does i fix so one user is locked into

/srcds

another locked into those two

/srcds
/var/www

The third is locked into this

/var/www


?

You have to use the DefautRoot command to suit your needs, by default in my tutorial the users are locked in their home directory but you can choose what you want there.

Over FTP i can edit only those files/folders which have chmod 0700 or more. If the chmod is lower than 0700, then i get error "Operation failed".

My proftpd.conf file:
#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
IdentLookups off

ServerName "***.**"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
DefaultRoot ~

RequireValidShell off
# AuthUserFile /etc/proftpd/ftpd.passwd
# AuthGroupFile /etc/proftpd/ftpd.group

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

# Normally, we want files to be overwriteable.
AllowOverwrite on

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

# Include /etc/proftpd/sql.conf

# Limit login permission only to users listed here
<Limit LOGIN>
DenyALL
AllowUser ragnis
</Limit>

<Directory ~>
<Limit READ WRITE STOR RMD DELE MKD>
DenyALL
AllowUser ragnis
</Limit>
</Directory>

So I recently logged into my FTP server and it seems I can get out of the two main directories. Now I've copied and pasted the conf file directly and I can still get out of the upload and download directory. So it looks like I may have to re-write this whole thing again. I'm a bit of a noob with Ubuntu so what would I have to do to start from scratch?

Hi guys I am having real trouble getting folder access rights to work via the proftpd.conf file.

I have set everything up as per the user guide and only want to make one change in that i want to only allow 1 user access to the upload and download folder and everyone else access to the download folder.

My Conf is below, is anyone able to help??


<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
AllowUser broker
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
AllowUser broker
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
HideNoAccess on

<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Could you post the whole config file and explain in detail what doesn't work please ?

yes sorry,

full config below, basically I only want user to be able to access the upload directory broker must only have access to the download directory, I have tried using the config examples to get this to work but when I log in as broker i am still able to access the upload dir and copy files etc.


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias user ftpuser
UserAlias fcbroker broker

ServerName "FC FTP Server"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-Shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser ftpuser
AllowUser broker
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
AllowUser broker
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
AllowUser broker
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
AllowUser broker
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
HideNoAccess on

<Limit ALL>
Order Allow,Deny
AllowUser ftpuser
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Except the duplicate <Directory /home/FTP-shared/download/*> section and the HideNoAccess command i don't realy know your config looks good.

If you perform a search in this thread you will see that some users got it working with a really similar config file. And if you really can't find any help here on ubuntuforums the proftpd forum can be of great help.

Will try to think about it but from my first look your config looks good.

How would I go about removing users, changing there usernames and there directorys?
many thanks
Jordan

Flawless tutorial. Used this several times.

ProFTPd FTW :D

I'm trying to establish an FTP server on my Ubuntu nettop to be used for some light file serving in my office. I don't need a lot of features, I just need something that's simple and easy to manage (I am a Mac user after all), so I went with Proftpd +GADMIN.

The trouble is, I simply can't get this to work. My goal is to have a single login that accesses a directory on an external drive. The user for this account is going to be called "transfer." I went ahead and created this user via the Users and Groups preference panel. It's set to be a member of the nobody group and the home directory is my target ftp share:

/media/ftp/transfers

Using GADMIN, I set up the following configuration file:


ModulePath /usr/lib/proftpd
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
LoadModule mod_dynmasq.c
LoadModule mod_ifsession.c
ServerType standalone
DefaultServer on
Umask 022
ServerName "mylocalipaddress"
ServerIdent on "ftp.myserver.com"
ServerAdmin support@myserver.com
IdentLookups off
UseReverseDNS on
Port 21
PassivePorts 49152 65534
MasqueradeAddress mylocalipaddress
TimesGMT off
MaxInstances 30
MaxLoginAttempts 10
TimeoutLogin 300
TimeoutNoTransfer 122
TimeoutIdle 122
DisplayLogin welcome.msg
DisplayChdir .message
User nobody
Group nobody
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress off
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 5000
TransferRate STOR 5000
TransferRate STOU 5000
TransferRate APPE 5000
SystemLog /var/log/secure
RequireValidShell off
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol SSLv23
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gadmin-proftpd/certs/cert.pem
TLSRSACertificateKeyFile /etc/gadmin-proftpd/certs/key.pem
TLSCACertificateFile /etc/gadmin-proftpd/certs/cacert.pem
TLSRenegotiate required off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
SaveRatios off
RatioFile "/restricted/proftpd_ratios"
RatioTempFile "/restricted/proftpd_ratios_temp"
CwdRatioMsg "Please upload first!"
FileRatioErrMsg "FileRatio limit exceeded, upload something first..."
ByteRatioErrMsg "ByteRatio limit exceeded, upload something first..."
LeechRatioMsg "Your ratio is unlimited."
</IfModule>
<Limit LOGIN>
AllowUser transfer
DenyALL
</Limit>

<Anonymous /media/ftp/transfers>
User transfer
Group nobody
AnonRequirePassword on
MaxClients 11 "The server is full, hosting %m users"
DisplayLogin welcome.msg
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
AllowOverwrite on
<Limit LIST NLST STOR STOU RETR RNFR RNTO DELE MKD XMKD SITE_MKDIR RMD XRMD SITE_RMDIR MTDM PWD XPWD SIZE STAT CWD XCWD CDUP XCUP >
AllowAll
</Limit>
<Limit APPE SITE SITE_CHMOD SITE_CHGRP >
DenyAll
</Limit>
</Anonymous>


When I attempt to connect to the server using the correct credentials, it replies:

530-Unable to set anonymous privileges.
530 Login incorrect.
ftp: Login failed

This differs from a bad login which returns:

530 Login incorrect.
ftp: Login failed

I don't intend to have any anonymous logins, though I'm not entirely sure if this is part of the problem. Either way, I've tried creating the transfer user within GADMIN first (allowing it to create the system user) and I've even tried setting it up as a virtual user with no system account. Neither approach works. I simply can't login.

Any ideas? I've been at this for some time now and I'm simply stumped.

Hello, I have a question.

What if I want user 1 to access both
/home/user1 (777)
AND
/var/www/user1 (777)

So I can give them both online and offline storage. So they can make their own website and stuff and still keep some files private.

Do I have to put separate users for this case? One for the /var/www/name and one for the /home/name?

Yep, you have to use separate users or bind one directory somewhere in the other (mount -o bind commands).

Tiny big problem!

I try to keep is as simple as possible. However I found out a security leak by doing so.

I wrote this:
sudo useradd USERNAME -p PASSWORD -d /var/www -s /bin/false
To create a username. And I assumed that -d /var/www would be not only default dir, but also the only allowed dir to be in. (+ sub dirs).

People who access this account, can also go outside the /var/www dir and view my other files.

Any easy way to restrict these users to their specific default dir (+ sub dirs) only? Lets say I have 4 users. All have individual dirs connected to them. Their own "space" on my server. They can do whatever they want inside the space, but are not allowed to go outside their default dir.

I hope you understand me. My knowledge in Linux is low. I use Ubuntu Server (terminal only).

The following command locks users in their home directory:
DefaultRoot ~
Keep only this DefaultRoot command in your config file.

After giving up the fight to make Samba and Windows 7 play nice, I am trying the old fashioned FTP approach to share files from a Linux server to a Win7 client. After noticing very few GUI options for FTP servers, I thought this guide would be a godsend. My hopes came crashing down, however, when I noticed this from my terminal...:

padraic@devon-2:~$ sudo aptitiude install proftpd gproftpd
sudo: aptitiude: command not found
padraic@devon-2:~$ sudo aptitude install proftpd gproftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Note: selecting "proftpd-basic" instead of the
virtual package "proftpd"
Couldn't find any package whose name or description matched "gproftpd"
Couldn't find any package whose name or description matched "gproftpd"
I know I used aptitude instead of apt-get, but aside from that detail I entered the command as listed in step 1. I haven't read quite all 16 pages of this thread quite yet, but is there a workaround to still get the GUI aspect of this? :confused:

Hello all.

I've followed the guide, and I have a problem trying to find out if it works.

Every time I use a standard sudo /etc/init.d/proftp command it sais: ProFTPd is started from inetd/xinetd. (even if i use the stop command).

When I use the force-stop i get
Warning: ProFTPd is started from inetd/xinetd (trying to kill anyway).
* Stopping ftp server proftpd [ OK ]

but when i use the force-start I get
* Starting ftp server proftpd athena - fatal: Socket operation on non-socket
[fail]

As you can assume I can't even login. My servertype is inetd, and not standalone. Should i try the standalone?

My proftpd.conf is most of it the example i found:
# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)

ServerName "Athena"
ServerType inetd

# Port 21 is the standard FTP port.
Port 21

# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>

# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"

User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>

# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
<Limit READ>
DenyAll
</Limit>

<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>

# A second anonymous ftp section. Users can login as "private". Here
# we hide files owned by root from being manipulated in any way.

<Anonymous /usr/local/private>
User bobf
Group users
UserAlias private bobf
UserAlias engineering bobf

# Deny access from *.evil.net and *.otherevil.net, but allow
# all others.
<Limit LOGIN>
Order deny,allow
Deny from .evil.net, .otherevil.net
Allow from all
</Limit>

# We want all uploaded files to be owned by 'engdept' group and
# group writable.
GroupOwner engdept
Umask 006

# Hide all files owned by user 'root'
HideUser root

<Limit WRITE>
DenyAll
</Limit>

# Disallow clients from any access to hidden files.
<Limit READ DIRS>
IgnoreHidden on
</Limit>

# Permit uploading and creation of new directories in
# submissions/public

<Directory submissions/public>
<Limit READ>
DenyAll
IgnoreHidden on
</Limit>

<Limit STOR MKD RMD XMKD XRMD>
AllowAll
IgnoreHidden on
</Limit>
</Directory>
</Anonymous>

# The last anonymous example creates a "guest" account, which clients
# can authenticate to only if they know the user's password.

<Anonymous ~userftp>
User userftp
Group nobody
AnonRequirePassword on

<Limit LOGIN>
AllowAll
</Limit>

# Hide all files owned by user 'root'
HideUser root


# Deny write access from all except trusted hosts.
<Limit WRITE>
Order allow, deny
Allow from 10.0.0.
Deny from all
</Limit>
</Anonymous>

Hi,
I tried to follow this and install Proftpd, it doesn't work at all. Won't install or work.

The following command locks users in their home directory:
DefaultRoot ~
Keep only this DefaultRoot command in your config file.

Thanks, your a life saver! :D

I think I messed a bit up. Any command I can do to view all the users I have added to the server? like proftpd -ls or something?

Some command that gives me a list of the usernames I have added? Or view a document?

If you followed the tutorial the users you created are system users therefore you just need to manage your system users.

The file /etc/passwd should contain all the users you created (and a bit more).

Hello,

how can one set maximum size of a directory?
Is it even possible to set such option?

I really tried to find a solution for this but i could not find it anywhere.

Thanks for any reply.

It seems you didn't choose the good keywords, what you are looking for is how to handle "quotas" with proftpd. Here are 2 links which should be a good start point for you :
http://www.proftpd.org/docs/howto/Quotas.html
http://www.castaglia.org/proftpd/modules/mod_quotatab.html

I'm sure you will find many other good websites and examples over the web or in the proftpd forum.

dude, as soon as i got connected i get disconnected! :(

Looking up xxxxx
Trying xxxxx
Connected to xxxx
Disconnecting from site xxxx
Waiting 30 seconds until trying to connect again

Hi all,
I've encountered 1 flaw.
I can connect using FTP but not FTPES.

All I get from FileZilla Client was
Resolving address of ftp.xxxx.com
17:38:02 Status: Connecting to xxxx:21...
17:38:02 Status: Connection established, waiting for welcome message...
17:38:12 Response: 220 Test FTP
17:48:09 Command: AUTH TLS
17:48:10 Response: 234 AUTH TLS successful
17:48:10 Status: Initializing TLS...
17:48:30 Error: GnuTLS error -9: A TLS packet with unexpected length was received.
17:48:30 Status: Server did not properly shut down TLS connection
17:48:30 Error: Could not connect to server
Then I've checked on my tls.log.
It's as follows
Dec 29 17:47:58 mod_tls/2.2.2[14786]: error loading TLSRSACertificateFile '/etc/ftpcert/server.csr':
(1) error:0906D06C:PEM routines:PEM_read_bio:no start line
(2) error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM lib
Dec 29 17:48:08 mod_tls/2.2.2[14786]: TLS/TLS-C requested, starting TLS handshake
Dec 29 17:48:34 mod_tls/2.2.2[14795]: error loading TLSRSACertificateFile '/etc/ftpcert/server.csr':
(1) error:0906D06C:PEM routines:PEM_read_bio:no start line
(2) error:140AD009:SSL routines:SSL_CTX_use_certificate_file:PEM liband as for my proftpd config, it's as follows:
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

Include /etc/proftpd/modules.conf

# Choose here the user alias you want
UserAlias test xxx1

ServerName "Test FTP"
ServerType standalone
DisplayLogin welcome.msg
DeferWelcome on
UseIPv6 off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 5
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "xxx"

# This message is displayed for each access good or not
ServerIdent on "xxx"

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=deta...=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
UseSendFile on

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/tls.log
TLSProtocol SSLv23 TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired on

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.csr
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off

# Allow SSL/TLS renegotiations when the client requests them, but
# do not force the renegotations. Some clients do not support
# SSL/TLS renegotiations; when mod_tls forces a renegotiation, these
# clients will close the data connection, or there will be a timeout
# on an idle data connection.
TLSRenegotiate none

</IfModule>

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser xxx1
DenyALL
</Limit>

#
<Directory /home/FTP-xxx/xxx1/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser xxx1
Deny ALL
</Limit>
</Directory>

#<Directory /home/FTP-xxx>
#Umask 022 022
#AllowOverwrite off
# <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
# DenyAll
# </Limit>
#</Directory>any idea what's going on?

I woud try to re-generate the certificate in that case.

hmm, I'm using a non self-signed cert (cert signed by CA) also, I've solved it by changing from TLSRSACertificateFile /etc/ftpcert/server.csr to TLSRSACertificateFile /etc/ftpcert/server.crtbut, connecting via LAN does work for me but not when I connect from WAN.
I get the following error on FileZilla while testing on WAN.
Resolving address of ftp.xxxx.com
Status: Connecting to xxxx:21...
Status: Connection established, waiting for welcome message...
Response: 220 Test Server
Command: AUTH TLS
Response: 234 AUTH TLS successful
Status: Initializing TLS...
Error: GnuTLS error -73: ASN1 parser: Error in TAG.
Error: Could not connect to serverand in tls.log it's as follows:
Dec 30 06:04:59 mod_tls/2.2.2[3860]: TLS/TLS-C requested, starting TLS handshake
Dec 30 06:05:01 mod_tls/2.2.2[3860]: unable to accept TLS connection: received EOF that violates protocol
Dec 30 06:05:01 mod_tls/2.2.2[3860]: TLS/TLS-C negotiation failed on control channelalso, another issue... sorry for the trouble! ](*,)

I can't seems to get implicit ftp over ssl/tls to work.
I get the following error on FileZilla as follows
06:07:53 Status: Connecting to xxx:990...
06:07:54 Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".
tried in LAN and WAN with LAN (private address) and WAN (ftp.xxx.com) and also tried using FileZilla in server itself (127.0.0.1), i get connection refused by server.
I've disabled the firewall and restarted the server but i still get the same error. :confused:

any idea, sir?

connecting via LAN does work for me but not when I connect from WAN.When i read this i think about network issue as if it works on LAN then it means the FTP server is ok.

So if it works on LAN i would exclude any FTP server issue, it is more likely home network issue be home network issue (router, firewall, switch, ...).

hmm, but what about the implicit ssl issue? tried turning off all firewalls on server and tested using filezilla on the machine itself (127.0.0.1) also doesn't work.
i get 06:07:53 Status: Connecting to xxx:990...
06:07:54 Status: Connection attempt failed with "ECONNREFUSED - Connection refused by server".

hya i m doing FTP server but my problem is the same i removed inetd to standalone and Rootlogin off
my problem is this i do that bla bla bla and then it says

root@ubuntu:/home/xubuntuforservers# sudo /etc/init.d/proftpd restart
ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.
root@ubuntu:/home/xubuntuforservers#

whata ???

My CFG

# # /etc/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes reload proftpd after modifications. # ServerName "FTP Server" Serverident on "FTP" ServerType standalone DeferWelcome off TimesGMT off MultilineRFC2228 on #DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayFirstChdir .message ListOptions "-l" DenyFilter \*.*/ AllowForeignAddress on AllowRetrieveRestart on # Uncomment this if you are using NIS or LDAP to retrieve passwords: #PersistentPasswd off # Uncomment this if you would use TLS module: #TLSEngine on # Uncomment this if you would use quota module: #Quotas on # Uncomment this if you would use ratio module: #Ratios on # Port 21 is the standard FTP port. Port 21 SocketBindTight on PassivePorts 11000 20000 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on AllowForeignAddress on AllowRetrieveRestart on AllowStoreRestart on # Speed up the server, no DNS lookups, just plain ip's. Turn off when being hax0r3d. UseReverseDNS off IdentLookups off DefaultRoot ~ ExtendedLog /var/log/proftpd.all ALL # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. DelayEngine off <Anonymous ~ftp> User ftp Group nogroup UserAlias anonymous ftp DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off MaxClients 10 DisplayLogin welcome.msg DisplayFirstChdir .message AccessGrantMsg "Anonymous access granted for user %u connecting." MaxClientsPerHost 1 <Directory> #DenyAll TransferRate RETR 50 <Limit WRITE> DenyAll </Limit> </Directory>



HELPP!!! xD i m n00b xD

I just setup the FTP server. I can't connect to it.
Could someone please help me figure out what I did wrong?

I tried to turn debugging on:
proftpd -nd5
- notice: unable to bind to Unix domain socket at '/var/run/proftpd/test.sock': Permission denied
- mod_ctrls/0.9.4: binding ctrls socket to '/var/run/proftpd/proftpd.sock'
- notice: unable to listen to local socket: Address already in use
- parsing '/etc/proftpd/proftpd.conf' configuration
- parsing '/etc/proftpd/modules.conf' configuration
- mod_tls/2.1.1: using OpenSSL 0.9.8e 23 Feb 2007
- Fatal: SystemLog: unable to redirect logging to '/var/log/syslog.log': Permission denied on line 37 of '/etc/proftpd/proftpd.conf'


#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias docfxit userftp

ServerName "UbuntuAsterisk"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port a different # I chose

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User userftp
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /var/spool/asterisk/monitor

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /var/spool/asterisk/monitor>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/docfxit/Dnload/*>
#Download
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/docfxit/Dnload/>
#Upload
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


I'm trying to connect with:
port # a different # I chose
user userftp
Transfer Mode: Binary,
No Passive Mode

I have followed the instructions at the beginning of this thread.

Thank you,

Docfxit

Hey people,
I'm kinda noob in network stuff, so please bear with me.
I did as it was said in the first post (nice tutorial by the way, tnx a lot)
now i can connect to the ftp network with the administrator user-pass and access the whole file system.
but as userftp, i can't.
( i use Places > connect to server > FTP with login)

thanx in advance

good stuff thanks...workin on my ftp :]

i created SMF forums on my home server and needed FTP to be able to run install script. I made a symlink in /var/www/ called forums which points to /home/FTP-shared/upload/forum and I want it to be open to do whatever useftp user needs to do to it. It wouldn't let me download files from that folder but it would let me upload them. So I made some changes to the config but not sure if it's optimal settings. Here's what the folders settings are

<Directory /home/FTP-shared/upload>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNRF RNEF RNTO RMD XRMD READ>
AllowAll
</Limit>
</Directory>


are those ok?

I'm not sure symlink are fully supported, they are a high security risk for a FTP server anyway so i really don't recommend them even if you can get them to work. You can reach the same goal mounting a directory in another one (see first) post, it is fully supported and less risky.

I'm not sure symlink are fully supported, they are a high security risk for a FTP server anyway so i really don't recommend them even if you can get them to work. You can reach the same goal mounting a directory in another one (see first) post, it is fully supported and less risky.ok, will check out mounting /var/www/forums to /home/FTP-shared/upload/forum but are my limits or what have you ok? I mean, is there an easier way to do it instead of limit, then list everything, then AllowAll? thanks

The other way to do it would be not to use /home/FTP-shared/.... directories in your config file but /var/www/forums directory (think to put it as home dir for your ftp user), i think most users using the FTP server for their website do it this way.

For the LIMIT section i don't really know what to answer, there might be an easier way i guess, in my example i listed all i wanted to deny and all i wanted to allow to be sure of what is restricted and what is not.

Hi, thank you all the valuable information you have shared in this thread. Is there someone who can explain how the passive ports works and why isn't it enough with one port? Another question, why do we have to use MasqueredeAddress when the ftp server is behind a router? I have followed some advises from this thread so this isn't any problem for me (at the moment :)), I'm just curious how all this stuff works and the information at proftpd.org was quite small?

Helloo can everybody German???

Ich habe ein problem ich bekomme keinen 2ten user angelegt!!
kann mir einer erklären wie ich das genau mache???

translate with google translate:

I have a problem I can not get a 2nd user created!
can not explain exactly how I'm a?

MFG

i cant seem to get a second user created. i set it up exactly like the first one but it just doesnt work. i logged into my ubuntu with the user and it worked just fine, however i get a 530 login error trying to login to the ftp server with this user. userftp works fine. website does not. i mounted /var/www to the upload directory. everything for website looks the same as userftp..anyone have any ideas as to what im doing wrong? below is my .conf


Include /etc/proftpd/modules.conf
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias webmaster website
UserAlias lordofthenexus userftp


#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser website
DenyALL
</Limit>

ServerName "TheNexus"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "Welcome to The Nexus Wretch!!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
Order Allow,Deny
AllowUser website
AllowUser userftp
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser website
AllowUser userftp
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser website
Deny ALL
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

You miss "website" user in general <Limit LOGIN> section which is mandatory if i remember well.

yer the man! i dont know how i missed it but it works now thanks! and after many long days trying to get an ftp server up it wasnt until i found this thread that ive had any success. thank you so much for your instructions and support!

I HAVE A QUICK QUESTION.. I'M KINDA NEW... SO HOW DO I ACCESS THE FTP SERVER FROM ANOTHER COMPUTER... OR LINK IT TO A FTPPROGRAM LIKE
FILE ZILLA...


PLEASE email me if you can thank you :)


i really want to figure this out thank


renovatio988@gmail.com

I HAVE A QUICK QUESTION.. I'M KINDA NEW... SO HOW DO I ACCESS THE FTP SERVER FROM ANOTHER COMPUTER... OR LINK IT TO A FTPPROGRAM LIKE
FILE ZILLA...


PLEASE email me if you can thank you :)


i really want to figure this out thank


renovatio988@gmail.com


edit: did you read the post? and plz go ez on the caps... thx ;)

punch the address as
ftp://www.mywebsite.com/

You can specify the port number
ftp://www.mywebsite.com:21/

or a folder
ftp://www.mywebsite.com:21/myfolder

or user name
ftp://username@www.mywebsite.com:21/

i don't remember the password
you don't want to punch your password in the address bar anyway

edit: did you even read the thread? and plz go ez with the CAPS, thx ;)

I used this guide I think it is nice, but the only problem is the user is not locked into the directory!

This is not too bad of a problem because I do not broadcast that IP, but I still do not want an open system. I followed the guide to the "T" except for the directory is /home/XXX/Videos

Can you think of any reasons why it is letting the user go out of Videos?

Config file and user config detail please (i mean the user you created to use the FTP server) ?

Without this we can't help you.

Hello frodon,

Thankyou for your help in this thread.

I have Proftp running fine with Ubuntu 11.04.
Using dyndns.org also working fine.

What I would like to create is a user who can delete files.

I guess I need to use the <Limit > .. </Limit> rules. Could you give an example based on the code below please? ( I could not find what I needed to know in the thread search)

many thanks in advance.


#userftp1 to be allowed to delete files

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp1
AllowUser userftp2
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

I'm scared you will have to go with some reading of the Proftp documentation. The tutorial shows a way to limit access to directories to some users but all the allowed users in a directory have the same rights.

I'm pretty sure what you want to do is possible but the hard thing is to find the right way to do it and i'm not sure the way described in my tutorial is the way to go.

Maybe you should post your question in the proftp forum too, there are some good experts in this place.

Replace : ServerType inetdby : ServerType standaloneand it should work.

By the way the "RootLogin on" option is not really secure, if you don't know why you use it i advice you to put it off.

thanks this worked for me!
~Vikram

Hi all,

I got a problem when configure my ftp setting.
I has bind the user to their private folder, for example testuser bind to /usr/local/folder/testuser

I tried the setting on active mode, ok no problem. testuser can only see their folder only. But when I try in passive mode, the user can navigate to other folder. How to force the user to can only see their folder, no matter in passive or active mode.

Below is my config setting.

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
# DefaultRoot ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 40

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

MaxClients 9
MaxClientsPerHost 9
MaxClientsPerUser 9
MaxHostsPerUser 9

AllowForeignAddress off

# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

#VALID LOGINS
<Limit LOGIN>
AllowUser tfluxadmin
AllowUser testuser
DenyALL
</Limit>



<Directory /usr/local/folder/>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser tfluxadmin
Deny ALL
</Limit>

</Directory>

<Directory /usr/local/folder/testuser>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser tfluxadmin
AllowUser testuser
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>

</Directory>

<Directory /usr/>
Umask 077 077
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>

</Directory>

Add somewhere before the <Limit LOGIN> section the following command :
DefaultRoot /usr/local/folder/testuser The DefaultRoot command is the command allowing to define where to lock the user ("~" indicates the user's home directory but it is even better to give a hard path if it suit your needs).

Add somewhere before the <Limit LOGIN> section the following command :
DefaultRoot /usr/local/folder/testuser The DefaultRoot command is the command allowing to define where to lock the user ("~" indicates the user's home directory but it is even better to give a hard path if it suit your needs).

Thanks. It working now :D

How would I go about creating multiple FTP accounts to go along with apache?

I'd like something like this:

FTP Login Directory: /home/bob/
HTTP Root Directory:/home/bob/www

FTP Login Directory: /home/joe/
HTTP Root Directory:/home/joe/www

FTP Login Directory: /home/jack/
HTTP Root Directory:/home/jack/www

and I'd like them to be able to access something like:
http://<ip>/bob/
http://<ip>/joe/
http://<ip>/jack/

and maybe subdomains for them

I have another problem.
When using Flashget, my FTP connection will give error 530: Maximum user already login (9) after some time. I have add the maximum connection to 9, but still give me 530 error. Increase the maximum connection also give the same error after some time.

But when I try using IDM, no such problem.
Anything wrong in my config?


#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 on
# If set on you can experience a longer connection delay in many cases.
IdentLookups off

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"

DenyFilter \*.*/

# Use this to jail all users in their homes
DefaultRoot /usr/local/

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 40

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

MaxClients 9
MaxClientsPerHost 9
MaxClientsPerUser 9
MaxHostsPerUser 9

AllowForeignAddress off

# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?pag...LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

#VALID LOGINS
<Limit LOGIN>
AllowUser tfluxadmin
AllowUser testuser
DenyALL
</Limit>



<Directory /usr/local/folder/>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser tfluxadmin
Deny ALL
</Limit>

</Directory>

<Directory /usr/local/folder/testuser>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser tfluxadmin
AllowUser testuser
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>

</Directory>

<Directory /usr/>
Umask 077 077
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>

</Directory>

had a 530 message.
i would delete this post if i knew how. i figured it out i had an issue with my alias and user accounts

Hello!

I'm running ubuntu 11.10. I did what was in the quide and ftp works without any problems, but since I want to use this outside my LAN I want it to be secure. When I add TLS/SSL protection and modify conf file, I'm still able to login to ftp server with normal unsecure connection. But when I try to use sftp or ftps then it just stucks to verifying TLS.

And Also I get following warning when I restart proftpd server:

- mod_tls/2.4.2: compiled using OpenSSL version 'OpenSSL 1.0.0d 8 Feb 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' library
- mod_sftp/0.9.7: compiled using OpenSSL version 'OpenSSL 1.0.0d 8 Feb 2011' headers, but linked to OpenSSL version 'OpenSSL 1.0.0e 6 Sep 2011' library
- mod_tls_memcache/0.1: notice: unable to register 'memcache' SSL session cache: Memcache support not enabled




Here's what's in my proftpd.conf file:
------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------

<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/log/proftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired ON

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

Include /etc/proftpd/modules.conf


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias micro userftp

ServerName "Ubuntuserver"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 5

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "ftp server open"

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------

please help me

Thank you very much for this nice writeup!

I finally found a way to mount an external folder via ftp.

Was having a tough time doing it with vsftpd.

This one seems alot more better :)

I have a question though.

When i run ftptop and then press 't'

the rate of download in KB/s is shown as -NeN and the Progress stays at 0% although the download rate is about 165KB/s and progress is at 4%.

Why is this happening and what can i do to get the correct readings?

Hi,

I'm hoping you'll be willing to cast an expert eye over this little conf file.

I've inherited the admin of a webserver and am trying like mad to learn a bit more linux & work out what it's doing.

At the moment I'm just trying to back up one of the domains using Wordpress. For this I need FTP access.

I can log into the server using ssh, I know for certain the password of the adm account as I've just set it.

The problem is that I can't log in at all using FTP. I always get a 530 error.

I have cut down the proftpd.conf file an awful lot getting rid of the extras, and am left with this:



# Server Config — config used for anything outside a <VirtualHost> or <Global>
# See: http://www.proftpd.org/docs/howto/Vhost.html


ServerName “ProFTPD server”
Serverldent on “FTP Server ready.”
ServerAdmin root@localhost
DefaultServer on
RootLogin on

# Don’t do reverse DM5 lockups (hangs on DNS problems)
UseReverseDNS off

# Set the user and group that the server runs as
User nobody
Group nobody

Maxlnstances 20

# Disable sendfile by default since it breaks displaying the download speeds in
# ftptop and ftpwho
UseSendfile off

# Define the log formats
LogFormat default “%h 11 %u %t \“%r\” s b”
LogFormat auth “%v (%P3 %h %t \“%r\” %s”

UseFtpUsers off
AllcwStoreRestart on
DefaultRoot —


#VALID LOGINS
<Limit LOGIN>
AllowUser adm
AllowUser root
DenyALL
</Limit>

AccessGrantMsg “Login ok, Welcome to the server.”
MaxClients 10 “Sorry, max %m users —— try again later”
DisplayLogin /welcome.rnsg
DisplayChdir .message



It looks to me to be nicely simple, I know root's listed there, I'm just trying to get it to work .


Given that I'm in the server by another route with the same accounts & credentials, could anyone give me an idea as to why the 530 please?


Many thanks,
Pauliolio

Hello,

I cannot make userowner working.
I want that any user create files and dirs owned by nobody:nogroup rather than the logged user.
Here is my proftpd.conf file
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName "ProFTPD"
ServerType standalone
DefaultServer on

# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
#Umask 022
Umask 002

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
#Group nogroup

# Normally, we want files to be overwriteable.
<Directory /opt/lampp/htdocs/*>
AllowOverwrite on
</Directory>

# only for the web servers content
#DefaultRoot /opt/lampp/htdocs
DefaultRoot ~/ftp-root

# nobody gets the password "lampp"
UserPassword nobody wRPBu8u4YP0CY

# nobody is no normal user so we have to allow users with no real shell
RequireValidShell off

# nobody may be in /etc/ftpusers so we also have to ignore this file
UseFtpUsers off

I tried with no luck
<Directory /opt/lampp/htdocs/*>
AllowOverwrite on
UserOwner nobody
GroupOwner nogroup
</Directory>

Please help me :(