There's some support for this guide in the hoary section
Some questions are already answered in the OLD THREAD (http://www.ubuntuforums.org/showthread.php?t=51611) ,if you need support you should read it before posting here.

I created this How to for people who want to share files with friends using FTP protocol, like FTPservU under windows. The way i give you is not the only one, I hope my How to is enough clear.
This FTP server will allow only users with the good password (persons to whom you gave the password and username). So you will be sure that only known persons will access your FTP server.

A- The GUI way (for beginners only)

For those who are new to linux and don't want to use a FTP server without GUI, or just for those who don't use often their FTP server and wish to set it quickly without a high level of security, there is a GTK GUI for proftpd.
Be careful, it's less secure than configuring yourself your server.

1- Install proftpd and gproftpd with synaptic or with this command :
sudo apt-get install proftpd gproftpd2-Play with the GUI and set up quickly your server.
Beware no support is offered here for this tool but it shouldn't be too hard to use.


B- The secure way


1- Install proftpd with synaptic or with this command :
sudo apt-get install proftpd
2- Add this line in /etc/shells file (sudo gedit /etc/shells to open the file) :
/bin/false Create a /home/FTP-shared directory :
cd /home
sudo mkdir FTP-shared Create a user named userftp which will be used only for ftp access. This user don't need a valid shell (more secure) therefore select /bin/false shell for userftp and /home/FTP-shared as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System > Administration > User & Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false
sudo passwd userftp In FTP-shared directory create a download and an upload directory :
cd /home/FTP-shared/
sudo mkdir download
sudo mkdir uploadNow we have to set the good permissions for these directories :
cd /home
sudo chmod 755 FTP-shared
cd FTP-shared
sudo chmod 755 download
sudo chmod 777 upload
3- OK, now go to the proftpd configuration file :
sudo gedit /etc/proftpd.confor for edgy eft (ubuntu 6.10) :
sudo gedit /etc/proftpd/proftpd.conf
and edit your proftpd.conf file like that if it fit to your need :

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "ChezFrodon"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want)
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user : sauron
password : the one you've set for userftp

4- To start/stop/restart your server :
sudo /etc/init.d/proftpd start
sudo /etc/init.d/proftpd stop
sudo /etc/init.d/proftpd restartTo perform a syntax check of your proftpd.conf file :
sudo proftpd -td5To know who is connected on your server in realtime use "ftptop" command (use "t" caracter to swich to rate display), you can also use the "ftpwho" command.
other informations here (http://doc.gwos.org/index.php/DapperGuide#How_to_install_FTP_Server_for_File_Tra nsfer_service)


C- Advanced tricks

1- Enable TLS/SSL encryption (FTPS)
** Inportant note : proftpd versions before 1.3.2-rc2 may not work with latest filezilla versions using TLS encryption. See raymond.szebin's post for details.
(http://ubuntuforums.org/showpost.php?p=8239887&postcount=1081)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.

here are the steps to enable TLS/SSH encryption (FTPS (http://en.wikipedia.org/wiki/FTPS)):

Paste these commands in a terminal :
sudo apt-get install build-essential
sudo apt-get install libssl-dev
cd /etc
sudo mkdir ftpcert
cd ftpcert/
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl genrsa -des3 -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
** download the sign.sh file (at the bottom of the post) and put it in ftpcert directory **
sudo chmod +x sign.sh
sudo ./sign.sh server.csr

Then add this section to yout proftpd.conf file :
<IfModule mod_tls.c>
TLSEngine on
TLSLog /var/ftpd/tls.log
TLSProtocol TLSv1

# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off

# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key

# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt

# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>


If you use edgy or proftpd 1.3 in general add this line at the beginning of your proftpd.conf file, it will load all the extra modules like mod_tls.c :

Include /etc/proftpd/modules.conf

Note - Use TLSRequired ON to force the use of TLS. OFF means that the use of TLS is optional.

Optional step:
You will notice that you will be asked for the password you set for the server.key file each time you start/stop/restart the server, it is because the RSA private key is encrypted in the server.key file.
The solution is to remove the encryption of the RSA private key but it makes the key readable in the server.key file which is obviously less secure, anyway if you do that make sure that the server.key is readable only by root.
Once you know that it's less secure here are the command lines to remove the encryption of the RSA private key :
cd /etc/ftpcert
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Here are some links to read in case of problems or just to get more informations :
http://www.modssl.org/docs/2.7/ssl_faq.html#cert-ownca
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html

To use your TLS encrypted FTP server you will need a FTP client which support it like the latest versions of filezilla (the one present in the feisty repository has the TLS support).
In filezilla the option to use is called FTPES.

Thanks to nix4me for the help he provided and for the instructions.

2- Restrict access for some users
Some of you wish, for different reasons, to create more than one user and give a different access depending on the user.
For example if i create 2 users, one called user1 and the second called user2 and then want to deny access to the download directory for user2, You can do it as following :

First create the 2 users like userftp in the guide and give them alias names if you use aliases. Then allow your 2 users in the general LIMIT LOGIN section :
#VALID LOGINS
<Limit LOGIN>
AllowUser user1
AllowUser user2
DenyALL
</Limit>Once done here is how to modify the directory sections to chose who is able to use which directory :
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off

<Limit ALL>
Order Allow,Deny
AllowUser user1
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser user1
AllowUser user2
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>Note - user2 will see the download directory but will not be able to enter the directory.

That's all


Misc
Best Common Practices - Everyone should read this
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-BCP.html

ProftpTools 1.0.1
ProftpTools is a script I wrote thanks to swoop's feedback. This script allow you to start/stop proftpd, mount/unmount auto/manually directories, show your IP, ... and all of that with a GUI in order to use proftpd in a really easy way !
To install ProftpTools, download ProftpTools-v1.0.2.tar.gz (at the bottom of the page) and untar it where you want and then move the ProftpTools file in /usr/bin :
tar -xzvf ProftpTools-v1.0.2.tar.gz
cd ProftpTools-v1.0.2/
sudo mv ProftpTools /usr/bin/Then add these lines in your .bashrc (it's in your home directory : gedit /home/username/.bashrc) file in order to specify what is the ProftpTools directory path, YOU MUST REMOVE THE "/" CHARACTER at the end of the path. I give you an exemple if your ProftpTools directory is in your home directory :
ProftpTools_dir=/home/username/ProftpTools-v1.0.2
export ProftpTools_dirNow all you have to do is to type ProftpTools in a terminal and .... enjoy :smile:
You need zenity installed to use this script.

Don't hesitate to post in this thread or send me PM to report bugs, ask new features, correct my english, suggest improvement ;-) and thank you to give me feedback about this tool.

useful trick :
This trick is integrated in ProftpTools.
If you don't want (like me ;-) ) to use space in your /home directory, and use space on another hard drive, or if you just want to share a directory from another partition ... you can mount the directory you want in your download or upload directory without changing anything in proftpd.conf file, use these commands :
sudo mount -o bind the_directory_you_want_to_share /home/FTP-shared/download
or
sudo mount -o bind the_directory_you_want_to_use_for_upload /home/FTP-shared/uploadThis command will not overwrite the directory, the idea is just to mount a directory in another one without overwritng anything, so when someone will log in your server he will see and use the mounted directory if you have mounted one. To unmout a directory (download directory for exemple):
sudo umount /home/FTP-shared/downloadPermanent mount :
If you don't want to re-mount your directories after a reboot you can add a line in fstab file like that (sudo gedit /etc/fstab to open the file) :
the_directory_to_mount /home/FTP-shared/download vfat bind 0 0thanks reet ;-)

If you want to create other directories in FTP-shared, think to add it in proftpd.conf file.
Don't hesitate to test yourself your server using gFTP for exemple, it's really helpful to debug your server.

Other stuff/Troubleshooting/FAQ
If you have a router you should read that (http://www.proftpd.org/localsite/Userguide/linked/x862.html), it describe the 2 commands to add in proftpd.conf and why.
If you have a dynamic DNS have a look here (http://doc.gwos.org/index.php/DapperGuide#How_to_assign_Hostname_to_local_machin e_with_dynamic_IP_using_free_DynDNS_service), you can also use ddclient (http://linux.cudeso.be/linuxdoc/ddclient.php)(maybe easier for newbies).
If you have Unbindable port 21 issue please refer to this post (http://ubuntuforums.org/showthread.php?t=79588&page=114) from mustacheride.
Most of informations you're looking for are here (http://www.proftpd.org/)
To get more debug informations : http://www.proftpd.org/localsite/Userguide/linked/x1058.html
You can specify a specific passive port range using PassivePorts (http://www.proftpd.org/localsite/Userguide/linked/config_ref_PassivePorts.html) command, it's very useful when you use a firewall (http://www.proftpd.org/localsite/Userguide/linked/x294.html) in order to know which ports to allow.

For those who have a firewall/router i advice to read this excelent post (http://www.ubuntuforums.org/showpost.php?p=680702&postcount=81) from mssm

Thanks for feedback, and sorry if my english is sometimes really bad :roll:

Don't hesitate to post questions about proftpd in this thread.

hi,
thanks for the howto, however, i have a problem.
i have a router and the proftpd site is not really informative... well at least not for a noob like me:) so... on the link, it says "First configure your ProFTPD install so that it works right from inside the NAT. There are example configuration files included with the source." now i downloaded the source and had a look on the config files, but i couldn't find anything relevant. any help on this?
also, i'm not sure if i entered the value of 'MasqueradeAddress' correctly. I entered my dyndns domain, so what i get is

attila@nanaki:/home/FTP-shared$ sudo /etc/init.d/proftpd restart
Password:
Restarting ProFTPD ftp daemon.proftpd.
..localhost.localdomain - 127.0.0.1:1980 masquerading as 84.0.161.247
proftpd.
done.
is thít what should happen? i'm just asking because i'm not sure :)

i did everything else as the guide said, and my problem is that i get a connection timeout. any help would be appreciated, thanks :)

I'm not a NAT expert because i have only a software firewall but i think this link (http://www.ubuntuforums.org/showthread.php?t=39566&highlight=proftp+nat) could help you, also in the original thread some users have used these commands with success, try to follow their example or send us a PM, your problem will be quickly solved. :p

strange, i get the 530 error when i try to log in... i've read the otheer forum but all my setting should match...


attila@nanaki:/home$ la
total 8.0K
drwxr-xr-x 55 attila attila 4.0K 2005-10-22 17:46 attila
drwxr-xr-x 4 userftp root 4.0K 2005-10-22 10:45 FTP-shared
attila@nanaki:/home$ la FTP-shared
total 8.0K
drwxr-xr-x 2 root root 4.0K 2005-10-22 10:45 download
drwxrwxrwx 2 root root 4.0K 2005-10-22 10:45 upload

sorry i'm almost sure i'm being lame but i cannot help it :) so here is my proftpd.conf as well, anyone could help?

You should comment the 2 last lines of your file because you have 3 active MasqueradeAddress lines in your file, and also try to change the password of the user, i already met persons who've got problems with the user password.
Your settings looks good, did you test the server with your own computer or with a friend ?

You should comment the 2 last lines of your file because you have 3 active MasqueradeAddress lines in your file, and also try to change the password of the user, i already met persons who've got problems with the user password.
Your settings looks good, did you test the server with your own computer or with a friend ?

changed the password, commented out the last two lines, still error 530. tested on my comp, and on a friend's one. :/

Hmm, have you tested to comment the MasqueradeAddress and PassivePorts lines to see if the problem come from these lines ? Because for me your configuration is ok, are you sure to put the good parameters in gFTP when you attempt to connect yourself to the server ?
Just in case give me the gFTP log and what you enter in the fields but i guess it's ok.
Also if you still have a 530 error it could be interesting to collect more debug infos (http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-Debugging.html).

Thanx for the howto, it works great! But I think it's strange that the xferlog has been empty two times now since I started to use my ftp server, is it cleared by default? Are there other logfiles aswell that proftpd use? I'am also thinking of using ssh(or some sort of crypto) on the proftpd server, anyone tried this?

What you're looking for is in the mod_tls module of proftpd, you should already have it (use the proftpd -l command to verify it).
There is a reference exemple here (http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html) and i think it's a good start to read this exemple.
If you get SSL/TLS working, send me a PM or post here and i will add this in the GUIDE.

Why do you want to use secure ftp protocol ? i'm just curious

changed the password, commented out the last two lines, still error 530. tested on my comp, and on a friend's one. :/You could try this command line :
sudo passwd userftpand then retype your password, it solve the problem for tspec who give me his feedback.

question:
i just did

apt-get install proftpd
then as root i unchecked the proftpd service at startup, so i can just
proftpd -n
whenever i want to (because i only run it sometimes...when i need it). however i did not make many changes to my proftpd.conf file (just made it type=standalone)... i didn't change any permissions or anything... i figure this is secure enough for me since i only start it when i want to move some files and then end it when im finished... is this ok?

I just installed Breezy Badger and am having some problems running certain services/servers...

when I do
apt-get install proftpd

it says
Couldn't Find Package proftpd

herot, if you want to disable proftpd on startup you could just go in System > Administration > Services, it works well. If your configuration is ok for your need and if you will not use proftpd often and for a long time, it might be enough secure like that.

atomicski, it seems that you haven't enable all the repositories. Open your source.list file :
sudo gedit /etc/apt/sources.listthen check that you have these lines, if not add them :
## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu breezy-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu breezy-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team.
deb http://archive.ubuntu.com/ubuntu breezy main universe multiverse restricted
deb-src http://archive.ubuntu.com/ubuntu breezy main universe multiverse restricted

deb http://security.ubuntu.com/ubuntu breezy-security main restricted
deb-src http://security.ubuntu.com/ubuntu breezy-security main restricted

deb http://security.ubuntu.com/ubuntu breezy-security universe
deb-src http://security.ubuntu.com/ubuntu breezy-security universe

ok I have did like you said...I but I also am behind a router...I set the ports in the router and forward them to proftpd. I set the ports in proftpd.conf...I can ftp in fine and all that..but when try to list a dir I get port error ip already in use....anyone help?

TokenBad

I am having the same problem as anatole, error 530
Our .conf files are almost exactly the same (no las 2 lines and minor name differences)

I've reset the password too, still 530

The alias part of the conf, I've tied logging in as both the first name and the second, same each time

any suggestions?

Leaf, could you post your proftpd.conf file please, and check the path and the name of the directories because the 530 error is often due to name or path mismatches.

TokenBad this link may help you : http://www.ubuntuforums.org/showthread.php?t=39566

Leaf, could you post your proftpd.conf file please, and check the path and the name of the directories because the 530 error is often due to name or path mismatches.

I'm having the same problem. I followed your tutorial. Attached is my proftpd.conf file. I've tried changing things round, trying different port numbers, changing passwords, etc. No matter what I keep getting the 530 error. PLEASE help! I've been up all night trying to get this blasted thing to work.

Thanks..

I took a look at your proftpd.conf file. I noticed a few differences with my own. First, I'm not sure that the way you have your multiple user aliases will work. Take a look at the way I have mine set up. I know it works correctly. I have multiple user logins and a different password for each. I have this same configuration (with the exception of different user aliases and ip's.) running on 2 machines.

I took your proftpd.conf file and tried it in my test machine. Other than changing the UserAlias to make it work and commenting out the Mascarade line, It worked just fine. I am attaching a copy of the proftpd.conf file from my test machine so you can compare it with your own.

Are you behind a router or firewall? And do you have another computer sharing the same connection to test with? If you can get it working within the NAT, it's just a matter of getting your router and or firewall configured correctly.

Let me know how it goes.

Good luck. :)

keving79, like in my guide you use this line at the beginning of the proftpd.conf file :
AuthAliasOnly onso only alias login are allowed and you didn't set an alias for your users and it's the problem here.
jbinc1 gave you a good exemple on how use differents users with an alias for each, you should follow his exemple and your problem should be solved. I use useralias in my guide because it prevent telnet accesses, but if you don't want to use useralias just replace the line "AuthAliasOnly on" by "AuthAliasOnly off" and login your ftp server with the username and the password and it should work too, up to you ;).

You can also define different access levels for each user, for exemple if you don't want a user to see or use a shared directory or if you just want to give him a read access. If some of you here are interrested, tell me and i will provide you some exemples.

I used my own and the test .conf file above and got the same results. Error 530 Login incorrect. I have used the password change command and still get 530. After every change in pw and the .conf, I did a restart.
Oh, I did a /home/ftp AND /home/FTP-shared as the example, tried both.
Checked groups in etc and user/group exist.
Where else can I look for the "incorrect" login info? :confused:

Conf file attached....

Thanks,
Steve...

Hi steve_250,
First you should replace those lines :
# Set the user and group that the server normally runs at.
User root
Group rootby those lines :
# Set the user and group that the server normally runs at.
User nobody
Group nogroupGo in your /home/ftp directory and give us the result of the "ls -lg", and tell me what are the exact parmeters you used to login your ftp server (user, pass, port, address). Try to give us the maximum details, because the 530 error always come from a small mismatch.

Hello Frodon, thanks for the reply.
I have replaced the lines and ran the command, here are the results:

steve@ubuntu:/home/ftp$ ls -lg
total 20
drwxrwxrwx 84 root 12288 2006-01-01 17:01 download
drwxrwxrwx 2 root 4096 2005-12-31 15:48 upload
-rw-r--r-- 1 root 166 2005-09-05 13:17 welcome.msg
steve@ubuntu:/home/ftp$

Running Gftp with user steve pass xm3y9sjp port 21:

Looking up 192.168.2.33
Trying 192.168.2.33:21
Connected to 192.168.2.33:21
220 Ubuntu
USER steve

331 Password required for steve.
PASS xxxx
530 Login incorrect.
Disconnecting from site 192.168.2.33

Thanks for helping....
Steve...

There is another thing i didn't see before, in the "<Directory> /home/ftp/upload/>" field, modify it like that :
<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
This will allow you to write in the upload directory.
Now for your login issue, try to login your gnome session with userftp in order to be sure that it's not a user creation problem. Check also that your home/ftp directory have 755 rights.

Ok, did all the above and entered pw for ftpuser again.

I gftp in with "steve" and go this far and now it sits there.

230 welcome !!!
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
PWD

257 "/" is current directory.
Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PASV

227 Entering Passive Mode (138,88,144,129,250,43).

The remote window just says "Receiving file names".
Kind'a stuck there.
Says the application is not responding when I try to close it after a 5 minute wait.

conf attached again.

I took a look at the permissions, all is set to 755 starting with "Home".

This is also what I see:

Location Owner Group

HOME Root Root
ftp ftp nogroup

Under ftp:
download Root Root
upload Root Root

I gave 777 to u/l as the first page you wrote said to do.

Do you attempt to login the ftp server with the same computer which run the server or with another one ?
The first thing to test is to login the ftp server with the same computer which run the ftp server then if it works the problem come from your router.

I tried it with the same machine, that's the log I sent ya.
Through another machine I had the same problem.

I also have tried to set the owner/group of all the directories to "steve".
(home/ftp, u/l & d/l)
In doing so, I now get the 530 error again.

What should the dir's be set to for owner/group?
Also chmod them to 774.

My login is steve and the machine will normaly be running under my name login.

The owner should be root (it is in my case) and 775 rights are needed for your /home/ftp directory.

Just to make sure I have it right, owner/group for ALL the mentioned directories are supposed to be root?
I'll do that and make sure it's all 775.
Ok, fixed that.

I commented out the passive mode and masquereding and it works locally now.
Any concern with commenting these out?

I try it through the internet, still hangs at receiving file names.
This is what Gftp reports:

USER steve

331 Password required for steve.
PASS xxxx
230 welcome !!!
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
PWD

257 "/" is current directory.
Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PASV

227 Entering Passive Mode (192,168,2,33,4,52).
LIST -aL

Disconnecting from site sjp.serveftp.net
Invalid response '

You can also define different access levels for each user, for exemple if you don't want a user to see or use a shared directory or if you just want to give him a read access. If some of you here are interrested, tell me and i will provide you some exemples.

YEs, I'd be very interested in this. Now that I finally got the FTP working (thanks to your advice), I'd like to setup different access levels for different users. If you could post a tutorial for that, that would be sweet.

Thanks!

I have followed the howto, but when I run "sudo /etc/init.d/proftpd start" I get this message:
ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Check your configuration.

This is what my proftpd.conf file looks like:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias upload userftp

ServerName "htpc"
ServerType inetd
DeferWelcome on

MasqueradeAddress my.ip.is.here
PassivePorts 60000 60100 #this is a range, not just two ports

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin on

# It's better for debugging purposes to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (use it to ban users by
just writing their username in it)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security
reasons (choose here the port you want)
Port 2121

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome to t0bb3's ftp server"
# This message is displayed for each access good or not
ServerIdent on "HTPC ftp server"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory,
# ***** really important *****
DefaultRoot ~

MaxLoginAttempts 3

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
Do you see anything wrong?

Replace :
ServerType inetdby :
ServerType standaloneand it should work.

By the way the "RootLogin on" option is not really secure, if you don't know why you use it i advice you to put it off.

But I choose inetd duing the install of the server. It said inetd would be more resource friendly if I only had a few connections every day, and it's basicly only I that connect to the ftp server. Why should I change to standalone?

I'll change the RootLogin option

Yes it's a little bit more resource friendly but standalone server is easier to use and if you don't have 20 users who use your server at the same time you won't see the difference.

Link : http://www.proftpd.org/localsite/Userguide/linked/config_ref_ServerType.html

Thank you, it starts now :)

But why didn't it work with inetd as the servertype?

Reading the proftpd manual (http://www.proftpd.org/localsite/Userguide/linked/x430.html) I decided to give inetd another go. They all say inetd is better suited when there aren't that many connections.

When I choose inetd as the server type duing the initial install proftpd made the necessary changes to /etc/inetd.conf. So the server should have been ready for use as soon as I had installed it. I had missunderstood the whole
sudo /etc/init.d/proftpd start
sudo /etc/init.d/proftpd stop
sudo /etc/init.d/proftpd restartthing. It's only for when you run the server in standalone mode! I thought I should do that even when in inetd mode, but that was wrong.

Another nice thing about inetd mode is that you don't have to do anything special when you make changes to proftpd.conf. The server rereads that file for every new connection.

You can also define different access levels for each user, for exemple if you don't want a user to see or use a shared directory or if you just want to give him a read access. If some of you here are interrested, tell me and i will provide you some exemples.

YEs, I'd be very interested in this. Now that I finally got the FTP working (thanks to your advice), I'd like to setup different access levels for different users. If you could post a tutorial for that, that would be sweet.

Thanks!
I second this.
And I would also like to know how to set up virtual users

Thanks

This is a small exemple on how avoid user2 to enter in the download directory.
In this case 2 users have been created (userftp and user2) and each one have its own alias.
This exemple will allow userftp to see all the shared directory and avoid user2 to use the dowload directory, (i give you only the directory section) :
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser user2
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser userftp
AllowUser user2
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Hello frodon,

My ftp server has been running for a few weeks now thanks to your excellent HOWTO. Now I need some help speeding it up. Inside the nat I get great upload/download speeds. Over the internet I am limited to about 50 kbs. Any ideas? :confused:

It's because when you are inside the NAT the limit is the limit of the local network and when you are outside the NAT the limit is your internet connection speed wich is really lower than the local network speed.
Did you already reach a better upload rate with IRC, msn, or another share protocol ?

I'm thinking about a new howto or an improvement of this one for newbies (and this will be only for newbies !). Because proftpd has a GUI called Gproftpd but i generally don't advice it because you need to run it as root and you can easily break your server configuration or create a unsecure ftp server, however i think newbies will prefer this way (less secure but more userfriendly).

So, please could someone test this GUI and give me his personnal opinion about it in order to help me to know if i should advice it for newbies and create a small guide for it ?

Thanks for helping me to estimate this way to use proftpd.

here are the website link and a screenshot at the bottom of the post :
http://mange.dynalias.org/linux.html

Hello frodon,

I'm setting up a fresh install of Ubuntu and I'm going to test the Gproftpd gui. I will see how it goes using the instructions on the Gproftpd web site and give you feedback.

Also, I think my slow connections on my ftp server are possibly due to my router. I still have to do more research on that one. ](*,)
When I connect to other ftp servers, I'm getting excellent speeds. I did some searching and it seems I'm not the only one to have this problem.

Take it easy.

Sure seems like an easier way for newbies like me.
I installed it and got a text that said it's running. Didn't get the GUI interface or see an icon.
I'll try again today.

Jbinc1, no, you're not the only one with slow speed, going through my Netgear FVS318 is slow to connect too.

I tried the inet install instead of standalone and it won't run at all. How to I reinstall proftpd? I'll switch back to standalone.

Hello Steve,

I've done some pretty extensive searching on the slow connection subject and I can't seem to find any solution. If you happen to find anything feel free to pm me and let me know. I really like the easiness of the setup and the way my ftp server is running, but I have the need for speed, if you know what I mean. :)

If you go into the proftpd.conf file where it says "ServerType" you should be able to just change it back to "standalone".

I also noticed some differences in the inet and standalone. In the inet install, it creates it's own ftp directory under home. It also starts in /init.d instead of inirtd as it wants to (says it can't find it in inirtd).

Jbinc1, I'm going to see if I can buy a splitter to run off my DSL modem to put the server outside the router.
Yep, changed it to standalone in the conf and now it won't run at all. Want to do a re-install. Stuff is in different directories than with the standalone install, at least in MY machine.

Hello frodon,

I'm setting up a fresh install of Ubuntu and I'm going to test the Gproftpd gui. I will see how it goes using the instructions on the Gproftpd web site and give you feedback.

Also, I think my slow connections on my ftp server are possibly due to my router. I still have to do more research on that one. ](*,)
When I connect to other ftp servers, I'm getting excellent speeds. I did some searching and it seems I'm not the only one to have this problem.

Take it easy.Hi jbinc1,

I'm wondering something, when you say that you have a slow connections, do you mean transfert speed ?
Because most of DSL connections have a really poor upload speed compared to the download speed, maybe it's just your internet connection which have a low upload speed and a good download speed. It could explain why you download fast on other FTP server and not with yours.

Going through my router when I enter the actual internet address and NOT the local net address (192.168.) it is slow to connect and go through the password dialogue.
Going locally, 192.168. it connects right away.
This is all done on the same machine ftp is installed on, using gftp.

Getting this error now when using gftp and the internet address:
As seen in gftp:

230 welcome !!!
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
CWD /

250 CWD command successful
Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PASV

227 Entering Passive Mode (192,168,2,33,4,12).
LIST -aL

Disconnecting from site sjp.serveftp.net
Invalid response '

What do you thing the "invaild response" could be?

On edit:
I disabled passive xfers in gedit and it works fine now.
Using a standard browser it connects when I put in the local net address (192.168) but times out when putting in the internet address.

Steve,

Try this in your proftpd.conf file



UseReverseDNS off
IdentLookups off

Hi jbinc1,

I'm wondering something, when you say that you have a slow connections, do you mean transfert speed ?
Because most of DSL connections have a really poor upload speed compared to the download speed, maybe it's just your internet connection which have a low upload speed and a good download speed. It could explain why you download fast on other FTP server and not with yours.

Hi frodon,

I did some more tests and you're right. My conversion from Bps to kbps was wrong (oops). It looks like I'm getting all of the speed I'm going to get. My upload is limited to 312 kbps and I'm I'm averaging about 36000 Bps. I better double check my math next time. Live and learn.

Thanks for all of your help.

Steve,

Try this in your proftpd.conf file



UseReverseDNS off
IdentLookups off

Thanks, it "seemed" to speed up the pw dialog box but still times out after entering name and pw.

Do you have a firewall?

Do you have a firewall?

Yes, I do but it is ported open. Calls to the Apache server from outside go through.
It's on the same machine.
I'll mess with it more tomorrow.

I'm still not connecting from a ******* machine using the server's internet address. Using IE I put in the pw and it hangs on "Getting contents of folder".
Times out with "An error occured on the server, make sure you have permission to access that folder". (I know thats a standard Win error format)
I can connect fine using the 192.168 internal though.

More ideas?

Could you post your proftpd.conf, i'd like to see if there isn't something which block the LIST or CWD command, it could come from you configuration file or from wrong system rights in your ftp folder.

Also if you use IE to connect to the ftp server don't forget to specify the port if you don't use port 21, i give you an example corresponding to the guide (which use the port 1980) : ftp:\\sauron@100.12.xx.xxx:1980

I am currently using port 21 because I haven't yet figured out to make a port change in my Netgear FVS318. It has a dropdown for service but no selection of ports.
Still looking for it....
Thank you Frodon!
Here is my conf file:

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias steve userftp

ServerName "Ubuntu"
ServerType standalone
DeferWelcome on

UseReverseDNS off
IdentLookups off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 99

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Having a bit of trouble with step 3 "sudo gedit /etc/proftpd.conf" on the first page.

This file does not exist.

What have I done wrong, thanks

I did a search on this file (I think I did the search right) and it does not exist anyware on the system.

Try it in a new terminal window.
When doing a search, I don't remember if it is a hidden file (don't think so).

Try it in a new terminal window.
When doing a search, I don't remember if it is a hidden file (don't think so).

Didn't help when I don't read it carefully

sudo apt-get install proftpd
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package proftpd

What did I do wrong?
Do I have to add extra repositories?

Thanks

Bluelce, indeed you shouldn't have all the repositories enabled. You could post you /etc/apt/source.list here if you wish otherwise you will find all needed informations about source.list here : http://www.ubuntuforums.org/showthread.php?t=92672.

steve_250, your configuration sounds good for me, so i think the problem should be your Netgear FVS318 configuration, because all your FTP server configuration seems good.

steve_250

Take a look at these links from frodon's HOWTO.

Other stuff
If you have a router you should read that (http://www.proftpd.org/localsite/Userguide/linked/x862.html), it describe the 2 commands to add in proftpd.conf and why.
If you have a dynamic DNS have a look here (http://www.frankandjacq.com/ubuntuguide/5.04/index.html#assignhostnametodynamicip), you can also use ddclient (http://linux.cudeso.be/linuxdoc/ddclient.php)(maybe easier for newbies).
Most of informations you're looking for are here (http://www.proftpd.org/)
To get more debug informations : http://www.proftpd.org/localsite/Use...ked/x1058.html (http://www.proftpd.org/localsite/Userguide/linked/x1058.html)
You can specify a specific passive port range using PassivePorts (http://www.proftpd.org/localsite/Userguide/linked/config_ref_PassivePorts.html) command, it's very useful when you use a firewall (http://www.proftpd.org/localsite/Userguide/linked/x294.html) in order to know which ports to allow.

Bluelce, indeed you shouldn't have all the repositories enabled. You could post you /etc/apt/source.list here if you wish otherwise you will find all needed informations about source.list here : http://www.ubuntuforums.org/showthread.php?t=92672.

Alright I got it working, prob not how I wanted it to run but here is what I did.

Commented in
deb http://au.archive.ubuntu.com/ubuntu breezy universe
deb-src http://au.archive.ubuntu.com/ubuntu breezy universe
(Not sure if I am supposed to comment out other ones)

Then Installed proftpd, instructions on on first page of this thread.
I then wanted a GUI (I'm very new to linux)

gproftpd is at: http://mange.dynalias.org/linux.html

Not sure if I did the right thing but I downloaded the source.

Needed to compile it and somehow got to this page: http://www.psychocats.net/linux/installingsoftware.php
All beginners should read this, it made it really easy:) REALLY

End up running
sudo apt-get install build-essential

I think I then needed Development files for the GTK
So Installed libgtk2.0-dev (Development files for the GTK+ library) from Synaptic Package Manager. I hope that was the right thing to do.

I think it then compiled OK as I was able to run the GUI.

Problems:
1. Installed gproftpd in Home directory (How do I stop that from happing in the future and how can I fix that now(Copy n paste)?
2. How do I run something as root. Can I add it to the menu.
3. Should I wright commands in the forums with a $ in front of them?
Thanks

1. Generally only the config files are installed in the home directory because it defines specific setting for your user and only your user.
2. To run gproftpd as root, use this command in a terminal :
sudo gproftpd
3. Up to you ;)

But even if you're new to linux you don't inevitably need a GUI, especially if you use often your server. Also if you just want a GUI to see the traffic on your ftp server the "ftptop" command is enough.

However i planed to write a short guide in the next 3 weeks for Gproftpd if it's needed.
So if you finally use Gproftpd and enjoy using it don't forget to tell me.

Ok, finally found where to change the ftp port number in the router.
I changed it to 1980, it IS supposed to be TCP, oui?
Added the masquereding and passive lines in your page one example.
However, now I get "Connection refused" even when doing it through the same machine using Firefox. Using gftp I see:

230 welcome !!!
SYST

215 UNIX Type: L8
TYPE I

200 Type set to I
PWD

257 "/" is current directory.
Loading directory listing / from server (LC_TIME=en_US.UTF-8)
PORT 192,168,2,33,18,53

500 Illegal PORT command
Invalid response '5' received from server.
Disconnecting from site such.and.such
](*,)

Oh yeah, Frodon, in the nmap usage example, the I (eye) feature is no longer supported.

frodon,

I've been doing some testing on gftpd. I had problems installing from source. First, you have to make sure you have a c compiler installed. Next, it seems the the source is broken. I've tried everything I could think of to get it to work. So, I did some searching and was able to find a debian package and installed it. I was able to install but there are some errors in the config out of the box (ie. it looks for a directories that don't exist). I made some changes to the config file, but I continue to get a SecurityLog errror. I did a check on the syntax and everything was good. I had to add the directories it was looking for to stop the error

The interface seems nice, but there is a definite lack of documentation on the sight or in the help file to support the program. I don't know if it would be a help or a hinderence to someone trying to set up their first ftp server.

Update:
On same machine, switched gftp to passive and it logs on but gets stuck at "Receiving file names".
Tried ascii and also removing the -L option, still stuck.

I don't think the problem come from the the ListOptions (http://www.proftpd.org/localsite/Userguide/linked/config_ref_ListOptions.html) so you should keep the -l option.
I think you should look in your router configuration first, you have to configure your router to link the port 1980 to your PC and also to enable it with the good protocol.

Don't forget to have a look in the proftpd forum, there's a lot of useful informations in, maybe you could find here a user who use the same router as you : http://forums.proftpd.org/phpBB2/

The link above doesn't work, I'll start at their main page.

I do have the router set to port 1980, changed it back to 21 and got the same error.

I looked at the ftp.log and found the router is passing the request through but the file list isn't coming through.

138.88.144.129 UNKNOWN nobody [10/Jan/2006:10:48:12 -0500] "USER steve" 331 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:48:12 +0000] "PASS (hidden)" 230 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:48:12 +0000] "SYST" 215 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:48:12 +0000] "TYPE I" 200 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:48:12 +0000] "PWD" 257 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:48:12 +0000] "PASV" 227 -
138.88.144.129 UNKNOWN userftp [10/Jan/2006:15:50:13 +0000] "PASV" 227 -

I have the permissions set as you said to set them.

No progress...
Everything set to port 1980 (router, conf & gftp)
From the router log when attempting to gftp in from same machine:

Tues, 01/10/2006 09:48:17 - UDP packet dropped - Source:221.1.204.254, 45006, WAN - Destination:138.88.144.129, 1027, LAN - 'Suspicious UDP Data'
Tues, 01/10/2006 09:50:23 - TCP connection dropped - Source:138.88.28.18, 2770, WAN - Destination:138.88.144.129, 445, LAN - 'SMB'

From the debug log:
Jan 10 07:36:22 localhost kernel: [4718395.530000] ppdev0: registered pardevice
Jan 10 07:36:22 localhost kernel: [4718395.571000] ppdev0: unregistered pardevice
Jan 10 07:36:22 localhost kernel: [4718395.571000] ppdev1: claim the port first
Jan 10 07:36:22 localhost kernel: [4718395.571000] ppdev2: claim the port first

I've been doing some testing on gftpd. I had problems installing from source. First, you have to make sure you have a c compiler installed. Next, it seems the the source is broken. I've tried everything I could think of to get it to work.

I think you might need the Development files for GTK
I Installed libgtk2.0-dev (Development files for the GTK+ library) from Synaptic Package Manager and I was able to install from source.

1. Generally only the config files are installed in the home directory because it defines specific setting for your user and only your user.
2. To run gproftpd as root, use this command in a terminal :
sudo gproftpd
3. Up to you ;)

But even if you're new to linux you don't inevitably need a GUI, especially if you use often your server. Also if you just want a GUI to see the traffic on your ftp server the "ftptop" command is enough.

However i planed to write a short guide in the next 3 weeks for Gproftpd if it's needed.
So if you finally use Gproftpd and enjoy using it don't forget to tell me.

1. I am pritty sure it is all installed it in the home directory as the etc and src directors are in there. I used the command $./Autoinstall it listed (http://mange.dynalias.org/linux.html) on the site. What is the correct way to install it, and do I have to uninstall the old one? Dose linux have a registry or am I correct in saying it just uses config files.

2. so that what sudo does:D

3. Umm thanks:)

1What is the correct way to install itFor me the correct way to install it is to follow the instructions of the web site and just replace the final command (sudo make install) by :
sudo checkinstall -D
checkinstall is a tool (you can find it in synaptic) which allow you to create a .deb of the sources and install the software with all the needed informations to see it in synaptic and therefore uninstall it easily.
If you didn't use checkinstall and want to use it i think this command (in the gproftpd source directory) will uninstall gproftpd :
sudo make uninstall

It all looks good now.

thank you heaps for your help:D

For those who want to use the proftpd GUI, i updated the HOWTO with some short instructions and a .deb of the latest version.

After some tests, i found that gproftpd is not so bad but a little bit annoying for advanced users because the GUI is able to create directories and system users (you need to run it as root) and it's less secure (it's just my opinion ;) )

Is there a way i can manage this server via php on my apache2 server?

alright mine is really wierd. I can get proftpd to start. However, when i try to access it from another computer, it asks for my username and password. I put it in and press enter. It searches for something then comes back with the login window, how do i fix this? Here is my proftpd config.

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "OnDemand"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/
DefaultRoot ~

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User admin


# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

I don't know what you want to do and you didn't use the guide as i see in your conf file so how could someone help you with so few informations ?
So how did you create your proftpd.conf file ? it seems really near from the default one, so what is your aim ?

hen3rz, i searched a little bit yesterday but i didn't find any informations on the topic. Maybe you could post your question in the server talk forum there's some server gurus in ;).

hey frodon since i couldn't get ftp working with the guide's conf I used this guide to install it. I just wanted to see if the ftp works by using nearly the default one. Here is the link btw. http://www.ubuntuguide.org/#ftpserver

Btw now that I'm thinking of it, I did install the gui version of ftp this guide talked about but I couldn't uninstall it. Then i installed proftpd. Do you think that could be the problem?

Btw now that I'm thinking of it, I did install the gui version of ftp this guide talked about but I couldn't uninstall it. Then i installed proftpd. Do you think that could be the problem?Gproftpd is only a frontend for proftpd, so you need to have proftpd installed to use gproftpd.
To uninstall gproftpd, use this command if you used the .deb :
sudo dpkg -r gproftpd-8.2.2_8.2.2-1_i386.deb
You should also be able to uninstall it with synaptic.
When i asked you what is your aim, i meant what is your need about ftp server. Do you just want to share some files with friend or with everybody ? do you wish a secure server ?

I ask you that because in your conf file you don't share any directories so i have no idea about what you're trying to do.

Gproftpd is only a frontend for proftpd, so you need to have proftpd installed to use gproftpd.
To uninstall gproftpd, use this command if you used the .deb :
sudo dpkg -r gproftpd-8.2.2_8.2.2-1_i386.deb
You should also be able to uninstall it with synaptic.
When i asked you what is your aim, i meant what is your need about ftp server. Do you just want to share some files with friend or with everybody ? do you wish a secure server ?

I ask you that because in your conf file you don't share any directories so i have no idea about what you're trying to do.

um frodon, my aim is just to setup a ftp server so i can access it on my land. I'll be uploading stuff to it and downloading.

t0bb3:

Thanks for your additional tip! I too had the same problem and was wondering what was wrong with inetd install type. Will try tonite once I get back from work.

Cheers

I have success at last :)

I can ftp from the machine itself and from another computer inside home on the same network. The actual test whether I can access it from outside, will be done tomorrow. But I am hopeful that I shall succeed. (Update : Now I can access it from outside; see my next post below).

Thanks Frodon and everybody else in this forum. I am a longtime reader of this great howto thread and this my first post. For my research collaboration I made a plan to run a ftp server on my home laptop. Since I using a cable modem(Motorola SBG 900E), I am behind the firewall of the router. I faced all kind of problems similar to Steve_250 of this thread. Initially I had 530 error related to password, I had error 500 for invalid port etc etc. I would like to share how I did overcome all of these problems.

1. I followed Frodon's how-to in toto. I didn't use gproftpd. I just copied and pasted his proftpd.conf with few exceptions, e.g. I put AuthAliasOnly to ``off''. Since I am behind a firewall of the router and my ISP provided me with dynamic IP address, I had to install ddclient first and registered my computer at dyndns.com. Then I had to add two lines related to MasqueradeAddress and PassivePorts, as Frodon mentioned, at the end of the file. Finally, I attached two lines as jinc1 suggested. I attached the copy of my proftpd.conf.

2. Next I added the users from the command line but their passwords were added NOT from the command line but from the tool Ubuntu provided : Kmenu --> System --> User Groups(I'm running Kubuntu. Under Gnome I think it's under System). This is fairly easy to do. I checked that everything is consistent with other commands that Frodon's guide provided, e.g. no users get a shell(/bin/false). If I issue the passwd of the users from command line, somehow all the time I got 530 error.

3. Next thing was to configure my router. First, I made sure that my ISP do not block the ports 1980 and the ports 60000-65535. The former is used by proftpd and the latter are the passive ports. Now the firewall and port forwarding config. of my router looks like this :

Firewall
--------

Port ID : proftpd
Enable : yes(tick)
Allowed Protocol : TCP
Allowed Range : 1980:1980
Allow Inbound : Yes
Allow Outbound : Yes
Protocol # : 0

Similarly I defined another Port ID : proftpd-passive. For this, the allowed range is 60000:65535 and all other parameters remaining exactly the same.

The names of the Port ID can be anything.

Port Forwarding
-----------------

Name : proftpd
Port Start : 1980
Port End : 1980
LAN IP Address : 192.168.0.10
Enable : yes

Similarly, I define another port called profptd-passive for which Port Start =60000 and Port End = 65535, and all other parameters remaining the same.
Here 192.168.0.10 is the internal LAN IP address assigned to my laptop by the router dynamically(using DHCP). Since my laptop remains on all the time I didn't go for a static address, though I recommend others to do so.

That's it. If I don't forward all the ports including the passive one I shall get error 500 or the infinite time loop which Steve_250 experienced. I can access it from a Windows machine within the same network, using WS_FTP.

Hey mssm

A BIG BIG thank you for this post, really useful, i will put a link to this post in the guide.
Thanks for sharing your experience ;)

Hey mssm

A BIG BIG thank you for this post, really useful, i will put a link to this post in the guide.
Thanks for sharing your experience ;)


Thanks Frodon. It's working from browser(e.g. firefox) also. I can also access it from outside.

I'm having problems accessing my ftp server from outside the lan. I always get this error: "500 Illegal PORT command".
I have forwarded the neccessary ports in my router. I confirmed this by setting Apache to listen to one of the ports in the interval, and I could access it.

I have also added the MasqueradeAddress, PassivePorts, UseReverseDNS and IdentLookups options to proftpd.conf

What else should I do?

The ftp server works great inside the lan, both in active and in passive mode

I'm having problems accessing my ftp server from outside the lan. I always get this error: "500 Illegal PORT command".
I have forwarded the neccessary ports in my router. I confirmed this by setting Apache to listen to one of the ports in the interval, and I could access it.

I have also added the MasqueradeAddress, PassivePorts, UseReverseDNS and IdentLookups options to proftpd.conf

What else should I do?

The ftp server works great inside the lan, both in active and in passive mode

Hi t0bb3, did you opened all the relevant ports like 1980 and passive ones in your firewall? Allow both incomin and outgoing and the protocol should be TCP. Make sure your ISP do not block any of these ports. Many ISPs block some of them in order that nobody can run server from home.

Did you create password for the user using the GUI ubuntu provide?

Another point : did you put AuthAliasOnly to off, like mine? Can you do one thing? Just back up your copy of proftpd.conf and use mine instead and tell me whether you are getting the same result? I am telling you all these since I got this 500 error:illegal ports infinite number of times before getting it working. Good luck

Hi t0bb3, did you opened all the relevant ports like 1980 and passive ones in your firewall?
What is port 1980? Yes, I have all the passive ports open.

Allow both incomin and outgoing and the protocol should be TCP. Make sure your ISP do not block any of these ports. Many ISPs block some of them in order that nobody can run server from home.They are open both ways, and if I run my webserver on one of the ports I can connect to it, so they aren't blocked by my ISP

Did you create password for the user using the GUI ubuntu provide?

Another point : did you put AuthAliasOnly to off, like mine?I don't think there is anything wrong with the passwords. All accounts work when I try them in my lan, and they work if I connect to them in active mode from the outside.
Can you do one thing? Just back up your copy of proftpd.conf and use mine instead and tell me whether you are getting the same result? I am telling you all these since I got this 500 error:illegal ports infinite number of times before getting it working.Yes, I will try that.
Good luckThanks, I will need it :)

I saw in your config file that you use port 1980 as your ftp port... I use another port, but yeah, that port is open and forwarded in my router.

I have also tried your config file (with the needed changes). Got the same 500 error :(

t0bb3, just to make sure :
1) Did you check that your internal IP address didn't change meanwhile?
2) If your ISP provide you with a dynamic IP address, your fwding to some dynamic dns host like dyndns.org by some client and that client is running?
3) Did you try to ftp on the same machine and still you are getting 500 error?
4) If you turn on logging, what do they say?

I am sure this has to do with your router's firewall and port forwarding config.

1) I have static IPs in my lan, so it didn't change
2) Yes, I get a dynamic IP from my ISP, and yes I use dyndns.com. My router has built in support for updating dyndns, so it is always up to date. Everyone can connect to the webserver I've got running on the same machine as the ftp server, so the address isn't a problem
3) What do you mean? I can connect to the ftp server from all computers in my lan, and active connections from internet works.
4) I've got logging on. What should I look for?

First I could only connect to the ftp server from the other computers in my lan using the internal IP, but when I added "AllowForeignAddress on" I could also connect to the server using my dyndns.com address from within my lan. (I used to get the 500 error when I tried that). But other ppl can't connect over the internet. But they don't get error 500 any more, now they get "Unknown error"...

Thanks for helping

A little more info on what is going on now when I try to connect... (I actually got a real error message this time)

ftp> open address port
Connected to address
220 ProFTPD 1.2.10 Server (t0bb3's ftp) [Ip.address]
Name (address:local user): ftp login name
331 Password required for ftp login name.
Password:
230 User ftp login name logged in.
ftp> dir
200 PORT command successful
425 Unable to build data connection: Connection timed out

Real nice, thanks. gproftpd really helped me. I've been looking for something as good as bulletproof, and this is good enough for me.

Password incorrect, all the time.

I've followed the steps exactly.

Looking up localhost
Trying localhost.localdomain:1980
Connected to localhost:1980
220 you're at home
USER sauron

331 Password required for sauron.
PASS xxxx
530 Login incorrect.
Disconnecting from site localhost

Is there any way to make it so that I can let the people logging in put their name for the username, and just have a set password?

Password incorrect, all the time.

I've followed the steps exactly.

Looking up localhost
Trying localhost.localdomain:1980
Connected to localhost:1980
220 you're at home
USER sauron

331 Password required for sauron.
PASS xxxx
530 Login incorrect.
Disconnecting from site localhostRe-create your user with the GUI if you used the command line to create it and check that the name of the directories you use for the FTP server are good in your system and in your config file, the 530 error is just a small configuration problem (wrong path names, password issues, ...). Don't forget to have a look in the hoary thread which contain a lot of support (link at the top of the first post).

Great Howto....I've using it for months. I installed gproftpd about a month ago and everything was fine...good for easy admin of the server. Then, all the sudden (noticed it after installing 3ddesk, which i've since removed), gproftpd started segmentation faulting when running it as root. I can run it as a user but that does me little good -- understandandably, you cant do much as a user. I uninstalled everything, wrote a new config file, tried changing theme info for root (its caused problems before), but i cant get it to run as root again. Wierdness...anyone got any ideas? I'm stumped....

Thanks,

Mak

I get this error when I try to connect the server.


- getaddrinfo 'ftp://guldkant.mine.nu' error: Name or service not known
- Fatal: Bind: : unable to resolve "ftp://guldkant.mine.nu" on line 6 of '/etc/proftpd.conf'

what have I done wrong?

Could you post your proftpd.conf file ?

It sounds like a domain name problem.

Frodon, I would like to add myself as an ftp user who can browse all directories. What should I do? Thanks in advance

Well, all the security of this guide is based on the FTP-shared directory because all is lock in this directory and therefore you're sure that nobody will go outside this directory.
There are different ways to do that. What i would do if i was you is to add your user or create a new one (maybe better because you will not use you user password which may be the same one than you use for sudo ... up to you).
So just add a line for your user :
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser Your_user
DenyALL
</Limit>Create a directory under FTP-shared called my_root for exemple and give it the good rights (755 for a download only directory and 777 for a download/upload directory).
Then add a section at the end of the file like that for a download only directory :
<Directory /home/FTP-shared/my_root/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser your_user
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>All the ftp users will see this directory but they won't be able to list or access it.
Then all you have to do is to mount in this directory the directory or the partition you want, there's some explainations on how to do it at the end of the guide (you could add a line in fstab if you want to do it on startup).

ServerType standalone
DefaultServer on
Umask 022
ServerName "ftp://guldkant.mine.nu"
ServerIdent on "guldkant"
Bind "ftp://guldkant.mine.nu"
ServerAdmin xxxxxxx@hotmail.com
IdentLookups off
UseReverseDNS off
Port 22
PassivePorts 49152 65534
#MasqueradeAddress None
TimesGMT off
MaxInstances 30
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
User oscar
Group nobody
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress on
AllowRetrieveRestart on

Be careful that your server name should be as simple as possible, some characters may create some problems, is it the whole configuration file ?

Hello frodon,

First off - as everyone has pointed out - excellent howto. I at first tried the gproftpd gui option, but wasnt all that impressed and decided to go the other option. After some tinkering, reading, and time - I am successfully connecting to my home box from work right now. My only problem is that I'm having trouble with PASV. I can't seem to get it to work. Is there anything special you've seen to getting PASV to work? I specified PassivePorts 60000 60049 in my proftpd.conf and forwarded those ports to my internal IP on my router. I'm also masquerading my external IP.

Like I said, all works fine in active mode, but I'd like to get passive mode working properly. Any ideas would be much appreciated. Thanks!

Be careful that your server name should be as simple as possible, some characters may create some problems, is it the whole configuration file ?

I'm jammed here.

I'll be upfront, I have two dyndns configurations. One which is sub'd off my main web host, and another with gotdns.com just in case.

I'm only using the masqueradeaddress as the one i'm technically using with filezilla, which is only specified as the main web host address.

On the lan, by IP address I don't even need to worry about passive mode, goes right on through. Logs in just the way I want it to for each user.

When trying from the LAN through the web address, I get:

Response: 500 Illegal PORT command
Error: Could not retrieve directory listing

When trying from LAN to web address using PASV:

Response: 200 Type set to A
Command: LIST
Error: Disconnected from server
Error: Could not retrieve directory listing
Error: Timeout detected!

FTP from win32 command prompt results in a 425 error, when going through web address and typing "ls" as usual. So it leads me to believe something is silly with the PASV mode set up. The specified port ranges are opened on the router by the way.

I must have made a mess somewhere, but I'm running out of ideas. I included my proftpd.conf file which I'm sure will seem a bit sloppy.

I'm hoping someone will show me the light here. I really should be able to use the web address to do this, whether inside my LAN or not.

:-k

edit: I've tested inbound works perfectly fine, I guess I'll just deal with the provided setup as is.

Hi,
My FTP server is up and running.
I can access it from outside and I can browse the folders.
I tried to mount a folder in my /home/FTP-shared/download but i've got the error

$ sudo mount -o Photos /home/FTP-shared/download/
mount: can't find /home/FTP-shared/download in /etc/fstab or /etc/mtab Then I created a folder

$ sudo mkdir /home/FTP-shared/download/Photos and I created a permanent entry in my fstab as proposed in this howto.
I can browse this folder, but I'm unable to download a file from my ftp server....

Any help ??

Is it a typo ? the command is :
sudo mount -o bind Photo_directory_path /home/FTP-shared/downloadI think it's not needed to create a Photos directory under download if what you want is only to mount your photo directory in /home/FTP-shared/download.

If you're still not able to download in this directory post your proftpd.conf file and check that you put the good rights on this directory because proftpd won't overwrite the system rights you set on this directory.

need some help ... :-k

i have 2 diferent users to get in 2 diferent directories

"/home/shared"

and other to

"/online/forum/"

the problem is that both of then enter in the same directory :| ...

user1 i created it like
useradd user1 -p passuser1 -d /home/shared -s /bin/false

and user 2
useradd user2 -p passuser2 -d /online/forum -s /bin/false

config lines:


...
...
...
# Set /home/FTP-shared directory as home directory
# DefaultRoot /home/FTP-shared
DefaultRoot ~

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
...
...
...
<Directory /home/shared/*>
Umask 022 022
AllowOverwrite on
AllowUser user1
</Directory>

<Directory /online/forum/>
Umask 022 022
AllowOverwrite on
AllowAll
</Directory>


so 1 want 1 user to access both directorys and the other only to 1 ... if possible or each user for each directory ...

can anyone help me ? ;)

The command DefaultRoot ~ define the user home directory as home directory for the FTP, so each user will be locked in his home directory thanks to this command, so the way you use sounds good but i never used it so i don't know if it works but it should.

Add a section like that before setting the directories :
#VALID LOGINS
<Limit LOGIN>
AllowUser user1
AllowUser user2
DenyALL
</Limit>Thus you will be sure to allow only your 2 users to login.
Try to modify your directory section like that :
<Directory /home/shared/*>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser user1
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

<Directory /online/forum/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser user2
Deny ALL
</Limit>

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
</Directory>
I assume that your directories are upload/download directories and therefore you gave 777 rights to them.

However, you can use also the way i gave in this post (http://www.ubuntuforums.org/showpost.php?p=715548&postcount=99) and then keep the guide spirit with the home/FTP-shared home directory for all the users and allow the user you want to enter in the directory you want. After that you can mount the directory you want in home/FTP-shared/upload, create more directories if you need.

Let me know if it works, i'm curious.

ok so far so good ... i've changed something ... and now directory's work fine each user can enter in diferent directory.

user1 -> directory1
user2 -> directory2

the changes:

the Valid logins section was already there so no changes there



<Directory /home/shared/*>
Umask 022 022
AllowOverwrite on
AllowAll
</Directory>

<Directory /online/forum/>
Umask 022 022
AllowOverwrite on
AllowAll
</Directory>


and now they both enter in diferent directory's :)
1º move ok \\:D/

now the 2º fase :P ... i was thinking arround and it seems to be impossible to 1 of those users to access diferent directory's since i've defined when creating them their "home" directory, since in config i'm forcing them to be in their home directory it's gome be a bit hard :| ...

Why not just install SSH server ?

What am i doing wrong

- no such group 'nobody'
- Fatal: Group: Unknown group 'nobody'. on line 20 of '/etc/proftpd.conf'

what group should it be?

First of all thanks for your answers

Is it a typo ?
Yes it is :-?

If you're still not able to download in this directory post your proftpd.conf file and check that you put the good rights on this directory because proftpd won't overwrite the system rights you set on this directory.
You were right :) I changed the permission of each file in the subdirectories I attached and now I am able to download the files without a single problem.

Thanks again for your great howto and support \\:D/

How do i add more users? :confused:

Create a new user thanks to the "user & group" windows like for userftp in the guide then add an alias line at the beginning of your proftpd.conf file :
UserAlias aliasname newuserThen add a line in the limit login section :
<Limit LOGIN>
AllowUser userftp
AllowUser newuser
DenyALL
</Limit>By the way, no problem if several friends try to login at the same time with the same user, it's allowed and controlled by this line :
MaxClientsPerUser 8

Thanks. :-D
Worked like a charm!
Been really helpfull this thread so once again, thanks! \\:D/

While i'm at it... :rolleyes:

Been trying to get Passive to work, since most (?) clients seem to use is by default, and the more unexperienced users who don't know their client can't connect. I've tryed adding the line "PassivePorts 49152 65534" and opened the ports in my router, but still it seems that users who try connect using passive gets disconnected while trying to list the directories.

Any clues? :confused:



EDIT: Got it working after rebooting the router.

I am new to Ubuntu and I tried to install proftpd and got this;

sudo apt-get install proftpd

"Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package proftpd"

I downloaded it from http://www.proftpd.org/goals.html as a .tar.gz and uncompressed it into my home directory. I ran the install command from my home directory.

What am I doing wron?

You have to add extra repositories in synaptic to have this kind of software ready to be installed.
Have a look to http://www.psychocats.net/linux/sources.php and http://www.ubuntulinux.nl/source-o-matic for more explanations :)

I have proftp installed now... I have followed the how to on the first page. all seemed to have gone well.

Yet I am unable to ftp into this box using any ftp program.

I am behind a router. Is there anything I need to do for that?

I have proftp installed now... I have followed the how to on the first page. all seemed to have gone well.

Yet I am unable to ftp into this box using any ftp program.

I am behind a router. Is there anything I need to do for that?


Here is my proftpd.conf file:



etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "Zino"
ServerType inetd
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# # Limit the maximum number of anonymous logins
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
#
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

I strongly advice to run proftpd as standalone so replace the line :
ServerType inetdby :
ServerType standaloneThen if you are behind a router you will need to set MasqueradeAddress and PassivePorts following the link i gave in the misc section : http://www.proftpd.org/localsite/Userguide/linked/x862.html
You will need also to forward the ports you use for the ftp serveur in you router configuration.
You should also read this post : http://www.ubuntuforums.org/showpost.php?p=680702&postcount=81

By the way, I'm wondering if i should add that in the guide itself and not in the misc section because many users have a router and sometimes they don't read the misc section which contain those informations.
So should i add the router things in the guide itself instead of the misc section ?

I By the way, I'm wondering if i should add that in the guide itself and not in the misc section because many users have a router and sometimes they don't read the misc section which contain those informations.
So should i add the router things in the guide itself instead of the misc section ?

As you can tell I am no export in this OS, but I am sure it would help many of us newbie's if it was.

Thank you for you assistance, I will research those links today.

Hello,

I'm a real newbie at this stuff. I just started and I decided to use the GUI to set up the FTP for me.

I'm behind a router, I have all the forwarding ports (60000 - 65534) passive and (77) ftp set up. I have set all the folders to what was stated in the begining of this how to.

I go to ftp://myhost:77 and I can log in fine and the gui shows that I have logged in but I don't get a response from the ftp for the files... i have folder in there to test.

The response I get is that it puts me in the current directory "/"
TYPE A
PASV
227 Entering Passive Mode (69,17,133,157,253,50).
Opening Data connection to 69.176.133.157 Port:64818
LIST -aL
A connection attempt failed because the connected party did not respond.
Timeout (40s).
Client Close Connection

Please help me...
I tried what had been said earlier but i got confused
I let the gui set up the proftpd.conf.

If you are really accessing the "/" directory (your ubuntu partition) the LIST command will surely fail because of rights. Indeed you can access and list directories only if you have rights for it.
So my first advice would be to be sure that the directory you access when you login (set a good home directory not "/") the FTP server has the good rights (755 for a download directory).

If you are really accessing the "/" directory (your ubuntu partition) the LIST command will surely fail because of rights. Indeed you can access and list directories only if you have rights for it.
So my first advice would be to be sure that the directory you access when you login (set a good home directory not "/") the FTP server has the good rights (755 for a download directory).

I looked at my settings and none of them are set to go to directory "/".

I am going to provide what config my gproftpd-8.2.2 has and maybe you can tell me if it is in there that something is set wrong.
I am using a netgear router, and I have all the ports forwarded as it does connect and verify the password and username.
If there is anything I need to do I will appreciate the help.

ServerType standalone
DefaultServer on
Umask 022
ServerName "192.168.1.4"
ServerIdent on "Richards Server"
Bind "192.168.1.4"
ServerAdmin RichardGiesige@hotmail.com

IdentLookups off
UseReverseDNS off
Port 77
PassivePorts 60000 65534

MasqueradeAddress 69.176.133.157

TimesGMT off
MaxInstances 30
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
User snugglej
Group adm
DirFakeUser off nobuddy
DirFakeGroup off nogroup
DefaultTransferMode binary
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 30
TransferRate STOR 40
TransferRate STOU 40
TransferRate APPE 40

SystemLog /var/log/secure
#gp_random_username_length 6
#gp_random_password_length 6
#gp_randomize_case lower
#gp_useradd_root_path /home/FTP-shared
#gp_useradd_upload_path /upload
#gp_html_path /var/www/ftp.html
#gp_welcome_name welcome.msg
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol TLSv1
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gproftpd/gproftpd.pem
</IfModule>

<Limit LOGIN>
AllowUser snugglej
AllowUser ftp
DenyALL
</Limit>


<Anonymous /home/snugglej>
User snugglej
Group snugglej
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
DisplayFirstChdir .msg
AllowOverwrite off
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit ROOT_DIR_ALLOW RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit ROOT_DIR_DENY DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>
DenyAll
</Limit>
<Directory /upload>
AllowOverwrite on
<Limit UPLOAD_DIR_ALLOW LIST NLST STOR STOU APPE RETR MKD XMKD SITE_CHMOD SITE_CHGRP STAT MDTM PWD XPWD SIZE CWD XCWD CDUP XCUP SITE >
AllowAll
</Limit>
<Limit UPLOAD_DIR_DENY RNFR RNTO DELE RMD XRMD >
DenyAll
</Limit>
</Directory>
</Anonymous>

<Anonymous /home/FTP-shared>
User ftp
Group userftp
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
DisplayFirstChdir .msg
AllowOverwrite off
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit ROOT_DIR_ALLOW RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit ROOT_DIR_DENY DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>
DenyAll
</Limit>
<Directory /upload>
AllowOverwrite on
<Limit UPLOAD_DIR_ALLOW LIST NLST STOR STOU APPE RETR MKD XMKD STAT MDTM PWD XPWD SIZE CWD XCWD CDUP XCUP SITE >
AllowAll
</Limit>
<Limit UPLOAD_DIR_DENY RNFR RNTO DELE RMD XRMD SITE_CHMOD SITE_CHGRP >
DenyAll
</Limit>
</Directory>
</Anonymous>

Okay I finally got it to work, all along it was my fault because I had firestarter running on Ubuntu and it was blocking the ports to the passive mode.

Once I enabled the ports by setting inbound allow traffic for ports 60000 and 65000 it worked like a charm!

so if anybody has this problem where they can't connect because it freezes at the locating files check if you have firestart or some sort of firewall installed on ubuntu.

*NEW PROBLEM*
But now i run into the problem where I try transfer something and I get Transfer Failed.
I'm trying to upload into the upload file but it's not working any ideas??
Rich.

hi Snugglej, glad to know that you solved your first problem.

In which directory do you get this error ?
If it's /home/FTP-shared, run this command :
sudo chmod 777 /home/FTP-sharedYou have to know that proftpd don't overwrite the system rights and therefore if the system rights are too restrictive you won't be able to upload even if you've well set your FTP server.

i was trying to add more user accounts with different usernames and passwords using conf files given in this thread. Also i don't know where to give passwords.....i have been trying to configure proftpd for a long time but could get only one account working that too anonymous...now when i tried again to introduce new users i am stuck........

How do i add more than 1 user with diff username and passwords

Searched the net ......the proftp guide itself is very confusing....put in a lot of fight with no results.....](*,) ](*,) ](*,) ](*,) ](*,) :( :(

Please help me to configure proftpd



#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#
AuthAliasOnly on
UserAlias Junta userftp
UserAlias UPLOAD userftp1


ServerName "BATMAN'S DEN"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 40
TimeoutStalled 100
TimeoutIdle 40

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/
DefaultRoot ~

AllowStoreRestart on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 10

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

MaxClientsPerUser 5
AccessGrantMsg "Welcome to BATMAN'S DEN"

DefaultRoot /home/ftp

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp userftp1
DenyALL
</Limit>



<Directory /home/ftp/Junta/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/ftp/Upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser userftp1
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Your proftpd.conf file looks good, create your new user using the GUI, the password for the user is always the password you set when you created the user, and the username you use to login the FTP server is the alias you set in the proftpd.conf file.
What meassage error do you get with the user who don't work ?

Thanks. This was really useful. I finally got everyting to work.

H all!! this is my firts post here!!

I am trying to set up my proftpd server according to this howto.
Because i am newbie in linux world and espesially in proftpd i have some problems.

I followed the howto everything seems nice but i can not log in to my ftp server,neither from the same machine nor from my win pc.Always the same error
(530 Login incorrect).

i have add two user one is userftp the other is student.I follow the same command(sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false).I dont want to install gui in my server so is it possible to create these users in a other way??
One more i dont understand what is the useralias

Thanks a lot guys!!!!:D :D

AA here is my proftpd.conf file




# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias student userftp

ServerName "Miltos ftp server"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Hi slapper,

Some users reported me that the useradd command creates sometimes 530 error because of the password, so i advice you to re-create the users using the GUI tools (system > administration > user & group), you could try also this command it worked for some users :
sudo passwd userftpand then type the password you want to set for userftp again and do the same for your other user, it will just re-create the password.

However when i have a look in your proftpd.conf file there is a problem, do you really want 2 different users for your ftp server ? if yes you should modify those lines like that :
# Choose here the user alias you want !!!!
UserAlias user1 userftp
UserAlias user2 student
...
..
.
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
AllowUser student
DenyALL
</Limit>Why useralias ?
I use useralias in my guide because this tip prevents telnet access to your FTP server and therefore increase the security of your server.
So you always use the alias name to login your server even if the users is called userftp.

Feel free to require more details/help ;)

Frodon thanks for the quick answer!!!!!!!

I tried what you said but nothing happen.The same problem..:-k :-k

Anyway im going to install gnome and create these users from there.
I will keep you inform..:D

Thanks again for the response!!

The 530 error could also come from right problems for directories FTP-shared, FTP-shared/download and FTP-shared/upload. So check that the rights for those directories are good.

I tried installing. Get this message after editing the proftpd.conf file

ProFTPd warning: cannot start neither in standalone nor in inetd/xinetd mode. Ch eck your configuration.

Any suggestions on what I may have done wrong? I am logged in as root, and did follow directions.

Thanks,

Try to re-install proftpd and/or post your proftpd.conf file in your next post, however this could come from the ServerType line in the proftpd.conf file :
ServerType standaloneYou should have this line in your proftpd.conf file.

Attached is my proftpd.conf file

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "basement"
ServerType inetd
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

"proftpd.conf" 103L, 2829C 1,1 Top

ok, change :
ServerType inetd by
ServerType standaloneAnd it should be good.

Frodon, Great that worked. I am trying to install the GUI now. Where do I need to edit the .bashrc file. Where should I enter that path with ProfFtpd?


Then add these lines in your .bashrc (it's in your home directory : gedit /home/username/.bashrc) file in order to specify what is the ProftpTools directory path, YOU MUST REMOVE THE "/" CHARACTER at the end of the path. I give you an exemple if your ProftpTools directory is in your home directory :

Thanks so much for your help.

To open the .bashrc file :
cd
gedit .bashrcWhen the file is opened add the lines in like the guide says, for exemple if your PtftpdTools directory is in your home directory the lines to add would be :
ProftpTools_dir=/home/splendid/ProftpTools-v1.0.1
export ProftpTools_dir
I know it's not a really elegant way to install a script, but that's the best solution i found to set my script quickly. If i get time i will try to find an easier way than editing the .bashrc.

How to make it work like a ftp client connect to an web server?

Frodon,

Attached is my .bashrc file. I think I may have screwed something up because when I enter ProftpTools from a terminal window, nothing happens. I put my entry in Bold (see below).
Thanks So much for your help. I was just able to get my printer working this morning. Took a couple days, but everyone on this forum like yourself has been real helpful.


~/.bashrc: executed by bash(1) for non-login shells.
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples

ProftpTools dir=/etc/ProftpTools-v1.0.1
export ProftpTools_dir

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

# don't put duplicate lines in the history. See bash(1) for more options
#export HISTCONTROL=ignoredups

# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
shopt -s checkwinsize

# make less more friendly for non-text input files, see lesspipe(1)
[ -x /usr/bin/lesspipe ] && eval "$(lesspipe)"

# set variable identifying the chroot you work in (used in the prompt below)
if [ -z "$debian_chroot" -a -r /etc/debian_chroot ]; then
debian_chroot=$(cat /etc/debian_chroot)
".bashrc" 75L, 2291C 1,1 Top

It looks like a typo, the line :
ProftpTools dir=/etc/ProftpTools-v1.0.1should be
ProftpTools_dir=/etc/ProftpTools-v1.0.1

Sorry, not sure how I missed that _

Anyway, I fixed the .bashrc and then typed ProftpTools and I get message that say's bash: ProftpTools: command not found

Any ideas?

Thanks!

Did you put the ProftpTools file in /usr/bin ?
By the way you may have to restart your terminal to get it working.

The only thing that the Proftptools file do is to run the proftpd_tools.bash script with gksudo, so the purpose of the ProftpTools file is just to lauch the proftpd_tools.bash script in a elegant way with sudo rights.

i am also getting the same errors as splendid

also ( i have been reading through most of the thread so hopefully this isnt a repeat but sorry if it is)
i know it's a pretty newbie question ( considering this would be my 3rd or 4th ftp i've setup) but i am having trouble getting my ftp visible outside of my private network. my local ip address and networked computers can connect to it (i fixed the 530 errors myself that everyone seems to have gotten), but now my direct ip isnt seeing it.

i've opened the ports and turned off my firewall. i also have the passive/masqeruade on... is there something i am not thinking of?

i have a few things going odd, i edit the conf with gedit and when i gproftpd into the program, it is offline and all the settings are off (such as the port is 0, passive ports are all wrong, download speed is 1, etc) but it recognizes that im using the conf...

Okay, I am at my wits end with this thing. I spent the better part of six hours reading forum posts and going through config files to get this thing to work. Finally I'm able to connect and all seems right. I go off to eat, and when I come back, I can no longer log in. Really. I have installed a couple other things, like Conky, AVG Anti-Virus, and dependencies, but that's about it. And even then I'm 99% sure it was working after I did that.

I tried deleting and recreating the userftp account just to make sure that wasnt the issues (it was done in GUI not commandline). Frankly I just don't know what else to do. Nothing has changed in my config since the last time it worked.

It gives me the 530 Login Incorrect error. I know the password is correct, and I know the alias names are correct, and I know the config is correct. Here's my config file. Hopefully someone can tell me what I'm doing wrong.

Does the home directory need to be chmod'ed to a particular access level?

apresvoop, check also the rights on the ftp user home directory because wrong rights there can generate the 530 error, the rights for a download directory shoud be 755 and 777 for an upload directory.
Your config file seems good so i think about a privilege problem on the home directory.

Yes, you were right. The permissions were slightly off. Thanks.

Need help, Ive tried to install proftpd by sudo apt-get install proftpd and I get this error message:
root@neoserver1:/# apt-get install proftpd
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package proftpd

I then tried the wget command (wget http://frodubuntu.free.fr/ubuntu/gproftpd-8.2.2_8.2.2-1_i386.deb
sudo dpkg -i gproftpd-8.2.2_8.2.2-1_i386.deb) and I get this message:

root@neoserver1:/home/admin#
wgethttp://frodubuntu.free.fr/ubuntu/gproftpd-8.2.2_8.2.2-1_i386.deb
--16:39:55-- http://frodubuntu.free.fr/ubuntu/gproftpd-8.2.2_8.2.2-1_i386.deb
=> `gproftpd-8.2.2_8.2.2-1_i386.deb'
Resolving frodubuntu.free.fr... failed: Temporary failure in name resolution.

Is there something I am doing wrong????](*,)

You need proftpd to install gproftpd so without proftpd installed you won't be able to install gproftpd.
I think you don't have all the repositories enabled, see this post to check that you have all the repositories enabled then open synaptic and perform a refresh : http://www.ubuntuforums.org/showthread.php?t=92672

I went into synaptic manager and installed proftpd because it wasn't installed. Will that help? I don't know to much about repositories and last time a messed around with them I had to do a clean install. Is a site of link where I can go to learn about repositories and their functions?:)

i read your howto on setting up ftp server. thanks alot i did set it up correctly. my problem is how can i test it? its my first time to set up a ftp server. how can my friends access my server? what would e the command? thank you so much in advance.

I installed gproftpd/proftpd a long time ago (few months ago) using your excellent howto. If I open up the gui using sudo the gui just freezes. (I did have a shortcut button using gksudo). As such I was forced to just open the gui without sudo and this doesn't allow me to view the security log file. Guess the big question is:
Why can I no longer open the gui using gksudo?

I installed gproftpd/proftpd a long time ago (few months ago) using your excellent howto. If I open up the gui using sudo the gui just freezes. (I did have a shortcut button using gksudo). As such I was forced to just open the gui without sudo and this doesn't allow me to view the security log file. Guess the big question is:
Why can I no longer open the gui using gksudo?Really strange, did you try with sudo instead of gksudo ? Sorry i have no idea for the moment, anyway you need sudo rights for gproftpd if you want to handle the FTP server.


I went into synaptic manager and installed proftpd because it wasn't installed. Will that help? I don't know to much about repositories and last time a messed around with them I had to do a clean install. Is a site of link where I can go to learn about repositories and their functions?:)Well, if you installed proftpd with synaptic it's ok because synaptic is just a front end for apt-get command lines.
This may help you to understand how to install things on ubuntu :
http://ubuntuforums.org/showthread.php?t=153118


i read your howto on setting up ftp server. thanks alot i did set it up correctly. my problem is how can i test it? its my first time to set up a ftp server. how can my friends access my server? what would e the command? thank you so much in advance.I advice you to test yourself your server to begin, use a FTP client to do that like gFTP, thus you will see if your server works.
Then once it's works with your computer ask a friend to login the FTP server with a FTP client for example (but you can do that with a web browser too).

Really strange, did you try with sudo instead of gksudo ? Sorry i have no idea for the moment, anyway you need sudo rights for gproftpd if you want to handle the FTP server.

Yes. After finding out that my shortcut no longer worked I tried opening it up in the terminal using sudo. It yields the same result. The window comes up, blank, and never loads. Then I have to force quit it.

i started my ft p server by ht command "sudo /etc/init.d/proftpd start" but got this message:

Starting ProFTPD ftp daemon: Anthony-desktop - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory
proftpd.

what seems to be wrong? Thank you so much for the help.

mumushi, i would re-install proftpd in that case, i've never got this kind of error and it looks quite weird, backup your config file somewhere before doing that.

ok thanks for the tip. i will be doing that now and let you know what happens. ciao!

I installed gproftpd/proftpd a long time ago (few months ago) using your excellent howto. If I open up the gui using sudo the gui just freezes. (I did have a shortcut button using gksudo). As such I was forced to just open the gui without sudo and this doesn't allow me to view the security log file. Guess the big question is:
Why can I no longer open the gui using gksudo?
Ok. I fixed my problem. I'm not sure why this works so maybe someone that knows more about this can explain it. Opening with sudo/gksudo allows gproftpd to read/write to the secure file under /var/log. I went to this file as root in nautilus to take a look at it. I scrolled to the bottom lines (line 47,000+) and the last few entries looked ok. I emptied the contents of the file to a backup file and erased everything in /var/log/secure. Opening gproftpd as sudo now works. I'll print the last few entries of the file if you would like to see it to see if maybe there was an entry that scewed things up.

i tried reinstalling it but on the process i got this message:

ProFTPd warning: not start neither in standalone nor in inetd/xinetd mode, apparently. Check your configuration.

i followed the howto yet i always get this message. Any idea what's wrong? thanks for the help (^.^)

This sould be an error or typo in the proftpd.conf file, could you post it there ?

This sould be an error or typo in the proftpd.conf file, could you post it there ?

here is my proftp config file. i hope this helps in determining what went wrong. thanks!

All you need there is to replace this line :
ServerType inetdby :
ServerType standalone

ok the error is gone now. thanks alot!

Now i would like to ask how to connect to my ftp server using a browser? using my settings you have seen in my config. thanks again for the help. :-D

Open a web browser and put that in the adress bar :
ftp://cych@your_IP:1980I'm not sure about the character ":" maybe it's a space instead.
But it's always better to use a ftp client like Gftp.

i tried ftp://cych@your_IP:1980 but it doesnt work. i also tried ftp://my_IP:1980 and still doesn't work so i installed gftp instead. my problem is i get confused. What will i put in the host area? my ip address? Please be patient with me its really my first time to set up a ftp server and use gftp :)

No problem mumushi,

In Gftp, for host put your IP address, for user put cych for port 1980 and for the password the one you chose.
Don't forget to paste the Gftp log if you get problems (maybe the 530 error).

Greetings.

I am very new to this and require some help with the fundamentals.

I have set it up so that the server works from within my network.
I can send and receive from another machine on my local network no problems.

I am now trying to get it to work from outside the NAT.
My Service provider has given me the IP of 196.211.152.206 to use to connect with, he is apparently forwarding calls made to this IP to my Ubuntu box who's IP on my local Network is 196.20.20.67 the IP of the router on my network is 196.20.20.1

When I try to connect to 196.211.152.206 using Gftp I get the following response


Looking up 196.211.152.206
Trying 196.211.152.206:21
Cannot connect to 196.211.152.206: Connection refused
Waiting 30 seconds until trying to connect again

When I check my Config file this is the response I get:



If there are no complaints the configuration is ok...
localhost.localdomain - 127.0.0.1:21 masquerading as 196.211.152.206
Check completed.

I dont know where it is getting the above IP 127.0.0.1 from, as it does not apear in the config file ??

here is my config file 10351

IF someone could check my config file and make sure i'm not missing the basics that would be great.
This is starting to take years off my life](*,)

Thanks
Sean.

No problem mumushi,

In Gftp, for host put your IP address, for user put cych for port 1980 and for the password the one you chose.
Don't forget to paste the Gftp log if you get problems (maybe the 530 error).


I did what you have said and i know i input the correct pass but i got this message:

Looking up 192.168.232.69
Trying 192.168.232.69:1980
Connected to 192.168.232.69:1980
220 you're at home
USER cych

331 Password required for cych.
PASS xxxx
530 Login incorrect.
Disconnecting from site 192.168.232.69

What possibly went wrong? i know i am that close into making this thing work. Thanks again!

Well the 530 error is a common error, it can com from rights problems on the FTP-shared, download or upload directory. I advice you to use the user&group GUI and try to change the password of the user, re-create it if needed but with the GUI.
If it still not working i will read again your config file but it seems ok.

Any assistance will be golden, I just cant seem to get this to work !

Did you read this post ?
http://www.ubuntuforums.org/showpost.php?p=680702&postcount=81

Sorry, i can't help you more because i'm not an expert about router things.

Maybe a thread in the server talk sub-forum will provide you the help you need.

What do I need to change to allow each user to access his home folder?

I have set up a ftp but when i go to login i dont no the name or password can some1 help me this is my conf

ServerType standalone
DefaultServer on
Umask 022
ServerName cameronsftp
ServerIdent on "My FTPD"
Bind "0.0.0.0"
ServerAdmin suped_up_supra_01@hotmail.com
IdentLookups off
UseReverseDNS off
Port 21
PassivePorts 49152 65534
#MasqueradeAddress None
TimesGMT off
MaxInstances 30
MaxLoginAttempts 3
TimeoutLogin 300
TimeoutNoTransfer 120
TimeoutIdle 120
User cameron
Group cameron
DirFakeUser off nobody
DirFakeGroup off nobody
DefaultTransferMode binary
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores off
TransferRate RETR 30
TransferRate STOR 40
TransferRate STOU 40
TransferRate APPE 40
SystemLog /var/log/secure
#gp_random_username_length 6
#gp_random_password_length 6
#gp_randomize_case lower
#gp_useradd_root_path /home/ftp
#gp_useradd_upload_path /upload
#gp_html_path /var/www/ftp.html
#gp_welcome_name welcome.msg
<IfModule mod_tls.c>
TLSEngine off
TLSRequired off
TLSVerifyClient off
TLSProtocol TLSv1
TLSLog /var/log/proftpd_tls.log
TLSRSACertificateFile /etc/gproftpd/gproftpd.pem
</IfModule>
<Limit LOGIN>
AllowUser cameroncalver
AllowUser cameron
DenyALL
</Limit>

<Anonymous /home/FTP-shared>
User cameroncalver
Group cameroncalver
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
DisplayFirstChdir .msg
AllowOverwrite off
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit ROOT_DIR_ALLOW RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit ROOT_DIR_DENY DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>
DenyAll
</Limit>
<Directory /home/FTP-shared/linux.png/*>
AllowOverwrite on
<Limit UPLOAD_DIR_ALLOW LIST NLST MDTM SIZE SITE STAT APPE RETR STOR STOU MKD XMKD CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit UPLOAD_DIR_DENY DELE SITE_CHMOD SITE_CHGRP RMD XRMD RNFR RNTO>
DenyAll
</Limit>
</Directory>
</Anonymous>

<Anonymous /home/FTP-sharedp>
User cameron
Group cameron
AnonRequirePassword on
MaxClients 3 "The server is full, hosting %m users"
DisplayLogin welcome.msg
DisplayFirstChdir .msg
AllowOverwrite off
<Limit LOGIN>
Allow from all
Deny from all
</Limit>
<Limit ROOT_DIR_ALLOW RETR LIST NLST MDTM SIZE STAT CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit ROOT_DIR_DENY DELE APPE STOR STOU SITE_CHMOD SITE_CHGRP RNFR RNTO MKD XMKD RMD XRMD>
DenyAll
</Limit>
<Directory /home/ftp/upload/*>
AllowOverwrite on
<Limit UPLOAD_DIR_ALLOW LIST NLST MDTM SIZE SITE STAT APPE RETR STOR STOU MKD XMKD CWD XCWD PWD XPWD CDUP XCUP>
AllowAll
</Limit>
<Limit UPLOAD_DIR_DENY DELE SITE_CHMOD SITE_CHGRP RMD XRMD RNFR RNTO>
DenyAll
</Limit>
</Directory>
</Anonymous>

cameron@ubuntu:~$

I fixed the problem

Anyone?

LordMerlin, you want to use several users in your FTP server and you want that each of this user use its own home directory as FTP directory ?
It's not really secure, could you explain me why you want to do that and what you want to do and i will try to find a secure way to do that, if you agree obviously ;)

No, I want each user (normal Linux user) to have access to his folder via FTP, can that be done?

Sure it can be done.
Creates one directory for each home user directory under FTP-shared. Then in your proftpd.conf add a section like that for each directory :
<Directory /home/FTP-shared/user1-homedir/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser user1
Deny ALL
</Limit>
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
Also add each user in the <Limit LOGIN> section and create an alias for each one in the proftpd.conf file.
Then link the home directories in those created in FTP-shared like that :
sudo mount -o bind /home/user1 /home/FTP-shared/user1-homedirIn the example i gave you you will only be able to download in these directories.

By the way, did some tried this guide with dapper ?

Thanks for the feedback.

By the way, did some tried this guide with dapper ?

Thanks for the feedback.
I did and have no problems with it. Thanks, frodon :)

That's a lot of work just to allow each user FTP access to his home folder!!!

Isn't there any other FTP server I can use which is just plain straight forward?

I gave you a secure way to do it but there are plenty of less secure solutions which are easier to set and this will be true with other FTP servers.

I know it will take you 15min to set it up but you only do it once, as for needed mount commands just put them in a script and it's done.

Anyway other popular servers are pureftp and vsftpd.

Ive setup proftpd on breezy and it works fine. I installed proftpd in dapper and setup exactly the same and its a lot slower when logging in and navigating folders, generally lot slower..

Hi,

First post here, yay!:) Glad that I've found a thread which discusses proftpd configs. Anyhow, I have a couple of questions:

1) In the HOWTO-guide (the secure way), why is the DefaultRoot-directive defined twice?


# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~


2) I've followed the HOWTO-guide, but when I connect to the FTP-server from my WinXP comp on the same network, the file list is empty. I was expecting to see the /upload and /download directory when I log in, but I don't.

3) Some of the <Directory path/to/somewhere/*> directives have a star at the end of the path. Why?

4) I will mainly use my FTP-server to upload files to my DocumentRoot for apache. Does anyhow any tips/suggestions regarding how to do this as secure as possible?

5) How do I add encryption to my FTP-connections?

6) Also, it would be nice to know how to create different users with different passwords and different "starting"/jail directories when they log in.

Thanks

1)Indeed one is enough but it tought it would help users who want to customise the config file to understand the principle of this command.

3)Good point, the star is not really needed since there's no sub-directories to include following the guide. You can remove them if you wish, it's up to you.

4) Mount your DocumentRoot directory in the upload directory thanks to a mount -o bind command, there's some examples at the end of the file.

5) I never did that but it's documented on the proftpd site : http://www.proftpd.org/.
You will find examples and support for that in the proftpd forum : http://forums.proftpd.org/phpBB2/

6) The users used by proftpd are the system users and you can add the users you want to allow in this section :
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>Don't forget to set an aliasname for them, i use this trick to prevent telnet accesses to the server.
If you use only the DefaultRoot ~ each user will access only his home directory when login.

I hope i have given you some of the informations you're looking for.

Thanks for your response.

I'm still getting an empty directory listing when I login from my other (WinXP) comp. The DefaultRoot on the FTP-server is set to /home/FTP-shared/. I've created the upload and download directories and chmod:ed them. Still, I don't see them when I log in. I also tried to mount my webroot to /home/FTP-shared ... nothing. Why is this?

Offtopic: What does the 'sudo' command do?

Could you post your proftpd.conf file ?

About sudo, you should read that : https://wiki.ubuntu.com/RootSudo

Finally got it working. I had accidentaly defined ListOptions twice, so I deleted one of them and replaced the other with ListOptions "-A". Anyhow, here is my config file:

# Daemon settings
ServerName "Proftpd Server"
ServerType standalone
DeferWelcome on
AuthAliasOnly on
UserAlias sauron userftp
ListOptions "-A"
RequireValidShell off
AllowOverride off
AllowOverwrite on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
ServerIdent off
RootLogin off
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir .message
DenyFilter \*.*/
IdentLookups off
UserReverseDNS off
MaxLoginAttempts 3
AllowStoreRestart on
PersistentPasswd off

# Log
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xfer.log
SystemLog /var/log/syslog.log

MaxClients 10
MaxClientsPerHost 10
MaxClientsPerUser 10
MaxHostsPerUser 10

DefaultRoot /home/FTP-shared/

<Limit LOGIN>
AllowUser userftp
DenyAll
</Limit>

<Directory /home/FTP-shared/>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

I just setup proftp per this howto, everything work great, except when I connect from my laptop and upload stuff, the file permissions are dropped completly. This mean I can't upload entire directories. When I try to upload a directory with maybe 4 files in it, the directory gets created on the server, without any permisions at all. Then it can't open that directory to start copying files. The files likewise will get no permissions at all.

So how do I get it to copy the same file permissions that exist on the client to stay on the files/dirs when sent to the server?

What's happen if you perform the same attempt after entering in terminal :
umask 022Is the new folder still without any permissions ?

This maybe to late to post on here and if it is then forgive me but i'm getting a fatal error
Fatal: AllowUser: directive not allowed in server config text on line 47 of /etc/proftpd.conf

can anyone help?

Could you attach you proftpd.conf file in the next post, i'd like to see it because it sounds like a syntax error.

Hopefully this helps..

Try to jump a line and make the limit login part look like that :
<Limit LOGIN>
AllowUser John
AllowUser chuck
DenyALL
</Limit>

Except that, it looks good (i mean no syntax error)

That didn't work... actually i got a different message...fatal: unknown configuration directive '<limit' on line 94

Ok I'm dumb the thing you told me to do did work. But once i tried to bring it online I got the new error message.

Ok, I was able to setup proftpd. I'm able to connect to my download, upload directory. But, how can I get access to my /var/www directories?

I host a site on my server, and the path is in the /var/www. What do I have to add in the proftpd.conf in order to be able to upload my files?

Thanks

Just mount your /var/www directory in the upload directory :
sudo mount -o bind /var/www /home/FTP-shared/upload

ok, thank you.

But if I mount that folder, then all my users are going to have access to it, right? I setup a second user, and I logged in and I saw that he has access to the same /var/www as my own user.

Ok, if you wish to limit the access to the upload directory to your own user only, modify the directory section like that :
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser Your_user
Deny ALL
</Limit>
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>Thus other users will see the upload directory but won't be able to enter in and use it.

that will work. But here is what I'm trying to accomplish:

I want user1 to have access to the /var/www directory, so I mount this.
Then I want user2 to only have access to /var/www/website1, I don't want him to have access to the other websites as user1 does.

Thank you everybody for your help

I would create 2 upload directories, mount /var/www in the first and /var/www/website1 in the second then use the "LIMIT" comand as shown in my previous post to control the access.

Hi, I've gone through all the posts here and I am still lost.
I'm using Ubuntu Server 6.06
I have tried downloading proftpd and get the usual error.
I run this command :

root@server:~# apt-get install proftpd
Reading package lists... Done
Building dependency tree... Done
E: Couldn't find package proftpd
root@server:~#

so my first question is how do I install a program that doesn't appear to be there?

And second is how do I set it up so that the users root and fred have access to the /var/www folder.

I will be installing ispconfig as well after this and want to have ftp access for these two users. I have tried to install through different methods but no luck so far....

You shouldn't have all thhe repositories enabled, have a look here for example to compare your source.list file :
http://www.ubuntuforums.org/showthread.php?t=185758
Once you've modifyed your source.list file run a :
sudo apt-get update
sudo apt-get upgrade
Then retry the command.

To give rights to /var/www for the user root and fred i see 2 ways, allow rights for all (sudo chmod -R 777 /var/www) or add fred to the group "root" and give full rights to the group (sudo chmod -R 774 /var/www).
More details on how manage groups and users there :
http://www.cs.unm.edu/~storm/UNIX.html

Thanks for your help....how do I set /var/www as the default directory for when I login via ftp?

If you followed my guide, just mount the /var/www directoryin the upload directory otherwise you can create a user with /var/www as home directory, he will login in its home directory.
Post your proftpd.conf file if you need more help.

I can ftp from the machine itself and from another computer inside home on the same network. The actual test whether I can access it from outside, will be done tomorrow. But I am hopeful that I shall succeed. (Update : Now I can access it from outside; see my next post below).

Thanks for your message, it was very helpful.

I'd like to know if when you say

I can ftp from the machine itself and from another computer inside home on the same network

you mean using the command

ftp 192.168.1.X 1980

or using


ftp yourname.homelinux.net 1980

I have a similar configuration to yours, I also have a home server registered with dyndns. What I want to do it to access my ftp server always using the dns name (ie yourname.homelinux.net). How do you achieve that?

Thanks

I'm stuck. I have setup proftpd/gproftpd and everything is configured properly from within my LAN. I can access the FTP server, and transfer files up and down.

I have forwarded the port in my router, and configured proftpd/gproftpd so that I can access my ftp server remotely (e.g. [my.ip.addy.here] [port] ). I know I set this part up right, because I can access the server from outside the LAN (from my work). From a windows machine, and from a Mac at my office the results are the same, that I can successfully login, however I don't get a directory listing. ?

I have a feeling that this has to do with my Passive Port settings, and that I need to forward these ports on my router as well, but nothing I have tried has worked... HELP!

I have a question about multiple users. I would like to have a shared tree of folders with multiple users. The catch is I want different limits placed on each users.

/home/ftp/shared
with the following folders
scripts
code
upload

I want 3 users
download
upload
private

I want the download user to be able to download from any dir but not be able to upload.
I want the upload user to be able to see all dirs but only be able to upload into the upload dir.
I want the private user to be able to download from any dir and upload into upload only.

Is this possible? IF so do you have an example?

nix4me

nix4me, there's some examples in some previous posts of this thread.

I'm actually becoming more interested in trying mysql to control users with proftpd. Doing some reading now on it.

nix4me

New version of gproftpd is out (8.2.8 ). Is it possible to update the .deb in the first post too?

Hello there, I have a problem with my proftpd setup. After installing everything(which went like a charm) I edited the .conf-file to my needs, and now I can upload and download stuff from the ftp. Theres one thing I can't do though - overwrite. It's probably something minor in the .conf I have to change, but I can't find out what, even after reading all the suggestions and confs posted.

I've attached the .conf.

Thank you in advance. Shoot

Maybe there's an option to add in the limit command used in the directory, there :
<Directory /var/www/>
Umask 022 022
AllowOverwrite on
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>I never tried to overwrite a file anyway you can delete the file then write it but for sure it's less easy than a simple overwrite.

Here is the official documentation about the limit options if it helps : http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html

Sorry to not help you more.

Good luck ;)

Atleast you tried to help, I appreciate that. Gonna go check that limit documentation through. Thanks

shoot


edit: Hmm, I read it and added some stuff, saved and restarted proftpd, now I get an error (550) when I try to upload anything to the server. I removed the stuff I added and restarted, still get error 550. What's the problem now?:|

I have httpd installed, when i log into ftp with the made username and password it takes me to the website root DIR (WWW) hmmm how secure eh :P lol NOT!
whats up with this then? heres my conf file!


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "c0ntempt"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers on

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome to c0ntempts ftp, **** around and your banned! !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
AllowUser userftp
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit ALL>
Order Allow,Deny
AllowUser userftp
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Hi - what do I need to do to send users (when they login with their own username and passwd) to their home dir?

Thanks

Just to say thanks for an excelent HOWTO.

Took me 2 days to get it all working, but that was down to my router and its inbuilt firewall. Just adding the PassivePorts section and including a ranged port allowance on my router and hey-presto it worked. :D

All this done while in another country thanks to putty and ssh :cool:

Cheers,

John.



#
# To really apply changes reload proftpd after modifications.
#

MasqueradeAddress (oops not showing this)
PassivePorts 60000 65535


AllowOverwrite on
AuthAliasOnly on

#Choose here the user alias you want !!!
UserAlias scorpuk userftp


ServerName "HTPC"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

Rootlogin off

#It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

DenyFilter \*.*/

#I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

#Allow to restart a download
AllowStoreRestart on

#Port 21 is the standard FTP port, so don't use it for security reasons
Port 1980

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 2

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

#Display a message after a successful login
AccessGrantMsg "Welcome !!!"
#This message is displayed for each access good or not
ServerIdent on "Scorpuk FTP Server"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

#Lock all the users in home directory, ****** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off

<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>

</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>

</Directory>

<Directory /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on

<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>

</Directory>

I have httpd installed, when i log into ftp with the made username and password it takes me to the website root DIR (WWW) hmmm how secure eh :P lol NOT!
whats up with this then? heres my conf file!


Just making sure but did you do this in the install sequence?


sudo useradd userftp -p your_password -d /home/FTP-shared -s /bin/false

The above coding forces the home directory for the user to the FTP-shared.

Other than that your config file is similar to mine except the end part for <directory> settings as far as i can tell.

Anywho hope ya get it sorted.

John.

My setup is a little different from most.
I have a webserver that i want to allow users to update their own webpages on by FTP.

I have installed Proftp as per the early directions but changed some of it in an attempt to get access to a folder called testftp which resides in this folder /var/www/xxxxxxxxx/ftptest

I have set up a test user called fred with a password flintstone in system User and Groups.

this is a copy of my proftp.conf file, does it look ok?
and is this setup of mine the best way to go about this thing?



# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias hawkowl userftp

ServerName "xxxxxxx"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /var/www/downtowncentral/ftptest

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /var/www/downtowncentral/ftptest>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /var/www/downtowncentral/ftptest/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /var/www/downtowncentral/ftptest/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

It looks all good for me, don't forget to set /var/www/downtowncentral/ftptest as home directory for your user fred and to give the good rights the directory you use for the ftp (755 for a dowload directory and 777 for an upload directory).

I need some help. I don't know what I did, but as early as this morning I was able to upload to my ftp server with no problem, and now all of a sudden I cannot upload or download to/from it. I've removed and reinstalled proftp using the steps in the 1st post, and removed and recreated the userftp account, but it's still not working.

My conf file was a cut 'n paste straight from the 1st post, with some minor changes (I changed the home dir from FTP-shared to just ftp) and I changed the server name, user alias, and port. I'm 99% sure it's a permissions problem but can't figure out why.

Coog

Be sure to give 755 rights to your ftp directory and dowload directory and 777 rights for your upload directory.
Post your conf file if you changed something, sometimes a typo may be hard to see and it easier if several people have a look to it.

Hello everyone!

I'd like to begin with saying that I'm impressed over your dedication to this thread, rodon! I've just read the whole thread, and people seldom have to wait for long before you give them a good answer - creds to you! :D

However, in spite of reading the whole thread, I still have one question - the same one that made me search this thread.

In the original howto, you refer to a simple way of mounting folders into the folder that my ftp-users may access (which is their own respective home folders). In fstab, this line should be added:

'the_directory_to_mount /home/FTP-shared/download vfat bind 0 0'

I have used this kind of hard linking for about a year, and it works really well! (however I mount the folder into every users home folder instead, since that is the only part of my computer that they may access) However, as it is now, all users have complete access to the folder I mount into their home directory. I want them to have full access to their own Home, but I don't want them to be able to write or delete in the folder I mount into their Home - I only want them to have read access there. I've tried to use the umask function to limit their access in the mounting atself, but without any success. The line in fstab looks like this right now:


'the_directory_to_mount /home/user/name_of_folder vfat bind,umask=777 0 0'

I've also tried umask=000, umask=222 and so on... But the users always have full access anyway.

Am I making the umask thing wrong? Is there any way to achieve the same goal by configuring proftpd.conf?

Unfortunately, I cannot just simply chmod the directory - I don't know why, but I cannot, even if I am root. It just simply doesn't work. On the other hand, it doesn't really matter, because I want _some_ users so have full access to the same folder.

Finally, I do not use gproftpd, and I do not intend to either, mostly because I think it works fine the old way. There is only one function in gproftpd that I would like to have, and that is the logging of what users are online, and what did they download/upload. But nah, that doesn't really matter that much... =P

Hope to get some help with this problem, it would be really nice to have my stored files secured! :)

Hi and thanks for being so kind with me.


There is only one function in gproftpd that I would like to have, and that is the logging of what users are online, and what did they download/upload. But nah, that doesn't really matter that much... =POpen a terminal and type ftptop while your ftp server is running, you will see who is connected on the server in real time and what he's downloading, if you press the character t you will even see the transfert rate.
There also the ftpwho command which gave you the same kind of information but not in real time.

If you want to prevent write and deletion in a folder just modify the section corresponding to this folder in your proftpd.conf file.
For example the download directory on my guide :
<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>The parameters DELE and RMD are denied therefore the users will not be able to delete a file or a directory in the coreesponding folder.

See the limit page on the proftpd site for more details :
http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html

*pointing at the two most recent posts* 10 hours. That _is_ impressive! :D

The commands ftptop and ftpwho were really useful, thanks a lot! Someone told me once that such information was not available in proftpd, but apparently they were wrong. :)

However, the limit configuration did not work =/ (and yes, I did restart the server before I tried it out :p )
I've been looking at the limit configuration before, but didn't really understand how it worked back then. This time, I copied the text in your post straight off, but it didn't work. (I changed the directory, of course.)

I'm not quite sure why the limit does not work, but on the other hand, the umask should have worked too...

Could you post your proftpd.conf file and tell me the name and path of the directories you want to protect from DEL and RMD commands ?
I'll have a look to it and see if something sounds wrong in your config file.

Absolutely. The path to the directory (or rather an example - there are as many as I have ftp-users, but I use this particular one for testing)

Thanks a lot!

By the way, the directory that is linked into user morot's home folder is actually a HD mounted at another spot. I'm not sure whether that might make any difference?

After reading your conf file i don't see anything wrong, i don't understand why users are still able to delete, i use quite the same method in my guide and it works without any problems, it's weird.

Strange indeed. Well, I suppose I'll just put it in the pile of unsolved mysteries, then. :p

I found out today that I am actually able to change the permissions of the folder nowadays - I suppose I haven't tried that since I upgraded to Dapper or something. So it's possible for me to prevent people from deleting files, but the downside of it is that I myself won't be able to do it either without meddling as root. That's a minor problem, though.

Anyway, thanks a lot for the help! :D

(After all, now I know that it's something strange, and not just I that is doing things wrong... :) )

followed the howto - but when start the server , i get this error.. any ideas anyone? cheers :)

frank:/home/ftp# /etc/init.d/proftpd restart
Stopping ftp server: proftpd.
Starting ftp server: proftpd - IPv6 getaddrinfo 'localhost.localdomain' error: Name or service not known

Did you change anything in the proftpd.conf file given in the guide ? If yes could you post it ?

I like the way you have the server setup however I have one question. If I set more aliases to allow more login account names, they all have the same password...the password set for userftp.

Is there a way to still use aliases and have seperate passwords without having to setup system accounts for each user?

nix4me

Without creating new accounts, i would say no but obviously i may be wrong.

BTW, do you (all users) think it would be useful for you if i write a small guide on how set a FTP server with TLS/SSL encryption, that means the authentification and the data are encrypted (SFTP) ?

Well i figurd out how to do what I wanted from my previous post. I had to abandon the use of alias.

I am using virtual users with the AuthUserFile feature and things are working great.

I also have TLS enabled and working nicely.

Any value added in me documenting the use of virtual users on this forum?

nix4me

Any value added in me documenting the use of virtual users on this forum?

nix4meOf course yes and i would gladly add this documentation to the first post with the due credits.
I would be really interested too if you could also explain the steps you followed to enable TLS.

Thanks a bunch, you rock :KS

Use the following steps to get TLS working in proftpd:


# sudo apt-get install build-essential
# sudo apt-get install libssl-dev
# cd /etc
# sudo mkdir ftpcert
# cd ftpcert/
# sudo openssl genrsa 1024 > host.key
# sudo chmod 400 host.key
# sudo openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

Answer the questions - Valid answers are not important

Add these lines to the /etc/proftpd.conf


TLSEngine on
TLSLog /var/log/ftpd/tls.log
TLSProtocol TLSv1
TLSRequired off
TLSVerifyClient off
TLSRSACertificateFile /etc/ftpcert/host.cert
TLSRSACertificateKeyFile /etc/ftpcert/host.key

*Note - Use TLSRequired ON to force the use of TLS. OFF means that the use of TLS is optional.

Let me know if you have problems,

nix4me

when i type

sudo apt-get install proftpd

I get couldn't find packages proftpd

emptycs, this shoulf be a repository problem, have you enabled the universe and multiverse repositories ?

nix4me, your instructions are really nice, i don't have the time to test them now but will do ASAP. Anyway it should work like a charm because i found the same instructions on the proftpd forum :
http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html
http://www.castaglia.org/proftpd/modules/mod_tls.html
However i saw you don't use the TLSCACertificateFile, it is explained here :
http://www.modssl.org/docs/2.7/ssl_faq.html#cert-ownca

On the other hand could you confirm that to get the authentification file to work you just created an authentification file and added the AuthUserFile (http://www.proftpd.org/localsite/Userguide/linked/config_ref_AuthUserFile.html) command ?
Could you give us as example your authentification file. Did you try aliases with the authentification file method ?
Thanks a lot

When I get to the following line:


sudo openssl genrsa 1024 > host.key

I get "bash: host.key: Permission denied

How does this happen when using "sudo"?

Check the rights of the file host.key, if it don't have write rights even sudo can't open the file and write it.
To add "write" rights use this command :
sudo chmod +w host.key

[trying the new TCL config from previous page]
I tried sudo chmod +w host.key

As I suspected it said that the file did not exist.

I applied the chmod to the directory (ftpcert) and this worked

I then reran sudo openssl genrsa 1024 > host.key

But still got the Permission denied error.

[general error]

Not sure if this is relevant to the specific TCL config error but when I try to upload to the FTP server connecting via Fetch (Mac GUI) I drag the file into the upload directory and the transfer starts, the file name is created but then it hangs and eventually times out. The file is there but 0 bytes.

Ok, instruction on how enable TLS/SSL are tested and working like a charm.

See the main post for detailed instruction on TLS/SSL enabling.

Again thanks to nix4me ;)

Hi folks,

I've followed the howto inclusive of the tls part. Everything works fine. Thanks for taking the time to create a great howto like this one for the community to use.

I want to be able to remotely reboot my box. However, I am concerned that the way the certs are setup, the system will just hang because I will need to input the password, and I don't know how to do so remotely (I use putty/ssh).

Can you advise how to modify or create certs that will allow me to perform an unattended reboot?

Thanks!

Okay, this turned out worse than feared. Upon attended reboot, the system just hung. I'm going to play with the configuration of grub to get rid of the fb stuff and try again later.

Note that after hitting Power Off (I hate to admit that), I selected recovery mode from grub, and the system just hung after alsa was restored. Tried putting in the password a couple of times (blind). Didn't work.

I ended up rebooting into Gentoo and chrooting into Kubuntu LTS. I then removed the ftpcert directory and commented out the cert lines from the proftpd.conf.

Upon reboot, all is normal. I'm feeling a bit confused. For right now, I will use proftpd without encryption. However, I really like the idea of having encryption. Please let me know what I need to do to get rid of the requirements for passwords.

Thanks!

I don't know what your talking about when you say you are having to enter a certificate password. The instructions that i posted work flawlessly.

Another way to create a ssl certificate is to load gproftpd and use it generate a .pem file. Then just load that certificate in the proftpd config with TLSRSACertificateFile. I did that 3 years ago and have had my server up and running for the last 3 years.

Anyway, again, not sure what has happened to you. I don't have a spare machine to try the config that Frodon posted. I will try to test soon.

nix4me

I tested it with gproftpd and if works without requiring passwords everytime the proftpd daemon is started and stopped (restarted). I believe the password was for a .key file.

We'll see if someone else comes along with the same problem.

-Whata

Yep, i noticed the password thing too and i confirm that the password is needed to start/restart/stop the server, i will search and see if it's possible to get rid of that.
Anyway having his own certificate file is not mandatory.

EDIT: well, i found the answer there :
http://www.modssl.org/docs/2.7/ssl_faq.html#remove-passphrase

It is because the RSA private key is encrypted in the server.key file, thus the solution is to remove the encryption of the RSA private key but it makes the key readable in the server.key file. So for the moment i don't know what to advice.
For sure the most secure solution is to keep the RSA private key encrypted.

Do you think i should document the way to remove RSA private key encryption in the server.key file in the guide as an alternative way to use the certificate file ? Obviously with a warning notifying that it's less secure.

I don't really think most users will have any need of remotelly starting/stopping/restarting their servers. But on the other hand, if the information is available, it is more of a free choice for every user - most probably don't even know you could do that, but when they hear it's possible, they might want to have it that way.




*Note - Use TLSRequired ON to force the use of TLS. OFF means that the use of TLS is optional.

Is there any downside of forcing the use of TLS?

Is there any downside of forcing the use of TLS?You will only be able to login the server if you use a FTP client which support TLS/SSL, for example gFTP don't support it.
If you wish to get quickly a FTP client which support SSL/TLS install the "fireftp" extention of firefox, you just need firefox for that (the OS you use is not important).

Hi Frodon,

Thanks for the response. I will have a look at the link you posted and I will be able to figure out for myself how to set up the key without encryption.

BTW, I have everything setup and working using the configuration parameters that you provide in the howto except for encryption. Works great! Thanks for the Howto!

I tried using gproftpd and found it to be a little restrictive, so I went back to your howto.

I found that the 503 error can be fixed simply by typing:


passwd userftp

and typing in the password desired when prompted after the user is created. Not sure why the command string provided does not work. I think that with the command string provided, the password is not being taken when the user is created, so that when people try to authorize, they get the 503 error because the passwords do not match.

With respect to posting instructions for how to set up the certs and reboot without being asked for passwords, I think that this is completely up to you. My vote would obiously be yes, but clearly, my use of my system is different than a lot of other users. Is it worth it posting the instructions for one person? Probably not.

Thanks for the awesome howto!

-whata

Hi all,

Thanks to Frodon and the link provided, I have been able to remove the password requirement when using SSL certs. I know it can be done a little simpler by not requiring the password in the first place, but as Frodon pointed out, it is more secure than not requiring it. In other words, you are better off sticking to the howto as it is.

If you are looking for the easiest way to not end up with the password requirement, just go to the cert directory and follow most any howto on setting up SSL for an Apache web server. I haven't come across one that had made me type in a password when shutting down and starting up the server.

If you want to remove the password requirement after implementing it per the howto, here's how:


cd /etc/ftpcert
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Enter the password, restart your server and enjoy.

-whata

I would recommend that the instructions to remove the required password be added or change the way certificates are created. Having to enter a password is too intrusive for the average user.

nix4me

It's documented in the guide now, each user will have to make his own choice now ;)

Thanks again whatalotta and nix4me for the feedback.

You will only be able to login the server if you use a FTP client which support TLS/SSL, for example gFTP don't support it.
If you wish to get quickly a FTP client which support SSL/TLS install the "fireftp" extention of firefox, you just need firefox for that (the OS you use is not important).


Ah, I see... Thanks! =)

Frodon,

Actually, thank you. This is one of the better guides I've used. You are also very involved with the users of the howto and very responsive to their queries. Please keep up the great work!

-whata

I found that the 503 error can be fixed simply by typing:


passwd userftp

and typing in the password desired when prompted after the user is created.

i was in agony over this 503 error because i administer 4 linux servers that have no gui interface. the above quoted fix worked to get past the 503 error via cli interface.

thank you so much. this was the only hangup i encountered in the howto.

Great! I'm glad it helped someone.

-whata

Nice fix whatalotta, i add that in the guide, thanks you all for your help, if this guide is that good it's obviously thanks to the feedback you provide.

After some research, I finally have a Proftpd server working with virtual users authenticating through a Mysql database. It also is TLS/SSL enabled.

I wish I had the time to document it step by step but that would take some time.

If alot of users are interested enough, I might consider posting a Howto in the future when I get time.

nix4me

I want to thank everyone for all of the help you've provided. Have gotten ProFTPd up & running with being able to connect with any computer on no-ip.

The only glitch I'm running into which keeps me from putting this into production is not being able to put files into the FTP folders either locally or remotely. Can download fine. The permissions on the folders under ftp-shared are user: ftp group: nogroup.

The image was built & configured by myself with VMWare Workstation to be deployed in Player on a 2000 Server. The reason for this is that I refuse to use IIS.

Not sure if it's in Kubuntu or in my config file. Here's the file:

#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly off

# Choose here the user alias you want !!!!
# UserAlias sauron userftp

ServerName "Charlie Dunn Productions"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

# DenyFilter \*.*/
DefaultRoot /home/ftp-shared/ftp
# DefaultRoot ~

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for
me)
UseFtpUsers off

UseReverseDNS off
IdentLookups off

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# I know it's not the best...but will save my sanity not taking calls why they can't connect & how to "do this properly."

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
# AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
# AllowUser userftp
# DenyALL
AllowALL
</Limit>

<Directory /home/ftp-shared/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp-shared/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

# Myself & the server admin are the only ones I want being able
# to do anything with the server.

<Directory /home/ftp-shared/ftp/utilities/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

<Directory /home/ftp-shared/ftp/waiting/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
Order Allow,Deny
AllowUser phoobar
AllowUser charlie
DenyAll
</Limit>
</Directory>

<Directory> /home/ftp-shared/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Any help you can provide would be greatly appreciated.

I want to thank everyone for all of the help you've provided. Have gotten ProFTPd up & running with being able to connect with any computer on no-ip.

The only glitch I'm running into which keeps me from putting this into production is not being able to put files into the FTP folders either locally or remotely. Can download fine. The permissions on the folders under ftp-shared are user: ftp group: nogroup.You mean that you're not able to upload on your FTP server ?

You mean that you're not able to upload on your FTP server ?

That's the only thing...locally or remotely...that it will not do. On the other hand...if I set it up for anonymous use only...can upload & download.

Thanks for the reply!!!

Your configuration seems good from what i see so i think to a system rights problem.
Check that your upload directory have 777 rights, if it's not the case give it 777 rights because it's needed to be able to upload.

Your configuration seems good from what i see so i think to a system rights problem.
Check that your upload directory have 777 rights, if it's not the case give it 777 rights because it's needed to be able to upload.

The upload directory is set for 777...with the other folders set for 755.

From gFTP...get: Could not change local directory to (whatever folder I'm trying to upload from): not a directory.

From Filezilla...Critical transfer error.

Here's the listing from Filezilla:

Response: 220 ProFTPD 1.2.10 Server ready.
Command: USER charlie
Response: 331 Password required for charlie.
Command: PASS *****
Response: 230 User charlie logged in.
Command: FEAT
Response: 211-Features:
Response: 211-MDTM
Response: 211-REST STREAM
Response: 211-SIZE
Response: 211 End
Command: SYST
Response: 215 UNIX Type: L8
Status: Connected
Response: 257 "/Uploads" is current directory.
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,182).
Command: STOR AutoGordianKnot.2.27.Setup.exe
Response: 550 AutoGordianKnot.2.27.Setup.exe: Permission denied
Error: Upload failed
Status: Retrieving directory listing...
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,184).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful
Command: TYPE A
Response: 200 Type set to A
Command: TYPE A
Response: 200 Type set to A
Status: Disconnected from server
Command: TYPE A
Response: 200 Type set to A
Command: REST 0
Response: 350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer
Command: TYPE A
Response: 200 Type set to A
Command: DELE /Uploads/AutoGordianKnot.2.27.Setup.exe
Response: 550 /Uploads/AutoGordianKnot.2.27.Setup.exe: Permission denied
Status: Retrieving directory listing...
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (24,121,25,76,240,191).
Command: LIST
Response: 150 Opening ASCII mode data connection for file list
Response: 226 Transfer complete.
Status: Directory listing successful
Command: PWD
Response: 257 "/Uploads" is current directory.

Any suggestions would be appreciated.

Thanks for all of the suggestions.

Is AutoGordianKnot.2.27.Setup.exe you're trying to upload ?
It seems to be the problem, from what i read from the log it seems to be the file you are trying to upload on the server but of course if the rights on this file are too restrictive and/or if it is owned by root you will not be able to handle it due to rights problems.

From what i know the 550 error tell you that there's a kind of right problems somewhere.

you mean using the command

ftp 192.168.1.X 1980

or using


ftp yourname.homelinux.net 1980


Thanks zasf for your kind reply. Maybe, you have already solved the problem. I am sorry that I am replying back after almost 2 months.

I used the 2nd command. However, The first command will not work since it is an internal ip address which outside world can not see. I had a tough time using proftpd from another machine(OS = Windows) within my home network(some 530, 500 errors) which I think I clarified in my post how to get rid of.


I have a similar configuration to yours, I also have a home server registered with dyndns. What I want to do it to access my ftp server always using the dns name (ie yourname.homelinux.net). How do you achieve that?

Thanks

I think you have registered with dyndns with your IP address which outside world can see(Not the internal one starting with 192). Check your IP address with checkip.com or similar website and if it is not a static IP address, but a dynamic one, you need some client like "noip" or "ddclient"(which I used) to keep dyndns posted about your dynamic IP address. If everything works fine, you can access it from inside or outside network using the address ftp://yourname.homelinux.net.

Finally, if you have a router at home and have more than one computers and turn off your computer(on which proftpd is installed), it is better to have an STATIC INTERNAL IP address for your server computer, since the router uses DHCP(hence dynamic) to assign iternal ip address. Th eprocedure for assigning static internal address to a computer will be given in your router's manual. Otherwise, if you just go with the dynamic internal ip address, make sure to check it, since you have opened the firewall and forwarded the port in your router for this internal ip address only. For example, in my case it was : 192.168.0.10 and since I never switch off my server, it remained the same. However, I checked for my other computer in my hme network that there internal ip addresses change from time to time. Moreover, I think the server is not a laptop. My point is that even it's a laptopwith wireless facility, I would recommend to put it on internet through ethernet for the purpose of proftpd.

Hope it helps.

okay so ive been reading threw this. and ive got proftpd installed now im still trying to get it up and running. Every time i try to start the ftp i get a message that says "Starting ProFTPD ftp daemon: failed" i think it has something to do with the proftpd.conf file but im not sure. any ideas or suggestions would be great. Im basically just trying to set up an FTP server where i can share files to my friends in iraq.

Hi, thanks for writing this howto and thanks all the other contributors; it made the setup almost painless. I have everything working how I would like, basic server for me and my friends who each have their own folders. However, I was wondering if it possible to limit the upload rate so browsing and other things for me and my family do not get drastically slowed down when other people are downloading from me.

Thanks again
Erik

@TransformedBG: you should post your proftpd.conf so someone can help you find the problem.

Just use the TransfertRate (http://www.proftpd.org/localsite/Userguide/linked/config_ref_TransferRate.html) parameter to set the uload and download rates.
For example to limit the dowload rate to 4Kb/s add this line in your proftpd.conf file :
TransferRate RETR 4096To limit the upload rate to 4Kb/s :
TransferRate STOR 4096

@TransformedBG, without some details on what you did and your proftpd.conf file it would be almost impossible to help you.

k so this is my proftpd.conf file in a nut shell: Im not a 100% sure what i need to change cause this is how it came minus the glens server part.


#
# /etc/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

ServerName "Glens"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off

# Uncomment this if you would use TLS module:
#TLSEngine on

# Uncomment this if you would use quota module:
#Quotas on

# Uncomment this if you would use ratio module:
#Ratios on

# Port 21 is the standard FTP port.
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
#DelayEngine off

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

transformedbg, you have to use sudo to start and stop the server! that's how I got mine to work. if you did the ssl or certificate thingy to encrypt your traffic than it'll ask you for the passwords you used when you created the ceriticates in order to stop and start the server.

Frodon, is it normal to not be able to copy stuff from the upload server onto my work pc when I log in using the username and password I set up????? See what hapened to me was that i set this up in a hurry before work yesterday and didn't put anything in the folders. Then when I loggged in using gftp I got it to work when I was on a local computer, well when I was in gftp I tried transferring all my music from a music folder on the local machine into the download directory and it wouldn't let me??? So then I tried to copy music into the upload directory and it let me. So now I am at work and I want to get access to that music, well I loogged in and it worked but it won't let me copy anything off the server? how do I put stuff in the download folder if I can't write to it? i just thought about this, do i have to transfer stuff to the download folder when I at my server? so the upload folder is only for putting stuff in and nothing out and the download folder is for taking stuff out and nothing in? Ok I get it. I just tested something else out, it'll let me create a directory but I can't rename it, it just says new folder. this is a result of using your proftp.conf file except for the username, folder name, and alias, and I am using the default port 21 because my company doesn't let traffic out on any non-normal port. only 21, 80 etc etc. Can you help me? oh yeah, this is using internet explorer as a client cause I can't install any ftp client.

transformedbg, you have to use sudo to start and stop the server! that's how I got mine to work. if you did the ssl or certificate thingy to encrypt your traffic than it'll ask you for the passwords you used when you created the ceriticates in order to stop and start the server.

ive used sudo, still no luck

k so this is my proftpd.conf file in a nut shell: Im not a 100% sure what i need to change cause this is how it came minus the glens server part.
you'll need to replace all of that with what's in the guide on the first page under step 3.

everything you need to know to configure your ftp server is in the first post of this guide. follow the directions carefully, and you'll end up with a working ftp server.

@dannyboy79, if i understand well you want to upload things in your upload directory and also download them from this same directory later ? Correct me if i'm wrong.
So modify your upload directory section like that :
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD READ RETR>
AllowAll
</Limit>
</Directory>Read this page (http://www.proftpd.org/localsite/Userguide/linked/config_ref_Limit.html) if you want some details on how to use the LIMIT commands. The LIMIT command defines what is allowed or not in a directory thus you set the rights as you want in the directory if you know how to use them, for example in my guide i prevent file and directory deletion in the upload directory but you may want to change that if it don't fit your needs.

Frodon,
Thank you for responding but you didn't answer the question on how to adjust the upload folder settings so that users can rename a folder they create. I noticed that when I was in IE and I hit new folder, it named it New Folder with a space and wouldn't even let me change the name of the it??? Then later when I was at home I had a hell of a time figureing out how to delete a directory with spaces in it and then it was even worse cause I created 3 of them and IE put (2) and (3) on the end of the New Folder name so I spent probably an hour trying to delete the damn folders. I finally got it by putting rmdir New\ Folder\ \'(2)' but sinjce I am a newbie I had no idea itr was gonna be that hard to simply remove a directory! HA HA ANyway, thanks for the help so far,

All should be explained in the link i gave you, as you can see in my guide and in the example i gave you, file and directory deletion are forbidden in the upoload directory due to this section :
<Limit RMD DELE>
DenyAll
</Limit>It says that RMD and DELE ftp commands are denied in the upload directory, so if you remove them from this section and add them to the "allow" section they will be allowed.
The ftp commands for the rename actions are RNFR and RNTO, add them to the "allow" list in the upload directory section if you want to allow them.
So your upload directory section would look like that :
<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit STOR CWD MKD READ RETR DELE RMD RNFR RNTO>
AllowAll
</Limit>
</Directory>

Thanks zasf for your kind reply. Maybe, you have already solved the problem. I am sorry that I am replying back after almost 2 months.

Thanks for your reply but I think you didn't get my point.

Anyway I discovered that what I meant is commonly known as "local loopback" wich is a feature that most home/office routers don't have.

There are hacks to modify your router's iptables but they are lost on power off.. so what I'm planning to do (when I have a little time) is to make a script on my server (behind router) to perform such hacks periodically.

Thank you anyway,

I setup the proftpd server with GProFTPD and here is what I'm trying to do:

I wanna have the home folder set to default: /home/ftp, but I would like to be able to access the /var/www directory as well.

How do I accomplish that? I made a simlink of the /var/www into the home folder, but when I connect thru FTP, I can't access it.

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me

yes it does, thank you.

Also, I'm assuming that all the other users will be able to see this directory though. I have to figure out a way to restrict them

Ok, I have one more issue now. Every time I try to connect, I don't ge the directory listings, and after a while it times out.

I'm behind a router, so I forwarded the FTP port, and I also added the MasqueradeAddress and the Passive Ports 60000 65555.

Am I missing something? For the MasquaradeAddress, I used the name.dyndns.org account that I have.

You have to forward the passive ports also. Thats why the dir listing is timing out.

You can also limit the users who can list the www dir by using the limit command in the proftpd config.


nix4me

frodon, thank you very much for your response. I have posted many questions in these forums and have only been helped 2 times, this time and 1 other time someone attempted to help but to no success. Sometimes I just wonder what these forums are for if users who arent having problems don't come in here once in a while and read thru them and say to themselves, oh, I have that working on my machine, maybe I should respond to this one so I am can help out fellow Ubuntu users!!! Hell I am a newbie and I have helped other newbies who started linux after me with over a dozen things! My unsolved things are a Microsolution Cd-Burner hooked via USB doesn; work, they even have a linux download and it says it uploads the firmware to my CD writer thru the hot plug thingy but I don;t know what do with all the stuff that the .tar contained? ALso, I am having a hell of a time getting Ubuntu Nautilus to browse my WINXP box thru the Servers pull down. After a long pause it states that it can't display all the contents of the folder??? Also, The sound out of my right speaker stopped working after I played songs thru XMMS thru a remote desktop setup. Weird but no one has hardly even bothered to help me figuer out what to do and since I am a newbie all I can do is gogle for hours on hours and read until my eyes pop out of my head which i have done for so long I pretty much give up and then try another day. Anyway, sorry for the long rant about users and thank you again for your help!

Just use the TransfertRate (http://www.proftpd.org/localsite/Userguide/linked/config_ref_TransferRate.html) parameter to set the uload and download rates.
For example to limit the dowload rate to 4Kb/s add this line in your proftpd.conf file :
TransferRate RETR 4096To limit the upload rate to 4Kb/s :
TransferRate STOR 4096

@TransformedBG, without some details on what you did and your proftpd.conf file it would be almost impossible to help you.

Excellent, thanks for the help here and with the rest of this topic. I would just like to point out for other people who may look at this that the numbers here are actually in kilobites-per-second. So, to limit the download to 4 kilobites/s simply use TransferRate RETR 4. It is in the link you provided but I thought that this might help someone.

Thanks again
Erik

okay ... i have a small problem. i don't have the fastest connection in the world, and i'm having problems with some of my ftp users getting authenticated. they're getting 580 errors, but i know the account is set up correctly because i can log in myself with their user id and password.

i think it's just timing out before they can send the complete user name and password to my server.

i've changed TimeoutLogin to 100, but that still doesn't seem to give them enough time to send the entire user name and password. is there something i'm missing?

Use:
mount --bind /var/www /home/ftp/www

Make sure you create the www dir in /home/ftp and run the command as sudo.

Will work like a champ.

nix4me
Thanks for this nix4me but I am getting a permissions error when trying to upload. I created the directory www in my home/FTP-shared directory and used bind to "link" it with my /var/www/ directory all is well there, I think. I can see it's contents when I ftp to it but I cannot upload anything. I get a 550 error permissions denied. I used the same permissions as the Upload directory.

Thanks for this nix4me but I am getting a permissions error when trying to upload. I created the directory www in my home/FTP-shared directory and used bind to "link" it with my /var/www/ directory all is well there, I think. I can see it's contents when I ftp to it but I cannot upload anything. I get a 550 error permissions denied. I used the same permissions as the Upload directory.

Got it.. I had to edit the proftpd.conf file and add this to the bottom and restart the proftpd server

<Directory> /home/FTP-shared/www/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

Frodon, you helped me setup my ftp server and i thank you for that. but for some reason i all of a sudden can't view any of my ftp directories. when i ftp in all i see is a blank list, meaning it is hsowing me nothing? here is my proftpd.conf
# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on
# Choose here the user alias you want !!!!
UserAlias daniel ftp
ServerName "UBUNTU FTP Server"
ServerType standalone
DeferWelcome on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks off
TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 600
DisplayFirstChdir .message
ListOptions "-l"
RequireValidShell off
TimeoutLogin 20
RootLogin off
# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log
#DenyFilter \*.*/
# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off
# Allow to restart a download
AllowStoreRestart on
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
PersistentPasswd off
MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8
# Display a message after a successful login
AccessGrantMsg "YOU MADE IT!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"
# Set /home/ftp directory as home directory
DefaultRoot /home/ftp
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
MaxLoginAttempts 5
UseReverseDNS off
IdentLookups off
#VALID LOGINS
<Limit LOGIN>
AllowUser ftp
DenyALL
</Limit>
<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory /home/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>
<Directory> /home/ftp/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ DELE>
DenyAll
</Limit>
<Limit STOR RMD RNFR RNTO CWD MKD>
AllowAll
</Limit>
</Directory>
#added for encrypting all transfers thru ssh and ssl
<IfModule mod_tls.c>
TLSEngine on
TLSLog Log /var/ftpd/tls.log
TLSProtocol TLSv1
# Are clients required to use FTP over TLS when talking to this server?
TLSRequired off
# Server's certificate
TLSRSACertificateFile /etc/ftpcert/server.crt
TLSRSACertificateKeyFile /etc/ftpcert/server.key
# CA the server trusts
TLSCACertificateFile /etc/ftpcert/ca.crt
# Authenticate clients that want to use FTP over TLS?
TLSVerifyClient off
</IfModule>

this happened to me out of no where so then i tried instaling gproftpd and using that and I couldn't really understand hot to use it so i just went back to view my conf file and gproftpd messed it up, it added things in the middle of lines, the word col and ile were put between some options so I kept getting errors when i would try to restart the server, so i found the bad line, fixed it but I still only can log in and SEE NOTHING? can you help me? i would like t point out that it did work great, i have all the folders created and they are there inside the /home/ftp/ location. what could be wrong? thank you if you can help

Your proftpd.conf file looks good, except a system rights problem on the directories you use i don't see what could be the problem.

Could you explain the problem you see with the system rights problem I use? Also, I am now outside my lan and everything is ok? So basically when I use FlashFXP from my WINXP machine within my LAN it doesn't show any dir's. it only shows a \ and that's it? Weird? I am trying to learn about Passive vs Active and I am curious as to how am I able to get a Passive FTP session from my work to my server when my server is behind a netgear firewall and I know that the only ports forwarded are 20 and 21. i read that Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

so if my firewall should be blocking all those higher ports how is passive mode working? thanks for your help!

frodon,

I want to share '/media/ftp' by FTP with 3 users: admin, download, & look. The admin user has the ability to do anything; the download user has the ablity to download and upload; and the look user can only browse the FTP. The download user can download from anywhere whil he can only upload to '/media/ftp/uploads'

All users have the default root of '/media/ftp' but each user has different file and folder permissions.

Is this possible to do? I've been killing myself for hours trying to find an answer. If it's not possible, please tell me so I can think of another way to do this. Thanks! :)

I think it's possible using the some "ifuser" sections inside each "directory" section. Here is a reference page on the topic :
http://www.castaglia.org/proftpd/modules/mod_ifsession.html

@dannyboy79, for the moment i have no idea but i will have a look at it this week, anyway don't forget to post your problem on the proftpd forum, this forum is damn helpful :
http://forums.proftpd.org/phpBB2/

Thanks frodon but the good folks at #proftpd helped me out. I finally got it working a few hours ago. Thanks!


Could you explain the problem you see with the system rights problem I use? Also, I am now outside my lan and everything is ok? So basically when I use FlashFXP from my WINXP machine within my LAN it doesn't show any dir's. it only shows a \ and that's it? Weird? I am trying to learn about Passive vs Active and I am curious as to how am I able to get a Passive FTP session from my work to my server when my server is behind a netgear firewall and I know that the only ports forwarded are 20 and 21. i read that Active FTP is beneficial to the FTP server admin, but detrimental to the client side admin. The FTP server attempts to make connections to random high ports on the client, which would almost certainly be blocked by a firewall on the client side. Passive FTP is beneficial to the client, but detrimental to the FTP server admin. The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side.

so if my firewall should be blocking all those higher ports how is passive mode working? thanks for your help!

Dannyboy,

I had the same problem. But the folks @ #proftpd told me to make sure that "DIRS" and "PORT" was ALLOWED in the Limit brackets. See if that helps.

Thanks frodon but the good folks at #proftpd helped me out. I finally got it working a few hours ago. Thanks!



Dannyboy,

I had the same problem. But the folks @ #proftpd told me to make sure that "DIRS" and "PORT" was ALLOWED in the Limit brackets. See if that helps.

Thanks for the suggestion however there are tons of locations where it says, LIMIT, so I have no idea where you want me to put DIRS and PORT? Can you please post your proftpd.conf? or maybe just one little area showing the example and then explain where else I need to do it. thanks so much for your help!

Is it possible to get gproftpd to work in implicit ssl mode and not just in Auth SSL/TLS ?

If I use port 21 for server, i can see directory listing. If i use different port like 1980, than i get error: Could not retrieve directory listing. Ftp client is FileZilla. use passive mode.

thnx.

i am trying to bind /home/daniel to /home/ftp/daniel. it appears to work but when i click on a folder within /home/daniel for example 300gb-ext3 there are no sub-folders which there should be??? What's weird is when I bind location /home/daniel/300gb-ext3 to /home/ftp/daniel that works, they'll be sub-folders upon sub-folders and files shown. This is using filezilla. i checked all the permissions of the folders and they appear to be the same and appear to be owned by me. I am logging into my ftp server as a user which gets jailed into /home/ftp. why does it show sub-dir's upon sub-dirs when i bind /home/daniel/300gb-ext3 but not when i bind /home/daniel?

The tutorial worked for me, thanks Frodon!

I do have to say it is much easier on Windows Server 2003/Windows 2000 Server, but that many be because I understand them much more...

Thanx, great stuff...

/N

Great tutorial on B- The secure way :) very very Great job!!!

Thanx Frodon and the ppl that helped Frodon out on the tutorial about the router and everything else :D

Glad to know that you like the tutorial, i hope no one will be scared anymore to set a FTP server on ubuntu.

Glad to know that you like the tutorial, i hope no one will be scared anymore to set a FTP server on ubuntu.

I need a little help here!! I'm having trouble logging into my FTP server, I type in the username and password, and it tells me invalid password. I know it's correct.

This is the very first time that I have ever set up a server, and I have no idea how to do it. All I did was I turned on gproftpd, then I created a user. I created a server.... I think. I really do not know how to actually make one using gproftpd. I type in the ip address on my computer, and the domain I want, go through all the stuff that you need to fill out, and click generate certificate. It does... something. I do not know what clicking that actually does. I just want a server that people can connect to, host their files from, and have their own domain.

I have been using this guide to set up my own FTP-server, with gProftpd. Everyhing working great, untill yesterday. I can log in, but it just stops when it tries to list the file names..
"Loading directory listing / from server (LC_TIME=en_AU.UTF-8)
PASV
227 Entering Passive Mode (192.168.1.254,205,92)."


Any suggestions for this? Is it the setup, or something with the net?

i'm not sure if this has been covered or not, but i've got current system users with their own home dir /home/username, but what gproftpd does, when i add those current users as an ftp user aswell, is that it allows me to choose an ftp home dir without changing the original home dir of /home/username. the new ftp home dir is /var/www/username.

i was wondering, is it possible to do what gproftpd does, except via command line?

this would save me from using gnome/xserver window manager

cheers

I need a little help here!! I'm having trouble logging into my FTP server, I type in the username and password, and it tells me invalid password. I know it's correct.Do you get the 530 errors ?
Checks the permission of the folder you share with your server and try to create again your user using the GUI.


This is the very first time that I have ever set up a server, and I have no idea how to do it. All I did was I turned on gproftpd, then I created a user. I created a server.... I think. I really do not know how to actually make one using gproftpd. I type in the ip address on my computer, and the domain I want, go through all the stuff that you need to fill out, and click generate certificate. It does... something. I do not know what clicking that actually does. I just want a server that people can connect to, host their files from, and have their own domain.Sorry, but i can't really help you with gproftpd because i almost never used it but maybe some users who use it may be able to help you


I have been using this guide to set up my own FTP-server, with gProftpd. Everyhing working great, untill yesterday. I can log in, but it just stops when it tries to list the file names..
"Loading directory listing / from server (LC_TIME=en_AU.UTF-8)
PASV
227 Entering Passive Mode (192.168.1.254,205,92)."


Any suggestions for this? Is it the setup, or something with the net?Do you have more error log ?
Check the permissions of the folders you share, wrong permission can generate this issue.


i'm not sure if this has been covered or not, but i've got current system users with their own home dir /home/username, but what gproftpd does, when i add those current users as an ftp user aswell, is that it allows me to choose an ftp home dir without changing the original home dir of /home/username. the new ftp home dir is /var/www/username.

i was wondering, is it possible to do what gproftpd does, except via command line?

this would save me from using gnome/xserver window manager

cheersThe way gproftpd share the directories is not really secure so i don't advice you to try to do the same thing. But yes you can do the same thing, it is just not enough secure IMO. Modifying the original home directory is more secure IMO.

Hi,
I'm having some problems here..

I had some older version of proftpd which i chose to remove (by synaptic)
But as i discovered not all files were removed :confused:

After going through your how-to (great job btw !) i've noticed that at the end, old conf file was being loaded.

Then I manualy removed proftpd.conf from /etc and from /etc/proftpd/
and also startup script from init.d

After another reinstall I'm missing startup script ](*,) Shouldn't it be recreated at apt-get install ?

any thoughts on working this out ?

help.

Hi,
I'm having some problems here..

I had some older version of proftpd which i chose to remove (by synaptic)
But as i discovered not all files were removed :confused:

After going through your how-to (great job btw !) i've noticed that at the end, old conf file was being loaded.

Then I manualy removed proftpd.conf from /etc and from /etc/proftpd/
and also startup script from init.d

After another reinstall I'm missing startup script ](*,) Shouldn't it be recreated at apt-get install ?

any thoughts on working this out ?

help.


why don't you try to go sudo aptitude remove proftpd && aptitude purge proftpd

this should get rid of anything related to proftpd. just so you know though, the newest proftpd from the repos doesn't have mod_tls compiled into it so you can't connect to your server using any kind of encryption. if you want encrytpion, you'll ahve to compile the newest source by hand. i did start a thread for this and frodon informed the developers. (i hope)

What a thread!!!!

This is my problem:
I log-in using my unix user "surname.name" and then i see my root (/home/surname.name/) but, there, i can see also "/home/surname.name/Maildir" that is to say mail folder.

How can i modify proftpd.conf to hide /home/*/Maildir folder (that every user see as "/Maildir") to all users?

Thanks in advance,
Salvo

Try adding this at the end of your config file :
<Directory /home/surname.name/Maildir/>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>
</Directory>Then restart your server, if it works you should be able to see the directory but you won't be able to enter in.

Let me know if it works.

Try adding this at the end of your config file :
<Directory /home/surname.name/Maildir/>
Umask 022 022
AllowOverwrite off
<Limit ALL>
Order Allow,Deny
Deny ALL
</Limit>
</Directory>Then restart your server, if it works you should be able to see the directory but you won't be able to enter in.

Let me know if it works.

I already tried this:


< Directory /home/*/Maildir >
< Limit READ WRITE >
DenyAll
< /Limit >
< /Directory >


But it doesn't work

Then I tried this:


< Directory ~/Maildir >
< Limit READ WRITE >
DenyAll
< /Limit >
< /Directory >

I can see the folder, enter, write...

Using your code (modified with /home/*/Maildir), it works...

Thanks you!

I just wanted to say thanks. This works great. Your conf file was full of good hints--I didn't copy/paste, but reading through your post help me understand what was going on.

i gave out the alias I was using to login to my server to someone and now I don't want them to have access anymore so i changed the useralias and the password for the linux user ftp, but when I try to log into the server, the server won't accept the new alias, it does work with the old alias and the new password so he wont be able to login anymore which is what I want, but he stil knows the alias, YES I DID restart the server after changing the useralias in my proftpd.conf file? does anyone know why the new useralias isn't working?? do I need to restart my whole computer? i have restarted the server by doing sudo /etc/init.d/proftpd restart many times but I shouldn't have to do this as I run my server thru inited not as a standalone, so i am undert the impression that each time a user trys to log in, it starts up the server with the latest config each time so a server restart isn't required that's the advantage of inited instead of standalone but why isn't it working? anyone wanna help. Frodon maybe wanna help me? or are you still mad at me for asking for you know what?

Knowing your story about proftpd, i mean that you updated to the 1.3 version which don't use the same path for the config file i guess you modifyed the old config file under /etc/proftpd.conf rather than the one under /etc/proftpd/proftpd.conf which is i believe now the new one used in proftpd 1.3, it really sounds like this kind of stuff.

Try to search for mistakes in this spirit and i'm sure you will solve quickly your issue.

thank you very much however this has brought up another problem! i just realized tha tI have been running my server as standalone and this whole time I thought I was running it thru inetd. now that I want to switch it I am getting all screwed up with inetd, inetd.conf, xinetd, xinetd.conf, xinetd.d and all this stuff. i am wondering I can uninstall inetd and just use xinetd? I have xinetd installed as I had to to get swat to work I think? currently there is a line within my inetd.conf file that I am not sure what'll happen if I remove inetd, it states this:
netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd

does anyone know if I need this line for samba to work since I see it has something to do with netbios but I don't know what ssn is??

i have just decided to compile version 1.3 with all the goodie modules that came with proftpd's source. i am not going to compile it with any of the 3rd party modules although some may be useful I haven't needed them yet so I don't think i will ever need them. if I do I can always compile again. this should be interesting, if it all works out, i'll look into making a .deb for everyone.

I'm having some issues trying to install proftpd on a new install. I try the command sudo apt-get install proftpd gproftpd and I get the following:

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package gproftpd

Any ideas on how to resolve this problem? I've tried updating my sources.list but that hasn't worked. I've googled and searched this forum and I haven't found anything useful. Thanks in advance.

Steve
a linux noob

I see the packet without any problems so i think it may come from your sources.list file, could you post it there ?

Thanks

I see the packet without any problems so i think it may come from your sources.list file, could you post it there ?

Thanks

It's attached. Thanks again.

Ok, i got it.

You're using breezy and gproftpd is in the repository only since dapper, however i made a .deb file at the time but i'm not sure it's the latest version, check if it is.

To install it type in a terminal (in the directory of your choice) :

Thanks, that did the trick. I got the ftp server up and running, now I can play around with the options and get it the way I want. :KS

I royally messed up with the configuration of ProFTPD.. How do I uninstall the whole thing?

And I am a bit confused... How do I make a user with a username and password with full access to /var/www/?


ftp://user:pword@ftp.somehost.com

to unsintall :
sudo apt-get remove proftpReplace :
DefaultRoot /home/FTP-shared by
DefaultRoot /var/www/ and set set /var/www/ as home directory for this user.
You create the user like all other system users.

Just for those who don't know this link, you will find all you need for a mor e advanced use of proftpd there :
http://www.castaglia.org/proftpd/

to unsintall :
sudo apt-get remove proftpReplace :
DefaultRoot /home/FTP-shared by
DefaultRoot /var/www/ and set set /var/www/ as home directory for this user.
You create the user like all other system users.

Thanks for your help. But I am having issues with the user.

Since I am using Edgy Eft, I am experiencing the "You are not allowed to access the system configuration. (http://ubuntuforums.org/showthread.php?t=286260)" bug and therefore must do everything by terminal.

I have, and successfully, tried to login as "justin" (my standard ubuntu login name). Despite the LIST -aL command taking forever to execute, I get a 550 (Permission Denied) for all commands and transfer attempts.

I put

<Directory /var/www/>
<Limit All>
AllowAll
</Limit>
</Directory> in the proftpd.conf with no avail.


Thanks for the help!

Try adding this in your directory section instead of what you have, just to be sure :
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>

[07:40:50] Resolving host name "forgotten.no-ip.info"
[07:40:50] Connecting to 66.183.94.100 Port: 21
[07:40:50] Connected to forgotten.no-ip.info.
[07:41:10] 220 ProFTPD 1.3.0 Server (Forgott3n's FTP Daemon) [::ffff:192.168.1.102]
[07:41:10] USER justin
[07:41:10] 331 Password required for justin.
[07:41:10] PASS (hidden)
[07:41:14] 230 User justin logged in.
[07:41:14] SYST
[07:41:14] 215 UNIX Type: L8
[07:41:14] Detected Server Type: UNIX
[07:41:14] FEAT
[07:41:14] 211-Features:
[07:41:14] MDTM
[07:41:14] REST STREAM
[07:41:14] SIZE
[07:41:14] 211 End
[07:41:14] PWD
[07:41:14] 257 "/" is current directory.
[07:41:14] MKD test
[07:41:14] 550 test: Permission denied

Still isn't working. Could this be linked with the bug?

Ok, then now check that your "/var/www/" directory have 777 rights which is needed to download/upload in the directory.

If not give the directory 777 rights and test again.

I get the following error, Im not sure

- IPv4 getaddrinfo 'homer' error: Name or service not known
- warning: unable to determine IP address of 'homer'
- error: no valid servers configured
- Fatal: error processing configuration file '/etc/proftpd.conf'

Ok, then now check that your "/var/www/" directory have 777 rights which is needed to download/upload in the directory.

If not give the directory 777 rights and test again.

Haha silly me, forgot to CHMOD the folder.


Quick question: how do I speed up LIST -aL? Its very slow to do anything with a good 10 second wait per file.

I followed the walk through, and did everything as instructed, then when I try to
sudo /etc/init.d/proftpd start it gives me
- IPv6 getaddrinfo 'ryan-desktop' error: Name or service not known
ryan-desktop - 127.0.1.1:1980 masquerading as xx.xx.xx.xxx
[ ok ]


Is this normal? If not, any ideas what could be wrong?

(I removed my IP address, it isn't actually masquerading as xx.xx.xx.xxx)

Yes it's normal, it's just an informative message and it won't hurt the behaviour of your FTP server. See the proftpd forum if you want more detailled informations on this message.

@Forgott3n, i would have loved to help you more but you reached the limit of my knowledge lol, anyway if you post your question on the proftpd forum i'm sure you will get an answer because this forum is watched by the proftpd maintainer who always give nice advices :
http://forums.proftpd.org/phpBB2/

I'm a bit confused, am I suppose to be able to access my server through ftp://xx.xx.xx.xxx/, because it times out everytime I try it.

Edit: When I try to connect using gFTP, it causes gFTP to freeze, and thus I can't connect to my server.

I've setup Gproftpd.
And in the default folder /var/ftp i've mounted 2 other folders from another partition, as the "how to " says
The partitions have been mounted correctly.
The problem is that when accessing the ftp,users don't have to access to the mounted folders (550).
I set chmod 777 for the /var/ftp/upload and 755 for /var/ftp/download.

any help?

Ok, since I got the ftp setup on my machine a friend asked me for help doing his. While I was running sudo apt-get install proftpd there was a power surge in his room and it caused the machine to reboot. Now when I run the command I get the following error from terminal:

E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.

Any ideas on the solution? I'm sure what needs to be in front of the dpkg line.

Thanks for any help, as always.

Edit - I figured it out.

hello just want to ask if it is possible to have multiple account in just one proftpd configuration? if yes how. thanks :)

I always answer why to this question.

What is your need to have several FTP users ?

Of course it's possible and there's mutiple ways to do it depending on what is your goal, tell me what is your need and i will explain you the most suitable way to do it.

I've setup Gproftpd.
And in the default folder /var/ftp i've mounted 2 other folders from another partition, as the "how to " says
The partitions have been mounted correctly.
The problem is that when accessing the ftp,users don't have to access to the mounted folders (550).
I set chmod 777 for the /var/ftp/upload and 755 for /var/ftp/download.

any help?The 2 folders you mounted from the other partition must have the good rights too, because when you mount a folder in another one it overwrites the permissions of the destination folder.

The 2 folders you mounted from the other partition must have the good rights too, because when you mount a folder in another one it overwrites the permissions of the destination folder.


yes the two folders that i mount have the good rights.
...

I always answer why to this question.

What is your need to have several FTP users ?

Of course it's possible and there's mutiple ways to do it depending on what is your goal, tell me what is your need and i will explain you the most suitable way to do it.

Hello Sir Frodon

I need multiple user to my ftp server so i could assign one username and password to each person and on each account has their own download and upload folders so not to mix up all of their files. :)

Ok, i understand what you mean.

The question is do you want completely separate directories for each user, i mean one directory for user A which contain one upload and one download directory ?
Or if we put all the directories under "FTP-shared" is it ok for you ?, i mean for example :
userA-download
userA-upload
userB-download
userB-upload
...
The second way is easier and more secure IMO, the second part of the "Advanced tricks" section will show you how to do it. The only inconvenient is that when you login each user will see all the directories but will be able to enter only in the one he has the rights for.
However if it's really annoying for you i can read some documentation because i read at the time somewhere that it's possible to hide the directories.

Ok, i understand what you mean.

The question is do you want completely separate directories for each user, i mean one directory for user A which contain one upload and one download directory ?



Yes sir Frodon 1 directory for 1 user! Thanks a lot for the help :)

mmm, not sure to know how to do it that way :-k

Or if we put all the directories under "FTP-shared" is it ok for you ?, i mean for example :
userA-download
userA-upload
userB-download
userB-upload

ok sir can we this? :)

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

ok sir will do! Give u feedback. Thanks again :KS

i think i've found a great source, (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1) thank you so much. (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1). (http://i-gunler.com/section/eventview.php?sec=60&Date=1&Day=3&Month=12&Year=2002&Page_Num=1)

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.

1- Enable TLS/SSL encryption (FTPS)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.

here are the steps to enable TLS/SSH encryption (FTPS (http://en.wikipedia.org/wiki/FTPS)):

Paste these commands in a terminal :
sudo apt-get install build-essential
sudo apt-get install libssl-dev
cd /etc
sudo mkdir ftpcert
cd ftpcert/
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl genrsa -des3 -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
sudo wget http://frodubuntu.free.fr/ubuntu/sign.sh
sudo chmod +x sign.sh
sudo ./sign.sh server.csr

HI all,
when I type sudo ./sign.sh server.csr I get this error:

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IL'
stateOrProvinceName :PRINTABLE:'Ikkland'
localityName :PRINTABLE:'Ikktown'
organizationName :PRINTABLE:'Project ikkinu'
organizationalUnitName:PRINTABLE:'Ftp Dpt.'
commonName :PRINTABLE:'ikkinu'
emailAddress :IA5STRING:'ikkinu@inventati.org'
Certificate is to be certified until Dec 5 19:24:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 18 at 0 depth lookup:self signed certificate
/C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 7 at 0 depth lookup:certificate signature failure
12603:error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus:rsa_eay.c:645:
12603:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:

Can anyone help me?
Thanks

this happened to me, I couldn't figure it out so I just performed the steps over and over again, chosing different names for each of the prompts and finally it worked. don't know what exactly made it work but it did. for country name, I put US, for state I spelled out WISCONSIN, for city I spellled out my city, for company name I put NA1 (not applicable 1) for org unit name, I put not applicable 1 (spelled out this time), for commmon name I spelled out my first name, for email, I put my real email address. that is all for server.key, then for the next one, I think it was ca.key, I did everything the same except added "2" instead of the "1" where I used NA and not applicable. good luck. I have to be honest, despite not getting errors when I self signed the certificate, I still can't even ftp into my site. I use xinetd which may be the problem. also, are you using the new mod_tls by way of mod_dso? good luck

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.


you simply need to create the /var/run/proftpd/ dir and you'll be set. I don't know why it wouldn't have been created wehen you installed Proftpd. unless you compiled it yourself, since I did, I had that same error as well. For the future, if it tells you that a file or folder doesn't exist, then do a locate or find for it and if the folder isn't there, then linux needs you to create the folder so that proftpd has a place to put the proftpd.delay file when you log into your server. good luck

Yes of course, it is explained in the "advanced tricks" part of the guide in the first post.
All you need is to create the users, create all the directoties then restrict the access depending of the user.

Hello Sir Frodon

my ftp work with multiple users but one question is there a way to hide the download folders on the other accounts? :)

I know there is one but i don't remember exactly where i read that so i would have to search a little bit, give me one week and i will try to give you an answer.
Feel free to PM me in one week to remind me your question if i forgot to search ;)

Maybe someon can help. I've followed all the instructions on how to setup the FTP server. When I try to restart the server I get this error:

..localhost - mod_delay/0.4: error opening DelayTable '/var/run/proftpd/proftpd.delay': No such file or directory

Everything is setup as outlined in the first post. I don't think this has to do with config, my guess is there is something wrong with the install. I've tried uninstalling completly and then reinstalling, but I get the same error.

How do I fix this?
Thanks.


simply create the folder /var/run/proftpd/ and you should be fine! proftpd is telling you that it can't create the file because the directory isn't there, so create the dir, and then the server will be able to create the file when some1 tried to connect and all will be good. this happened to me because I compiled version 1.3 myself and I needed to create this folder for the scoreboard file as well as the delay file.

Hello Sir Frodon

my ftp work with multiple users but one question is there a way to hide the download folders on the other accounts? :)Ok, the command to do this is HideNoAccess (http://www.proftpd.org/localsite/Userguide/linked/config_ref_HideNoAccess.html).

In each directory section try adind this command the beginning, example :

Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
HideNoAccess on

<Limit ALL>
Order Allow,Deny
AllowUser user1
Deny ALL
</Limit>

<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>I'm not sure it will work because i never used it.

I found an interesting thread for you where a user is trying to configure his server in the same way than you :
http://forums.proftpd.org/phpBB2/viewtopic.php?t=172&highlight=hidenoaccess

Hi, just a note on the TLS part of your excellent HowTo. I found that the server would disconnect immediatly after the TLS handshake, this is what it said in the log:

ssl3_get_record:wrong version number

Found the fix on this site: http://forums.proftpd.org/phpBB2/viewtopic.php?t=1075&

Basically I changed the entry "TLSProtocol TLSv1" found in the proftpd.conf file to read "TLSProtocol SSLv23" and it worked after the restart of proftpd.

Does this sound right? Anyone else have this problem?

Also just to clarify, when I removed the password for the rsa key (so that I didn't have to enter everytime the server starts) your guide says to make the file accessable only for root. How would I do this? (still learning)

Thank you very much

I'm new to this so here is a pretty basic question:

What would my ftp address be if I were to access my FTP server from a browser? Is gFTP the only way to access it?

:confused:

I'm new to this so here is a pretty basic question:

What would my ftp address be if I were to access my FTP server from a browser? Is gFTP the only way to access it?

:confused:

You need to know 2 things to access your FTP server: IP-address en port number. When trying to access your FTP server in a LAN, use your local IP-address to test the connection with the server. For example: 192.168.1.101 with port 1980, this goes for gFTP.
Using a browser you should go to the following URL: ftp://192.168.1.101:1980.
Voila, my first post!!

UBUNTU YEAH!

Sorry to drag this up again, but I am getting the 530 error.

I have configured it exactly as the first post


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias sauron userftp

ServerName "woodside"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


I have confirmed the CHMODs
I have created the user (userftp) from both the command line and the GUI
I have tested from both the local machine and a remote, through both IE, CLI and GUI.


*********@woodside:~$ ftp localhost
Connected to localhost.
220 you're at home
Name (localhost:sean): userftp
331 Password required for userftp.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quit
221 Goodbye.


Pretty please can someone help get my sanity back ](*,)




EDIT:

Mmmmmmmm, this may be a clue, but I know not what :$


Jan 06 21:18:28 woodside proftpd[6889] localhost (localhost[127.0.0.1]): FTP session opened.
Jan 06 21:18:38 woodside proftpd[6889] localhost (localhost[127.0.0.1]): USER userftp: user is not a UserAlias from localhost [127.0.0.1] to 127.0.0.1:21
Jan 06 21:18:44 woodside proftpd[6889] localhost (localhost[127.0.0.1]): FTP session closed.

When using UserAliases like in your code:
-> UserAlias sauron userftp
You must login using the configured alias.
So login with sauron. Or remove the the UserAlias line in your code.
Yo!

LOL

It just goes to show that the more you look at something the less you see :$

It works on localhost, just need to sort my router out.

Many many thanks

Hi Guys,

I have the following problem and no idea what to do so any heko would be great.

When I try to start proftpd I get -mod_delay/0.4:error opening DelayTable /var/run/proftpd.deal':No Such file or directory

I have manually created the dir /var/run/proftpd using sudo mkdir /var/run/proftpd then when I run the deamon it works fine however when I reboot the dir is lost so I cannot run the deamon again without re creating the dir. ](*,)

I would also like the ftp server to run on start up so an idea of how to get this working would be great.

Thanks

Do you use the mod_delay module ?

If not please post your proftpd.conf, tell me me which version of proftpd you use then if you use the 1.3 post your /etc/proftpd/modules.conf.

Thanks for the quick responce. I've managed to sort the dir problm out.

the only issue I have now is connecting to the server. I can connect from within the network fine, but when trying it from an external connection it connects but I cannot see anything in the directory. my FTP client gives the following message


Connecting to 80.41.35.132:22024
Connected to 80.41.35.132:22024 in 0.062440 seconds, Waiting for Server Response
220 My FTPD
Host type (1): Automatic Detect
USER espo100583
331 Password required for espo100583.
PASS (hidden)
230 Anonymous access granted, restrictions apply.
SYST
215 UNIX Type: L8
Host type (2): Unix (Standard)
PWD
257 "/" is current directory.
TYPE A200 Type set to A
PASV
227 Entering Passive Mode (192,168,0,4,197,240).
connecting data channel to 192.168.0.4:197,240(50672)
Substituting connection address 80.41.35.132 for private address 192.168.0.4 from PASV
PORT 10,1,37,100,5,5
200 PORT command successful
LIST
Error reading response from server.
It appears that the connection is dead. Attempting reconnect...

any Ideas of what the problem may be would be great.

Thanks

First I would like to thank you for all the work you have put into this. I would also like to note I am a complete newbie not only to Ubuntu but also Linux so I may need things more details. Very sorry.

When trying to log in via FTP from a windows box to the Ubuntu.
Here is the information Filezilla my FTP software gives:

Status: Connected with 192.168.1.103. Waiting for welcome message...
Response: 220 you're at home
Command: USER userftp
Response: 331 Password required for userftp.
Command: PASS ********
Response: 530 Login incorrect.
Error: Unable to connect!

Here is my config


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias name userftp

ServerName "Ubuntu"
ServerType standalone
DeferWelcome on

UseReverseDNS off
IdentLookups off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 99

RootLogin off

# It's better for debug to create log files
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 21

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /home/FTP-shared

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>

<Directory /home/FTP-shared>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/FTP-shared/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory> /home/FTP-shared/upload/>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


Here is the user I created:
http://img407.imageshack.us/img407/8510/screenshot1hd3.png
http://img187.imageshack.us/img187/4889/screenshot2xt4.png

For all I know I may just be screwing up on the user I am creating.

Thanks,
Jovian

# Choose here the user alias you want !!!!
UserAlias name userftp



I think you have to log in as that alias "name"

Thanks addicted_to_the_net this kinda put me on the right track. I ended up testing it without the follow lines:


AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias name userftp

This worked! now I just need to figure out what im doing wrong with my user account alias stuff.

What ever you use for the alias is the login name that you should use to login to the server. So like alias guest would mean, username "guest" password "the one you set for userftp".. Good luck!

Ok so your saying the Alias which by the guide is userftp, is the account name you would use to connect to the FTP server. I thought that was the user. So whats the user then? hehe thanks so much for your help.

Read the guide again and you will find all what you are looking for... Goodluck

Hello everyone,

Frodon, thanks for this superb HOW-TO. I had a bit of a tough time setting up the SFTP part but nevertheless I persevered and in the process even setup an SSH server! Although it took me the WHOLE of today, you won't believe how much else I could get done since I didn't have to google for this-and-that, fix this-and-that etc...

I'm VERY impressed with the calibre of dedication and committment that this forum possessess.

Cheerio1

I'm not sure if this should go in this thread, or in the ProFTPd through NAT thread. Either way, here goes:

Starting proftpd gives the following:


::dadantada01@dadantada3::/home/dadantada01::
$ sudo /etc/init.d/proftpd restart
* Stopping ftp server proftpd [ ok ]
* Starting ftp server proftpd - IPv6 getaddrinfo 'localhost.localdomain' error: Name or service not known
localhost.localdomain - 127.0.0.1:12345 masquerading as 123.456.789.101Where 123.456.789.101 is the external WAN IP, and 12345 is the port that I have fowarded on my router.

/etc/proftpd/proftpd.conf is as follows

#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf

# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias dadantada dadantadaftp

ServerName "ftpdadantada"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
# Port 21
Port 12345

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/ftp directory as home directory
DefaultRoot /home/ftp

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser dadantadaftp
DenyALL
</Limit>

<Directory /home/ftp>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp/download/*>
Umask 022 022
AllowOverwrite off
<Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD>
DenyAll
</Limit>
</Directory>

<Directory /home/ftp/upload/*>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>

MasqueradeAddress 123.456.789.101
PassivePorts 12345 12345

When I connect remotely (to 123.456.789.101:12345, with user dadantada), I get the following spiel:


Status: Connecting to 123.456.789.101:12345 ...
Status: Connected with 123.456.789.101:12345. Waiting for welcome message...
Response: 220 you're at home
Command: USER dadantada
Response: 331 Password required for dadantada.
Command: PASS ***************
Response: 230 welcome !!!
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: MDTM
Response: REST STREAM
Response: SIZE
Response: 211 End
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/" is current directory.
Command: TYPE A
Response: 200 Type set to A
Command: PASV
Response: 227 Entering Passive Mode (123,456,789,101,231,26).
Command: LIST
Error: Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Error: Could not retrieve directory listing
Command: PWD
Error: Timeout detected!
Status: Waiting to retry... (5 retries left)

Setting the FTP client to active means that I cannot connect at all. Is this a firewall issue, a mode issue or a local host issue?

I should also point out that I only have ports 21 and 12345 available to use, as I am logging onto the machine via ssh, and cannot access the hardware firewall remotely.

Hi,

I still have the problem, that files I upload with an ftp-client are not readable and I get an "You don't have permission to access /test.html on this server." by accessing them by web.

I followed this instruction here (just disabled AliasLogin and used another username). Everything works really fine but I have to set the rights manually to the uploaded files.

Would be a great thing to get a hint or to find a solution!

Best regards

Stefan

Don't really understand your problem, are you able to upload the files ? If yes then if you don't like the default rights of the files try to tweak the Umask line in your proftpd.conf and in your system it is the command which handle the efault rights of a created file.

Hi,

yes, the upload is possible. But the file did not get the "read by others" property :-) And - yes - I used the chmod 022 in the config file. But an hour ago I found the solution - I use GFTP as a client and there is the option:

"keep the filerights" (not sure how it is called in the actual english version - in german it is "Dateirechte beibehalten"). By disabling this function everything works perfectly.

So the information given by my FTP-Client overrides the FTP-Server settings. Interesting to know...

Thanks!

Stefan

Glad that you found the solution and thanks for sharing it ;)

Just a little particle in a very, very big mosaic :-)

1- Enable TLS/SSL encryption (FTPS)
The FTP file sharing protocol is an old protocol which was created when internet was still a secure place, therefore the default FTP protocol is not that secure.
For example the password and username for login are transmitted in plain text which obviously isn't secure.
That why, to fit the needs of our generation, encryption solutions were developed and one of them is TLS/SSH encryption.
This will encrypt the username and password and all the data you send, obviously to use it the FTP client must support SFTP protocol.

here are the steps to enable TLS/SSH encryption (FTPS (http://en.wikipedia.org/wiki/FTPS)):

Paste these commands in a terminal :
sudo apt-get install build-essential
sudo apt-get install libssl-dev
cd /etc
sudo mkdir ftpcert
cd ftpcert/
sudo openssl genrsa -des3 -out server.key 1024
sudo openssl req -new -key server.key -out server.csr
sudo openssl genrsa -des3 -out ca.key 1024
sudo openssl req -new -x509 -days 365 -key ca.key -out ca.crt
sudo wget ***
sudo chmod +x sign.sh
sudo ./sign.sh server.csr

HI all,
when I type sudo ./sign.sh server.csr I get this error:

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter pass phrase for ./ca.key:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'IL'
stateOrProvinceName :PRINTABLE:'Ikkland'
localityName :PRINTABLE:'Ikktown'
organizationName :PRINTABLE:'Project ikkinu'
organizationalUnitName:PRINTABLE:'Ftp Dpt.'
commonName :PRINTABLE:'ikkinu'
emailAddress :IA5STRING:'ikkinu@inventati.org'
Certificate is to be certified until Dec 5 19:24:50 2007 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: /C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 18 at 0 depth lookup:self signed certificate
/C=IL/ST=Ikkland/L=Ikktown/O=Project ikkinu/OU=Ftp Dpt./CN=ikkinu/emailAddress=xxx@xxx.xxx
error 7 at 0 depth lookup:certificate signature failure
12603:error:04067084:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus:rsa_eay.c:645:
12603:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:168:

Can anyone help me?
Thanks


I have the exact same problem, did anyone come up with a reliable fix for this problem?
It's aggrevating as hell.

And i don't feel like sitting and guessing up values and hoping for a miracle.

I've tried googling but it just made me more confused.

Would appriciate help in this matter.

Thanks.

Just make several attempts changing some parameters like you pasword and so on, it should work.

Hi Guys,

Had a few problems getting proftpd working but getting there.

I have a problem when starting the server though I get the following message

Starting ProFTPD ftp daemon: WBSRV01 - mod_delay/0.4: error opening DelayTable
'/var/run/proftpd/proftpd.delay': No such file or directory

If i create the dir manually then try it again it works fine but then if I restart the PC I have to do it again.

Please see below my Conf file


# To really apply changes reload proftpd after modifications.
AllowOverwrite on
AuthAliasOnly on

# Choose here the user alias you want !!!!
UserAlias espo100583 userftp

ServerName "WBSRV01"
ServerType standalone
DeferWelcome on

MultilineRFC2228 on
DefaultServer on
ShowSymlinks off

TimeoutNoTransfer 600
TimeoutStalled 100
TimeoutIdle 2200

DisplayFirstChdir .message
ListOptions "-l"

RequireValidShell off

TimeoutLogin 20

RootLogin off

# It's better for debug to create log files ;-)
ExtendedLog /var/log/ftp.log
TransferLog /var/log/xferlog
SystemLog /var/log/syslog.log

#DenyFilter \*.*/

# I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me)
UseFtpUsers off

# Allow to restart a download
AllowStoreRestart on

# Port 21 is the standard FTP port, so don't use it for security reasons (choose here the port you want)
Port 22024
PassivePorts 22025 22125
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 8

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022

PersistentPasswd off

MaxClients 8
MaxClientsPerHost 8
MaxClientsPerUser 8
MaxHostsPerUser 8

# Display a message after a successful login
AccessGrantMsg "welcome !!!"
# This message is displayed for each access good or not
ServerIdent on "you're at home"

# Set /home/FTP-shared directory as home directory
DefaultRoot /var/www

# Lock all the users in home directory, ***** really important *****
DefaultRoot ~

MaxLoginAttempts 5

#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>


<Directory> /var/www>
Umask 022 022
AllowOverwrite on
<Limit READ RMD DELE>
DenyAll
</Limit>

<Limit STOR CWD MKD>
AllowAll
</Limit>
</Directory>


Any advice would be much appreciated.

Thanks

Could you paste there the content of your /etc/proftpd/modules.conf file, thanks

hi all
I've followed all the instructions given here.. but I still can't FTP into my PC via outside line.. I've setup ddclient and registered my PC at dyndns.org and got myself an URL.. the problem is.. whenever I type the URL into firefox it would try to log into my router instead of my PC.. if I add the port number at the end, it would just not connect..

I guessed that entering the URL itself may not log into the PC itself, but using a port number should have.. hope you guys can help..

This will help you :
http://www.ubuntuforums.org/showpost.php?p=680702&postcount=81
http://www.proftpd.org/localsite/Userguide/linked/x862.html

I found that my router has this kind of layout for port forwarding..

1. you can only have 16 ports for entry (eg. 60000-60015)
2. each entry must be assigned to one port on the LAN side (eg. 60000-60015 on the WAN side will be assigned to say 60000 on the LAN side)

does this mean I have to forward every single port from 60000 to 65535?

EDIT: I was able to connect when I set the FTP port to 21 (I opened up port 21 on the router. I also edited the proftpd.conf and set the port to 21) but I get an Error 530

Thanks for the quick response,

as strange as this might sound I don't have a proftpd dir in /etc.

I used the apt-get install command to install it so not quite sure whats going on.

Any Ideas?

Thanks

OK, I got around to actually getting connecting to the server locally.. (still having problems accessing it via dyndns URL.. getting to this after I can get it working locally)

new problem.. and I suspect it has something to do with the ports for Passive Mode.. I've only opened from 60000-60040 and I've assigned them all to ports 60000-60005 on the LAN side..

It says that "/" is the current directory and then it tries to load a listing of / from the server.. and it goes into PASV mode and gets caught in a loop or something.. I cancelled the connection coz it was taking too long..

I dont have any commands in proftpd.conf pointing to / as the root folder.. and I've checked the home dir for userftp and it was OK..

any ideas?

@espo100583
I'm not sure about this, but I think proftpd on earlier versions of ubuntu didn't have a proftpd folder.. if you're trying to find the proftpd.conf, try looking for it in the /etc folder.. just a thought..

apparently by removing the MasqueradeAddress, I was able to get over the PASV mode looping.. I could get into the server locally, and am able to read/write files now..

on to getting it to work with dyndns.. still getting the "wrong password" error when I connect via dyndns URL..

Thanks for the quick response,

as strange as this might sound I don't have a proftpd dir in /etc.

I used the apt-get install command to install it so not quite sure whats going on.

Any Ideas?

ThanksWhat version of ubuntu are you using ?

it seems masqueradeaddress is required if outside people are to access the server.. however.. using masqueradeaddress I cant seem to be able to access the server from the inside.. or at least not from the PC that the server is running on.. I've had a few friends try accessing it from the outside with success..

another thing I was wondering.. why is it when I enter the URL I setup on dyndns into say firefox, it tries to access my router? will setting up a web server and redirecting port 80 to the web server make it so that the URL will open up a webpage on the web server instead of the router? just for the record.. I got this router from NTT.. think it's called a Web Caster V110.. oh yes.. I live in Japan..

I'm using version 6.10

I'm also having another issue, I can log onto the server with no prolbems from within the network but when I try it externally I get

"No connection could be made because the target machine actively refused it "

Thanks for all the help.

So try to re-install proftpd because you should have this directory if you use ubuntu edgy eft. For your second problem this is surely related to your firewall.

i was wondering if some one might be able to help me.

i have proftpd get up and its running. but i need to add some users.
the usernames:
patrick ftphome: /home/patrick/
dstamp ftphome: /home/dstamp/
var-user ftphome: /var/www/
and they need full controll. how would i do this as im normlly do it in gproftpd but i have gone full command prompt so no gui.

many thanks
patrick king

Just take example of the proftpd.conf in the first post and make some tests, the upload directory is a good example for you because it gives full rights.

Hi,

I've tried to reinstall proftpd but it still has not created the dir/ file you mentioned.

I'm guessing this could be down to my cource file so here is a copy of it, I got this from a link on this thread to another post which recomended this source list. I have a backup of the source list I had on install but it couldn't find proftpd when I trie apt-get.


deb http://archive.ubuntu.com/ubuntu breezy main restricted
deb-src http://archive.ubuntu.com/ubuntu breezy main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu breezy-updates main restricted
deb-src http://archive.ubuntu.com/ubuntu breezy-updates main restricted

## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## universe WILL NOT receive any review or updates from the Ubuntu security
## team

deb http://archive.ubuntu.com/ubuntu breezy universe multiverse
deb-src http://archive.ubuntu.com/ubuntu breezy universe multiverse

## Security Updates
deb http://security.ubuntu.com/ubuntu breezy-security main restricted
deb-src http://security.ubuntu.com/ubuntu breezy-security main restricted

deb http://security.ubuntu.com/ubuntu breezy-security universe multiverse
deb-src http://security.ubuntu.com/ubuntu breezy-security universe multiverse

## official backports
deb http://archive.ubuntu.com/ubuntu breezy-backports main restricted universe multiverse

# If you get errors about missing keys follow these command's :
# gpg --keyserver subkeys.pgp.net --recv 33BAC1B3
# gpg --export --armor 33BAC1B3 | sudo apt-key add -
#
# Cipherfunk multimedia packages (packages, GPG key: 33BAC1B3)
deb ftp://cipherfunk.org/pub/packages/ubuntu/ breezy main

## plf primary repo
## http 100mbit/s mirror provided thanks to OVH http://ovh.com
deb http://packages.freecontrib.org/ubuntu/plf/ breezy free non-free
deb-src http://packages.freecontrib.org/ubuntu/plf/ breezy free non-free

## plf mirror. use if primary repo is offline
## FTP mirror from http://free.fr (french ISP)
## deb ftp://ftp.free.fr/pub/Distributions_Linux/plf/ubuntu/plf/ breezy free non-free
## deb-src ftp://ftp.free.fr/pub/Distributions_Linux/plf/ubuntu/plf/ breezy free non-free

##
## Use the following repos ONLY if you need them.
## To use one remove the "##" from the line that starts with "## deb".
##

## official wine apt repository
##deb http://wine.budgetdedicated.com/apt breezy main
##deb-src http://wine.budgetdedicated.com/apt breezy main


## opera web browser
## deb http://deb.opera.com/opera/ etch non-free

## Oo2 final - you can optionally use this one until OOo2 final arrives in backports
## deb http://people.ubuntu.com/~doko/OOo2 ./

## skype
## deb http://download.skype.com/linux/repos/debian/ stable non-free

Thanks for the help.

From what i see you are using ubuntu breezy 5.10 and not ubuntu edgy 6.10 or you are using a wrong source.list file.
If you are really using ubuntu edgy you should have the 2.6.17.11 kernel, the command "uname -a" will give you your kernel version.

I have ran the command and got this

Linux WBSRV01 2.6.17-11-generic #2 SMP Thu Feb 1 19:52:28 UTC 2007 i686 GNU/Linux

I have the original source list if I need to revert back to this, but I'm guessing I will need to add some sources to enable me to get proftpd using apt as when I first tried it with th original source the package could not be found.

Thanks
Phil

Yep your source.list is really wrong, replace all the words "breezy" by "edgy" and it should be good.

ok i'm pretty much a complete noob to linux
but i instaled GproftpD and when i try to run it it tells me i have to run it as a root (the window will close in 10 secs) wth does that mean and how do i run it as root?

All about what is root rights and how to use them here :
https://help.ubuntu.com/community/RootSudo

Hey,

I've been having a hell of a time trying to get my server working with multiple logins (and diferent permission for each login).

What I'm trying to setup is:

A home dir (/home/ftp) that I can control with the main ftp user account and a dir (/home/ftp/clientclips) that, when logged in as a second account, is read only.
I would like to have full control the main dir (and all sub-dir) using the main ftp account and still have the clientclips dir read only for the second ftp account.

So far the best I've been able to do is have the main dir be read/write for the main account (anarchyftp) and the clientsclips be read only, or have all dir and sub-dir be read/write for the anarchyftp account and get PWD or PORT errors (often both) when logging in as the second account (creativeftp)

I've attached my current conf.
with it I'm able to read/write while logged in as anarchyftp, but I get this error when logged in as creativeftp:

"Could not determine current path. Server said: PWD: Permission denied. Error -124: PWD failed"

Does anyone have any tips? I'm getting kind of desperate.

Hi Guys,

Just a quick question,

I am able to connect locally to the FTP server but not externally. I have set the passive prots in the proftpd.conf file and matche the ports the router allows through to the server but when I connect externally I get

Response: 500 Illegal PORT command
Error: Could not retrieve directory listing

Any ideas would be greatly appreciated as I'm all out.

Thanks

I figured out the PWD error!

the problem was I had set the permissions like this:


<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
Deny ALL
</Limit>

<Limit READ MKD STOR CWD DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>


When I should have set them like this:


<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>

<Limit READ MKD STOR CWD DELE XMKD RNEF RNTO RMD XRMD>
AllowAll
</Limit>
</Directory>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



The problem was I didn't give the read-only user permission to use the root dir, so it couldn't get access to the sub-dir.

E.g.

This gave me the PWD and PORT errors:

<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
Deny ALL
</Limit>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



This worked:

<Directory /home/ftp/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>

<Directory> /home/ftp/clientclips/*>
Umask 022 022
AllowOverwrite on

<Limit ALL>
Order Allow,Deny
AllowUser anarchyftp
AllowUser macwrech
AllowUser caadmin
AllowUser creativeftp
Deny ALL
</Limit>



Hope that helps someone.