• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

FTP daemons......

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

TyRex

Member
Joined
Sep 12, 2002
Location
Indiana
Just curious as what all of you more experienced linux users use as an ftp daemon????...I've tried pure-ftpd, wu-ftpd, and proftp, but they've all been kind of hard to setup for a noob.....any suggestions???
 
proftpd here, it´s great. I have also used (or is it still on some of my machines?) wuftpd, but it suck as soon as you want chrooted users or anything like that.
 
Titan386 said:
I've used proftpd. My setup wasn't very complicated, just a single user and password sharing a directory. I can post my proftpd.conf if you want.

You'll be able to find lots of info here:
http://proftpd.linux.co.uk/docs/

I think i got the hang of it now, thanx for the offer though
 
actually, i take that back...............it would really help seeing proftpd.conf example.........thanx
 
Code:
# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.

ServerName                      "Frogs Server"
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            frog
Group                           frog

# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off

SystemLog                       /var/log/proftpd.log
TransferLog                     /var/log/xferlog

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite                on
</Directory>

# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
  RequireValidShell             off
  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    50

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
#  <Directory incoming/*>
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>

</Anonymous>

<Global>
AllowStoreRestart on
DefaultRoot /home/frog/
</Global>

Change the user and group to suit your set up. Remember that the FTP password is the same as the users UNIX password. I believe that the user's home directory is shared, but I'm not completly sure on that. It's been a while since I used FTP.
 
I'm using pure-ftpd. Works good and seems to be secure enough. If you are opening up this ftp server to the Internet a few suggestions regarding security. Note that my suggestions are geared towards setting up a private ftp.

1. Create a seperate user for your ftp access. Do not use the same user as your regular account, especially if you have valuable data on that account. If you are only setting up anonymous ftp, you can ignore this suggestion.

2. Disallow all users that don't need to use ftp, especially any account where you have important data.

3. Prevent the ftp users from accessing anything outside of their home directory. With pure-ftpd, I add "/./" to the home directory of a user in /etc/passwd. So for example, /home/ftpaccount would become /home/ftpaccount/./

4. You may want to setup a firewall. In my case, I only allow specific IP addresses to access the server. Note that FTP firewall setup can be a bit complicated. It uses several outbound ports, so you need to either disable your outbound rules, or open up that range of ports for outbound. If you are just using NAT (such as Linksys), and want it open to the entire Internet, don't worry about it. But expect to see accesses to it from all over the world in your logs.

Sorry if this is a bit much, I am paranoid :) The reason being is FTP in general is very insecure. The passwords are transmitted in plaintext, meaning they can be easilly sniffed, so you can assume that any of your ftp users' passwords have been compromised. If you are just running anonymous ftp, I wouldn't worry about too much, just make sure you disable all your regular accounts.

There are some other file transfer protocols that are more secure (for example sftp). There's was a really good article on it that I read, if I find it I will post the link. Though with FTP the advantage is that most machines out there already have a client installed by default.
 
Back