PDA

View Full Version : ProFTP How To:



grommer
25th March 2004, 10:46 PM
This is my first howto, so bare with me on this.
Edit:
Why use ProFTP you might ask?? Well, first off, it's easy as heck to setup, there's not many dependencys for it. For me it's been about a 100% more secure than Vsftp (very secure ftp). Then again, security is always relative to how your particular system is setup.

Let's first start by actually getting proftp. If you're using apt-get, simply at a command line

apt-get install proftpd

If you're using yum I believe (I dont use yum so feel free to correct me here) it would be

yum install proftpd.

Adding users and securing them. We want to make sure our ftp server is secure, so let's make sure users dont get access to a valid shell.

We need to first edit

/etc/shells

and add the line

/bin/false

to the file. False does absolutely nothing. Look at the man pages on it if you dont believe me :)


After that we need to create some users that can actually access the server. Decide on a base directory where you want your users to be able to upload and download. Since my FTP server is mostly there just so I can upload my web pages to it I like to set mine to the directory of which Apache (httpd) serves pages from i.e /var/www/html. Next, let's set permissions on this directory structure

chown -R 770 /var/www/html

So, using groupadd or under the main menu, go to system settings > users and groups . From there click on add group. I called mine ftp-users, but you can call them whatever you want. Let's go ahead and add some users now. Again using the user and groups tools, add a user, and make sure the shell is set to /bin/false. It should be in the dropdown menu since we've added it to the /etc/shells. Set the default directory of the users to that of where the main upload and download folders will be. In my case it is /var/www/html

Now looking at the users and groups you should see a user or multiple users, the group they belong to which should be ftp-users, their login shell must be /bin/false and their home directory should be /whatever/ or again in my case /var/www/html

The config file of proftpd is located at /etc/proftpd.conf , it's quite simple and straightforward. I've never had to change much in there except for perhaps the port number, or the welcome message. It can get pretty complicated if you're wanting to work with virtual directorys and anonymous users. After that, it should be up and running. You stop and start it through the main menu > system settings > server settings.

If there's something I've missed, or you need help with, feel free to send me a private message, I'd love to help. !!

Ug
25th March 2004, 11:58 PM
Good work grommer! But a couple of pointers, first of all you want to explain why initially you'd want to use proFTP and not something else. Secondly you might want to consider screenshots of some bits?

Nonetheless good.

grommer
26th March 2004, 08:04 AM
ok...screenshots are on the way. Hope this helps some people out.

Ug
26th March 2004, 10:49 AM
Or you could consider the [ code ] tags. But keep up the good work!

grommer
30th March 2004, 01:56 PM
I've completely rewritten the howto and added as well a howto about apache, and a small one about apt. They include screenshots and step by step instructions. Enjoy!

http://www.cuxhaven-fewo.de/http_How_to_part1.doc
http://www.cuxhaven-fewo.de/httpd_howto2.doc
http://www.cuxhaven-fewo.de/httpd_howto3.doc

Jman
30th March 2004, 04:11 PM
Argh, doc files! I can open them with openoffice, but some might not. Could you export the final draft to pdf or something?

Good howto though.

foolish
30th March 2004, 06:04 PM
Or even better, make them in html!

You should include instructions on getting the rpm files as well. People can be using yum and apt and still not have the repositories that have proftpd in their sources. Include a direct link to the rpm-files or instructions on getting them. Otherwise, great work.

nhansam
26th April 2004, 09:15 PM
how to add users for proftpd ? Sorry, I'm so new in linux, but still wanna learn something

strikeforce
18th June 2004, 08:58 PM
I think if I remember rightly as long as you have the users entered in the console or normal user and they are a member of the ftp users group you can connect up to it.

Possibly have a look at the proftp.conf file in the /etc/ directory.

Also grommer I agree I spent 2 weeks with vsftp or trying to get it working which still I did not get to work now that could be and probably is noobness on my side but hey I got proftp to work quickly and as long as my firewall only allows uploads from certain ips I'm fine.

So I'm with you grommer

RyoHazuki
22nd July 2004, 06:30 PM
I think it should be CHMOD and not CHOWN ?

Correct me if I am wrong.

Ryo

verbatim
30th July 2004, 06:06 AM
Couldn't you just use /sbin/nologin for the shell and not bother adding /bin/false?

Just curious.

snampall
5th May 2005, 09:49 PM
How would one know in what repositoy does a pckage exist ? I am using yum to install proftp. This is what I get. I have fedora, atrpms and livna-stable as my repositories.

[root@localhost ~]# yum install proftpd
Repository development already added, not adding again
Setting up Install Process
Setting up Repos
development 100% |=========================| 951 B 00:00
base 100% |=========================| 1.1 kB 00:00
livna-stable 100% |=========================| 951 B 00:00
updates-released 100% |=========================| 951 B 00:00
Reading repository metadata in from local files
developmen: ################################################## 1060/1060
base : ################################################## 2622/2622
livna-stab: ################################################## 167/167
updates-re: ################################################## 893/893
No Match for argument: proftpd
Nothing to do

strikeforce
6th May 2005, 01:23 AM
try typing yum search proftp and it'll find anything that matches it or if your talking packages try yum list proftp

leadgolem
21st May 2005, 09:12 PM
You could also install the config from the fedora faq, it has the package available. Here's the config http://www.fedorafaq.org/#yumconf You'll have to uninstall vsftp before you can install proftpd.

I'm getting the following results when trying to change the permissions for my ftp directory.

[root@localhost etc]# chmod -R 770 /home/ftp
[root@localhost etc]#
I have gone in through the gui and checked off all the permission boxes.
I'm still getting a ftp session terminated error when trying to access the ftp from another system.
Proftpd is listed as running in server settings, the firewall has ftp enabled, the router firewall has port 21 to forward to this system. I have a test user setup, no access when trying to login with that ID. That user is setup to be in the ftpuser group.

I changed the following from nobody to the ftp group designation I'm using.

# Set the user and group that the server normally runs at.
User nobody
Group ftpusers

If anybody has any ideas on how to get this working, please let me know.

strikeforce
22nd May 2005, 04:13 AM
What does the log say.


Also have a look at the proftp website as well. That'll help. Also make it run as a standalone server do not use inetd it seems to slow everything up I'm not sure why.

<Directory /home/ftp/*>
AllowOverwrite on
Groupowner Apache
Umask 000
<Limit WRITE>
AllowUser adm

</Limit>

<Limit ALL>
Order Allow,Deny
Allow ftpusers
Deny ALL
</Limit>
</Directory>

leadgolem
23rd May 2005, 08:57 AM
The log shows nothing. Nothing at all, as if there has been no attemp to access the ftp. :confused:

Zovix
12th October 2005, 08:36 PM
I know I'm digging up old things, but I'm also having troubles getting this to work. I did everything stated and I'm pretty sure its running almost right. When I use Firefox to try to connect it brings me to the password window and when I enter it I get Error 530: Invalid login.

I know the password is correct, I've reset it many times over.

Reading from another post I was told to add some things to /etc/pam.d/ftp

#%PAM-1.0
auth required pam_unix.so nullok
account required pam_unix.so
session required pam_unix.so
Which I did, but I'm still getting the invalid. Any ideas?

Zovix
12th October 2005, 08:53 PM
Ha, nevermind. I guess it was the ftp/sftp thing happening. That post didn't show up in my search when I searched for proftpD.

Sorry for digging up 5month old stuffs :)