A. The GUI way (for beginners only)
For those who are new to linux and don’t want to use a FTP server without GUI, or just for those who don’t use often their FTP server and wish to set it
quickly without a high level of security, there is a GTK GUI for proftpd.
Be careful, it’s less secure than configuring yourself your server.
1. Install proftpd and gproftpd with synaptic or with this command:
Code:
1 |
sudo apt-get install proftpd gproftpd |
2. Play with the GUI and set up quickly your server.
Feel free to post here if you have some problems with gproftpd but it shouldn’t be too hard to use (it took me 2 minutes to set up a small FTP server ).
B. The secure way
1. Install proftpd with synaptic or with this command:
Code:
1 |
sudo apt-get install proftpd |
2. Add this line in /etc/shells file (sudo gedit /etc/shells to open the file):
Code:
1 |
/bin/false |
Create a /home/ftp directory:
Code:
1 2 |
cd /home sudo mkdir ftp |
Create a user named ftp_user which will be used only for ftp access. This user don’t need a valid shell (more secure) therefore select /bin/false shell
for ftp_user and /home/ftp as home directory (property button in user and group window).
To make this section clearer, i give you the equivalent command line to create the user, but it would be better to use the GUI (System -> Administration -> User -> Group) to create the user since users here often got problems with the user creation and the password (530 error) with the command line, so i really advice to use the GUI :
Code:
1 2 |
sudo useradd ftp_user -p your_password -d /home/ftp -s /bin/false sudo passwd ftp_user |
In ftp directory create a download and an upload directory:
Code:
1 2 3 |
cd /home/ftp/ sudo mkdir download sudo mkdir upload |
Now we have to set the good permissions for these directories:
Code:
1 2 3 4 5 |
cd /home sudo chmod 755 ftp cd ftp sudo chmod 755 download sudo chmod 777 upload |
3. OK, now go to the proftpd configuration file:
Code:
1 |
sudo gedit /etc/proftpd/proftpd.conf |
and edit your proftpd.conf file like that if it fit to your need:
Code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 |
# To really apply changes reload proftpd after modifications. AllowOverwrite on AuthAliasOnly on # Choose here the user alias you want !!!! UserAlias sauron userftp ServerName "Server_Name" ServerType standalone DeferWelcome on MultilineRFC2228 on DefaultServer on ShowSymlinks off TimeoutNoTransfer 600 TimeoutStalled 100 TimeoutIdle 2200 DisplayFirstChdir .message ListOptions "-l" RequireValidShell off TimeoutLogin 20 RootLogin off # It's better for debug to create log files ExtendedLog /var/log/ftp.log TransferLog /var/log/xferlog SystemLog /var/log/syslog.log #DenyFilter \*.*/ # I don't choose to use /etc/ftpusers file (set inside the users you want to ban, not useful for me) UseFtpUsers off # Allow to restart a download AllowStoreRestart on # Port 21 is the standard FTP port, so you may prefer to use another port for security reasons (choose here the port you want) Port 1980 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 8 # Set the user and group that the server normally runs at. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 PersistentPasswd off MaxClients 8 MaxClientsPerHost 8 MaxClientsPerUser 8 MaxHostsPerUser 8 # Display a message after a successful login AccessGrantMsg "welcome !!!" # This message is displayed for each access good or not ServerIdent on "you're at home" # Set /home/ftp directory as home directory DefaultRoot /home/ftp # Lock all the users in home directory, ***** really important ***** DefaultRoot ~ MaxLoginAttempts 5 #VALID LOGINS AllowUser userftp DenyALL </Limit> <Directory /home/ftp> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNRF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory /home/ftp/download/*> Umask 022 022 AllowOverwrite off <Limit MKD STOR DELE XMKD RNEF RNTO RMD XRMD> DenyAll </Limit> </Directory> <Directory> /home/ftp/upload/> Umask 022 022 AllowOverwrite on <Limit READ RMD DELE> DenyAll </Limit> <Limit STOR CWD MKD> AllowAll </Limit> </Directory> |
Ok you have done proftpd configuration. Your server is on port 1980 (in this exemple) and the access parameters are
user: ftp_user
password: the one you’ve set for ftp_user
4. To start/stop/restart your server:
Code:
1 2 3 |
sudo /etc/init.d/proftpd start sudo /etc/init.d/proftpd stop sudo /etc/init.d/proftpd restart |
To perform a syntax check of your proftpd.conf file:
Code:
1 |
sudo proftpd -td5 |
To know who is connected on your server in realtime use “ftptop” command (use “t” caracter to swich to rate display), you can also use the “ftpwho”
command.