This tutorial explains how to install and configure Proftpd Server on CentOS 6.2, Fedora Linux and RHEL clones. ProFTPdProFTPd is one of the most popular, secure and reliable FTP server for the Linux operating system. Proftpd uses a single configuration file and it’s very simple to set up. Its configuration syntax is very similar to apache web server.
It offers several functionalities such as:
- multiple virtual server
- authenticated access
- chroot jail support
- SSL/TLS encryption
- RADIUS, LDAP and SQL support etc
Before installation make sure gcc package have installed, for installation follow this posting.
To install Gcc package
yum install gcc
yum update gcc
Download & Install ProFTPD Server
[root@php2s ~]# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4a.tar.gz
[root@php2s ~]# yum install proftpd -y
Start ProFTPD when the system reboot:
[root@php2s ~]# chkconfig –level 3 proftpd on
To Start, Stop & Restart proftpd ftp service, enter:
[root@php2s ~]# service proftpd start
[root@php2s ~]# service proftpd stop
[root@php2s ~]# service proftpd restart
To reload the configuration file, enter:
[root@php2s ~]# service proftpd reload
/etc/proftpd.conf – Proftpd configuration file
The default configuration file is located at /etc/proftpd.conf or /usr/local/etc/proftpd.conf, depending on your installation. To edit the configuration file, enter:
[root@php2s ~]# nano /etc/proftpd.conf
This is where you specify access types and read/write permissions, and lots of other neat things. In this section, you’ll walk you through a sample config file step by step and explain how we are setting the server up.
ServerName – Sets the name of the server. This is what will be displayed to the connecting users.
ServerType – Sets the server to standalone because that is the type of server we are running. If you do not understand this, please refer back to the “Server Type” section of this document. The alternative to “standalone” is “inetd”.
Port – Determines which port on which to accept ftp connections. This is best left at it’s default of 21 unless you have a good reason to change it.
AuthPAM – Used to set whetheror not users with accounts on the host machine can ftp in to their home directories. This is on by default so if you want to disable this type of access, you must specifically do so.
Umask – This sets the default permissions of any file uploaded through the ftp server. More info can be found in the online User’s Guide.
MaxInstances – The maximum number of simultaneous connections you want to allow.
User/Group – These two lines set which user and group you want to run the server as.
DefaultRoot – Note this for security reasons. This line tells the server to force any user who has logged in to see their home directory as the root directory. This will stop people from having access to the entire file system.
Allow from .clarkson.edu
Deny from all
Allow from all
The Directory directive specifies that the options within it are to be applied to the aforementioned directory. In this case, we are looking at /* which encompasses the entire file system. Inside this directive, we have AllowOverwrite set to “on”. This will allow all uses the overwrite files in all directories that they have WRITE permission.
Order allow,deny states the precedence of the allow and deny directives. We have set up this example server to only allow connections from someone comming from the domain .clarkson.edu. We then Deny access to everyone. You may be wondering how people at Clarkson can access this server if we have denied access to all. Well, because allow is of higher precedence than deny, when someone tried to connect from clarkson they are allowed because they fit the “Allow from .clarkson.edu” rule. However, when someone comes from .aol.com they will not fit the Allow rule, and will then be checked against the deny rule and since it is set to “Deny from all” the AOL user will be denied.
This directive, as we’ve set it up, allows all users of ther server to write. This is known as a global directive because it is not found inside another directive such as a user directive or a directory directive. This means that it applies to ALL users who do not have their own Limit WRITE directive. If you do not set this globaly, your users will not be able to do anything but read files on your server.
UserAlias anonymous ftp
AccessGrantMsg “Welcome to my FTP Server!”
Deny from all
This directive sets up an anonymous login and sets the default directory for anonymous login to be /home/ftp/. The User/Group directives here just specify who you want an anonymous user to log in as. root is OBVIOUSLY a horrible choice for this one!! UserAlias just says “Treat the user called ftp as if he were the user anonymous”. MaxClients states that only 10 anonymous users are allowed to connect at a time. RequireValidShell is off. This is so that anonymous users will not need a login name and password to connect. AccessGrantMsg just shows the anonymous users a message after they have logged in. You can also point this to a file by simply using a filename with (no quotes) instead of a message.
The Limit directive here prevents ANY anonymous user from writting to anything. This ensures that they cannot mess anything up.
Hope this example would be helpful.