El fichero de configuración que controla todo el proceso, normalmente se encuentra situado en /etc/proftpd.conf y posee una estructura de instrucciones que deben considerarse imbricadas, es decir solapadas, permitiendo la concreción de la configuración directorio a directorio, aunque algunos comandos se apliquen a la totalidad del servidor.
En cualquier caso, la estructura del fichero es similar a un documento etiquetado de tipo HTML, donde la directiva irá expresada entre las etiquetas correspondientes. Por ejemplo:
<Limit LOGIN> DenyUser paco,pepa #Impide el acceso a paco y pepa </Limit> |
La directiva anterior denegaría el acceso al servidor FTP a los usuarios paco y pepa mientras que la frase precedida por la almohadilla "#" responde a la buena costumbre de comentar los ficheros de configuración.
En nuestro caso, el fichero de configuración es el siguiente:
# This is the ProFTPD configuration file
ServerIdent on "Servidor FTP preparado."
ServerAdmin cvalera@larural.es
ServerType standalone
#ServerType inetd
DefaultServer on
AccessGrantMsg "Usuario %u registrado."
DisplayConnect /etc/ftpissue
#DisplayLogin /etc/ftpmotd
#DisplayGoAway /etc/ftpgoaway
# Use pam to authenticate by default
AuthPAMAuthoritative on
# Do not perform ident lookups (hangs when the port is filtered)
IdentLookups off
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# Chmod isn't allowed by default
AllowChmod on
# Default to show dot files in directory listings
#LsDefaultOptions "-a"
# See Configuration.html for these (here are the default values)
#MultilineRFC2228 off
#RootLogin off
#LoginPasswordPrompt on
#MaxLoginAttempts 3
#MaxClientsPerHost none
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
MaxClientsPerHost 1
DisplayLogin .welcome.msg
DisplayQuit .quit.msg
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
DefaultRoot ~
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
# Uncomment the following line to allow anonymous access
RequireValidShell off
AllowChmod off
User ftp
Group ftp
#AccessGrantMsg "Acceso anónimo correcto. Restringido"
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, '.message' displayed in
# each newly chdired directory and tell users to read README* files.
DisplayLogin .welcome.msg
DisplayFirstChdir .message
DisplayReadme README*
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous> |