-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbftpd.conf
312 lines (259 loc) · 12.6 KB
/
bftpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
#Configuration file for bftpd.
#The given values are only examples, modify this file for your own needs.
global{
#If set to no, access is allowed.
#If set to yes, access is denied without giving a reason.
#If set to anything else, access is denied giving the content of this
#variable as a reason.
DENY_LOGIN="no"
#The port number where the daemon should listen (only for daemon mode)
PORT="21"
#You can force bftpd to use a specific port range in passive mode.
#Passive mode means that the client will open data connections
#and the server stays 'passive'.
#This option can be very useful with some firewall configurations.
#Seperate values with "," and define ranges with "-".
#bftpd will try to bind one of these ports in ascending order as
#you specify them here.
#If none of the given ports could be bound, the connection is
#is refused. If you want to bind any free port in that case, add
#"0" to the list.
#PASSIVE_PORTS="10000,12000-12100,13000"
PASSIVE_PORTS="0"
#If PORT data connections should be opened from port 20, say yes here. You
#will probably need this if your server is behind a firewall that restricts
#outgoing packets from ports higher than 1024. Note that this may be a
#security hole, as the server can not drop its root privileges completely
#if you say yes here.
DATAPORT20="no"
#The password for the administration commands, encrypted (man mkpasswd).
ADMIN_PASS="x"
#With this option, you can put your entire FTP environment into a chroot
#jail. Apart from security, this offers you the possibility of having
#virtual users that don't exist in the system.
#Additionally, you can make some kind of 'file pool' by creating a directory
#with files which you can symlink from the users' homes (this means setting
#DO_CHROOT=no in order for the users to be able to access that dir.
#Note that you need the following files in your initial chroot directory:
#/etc/passwd, /etc/shadow, /etc/group
#On GNU systems, you will also need the NSS libraries in /lib.
#INITIAL_CHROOT="/ftp"
#The bftpdutmp file enables you to record user logins and logouts in
#bftpd, which is useful for the administration interface (which is not
#finished yet). You also need the file to be able to restrict the number
#of users simultaneously logged on, and so on.
#Note that the directory in which the file resides must already exist.
#Set the option to "" if you do not want that. This is discouraged for normal
#use, but can be helpful if you want to create a boot floppy or something.
PATH_BFTPDUTMP="/var/run/bftpd/bftpdutmp"
#This option controls the buffer size while transferring files.
#If you are on a very fast network (fast meaning 100 Mbit/s or more),
#you should set this to 64000 or something like that.
#Transferring from localhost to localhost, I had a transfer speed of
#approx. 15 MB/s with XFER_BUFSIZE=2048 and a speed of approx. 20 MB/s
#with XFER_BUFSIZE=64000. You should not set big values for this if you have
#slow (dialup) clients.
# This option can also be used to (crudely) throttle back
# transfer speeds. Setting this to a very low value
# can slow transfer speeds.
XFER_BUFSIZE="2048"
# This variable controls whether the transfer buffer (see above option)
# should change size as more (or less) clients connect to the server.
# Setting this option to "yes" will put more work on your CPU, but
# will avoid chewing up as much bandwidth as more people connect.
# Setting this option to "no" is easier on the CPU, but may cause
# your bandwidth to spike.
CHANGE_BUFSIZE="no"
# This option allows you to add a delay (in microseconds) to
# the time between when one piece of data was sent
# and when the next will be sent. This is to aid in
# throttling bandwidth and applies to each client. The
# throttling effects the DATA transfers only (not control
# connections).
# A value of zero (0) means there is no added delay.
# A value of about 500000 (five hundred thousand) should
# delay for about half a second.
# These delays should be kept low to avoid triggering
# data transfer timeouts.
XFER_DELAY="0"
# This option determines whether hidden files
# ( files that start with a "." )
# will be shown in a directory listing.
# If this option is set to "yes", the client will be
# able to see hidden files ONLY if they pass the "-a"
# option to the list command. For example "ls -a".
# If this option is set to "no", then hidden files are
# never shown, regardless of whether "-a" is used.
# Additionally, if we want the server to always send hidden
# files to the client, whether they request hidden files or
# not, set this to "always".
SHOW_HIDDEN_FILES="no"
# This option determines whether files not readable
# to the ftp user will be shown in a directory listing.
SHOW_NONREADABLE_FILES="no"
#When set to yes, this option makes the server allow data connections which
#don't go to the client who initiated them.
#This is needed for FXP.
ALLOW_FXP="no"
#After how many seconds of idle time should a user be kicked from the server?
CONTROL_TIMEOUT="300"
#After how many seconds of idle time should a user be kicked from the server
#during a file transfer?
DATA_TIMEOUT="30"
#Use Ratio if you want the client to send a file before he can get a file.
#Usage: RATIO=send/receive or RATIO=none. Example: RATIO=2/1 lets the client
#receive a 1 MB file when he has sent a 2 MB file.
RATIO="none"
# Use this option to track bandwidth usage. After each session, the server
# will log how much data was uploaded and downloaded for each user.
# This option should point to the directory where the log files will
# be saved.
# Each day gets its own log file, to make it easier to rotate logs.
# Please note, this directory must be created manually.
# BANDWIDTH="/var/log/bftpd"
#ROOTDIR specifies the root directory of the client. It defaults to %h
#(user's home directory). %u is replaced by the user name.
ROOTDIR="%h"
#Umask for the files or directories users create.
UMASK="022"
#Name of the log file. Say "syslog" to log into syslog.
#Say "" for no logging.
LOGFILE="/var/log/bftpd.log"
#Use %v for version, %h for the server FQDN and %i for the server IP address.
# Note: If you use the "%h" option and you do an inital CHROOT, then
# you'll need to copy your /etc/hosts and /etc/host.conf files into
# the chroot jail.
HELLO_STRING="bftpd %v at %i ready."
#The server automatically chdirs to the directory given here after login.
AUTO_CHDIR="/"
#Authentication type, values: PAM, PASSWD
AUTH="PASSWD"
# The FILE_AUTH varible over-rides the AUTH value. If the FILE_AUTH
# value is set to something other than an empty string ("")
# bftpd will search through the pathname given in order
# to find username/password matches.
# The format of this file is as shown below:
# username password group home_folder
# (for example:)
# robert secret users /home/robert
# james moose users /mnt/storage
#
# A entry with the password field set to * (star) requires
# no password. Any password the users enters will be accepted.
# The following example is for a user with no password.
# anyone * users /home/ftp
#FILE_AUTH="/etc/ftpdpassword"
#Enable this if you want the client's IP address to be resolved to a host
#name. Note that it increases the overhead and it may not work if your DNS
#is not configured correctly. Clients without a valid DNS name will take very
#long to connect.
RESOLVE_CLIENT_IP="no"
#Path to the message of the day, seen by all users before login.
MOTD_GLOBAL="/etc/ftpmotd"
#Path to the message of the day, seen after login, relative to the root
#path of the user (see ROOTDIR).
# Use symbols %u and %h in place of user's username and home directory.
MOTD_USER="/.ftpmotd"
#If RESOLVE_UIDS is enabled, in directory lists the user and group names
#are shown instead of UID/GID. This may slow down directory listings.
RESOLVE_UIDS="yes"
#If DO_CHROOT is enabled, a user can not access directories other than his
#HOMEDIR and its subdirectories. DON'T disable this globally if you don't
#want to have a security hole!
DO_CHROOT="yes"
#Enable this to log each login to wtmp.
LOG_WTMP="yes"
#If you want bftpd to bind itself to one specific network interface, enter
#its IP address here. Else enter 'any'. This option only works in standalone
#mode.
BIND_TO_ADDR="any"
# This option allows you to over-ride the IP address Bftpd
# sends to the client. This may be useful is you are behind
# a router. If an address is given in this option, it over-rides
# the LAN IP your PC had. It is recommended you leave this option
# commented out unless you have a special setup.
#OVERRIDE_IP="127.0.0.1"
#Path to the ftpusers file. It can contain user names that are denied.
#If it does not exist, every user can log in. If you don't want this,
#just put a nonexistent filename here.
PATH_FTPUSERS="/etc/ftpusers"
#Enable this if you want to deny any user who has a shell which is not in
#/etc/shells.
AUTH_ETCSHELLS="no"
#With the option ALLOWCOMMAND_XXXX, you can disable the command XXXX.
#For example, if you don't want any user to delete files, you can do
#ALLOWCOMMAND_DELE="no"
#Of course, you can disable it for specific users by writing the appropiate
#lines into the user structures.
ALLOWCOMMAND_DELE="yes"
ALLOWCOMMAND_STOR="yes"
ALLOWCOMMAND_SITE="no"
#Files that belong to these groups (comma-separated) are hidden in LIST/NLST.
HIDE_GROUP=""
#What message should be used as reply for the QUIT command?
QUIT_MSG="See you later..."
#The number of users that can be logged in at the same time.
#If set to "0", an unlimited users will be able to connect. This is not
#recommended, as it makes DoS attacks possible, even if the clients are
#kicked after a short time.
USERLIMIT_GLOBAL="0"
#This variable controls how often one user can be logged in at one time.
#This allows you to have a big connection limit (see above) and nevertheless
#prevent single users from having a lot of connections.
#This option may also be useful in a user {} or group {} environment.
USERLIMIT_SINGLEUSER="0"
#This variable controls how many users are allowed to connect from the same IP
#address. This prvents one user (or machine) from taking all of the avail
#connections.
#If you want to allow unlimited connections, leave this option as "0".
USERLIMIT_HOST="0"
#This option allows you to force files to be compressed
#on the fly during upload. A ".gz" extension will be given
#to the file. This should usually be turned off ("no"), but
#may be useful to servers with smaller storage space.
#To enable this option set the value to "yes".
#
# To use this option, bftpd must be configured using
# "./configure --enable-libz" _before_ running "make".
GZ_UPLOAD="no"
#This option allows you to set whether or not files
#with the extension .gz should be uncompressed on-the-fly
#during downloads. This should usually be turned off ("no").
#To enable this feature, set the value to "yes".
#
#To use this option, bftpd must be configured using
# "./configure --enable-libz" _before_ running "make".
GZ_DOWNLOAD="no"
# This option is enabled when the server should run
# a script before writing to the file system. This should
# usually be commented out, unless you need to prepare the
# file system for writing.
# NOTE: Be careful when using this option and the DO_CHROOT option.
# The location of the root directory can change when using DO_CHROOT.
# The current working directory (cwd) is passed to the script you run.
# PRE_WRITE_SCRIPT="/bin/true"
# This option is enabled when the server should run
# a script after writing to the file system. This should
# usually be commented out, unless you need to do something
# to the file system after writing.
# NOTE: Be careful when using this option and the DO_CHROOT option.
# The location of the root directory can change when using DO_CHROOT.
# The current working directory (cwd) is passed to the script you run.
# POST_WRITE_SCRIPT="/bin/false"
# The GNU C library makes some assumptions about the local time zone
# when run in a chroot environment. The Bftpd server tries to work
# around these assumptions to give the correct time. If we are
# running in an environment which does not require the time zone
# fix, set TIMEZONE_FIX to "no".
# TIMEZONE_FIX="no"
}
user ftp {
#Any password fits.
ANONYMOUS_USER="yes"
DENY_LOGIN="Anonymous login disabled."
#ROOTDIR="/path/for/anonymous/user"
}
user anonymous {
#If the client wants anonymous, ftp is taken instead.
ALIAS="ftp"
}