Proftpd (proftpd.conf)
Introdução
PROFTPD é um servidor de FTP (file transfer protocol) onde sua utilização veio crescendo muito nos últimos anos, tanto pela sua facilidade de configuração/instalação quanto pela sua confiabilidade, sendo muito apreciado para uso juntamente com Apache web server.
Antes do projeto PROFTPD começar haviam disponíveis no mercado servidores como wu-ftpd, Win32-ftp entre outros, o que fez com que o projeto fosse criado para inovar esse campo de trabalho com FTP, assim o mesmo criado sem base em outros servidores de arquivos, é feito de um código independente.
Veremos agora como instalar este fantástico servidor de arquivos.
Instalando o proftpd no Debian
O jeito mais simples e rápido de se instalar o proftpd é com a utilização do comando apt-get install, mas é necessário que o endereço do servidor de download do programa proftpd esteja na lista sources.list, que fica dentro de “/etc/apt/”.
Acesse o terminal como root e digite:
# apt-get update
# apt-get install proftpd
Caso no final da instalação seja mostrado uma tela como na imagem abaixo, encolha a opção autônomo.
Após concluir a instalação, iremos configurar o servidor PROFTPD.
1º Passo: criar um backup do proftpd.conf para proftpd.conf-bkp, com o comando abaixo:
# cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf-bkp
2º Passo: Criar um diretório “FTP” onde achar melhor no meu caso achei melhor criar em “/home/ftp” com o seguinte comando:
# mkdir /home/ftp
3º Passo: Mudar as configurações do proftpd.conf com as linhas abaixo e salvar e sair.
__________________________________________________________________________________________________
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "FTP-USUARIO"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
# UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
# SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
# Alternative authentication frameworks
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
# This is used for FTPS connections
#Include /etc/proftpd/tls.conf
# Useful to keep VirtualHost/VirtualRoot directives separated
#Include /etc/proftpd/virtuals.conf
# A basic anonymous configuration, no upload directories.
<Anonymous /home/ftp/>
User ftp
Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
#
RequireValidShell off
#
# # Limit the maximum number of anonymous logins
MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
</Anonymous /home/ftp/>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
__________________________________________________________________________________________________
4º Passo: Após terminar toda modificação restart o serviço com o comando abaixo:
# /etc/init.d/proftpd restart
Cadastrando Usuários no Linux
Os usuários, podem ser cadastrados no linux de duas formas, e estas são:
1 – Com acesso shell
2 – Sem acesso shell
Vamos pela forma simples? Cadastrando com acesso ao shell, assim o seu usuário pode também acessar via SSH o servidor (esta é minha necessidade no momento).
No meu caso, eu também precisei mudar o diretório HOME do usuário, para isso acrescentei o parâmetro -d após o comando useradd, veja:
# mkdir /home/ftp/Pasta_Usuario
# useradd usuario -d /home/ftp/Pasta_Usuario/
E atrelei o usuário junto ao Diretório que criei para o usuário com o comando:
# chown -R usuario:usuario /home/ftp/Pasta_Usuario/
E criei a senha para o usuário com o comando:
# passwd usuario
Feito isso, vá no navegador de sua preferência e digite ftp://SEU-IP-AQUI. Ex: ftp://192.168.0.1
É isso pessoal, se tiver dificuldade em qualquer coisa, deixe suas dúvidas nos comentários que tentarei responder o mais breve possível.
Viva o Mundo Linux!
PROFTPD é um servidor de FTP (file transfer protocol) onde sua utilização veio crescendo muito nos últimos anos, tanto pela sua facilidade de configuração/instalação quanto pela sua confiabilidade, sendo muito apreciado para uso juntamente com Apache web server.
Antes do projeto PROFTPD começar haviam disponíveis no mercado servidores como wu-ftpd, Win32-ftp entre outros, o que fez com que o projeto fosse criado para inovar esse campo de trabalho com FTP, assim o mesmo criado sem base em outros servidores de arquivos, é feito de um código independente.
Veremos agora como instalar este fantástico servidor de arquivos.
Instalando o proftpd no Debian
O jeito mais simples e rápido de se instalar o proftpd é com a utilização do comando apt-get install, mas é necessário que o endereço do servidor de download do programa proftpd esteja na lista sources.list, que fica dentro de “/etc/apt/”.
Acesse o terminal como root e digite:
# apt-get update
# apt-get install proftpd
Caso no final da instalação seja mostrado uma tela como na imagem abaixo, encolha a opção autônomo.
Após concluir a instalação, iremos configurar o servidor PROFTPD.
1º Passo: criar um backup do proftpd.conf para proftpd.conf-bkp, com o comando abaixo:
# cp /etc/proftpd/proftpd.conf /etc/proftpd/proftpd.conf-bkp
2º Passo: Criar um diretório “FTP” onde achar melhor no meu caso achei melhor criar em “/home/ftp” com o seguinte comando:
# mkdir /home/ftp
3º Passo: Mudar as configurações do proftpd.conf com as linhas abaixo e salvar e sair.
__________________________________________________________________________________________________
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes, reload proftpd after modifications, if
# it runs in daemon mode. It is not required in inetd/xinetd mode.
# Includes DSO modules
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
# If set on you can experience a longer connection delay in many cases.
IdentLookups off
ServerName "FTP-USUARIO"
ServerType standalone
DeferWelcome off
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayChdir .message true
ListOptions "-l"
DenyFilter \*.*/
# Use this to jail all users in their homes
DefaultRoot ~
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
RequireValidShell off
# Port 21 is the standard FTP port.
Port 21
# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534
# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress 1.2.3.4
# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group nogroup
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on
# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd off
# This is required to use both PAM-based authentication and local passwords
# AuthOrder mod_auth_pam.c* mod_auth_unix.c
# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile off
TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log
# Logging onto /var/log/lastlog is enabled but set to off by default
# UseLastlog on
# In order to keep log file dates consistent after chroot, use timezone info
# from /etc/localtime. If this is not set, and proftpd is configured to
# chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight
# savings timezone regardless of whether DST is in effect.
# SetEnv TZ :/etc/localtime
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine off
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
# Alternative authentication frameworks
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf
# This is used for FTPS connections
#Include /etc/proftpd/tls.conf
# Useful to keep VirtualHost/VirtualRoot directives separated
#Include /etc/proftpd/virtuals.conf
# A basic anonymous configuration, no upload directories.
<Anonymous /home/ftp/>
User ftp
Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
DirFakeUser on ftp
DirFakeGroup on ftp
#
RequireValidShell off
#
# # Limit the maximum number of anonymous logins
MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
</Anonymous /home/ftp/>
# Include other custom configuration files
Include /etc/proftpd/conf.d/
__________________________________________________________________________________________________
4º Passo: Após terminar toda modificação restart o serviço com o comando abaixo:
# /etc/init.d/proftpd restart
Cadastrando Usuários no Linux
Os usuários, podem ser cadastrados no linux de duas formas, e estas são:
1 – Com acesso shell
2 – Sem acesso shell
Vamos pela forma simples? Cadastrando com acesso ao shell, assim o seu usuário pode também acessar via SSH o servidor (esta é minha necessidade no momento).
No meu caso, eu também precisei mudar o diretório HOME do usuário, para isso acrescentei o parâmetro -d após o comando useradd, veja:
# mkdir /home/ftp/Pasta_Usuario
# useradd usuario -d /home/ftp/Pasta_Usuario/
E atrelei o usuário junto ao Diretório que criei para o usuário com o comando:
# chown -R usuario:usuario /home/ftp/Pasta_Usuario/
E criei a senha para o usuário com o comando:
# passwd usuario
Feito isso, vá no navegador de sua preferência e digite ftp://SEU-IP-AQUI. Ex: ftp://192.168.0.1
É isso pessoal, se tiver dificuldade em qualquer coisa, deixe suas dúvidas nos comentários que tentarei responder o mais breve possível.
Viva o Mundo Linux!
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file. # To really apply changes, reload proftpd after modifications, if # it runs in daemon mode. It is not required in inetd/xinetd mode. # Includes DSO modules Include /etc/proftpd/modules.conf # Set off to disable IPv6 support which is annoying on IPv4 only boxes. UseIPv6 off # If set on you can experience a longer connection delay in many cases. IdentLookups off ServerName "FTP-USUARIO" ServerType standalone DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutNoTransfer 600 TimeoutStalled 600 TimeoutIdle 1200 DisplayLogin welcome.msg DisplayChdir .message true ListOptions "-l" DenyFilter \*.*/ # Use this to jail all users in their homes DefaultRoot ~ # Users require a valid shell listed in /etc/shells to login. # Use this directive to release that constrain. RequireValidShell off # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. # PassivePorts 49152 65534 # If your host was NATted, this option is useful in order to # allow passive tranfers to work. You have to use your public # address and opening the passive ports used on your firewall as well. # MasqueradeAddress 1.2.3.4 # This is useful for masquerading address with dynamic IPs: # refresh any configured MasqueradeAddress directives every 8 hours <IfModule mod_dynmasq.c> # DynMasqRefresh 28800 </IfModule> # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 30 # Set the user and group that the server normally runs at. User proftpd Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords: # PersistentPasswd off # This is required to use both PAM-based authentication and local passwords # AuthOrder mod_auth_pam.c* mod_auth_unix.c # Be warned: use of this directive impacts CPU average load! # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. # # UseSendFile off TransferLog /var/log/proftpd/xferlog SystemLog /var/log/proftpd/proftpd.log # Logging onto /var/log/lastlog is enabled but set to off by default # UseLastlog on # In order to keep log file dates consistent after chroot, use timezone info # from /etc/localtime. If this is not set, and proftpd is configured to # chroot (e.g. DefaultRoot or <Anonymous>), it will use the non-daylight # savings timezone regardless of whether DST is in effect. # SetEnv TZ :/etc/localtime <IfModule mod_quotatab.c> QuotaEngine off </IfModule> <IfModule mod_ratio.c> Ratios off </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://www.securityfocus.com/bid/11430/discuss # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine off ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine off </IfModule> # Alternative authentication frameworks #Include /etc/proftpd/ldap.conf #Include /etc/proftpd/sql.conf # This is used for FTPS connections #Include /etc/proftpd/tls.conf # Useful to keep VirtualHost/VirtualRoot directives separated #Include /etc/proftpd/virtuals.conf # A basic anonymous configuration, no upload directories. <Anonymous /home/ftp/> User ftp Group nogroup # # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # # Cosmetic changes, all files belongs to ftp user DirFakeUser on ftp DirFakeGroup on ftp # RequireValidShell off # # # Limit the maximum number of anonymous logins MaxClients 10 # # # We want 'welcome.msg' displayed at login, and '.message' displayed # # in each newly chdired directory. DisplayLogin welcome.msg DisplayChdir .message # # # Limit WRITE everywhere in the anonymous chroot <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> # </Anonymous /home/ftp/> # Include other custom configuration files Include /etc/proftpd/conf.d/
