Solved

install and setup a secure ftp server using proftpd

Posted on 2004-10-08
4
2,121 Views
Last Modified: 2013-12-15
Hi I want to setup proftpd server.  Currently I am using Redhat Linux
Advance Server 2.1 installed on IBM 232 server .

1. Where can I find the latest version of proftpd?
2. Should Iinstall the *bz2 or tgz or rpm version?
3. How can I install it?
4. would i have any problems or conflict with an existing version of any ftp?
5. How to configure it?
6. I would have inside the ftp server users directoriers each user can read write
his own directory and  read/view other directories, the usesrs will not have any login
access to ftp server?
7. The server will be accessed throu the insternet how can i make it
as much as i can a secure server? and allow only subnet work to access it ?

Thanks
0
Comment
Question by:madunix
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12263999
> 1. Where can I find the latest version of proftpd?

http://www.proftpd.org/

> 2. Should Iinstall the *bz2 or tgz or rpm version?

For RHEL 2.1 AS you need to get the source distribution and build your own copy.

> 3. How can I install it?

After the ./configure & make you'll do a 'make install'. See the ProFTP docs in the source tarball.

> 4. would i have any problems or conflict with an existing version of any ftp?

Yes, and you should remove the RHEL FTP server or any other that might have been installed.

> 5. How to configure it?

By editing the proftpd.conf file after installation.

> 6. I would have inside the ftp server users directoriers each user can read write his own directory

The default for ProFTP is to chroot users to their home directory, so access outside of that area isn't allowed.

> 7. The server will be accessed throu the insternet how can i make it as much as i can a secure
> server?

ProFTP canuse its own, private copy, or a password file. When configured in that manner the FTP users don't need Linux accounts and thus don't have login access to the server.
0
 
LVL 25

Author Comment

by:madunix
ID: 12270289
I downloaded and installed the proftpd ....

[root@rhwebapp root]# /usr/local/sbin/proftpd
 - warning: AuthPAMAuthoritative is deprecated
[root@rhwebapp root]# ps -aux | grep ftp
nobody    1346  0.0  0.1  2380 1240 ?        S    13:51   0:00 proftpd: (accepti
root      1348  0.0  0.0  1732  580 pts/0    S    13:51   0:00 grep ftp

it looks okay for me ....   but when I try to ftp to the server it gave
[root@rhwebapp root]# ftp localhost
Connected to localhost (127.0.0.1).
421 Service not available, remote server has closed connection
ftp> quit

What could be the problem?
what about the warning with PAM?
my configuration file (part of it)

# To have more informations about Proftpd configuration
# look at : http://www.proftpd.org/
#
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "THIS FTP SERVER IS RESTRICTED TO AUTHORIZED USERS"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

DebugLevel                     9
SystemLog                      /var/log/proftpdlog
TransferLog                    /var/log/xferlog



# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances                    2

ScoreboardFile                  /var/run/proftpd
RequireValidShell               off

AuthPAMAuthoritative            off

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
......
0
 
LVL 25

Author Comment

by:madunix
ID: 12311670
yep it works now added localhost to <LIMIT LOGIN>

I want to enforce my proftpd to listen on another IP A.B.C.D than the primary IP X.Y.Z.W
I mean to listen on another interface with another IP which is not the Primary
can any one help in this issue, where to alocate virtualhost and what should be inside
my config file
----//-------------
ServerName                      "FTP SERVER"
ServerType                      standalone
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

DebugLevel                     9
SystemLog                      /var/log/proftpdlog
TransferLog                    /var/log/xferlog
MaxInstances                    2

ScoreboardFile                  /var/run/proftpd
RequireValidShell               off

AuthPAMAuthoritative            off

# Set the user and group under which the server will run.
User                            nobody
Group                           nogroup

<Directory />
  AllowOverwrite                on
</Directory>

<Limit LOGIN>
Order allow,deny
Allow from 127.0.0.1,.trusted-domain.org
Deny from all
</Limit>



<Anonymous ~ftp>
   user                  abc
   group                 ftp

   AnonRequirePassword   on
</Anonymous>


<Anonymous ~ftp>
   user                  xyz
   group                 ftp

   AnonRequirePassword   on
</Anonymous>
---------------//-------------------
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12725706
By defualt ProFTP will listen on all IP's. Do you need it not to listen on the primary and only listen on the secondary?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question