Solved

How to configure ProFTPd for file upload and download

Posted on 2011-03-06
1
1,185 Views
Last Modified: 2012-08-14
Request assistance on setting up my ProFTPd module on an Ubuntu 10.10 OS.  I need an upload and download FTP that does not need any login requirements such as username or passwords.  I am not concerned with the associated security risks.  Just need help with configuring the following ProFTPd script for upload and download without username/password:  


#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
#UseIPv6                        on
# If set on you can experience a longer connection delay in many cases.
IdentLookups                  off

ServerName                  "Debian"
ServerType                  standalone
DeferWelcome                  off

MultilineRFC2228            on
DefaultServer                  on
ShowSymlinks                  on

TimeoutNoTransfer            600
TimeoutStalled                  600
TimeoutIdle                  1200

DisplayChdir                     .message true
ListOptions                      "-l"

DenyFilter                  \*.*/

# Use this to jail all users in their homes
# DefaultRoot                  ~

# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell            off

# Port 21 is the standard FTP port.
Port                        21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts                  49152 65534

# If your host was NATted, this option is useful in order to
# allow passive tranfers to work. You have to use your public
# address and opening the passive ports used on your firewall as well.
# MasqueradeAddress            1.2.3.4

# This is useful for masquerading address with dynamic IPs:
# refresh any configured MasqueradeAddress directives every 8 hours
<IfModule mod_dynmasq.c>
# DynMasqRefresh 28800
</IfModule>

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                  10

# Set the user and group that the server normally runs at.

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                        022  022
# Normally, we want files to be overwriteable.
AllowOverwrite                  on

# Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:
# PersistentPasswd            off

# This is required to use both PAM-based authentication and local passwords
# AuthOrder                  mod_auth_pam.c* mod_auth_unix.c

# Be warned: use of this directive impacts CPU average load!
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
#
# UseSendFile                  off

TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log

<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>

<IfModule mod_ratio.c>
Ratios off
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>

#
# Alternative authentication frameworks
#
#Include /etc/proftpd/ldap.conf
#Include /etc/proftpd/sql.conf

#
# This is used for FTPS connections
#
#Include /etc/proftpd/tls.conf

#
# Useful to keep VirtualHost/VirtualRoot directives separated
#
#Include /etc/proftpd/virtuals.con

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
#   User                        nobody
#   Group                        nogroup
#   # We want clients to be able to login with "anonymous" as well as "ftp"
#   UserAlias                  anonymous ftp
#   # Cosmetic changes, all files belongs to ftp user
#   DirFakeUser      on ftp
#   DirFakeGroup on ftp
#
#   RequireValidShell            off
#
#   # Limit the maximum number of anonymous logins
   MaxClients                  10
#
#   # We want 'welcome.msg' displayed at login, and '.message' displayed
#   # in each newly chdired directory.
#   DisplayLogin                  welcome.msg
#   DisplayChdir            .message
#
#   # Limit WRITE everywhere in the anonymous chroot
#   <Directory *>
     <Limit WRITE>
DenyAll
Allow all
     </Limit>
#   </Directory>
#
#   # Uncomment this if you're brave.
#   # <Directory incoming>
#   #   # Umask 022 is a good standard umask to prevent new files and dirs
#   #   # (second parm) from being group and world writable.
      Umask                        022  022
               <Limit READ WRITE>
DenyAll
Allow all
               </Limit>
               <Limit STOR>
AllowAll
Allow all
               </Limit>
#   # </Directory>
#
# </Anonymous>
<Global>
RootLogin off
AnonRequirePassword off
LoginPasswordPrompt off
AllowOverwrite on
AuthAliasOnly on
RequireValidShell off
UseFtpUsers off
</Global>
RootLogin off
AuthAliasOnly off
UseFtpUsers off
0
Comment
Question by:callawar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 9

Accepted Solution

by:
expert_tanmay earned 500 total points
ID: 35053365
Un-comment the lines
#   DirFakeUser      on ftp
#   DirFakeGroup on ftp

Remove the line DenyAll from <Limit WRITE> and <Limit READ WRITE>

create a user called ftp and a group called ftp. User ftp should belong to group ftp. In /home the folder ftp must be there and with full access to user and group ftp.

Cheers...
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question