ProFTPD - Customized FTP server instance

'' This article Originally by mindbender. at Linkstationwiki.org It is presently being reworked by shryke at globalmessageexchange dot de. ''

The FTP deamons
The Linkstation comes with two different FTP Server deamons: and an intuitive way of handling access restrictions.
 * 1) WU-FTPD which has come to ages and will not be discussed here.
 * 2) PROFTPD which is the one we are going to use, because it is has a nice user-management

The deeper sense of delivering two deamons escapes me, for PROFTPD is perfectly capable of handling anonymous access. But in the stock version, WU-FTPD is used for handling this task, anyway.

Stock Proftpd v1.2.9 on LS 2 (MIPSel)
There is a script file to start wu-ftpd or proftpd (depending on whether you choose anonymous or user-based FTP). This file resides here: /etc/init.d/ftpd and gets called during boot sequence via symlink S92ftpd in rc2.d. This script calls /usr/sbin/proftpd and the configuration file to customize the behavior of the deamon is /etc/proftpd.conf.

Directory Structure
Here is a sample configuration: Motivation: We want to set up a simple server to allow for our friends to download some files we prepared for them and also give them the opportunity to upload whatever they want.


 * /mnt/hda/ftp is the root directory of our ftp server.
 * /mnt/hda/ftp/pub (here you put the files they can download)
 * /mnt/hda/ftp/incoming (here they can upload whatever they want)

To set the rights for the directories, you edit the proftpd.conf.

vi /etc/proftpd.conf WARNING!!! Any changes you make here will be reset by the linkstation´s stock software at reboot ! To make your changes last, please look into chapter Make your changes permanent ServerName             LinkStation ServerType             standalone DefaultServer          on ServerIdent             off AuthPAMAuthoritative   on AuthPAMConfig           ftp Port                   21 Umask                  000 TimesGMT               off UseReverseDNS          off IdentLookups           off MaxInstances           100 User                   nobody Group                  nogroup RootLogin              off DefaultRoot            /mnt/hda/ftp DefaultTransferMode    binary TimeoutIdle            900 TimeoutLogin           120 ScoreboardFile         /var/log/scoreboardfile AllowStoreRestart      on AllowRetrieveRestart    on AllowOverwrite          on  SocketOptions rcvBuf    131070 SocketOptions sndBuf   131070  DenyAll    DenyAll     AllowAll   DenyAll     AllowAll   DenyAll </Limit> </Directory>

In the subdir pub there is no write access and in the subdir incoming anybody can upload anything, but they cannot delete files or remove directories. Users are being caged into the chroot environment and can´t escape /mnt/hda/ftp

Virtual users
'' by casachi at Linkstationwiki.org ''

As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file (I wanted to assign different priviledges to virtual users).

The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).

Authentication with "virtual users" (non-system users)

I added these to my config file

AuthPAMAuthoritative off AuthPAMConfig ftp AuthGroupFile /etc/ftp2ndgroup AuthUserFile /etc/ftp2ndpasswd

What happens then is that, if the user has a "regular account" on the linkstation (i.e. the user is in the usual /etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password.

So you dont have to duplicate your own user account. If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked up. The format is exactly the same as /etc/passwd but you have to use fake id number that won´t overlap with the ones in the normal passwd file.

To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command. In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shells.

Making your changes permanent (LS-CHL-V2)
See here: http://forum.buffalo.nas-central.org/viewtopic.php?f=39&t=20436

Make your changes permanent
(No longer current)

You probably want to make your configuration changes permanent, so you need to keep the linkstation from rewriting the file /etc/proftpd.conf. If you do this, you lose the simplicity of the ftp server configuration by web-interface, but you gain full control of the ftp server on your linkstation.

To achieve this, the file /etc/init.d/mkshare.sh needs to be edited. Only the 5 lines below need to be commented out.
 * 1)       echo "FTP configration file generating..."

vi /etc/init.d/mkshare.sh

if [ -x /bin/mkcode ]; then echo "Netatalk configration file generating..." /bin/mkcode -a > /dev/null /bin/nkf -sEO /etc/atalk/AppleVolumes.default /tmp/AppleVolumes mv -f /tmp/AppleVolumes /etc/atalk/AppleVolumes.default echo "Samba configration file generating..." /bin/mkcode -s > /dev/null /bin/nkf -sEO /etc/samba/smb.conf /tmp/smb.conf mv -f /tmp/smb.conf /etc/samba/smb.conf fi
 * 1) generate configuration files
 * 1)       echo "FTP configration file generating..."
 * 2)       /bin/mkcode -f > /dev/null
 * 3)       /bin/nkf -sEO /etc/wu-ftpd/ftpaccess /tmp/ftpaccess
 * 4)       mv -f /tmp/ftpaccess /etc/wu-ftpd/ftpaccess
 * 5)       /bin/nkf -sEO /etc/proftpd.conf /tmp/proftpd.conf
 * 6)       mv -f /tmp/proftpd.conf /etc/proftpd.conf

Now you can edit /etc/proftpd.conf and it will actually stay that way.