Difference between revisions of "ProFTPD - Customized FTP server instance"

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search
Line 25: Line 25:
=== Stock Proftpd v1.2.9 ===
=== Stock Proftpd v1.3.0 ===
Line 114: Line 114:

Revision as of 20:10, 6 August 2006

This article Originally by mindbender. at Linkstationwiki.org


  • check everything in the posts if it works

DONE! it works like a charm...

  • make a step by step tutorial

and add some sample configs, so using proftpd gets easier and users get more understanding for the most important parts of config file (with virtual users....i think most user would like to have virtual users rather than authentication over PAM = over System users)

  • make the tutorial idiot proof (so user only have to care about the ftp-shares-config-part)

If you know it better -> plz change!

This information is based on the forum posts of casachi:


Stock Proftpd v1.3.0

Enabling the stock-config afterwards
I don't know what happens exactly, but i think that there will be problems by two instances of proFtpd trying to run on the same port

  • Disable your default ftp-server over the webinterface
  • Create a new startup file /etc/init.d/ftpd2nd and copy the the text below into it.

Note the command /usr/sbin/proftpd -c /etc/proftpd2nd.conf specifying the alternate config file.

 vi /etc/init.d/ftpd2nd

# ftpd - startup script for ftpd
# This goes in /etiiic/init.d and gets run at boot-time.
# chkconfig 2 92 92
#. /etc/timezone
. /etc/melco/ftpstatus > /dev/null 2>&1 
if ! [ -x /usr/sbin/proftpd ]; then
exit 0
# delete shutdown message
if [ -f /etc/shutmsg ] ; then
rm -f /etc/shutmsg
echo "Start services: proftpd2nd"
/usr/sbin/proftpd -c /etc/proftpd2nd.conf
logger -t ${tag} -p ${facility} -i 'Started proftpd2nd'
echo "Stop services: proftpd2nd"
/sbin/start-stop-daemon --stop --quiet --exec /usr/sbin/proftpd
logger -t ${tag} -p ${facility} -i 'Stopped proftpd2nd'
case "$1" in
sleep 1
echo "usage: $0 { start | stop | restart}" >&2
exit 1
exit 0

  • Link this startup file to the 0, 2 and 6 Runlevel (startup & shutdown)
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc0.d/K92ftpd2nd
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc2.d/S92ftpd2nd
ln -s /etc/init.d/ftpd2nd /etc/rc.d/rc6.d/K92ftpd2nd
  • Now your proFTPd is ready for customizing. move to the configuration part

READY TILL HERE by mindbender

Installation should be complete and your ftp-server should be running automaticaly if you reboot the linkstation....the rest is only configuration ;p


  • transform the casachis forum posts for the configuration into a step-by-step-tutorial
  • add some basic sample-configs for virtual users


As documentation I looked into http://www.proftpd.org/docs/ mainly to look what I needed for the config file (I wanted to assign different priviledges to virtual users).

To start with you can just create /etc/proftpd2nd.conf as a copy of /etc/proftpd.conf so the new instance of proftpd should behave exactly as the original one (the original one must not be running, otherwise they would conflict on the use of port 21).

Then you can start changing /etc/proftpd2nd.conf to your liking, I would suggest modifying the following

ScoreboardFile /var/log/scoreboardfile2nd
PidFile /var/run/proftp2nd.pid
TransferLog /var/log/xferlog2nd

So the new instance and the old one would use different files for log/pid/vardata.

The rest is really up to what you want to do with the new server, proftpd is very flexible. I really enjoyed the granularity on access priviledges on a user basis and the possibility to create "virtual users" (ftp users without the need of a full account on the linkstation).

Authentication with "virtual users" (non-system users)

I added these to my config file

AuthPAMAuthoritative off
AuthPAMConfig ftp 
AuthGroupFile /etc/ftp2ndgroup
AuthUserFile /etc/ftp2ndpasswd

What happens then is that, if the user has an "regular account" on the linkstation (i.e. the user is in the usual /etc/passwd file and the group is in the /etc/group file) then he/she can login with the linkstation login password. So you dont have to duplicate your own user account. If the user is not in /etc/passwd then the file /etc/ftp2ndpasswd is looked. The format is exactly the same as /etc/passwd but you have to use fake id number that wont overlap with the ones in the normal passwd file. To generate password hashes needed in /etc/passwd, you can use the "htpasswd -n username" command. In some cases it might be needed for the home directory and the shell indicated in /etc/ftp2ndpasswd do actually point to existing directories and shell.

Something else: the logfile

You might want to add /var/log/xferlog2nd to the list of files that are log-rotated. You can do that by creating a file /etc/logrotate.d/proftp2nd with content:

/var/log/xferlog2nd {
/usr/local/bin/kill -HUP `cat /var/run/proftp2nd.pid 2>/dev/null`  
2>/dev/null || true