www.ProFTPD.de

# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)

ServerName "ProFTPD Anonymous Server"
ServerType standalone

# Port 21 is the standard FTP port.
Port 21

# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
#  DenyAll
#</Limit>

# Set the user and group that the server normally runs at.
User nobody
Group nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

  # Allow logins if they are disabled above.
  <Limit LOGIN>
    AllowAll
  </Limit>

  # Maximum clients with message
  MaxClients 5 "Sorry, max %m users -- try again later"

  User ftp
  Group ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias anonymous ftp

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
  <Directory /usr/local/private>
    <Limit READ>
      DenyAll
    </Limit>

    <Limit STOR>
      AllowAll
    </Limit>
  </Directory>
</Anonymous>

# A second anonymous ftp section.  Users can login as "private".  Here
# we hide files owned by root from being manipulated in any way.

<Anonymous /usr/local/private>
  User bobf
  Group users
  UserAlias private bobf
  UserAlias engineering bobf

  # Deny access from *.evil.net and *.otherevil.net, but allow
  # all others.
  <Limit LOGIN>
    Order deny,allow
    Deny from .evil.net, .otherevil.net
    Allow from all
  </Limit>

  # We want all uploaded files to be owned by 'engdept' group and
  # group writable.
  GroupOwner engdept
  Umask 006

  # Hide all files owned by user 'root'
  HideUser root

  <Limit WRITE>
    DenyAll
  </Limit>

  # Disallow clients from any access to hidden files.
  <Limit READ DIRS>
    IgnoreHidden on
  </Limit>

  # Permit uploading and creation of new directories in
  # submissions/public

  <Directory /usr/local/private>
    <Limit READ>
      DenyAll
      IgnoreHidden on
    </Limit>

    <Limit STOR MKD RMD XMKD XRMD>
      AllowAll
      IgnoreHidden on
    </Limit>
  </Directory>
</Anonymous>

# The last anonymous example creates a "guest" account, which clients
# can authenticate to only if they know the user's password.

<Anonymous ~guest>
  User guest
  Group nobody
  AnonRequirePassword on

  <Limit LOGIN>
    AllowAll
  </Limit>

  # Deny write access from all except trusted hosts.
  <Limit WRITE>
    Order allow, deny
     Deny from all
  </Limit>
</Anonymous>