www.ProFTPD.de

# Server version 1.2.0

ServerName                      "Benji´s FTP Server"
#ServerType                     inetd
ServerType                      Standalone
ServerAdmin                     ftpadm@localhost
#
# uncomment, if you want to hide the servers name:
#
#ServerIdent                    on      "FTP Server ready"
DeferWelcome                    on
DefaultServer                   on

# Enable PAM for authentication...
#
AuthPAM                         on

# Setting this directive to on will cause authentication to fail
# if PAM authentication fails. The default setting, off, allows
# other modules and directives such as AuthUserFile and friends
# to authenticate users.
#
#AuthPAMAuthoritative           off

# This directive allows you to specify the PAM service name used
# in authentication (default is "proftpd" on SuSE Linux).
# You have to setup the service in the /etc/pam.d/<other_name>.
#
#AuthPAMConfig                  <other_name>

# Port 21 is the standard FTP port.
Port                            21

# disable listen on 0.0.0.0:21 - the port (and IP) should
# be specified explicitly in each VirtualHost definition
#
#Port                           0

# listen for each (additional) address explicitly that is
# specified (via Bind and Port) in a VirtualHost definition
#
#SocketBindTight                        on


# Umask 022 is a good standard umask to prevent new dirs
# and files from being group and world writable.
Umask                           022

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite                on
  HiddenStor                    on
  #HideNoAccess                 on
</Directory>

# protect .ftpaccess and similar - see also PathDenyFilter
#<Directory /*.ftp*>
#  <Limit ALL>
#    DenyAll
#    IgnoreHidden               on
#  </Limit>
#</Directory>

# It is a very good idea to allow only filenames containing normal
# alphanumeric characters for uploads (and not shell code...)
#PathAllowFilter "^[a-zA-Z0-9_.-]+$"
#PathAllowFilter "^[a-zA-Z0-9 _.-]+$"

# We don't want .ftpaccess or .htaccess files to be uploaded
#PathDenyFilter "(\.ftp)|(\.ht)[a-z]+$"
#PathDenyFilter "\.ftp[a-z]+$"

# Do not allow to pass printf-Formats (security! see documentation!):
#AllowFilter "^[a-zA-Z0-9@~ /,_.-]*$"
DenyFilter  "%"

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                   30

# Performance: skip DNS resolution when we process the logs...
#UseReverseDNS        off

# Turn off Ident lookups
#IdentLookups         off

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
#TimeoutStalled                  300

# Where do we put the pid files?
#ScoreboardPath       /var/run/proftpd

#
# Logging options
#
TransferLog          /var/log/xferlog

# Some logging formats
#
#LogFormat            default "%h %l %u %t \"%r\" %s %b"
#LogFormat            auth    "%v [%P] %h %t \"%r\" %s"
#LogFormat            write   "%h %l %u %t \"%r\" %s %b"

# Log file/dir access
#ExtendedLog          /var/log/proftpd.access_log    WRITE,READ write

# Record all logins
#ExtendedLog          /var/log/proftpd.auth_log      AUTH auth

# Paranoia logging level....
##ExtendedLog          /var/log/proftpd.paranoid_log  ALL default

#
# Do a chroot for web-users (i.e. public or www group), but
# do not change root if the user is also in the users group...
#
#DefaultRoot ~/public_html       public,!users
#
DefaultRoot /data1/ftp

# resume wird erlaubt
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on

# macht den Server FXP able
AllowForeignAddress on

# Limit login attempts
#MaxLoginAttempts                3

# Users needs a valid shell
#RequireValidShell               yes

#
# Use special Auth files instead....
#
#AuthUserFile                    /var/proftpd/authfiles/passwd
#AuthGroupFile                   /var/proftpd/authfiles/group

#
# Use LDAP server - see README.LDAP
#
#LDAPServer         "localhost"
#LDAPPrefix         "dc=your,dc=domain,dc=top"
#LDAPDN             "cn=YourDNUser,dc=your,dc=domain,dc=top"
#LDAPDNPass         "YourDNUserPassword"


# The ratio directives take four numbers: file ratio, initial file
# credit, byte ratio, and initial byte credit.  Setting either ratio
# to 0 disables that check.
#
# The directives are HostRatio (matches FQDN -- wildcards are allowed
# in this one), AnonRatio (matches password entered in an anon login,
# usually an email address), UserRatio (accepts "*" for 'any user'),
# and GroupRatio.  Matches are looked for in that order.
#
# Some examples:
#
# Ratios     on                                 # enable module
# UserRatio  ftp 0 0 0 0
# HostRatio  anyhost.domain.top 0 0 0 0         # leech access (default)
# GroupRatio proftpd 100 10 5 100000            # 100:1 files, 10 file cred
# AnonRatio  auser@domain.top 1 0 1 0           # 1:1 ratio, no credits
# UserRatio  * 5 5 5 50000                      # special default case
#
# Setting "Ratios on" without configuring anything else will enable
# leech mode: it logs activity and sends status messages to the ftp
# client, but doesn't restrict traffic.


#
# uncomment for anonymous...:
#
#<Anonymous ~ftp>
<Anonymous ~ftp>
     # After anonymous login, daemon runs as:
     User                       ftp
     Group                      public


     # We want clients to be able to login with "anonymous" as well as "ftp"
     UserAlias                  anonymous ftp

     # Limit the maximum number of anonymous logins
     MaxClients         10

     # We want 'welcome.msg' displayed at login, and '.message' displayed
     # in each newly chdired directory.
     DisplayLogin               msgs/welcome.msg
     DisplayFirstChdir          .message

    #  Deny write operations to all directories, underneath root-dir
    #  Default is to allow, so we don't need a <Limit> for read operations.
     <Directory *>
          <Limit WRITE>
                DenyAll
#               allowall
          </Limit>
     </Directory>

    #  Only uploads into incomming directory are allowed...
     <Directory incoming>

          Umask  017

          # ... so deny read/write
          <Limit READ WRITE DIRS>
               DenyAll
          </Limit>

         # ... allow file storing, but not other writes
          <Limit STOR CWD CDUP>
               AllowAll
          </Limit>

     </Directory>

</Anonymous>

RequireValidShell off
<Anonymous  /data1/ftp >
 User  ftp               # After anonymous login, daemon runs as user ftp
 Group ftp               # After anonymous login, daemon runs as group ftp
 UserAlias anonymous ftp # Client login as 'anonymous' is aliased to 'ftp'

 <Directory *>
  <Limit WRITE>    # Alle Schreibzugriffe unter dem root-Verzeichnis verbieten
   DenyAll         # Standard ist "erlauben", daher brauchen wir kein
  </Limit>         # <Limit> für Lesezugriffe erlauben
 </Directory>

 <Directory incoming>    
  <Limit READ WRITE>   # Nur das Hochladen von Dateien in das
   DenyAll             # Verzeichnis incoming erlauben
  </Limit>
  <Limit STOR>
   AllowAll
  </Limit>
 </Directory>
</Anonymous>

linux:~ # cd /data1/ftp
linux:/data1/ftp # ll
total 31146
drwxrwxrwx   6 nobody   nogroup       272 Jun 12 14:23 .
drwxrwxrwx  16 root     root          362 Jun 10 19:07 ..
drwxr-xr-x   2 benji    users          35 Jun 10 19:55 1
drwxr-xr-x   2 benji    users          35 Jun 10 19:55 2
drwxr-xr-x   2 benji    users          35 Jun 12 14:23 3
drwxrwxrwx   2 benji    users         119 Jun 12 14:22 incoming
-rw-r--r--   1 benji    users    14836160 Jun 10 20:35 vms-hca.r00
-rw-r--r--   1 benji    users     1245184 Jun 10 20:00 vms-hca.r01
-rw-r--r--   1 benji    users    15000000 Jun 10 20:12 vms-hca.r05
-rw-r--r--   1 benji    users      311296 Jun 10 20:08 vms-hca.r43
-rw-r--r--   1 benji    users      196608 Jun 10 20:09 vms-hca.r59
-rw-r--r--   1 benji    users      294912 Jun 10 20:01 vms-hcb.r24
linux:/data1/ftp #

Umask     0111 0000

linux:/data1/ftp/incoming # ls -la
total 11504
-rw-rw----   1 ftp      public    2541693 Jun 12 14:22 (Kitaro Kojiki) Reimei.mp3
drwxrwxrwx   2 benji    users         164 Jun 12 18:33 .
drwxrwxrwx   6 nobody   nogroup       272 Jun 12 14:23 ..
-rw-rw----   1 ftp      public     846424 Jun 12 18:33 Flash FXP 1.4.3 Build 835.exe
-rw-rw----   1 ftp      public    8388608 Jun 12 14:20 XMAS_base16_2xI_emu_au.img

-rw-rw-rw-    1 www      www          5894 Jun 13 10:25 index.php  

<Anonymous /data1/ftp>
     # After anonymous login, daemon runs as:
     User                       ftp
     Group                      public

     # We want clients to be able to login with "anonymous" as well as "ftp"

    #  Deny write operations to all directories, underneath root-dir
    #  Default is to allow, so we don't need a <Limit> for read operations.
     <Directory *>
          <Limit WRITE>
     DisplayFirstChdir          .message

    #  Deny write operations to all directories, underneath root-dir
    #  Default is to allow, so we don't need a <Limit> for read operations.
     <Directory *>
          <Limit WRITE>
                DenyAll
          </Limit>
     </Directory>

    #  Only uploads into incomming directory are allowed...
     <Directory incoming>
#        Umask 0111 0000
          Umask  017

#          # ... so deny read/write
#          <Limit READ WRITE DIRS>
#               DenyAll
#          </Limit>

         # ... allow file storing, but not other writes
#          <Limit STOR CWD CDUP>
          <Limit STOR>
               AllowAll
          </Limit>

     </Directory>