| |
| Name | <Anonymous> |   |
| Syntax | <Anonymous root-directory> |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | |
| From version | 0.99.0 |
| Description | The Anonymous configuration block is used to create an anonymous FTP login, and is terminated by a matching </Anonymous> directive. The root-directory parameters specifies which directory the daemon will first chdir to, and then chroot, immediately after login. Once the chroot operation successfully completes, higher level directories are no longer accessible to the running child daemon (and thus the logged in user). By default, proftpd assumes an anonymous login if the remote client attempts to login as the currently running user; unless the current user is root, in which case anonymous logins are not allowed regardless of the presence of an <Anonymous> block. To force anonymous logins to be bound to a user other than the current user, see the User and Group directives. In addition, if a User or Group directive is present in an <Anonymous> block, the daemon permanently switches to the specified uid/gid before chroot()ing. Normally, anonymous logins are not required to authenticate with a password, but are expected to enter a valid e-mail address in place of a normal password (which is logged). If this behavior is undesirable for a given <Anonymous> configuration block, it can be overridden via the AnonRequirePassword directive.
Note: Chroot()ed anonymous directories do not need to have supplemental system files in them, nor do they need to have any sort of specific directory structure. This is because proftpd is designed to acquire as much system information as possible before the chroot, and to leave open those files which are needed for normal operation and reside outside the new root directory. |
| Example 1 | <Anonymous /home/ftp>
User ftp # After anonymous login, daemon runs as user ftp
Group ftp # After anonymous login, daemon runs as group ftp
UserAlias anonymous ftp # Client login as 'anonymous' is aliased to 'ftp'
<Directory *>
<Limit WRITE> # Alle Schreibzugriffe unter dem root-Verzeichnis verbieten
DenyAll # Standard ist "erlauben", daher brauchen wir kein
</Limit> # <Limit> für Lesezugriffe erlauben
</Directory>
<Directory incoming>
<Limit READ WRITE> # Nur das Hochladen von Dateien in das
DenyAll # Verzeichnis incoming erlauben
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous> |
| Example 2 | |
| 06.00.2003 23:00 |
|
|
| |
| Name | <Directory> | |
| Syntax | <Directory pathname> |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | This directive creates a block of configuration directives which applies only to the specified directory and its sub-directories. The block is ended with </Directory>. Per-directory configuration is enabled during run-time with a "closest" match algorithm, meaning that the <Directory> directive with the closest matching path to the actual pathname of the file or directory in question is used. Per-directory configuration is inherited by all sub-directories until a closer matching <Directory> is encountered, at which time the original per-directory configuration is replaced with the closer match. Note that this does not apply to <Limit> </Limit> blocks, which are inherited by all sub-directories until a <Limit> block is reached in a closer match.
A trailing slash and wildcard ("/*") can be appended to the directory, specifying that the configuration block applies only to the contents (and sub-contents), not to the actual directory itself. Such wildcard matches always take precedence over non-wildcard <Directory> configuration blocks. <Directory> blocks cannot be nested (they are automatically nested at run-time based on their pathnames). Pathnames must always be absolute (except inside <Anonymous>), and should not reference symbolic links. Pathnames inside an <Anonymous> block can be relative, indicating that they are based on the anonymous root directory.
[Notes for ProFTPD 1.1.3 and later only] Pathnames that begin with the special character '~' and do not specify a username immediately after ~ are put into a special deferred mode. When in deferred mode, the directory context is not hashed and sorted into the configuration tree at boot time, but rather this hashing is deferred until a user authenticates, at which time the '~' character is replaced with the user's home directory. This allows a global <Directory> block which applies to all user's home directories, or sub-directories thereof. |
| Example 1 | <Directory /users/anybody/private>
HideNoAccess
</Directory> |
| Example 2 | <Directory ~/anon-ftp>
<Limit WRITE>
DenyAll
</Limit>
</Directory> |
| 06.00.2003 20:02 |
|
|
| |
| Name | Allow | |
| Syntax | Allow ["from"] "all" | "none" | host | network |
| Context | <Limit> |
| Modul | mod_core |
| Standard | allow all |
| From version | 0.99.0pl6 |
| Description | The Allow directive is used inside a <Limit> context to explicitly specify which hosts and/or networks have access to the commands or operations being limited. Allow is typically used in conjunction with Order and Deny in order to create sophisticated (or perhaps not-so-sophisticated) access control rules. Allow takes an optional first argument; the keyword from. Using from is purely cosmetic. The remaining arguments are expected to be a list of hosts and networks which will be explicitly granted access. The magic keyword all can be used to indicate that all hosts will explicitly be granted access (analogous to the AllowAll directive, except with a lower priority). Additionally, the magic keyword none can be used to indicate that no hosts or networks will be explicitly granted access (although this does not prevent them from implicitly being granted access). If all or none is used, no other hosts or networks can be supplied. Host and network addresses can be specified by name or numeric address. For security reasons, it is recommended that all address information be supplied numerically. Relying solely on named addresses causes security to depend a great deal upon DNS servers which may themselves be vulnerable to attack or spoofing. Numeric addresses which specify an entire network should end in a trailing period (i.e. 10.0.0. for the entire 10.0.0 subnet). Named address which specify an entire network should begin with a trailing period (i.e. .proftpd.net for the entire proftpd.net domain). |
| Example 1 | <Limit Login>
Order Allow, Deny
Allow from 128.44.26., myhost.mydomain.edu.
Allow from 10.2.0.0/22
Deny from all
</Limit> |
| 06.00.2003 20:02 |
|
|
| |
| Name | <Global> | |
| Syntax | <Global> |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| From version | 1.1.6 |
| Description | The Global configuration block is used to create a set of configuration directives which is applied universally to both the main server configuration and all VirtualHost configurations. Most, but not all other directives can be used inside a Global block.
In addition, multiple <Global> blocks can be created. At runtime, all Global blocks are merged together and finally into each server's configuration. Global blocks are terminated by a matching </Global> directive. |
| 06.00.2003 20:02 |
|
|
| |
| Name | <Limit> | |
| Syntax | <Limit command|command-group [command2 ..]> |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The Limit configuration block is used to place access restrictions on one or more FTP commands, within a given context. Limits flow downward, so that a Limit configuration in the server config context applies to all <Directory> and <Anonymous> blocks that also reside in the configuration; until it is overridden by a "lower" <Limit> block. Any number of command parameters can be specified, against which the contents of the <Limit> block will be applied. command can be any valid FTP command, but is generally one of the following: CWD (Change Working Directory) Sent by client when changing directories. MKD / XMKD (MaKe Directory) Sent by client to create a new directory. RNFR (ReName FRom), RNTO (ReName TO) Sent as a pair by client to rename a directory entry. DELE (DELEte) Sent by client to delete a file. RMD / XRMD (ReMove Directory) Sent by client to remove a directory. RETR (RETRieve) Transfer a file from the server to the client. STOR (STORe) Transfer a file from the client to the server. In addition, the following command-groups are accepted. They have a lower precedence than real commands, meaning that a real command limit will always be applied instead of the command-group. READ All FTP commands which deal with file reading (directory listing not included): RETR, SITE, SIZE, STAT WRITE All FTP commands which deal with file or directory write/creation/deletion: APPE, DELE, MKD, RMD, RNTO, STOR, XMKD, XRMD DIRS All FTP commands which deal with directory listing: CDUP, CWD, LIST, MDTM, NLST, PWD, RNFR, XCUP, XCWD, XPWD ALL ALL FTP commands (identical to READ WRITE DIRS). Note this group has the lowest precedence of all; it will not override a limit imposed by another command-group (e.g. DIRS). Finally, a special command is allowed which can be used to control login access: LOGIN Connection or login to the server. Applying a <Limit> to this pseudo-command can be used to allow or deny initial connection or login to the context. It has no effect, and is ignored, when used in a context other than server config, <VirtualHost> or <Anonymous> (i.e. using it in a <Directory> context is meaningless). <Limit> command restrictions should not be confused with file/directory access permission. While limits can be used to restrict a command on a certain directory, they cannot be used to override the file permissions inherent to the base operating/file system. The following FTP commands cannot be restricted via <Limit>: ABOR HELP MODE (not implemented, always S) NOOP PASS (use <Limit LOGIN>) PASV PORT QUIT REST (use AllowRetrieveRestart, AllowStoreRestart) STRU (not implemented, always F) SYST TYPE USER (use <Limit LOGIN>)
|
| 06.00.2003 20:02 |
|
|
| |
| Name | <VirtualHost> | |
| Syntax | <VirtualHost address> |
| Context | Server config |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The VirtualHost configuration block is used to create an independent set of configuration directives that apply to a particular hostname or IP address. It is often used in conjunction with system level IP aliasing or dummy network interfaces in order to establish one or more "virtual" servers which all run on the same physical machine. The block is terminated with a </VirtualHost> directive. By utilizing the Port directive inside a VirtualHost block, it is possible to create a virtual server which uses the same address as the master server, but listens on a separate tcp port (incompatible with ServerType inetd). When proftpd starts, virtual server connections are handled in one of two ways, depending on the ServerType setting: inetd The daemon examines the destination address and port of the incoming connection handed off from inetd. If the connection matches one of the configured virtual hosts, the connection is serviced based on the appropriate configuration. If no virtual host matches, and the main server does not match, the client is informed that no server is available to service their requests and disconnected. standalone After parsing the configuration file, the daemon begins listening for connections on all configured ports, spawning child processes as necessary to handle connections for either the main server or any virtual servers. Because of the method that the daemon uses to listen for connections when in standalone mode, it is possible to support an exceedingly large number of virtual servers, potentially exceeding the number of per-process file descriptors. This is due to the fact that a single file descriptor is used to listen to each configured port, regardless of the number of addresses being monitored. Note that it may be necessary to increase the tcpBackLog value on heavily loaded servers in order to avoid kernel rejected client connections ("Connection refused").
|
| 06.00.2003 20:02 |
|
|
| |
| Name | AccessDenyMsg | |
| Syntax | AccessDenyMsg "Nachricht" |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | Hängt vom Login Typ ab |
| From version | 1.2.2 |
| Description | Normally, a 530 response message is sent to an FTP client immediately after a failed authentication attempt, with a standard message indicating the the reason of failure. In the case of a wrong password, the reason is usually "Login incorrect." It is this message can be customized with the AccessDenyMsg directive. In the message argument, the magic cookie '%u' is replaced with the username specified by the client during login. |
| Example 1 | AccessDenyMsg "Zugriff für %u ist verweigert worden" |
| 06.00.2003 20:02 |
|
|
| |
| Name | AccessGrantMsg | |
| Syntax | AccessGrantMsg "Nachricht" |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | Hängt vom Login Typ ab |
| From version | 0.99.0pl5 |
| Description | Normally, a 230 response message is sent to an FTP client immediately after authentication, with a standard message indicating that the user has either logged in or that anonymous access has been granted. This message can be customized with the AccessGrantMsg directive. In the message argument, the magic cookie '%u' is replaced with the username specified by the client during login.
|
| Example 1 | AccessGrantMsg "Zugriff gewährt für %u" |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowAll | |
| Syntax | AllowAll |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | Default is to implicitly AllowAll, but not explicit |
| From version | 0.99.0 |
| Description | The AllowAll directive explicitly allows access to a <Directory>, <Anonymous> or <Limit> block. Although proftpd's default behavior is to allow access to a particular object, the default is an implicit allow. AllowAll creates an explicit allow, overriding any higher level denial directives. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowFilter | |
| Syntax | AllowFilter regular-expression |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 1.2.0pre7 |
| Description | AllowFilter allows the configuration of a regular expression that must be matched for all command arguments sent to ProFTPD. It is extremely useful in controlling what characters may be sent in a command to ProFTPD, preventing some possible types of attacks against ProFTPD. The regular expression is applied against the arguments to the command sent by the client, so care must be taken when creating a proper regex. Commands that fail the regex match result in a "Forbidden command" error being returned to the client. If the regular-expression argument contains whitespace, it must be enclosed in quotes. |
| Example 1 | # erlaubt nur Befehle mit Alphanumerischen Zeichen und Leerzeichen
AllowFilter "^[a-zA-Z0-9 ,]*$" |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowForeignAddress | |
| Syntax | AllowForeignAddress on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | off |
| From version | 1.1.7 |
| Description | Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port. In either case, the client is sent an "Invalid port" error and a message is syslog'd indicating either "address mismatch" or "bounce attack". By enabling this directive, proftpd will allow clients to transmit foreign data connection addresses that do not match the client's address. This allows such tricks as permitting a client to transfer a file between two FTP servers without involving itself in the actual data connection. Generally it's considered a bad idea, security-wise, to permit this sort of thing. AllowForeignAddress only affects data connection addresses; not tcp ports. There is no way (and no valid reason) to allow a client to use a low-numbered port in its PORT command. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowGroup | |
| Syntax | AllowGroup group-expression |
| Context | <Limit> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.1, geändert in 1.2.10 RC1 |
| Description | AllowGroup specifies a group-expression that is specifically permitted within the context of the <Limit> block it is applied to. group-expression has the same format as that used in DefaultRoot, in that it should contain a comma separated list of groups or "not" groups (by prefixing a group name with the `!' character) that are to be allowed access to the block. The expression is parsed as a boolean "and" list, meaning that ALL elements of the expression must evaluate to logically true in order for the explicit allow to apply. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 02:01 |
|
|
| |
| Name | AllowLogSymlinks | |
| Syntax | AllowLogSymlinks on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_log |
| Standard | off |
| From version | 1.2.2rc2 |
| Description | By default, the server will the path of any configured SystemLog, any configured TransferLogs, and any configured ExtendedLogs to see if they are symbolic links. If the paths are symbolic links, the server will refuse to log to that link unless explicitly configured to do so via this directive.
Security note: this behaviour should not be allowed unless for a very good reason. By allowing the server to open symbolic links with its root privileges, you are allowing a potential symlink attack where the server could be tricked into overwriting arbitrary system files. You have been warned. |
| Example 1 | AllowLogSymlinks on |
| Example 2 | |
| 01.-1.2003 22:01 |
|
|
| |
| Name | AllowOverwrite | |
| Syntax | AllowOverwrite on | off |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0 |
| Description | The AllowOverwrite directive permits newly transfered files to overwrite existing files. By default, ftp clients cannot overwrite existing files. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowRetrieveRestart | |
| Syntax | AllowRetrieveRestart on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | on |
| From version | 0.99.0 |
| Description | The AllowRetrieveRestart directive permits or denies clients from performing "restart" retrieve file transfers via the FTP REST command. By default this is enabled, so that clients may resume interrupted file transfers at a later time without losing previously collected data. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowStoreRestart | |
| Syntax | AllowStoreRestart on | off |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0 |
| Description | The AllowStoreRestart directive permits or denies clients from "restarting" interrupted store file transfers (those sent from client to server). By default restarting (via the REST command) is not permitted when sending files to the server. Care should be taken to disallow anonymous ftp "incoming" transfers to be restarted, as this will allow clients to corrupt or increase the size of previously stored files (even if not their own).
The REST (Restart STOR) command is automatically blocked when HiddenStor is enabled, with the server returning a 501 error code to the client. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowUser | |
| Syntax | AllowUser user-expression |
| Context | <Limit> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.7, geändert in 1.2.10RC1 |
| Description | AllowUser specifies a user-expression that is specifically permitted access within the context of the <Limit> block it is applied to. user-expression has a similar syntax as that used in AllowGroup, in that it should contain a comma delimited list of users or "not" users (by prefixing a user name with the `!' character) that are to be allowed access to the block. The expression is parsed as a boolean "and" list, meaning that ALL elements of the expression must evaluate to logically true in order to the explicit allow to apply. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 02:01 |
|
|
| |
| Name | AnonRatio | |
| Syntax | AnonRatio foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| Standard | None |
| From version | 1.2.0 |
| Description | The AnonRatio directive .... |
| Example 1 | AnonRatio |
| 06.00.2003 20:02 |
|
|
| |
| Name | AnonRequirePassword | |
| Syntax | AnonRequirePassword on|off |
| Context | <Anonymous> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0 |
| Description | Normally, anonymous FTP logins do not require the client to authenticate themselves via the normal method of a transmitted cleartext password which is hashed and matched against an existing system user's password. Instead, anonymous logins are expected to enter their e-mail address when prompted for a password. Enabling the AnonRequirePassword directive requires anonymous logins to enter a valid password which must match the password of the user that the anonymous daemon runs as. However using AuthUsingAlias authentication can be matched against the password of the login username. This can be used to create "guest" accounts, which function exactly as normal anonymous logins do (and thus present a "chrooted" protected file system to the client), but require a valid password on the server's host system. |
| Example 1 | <Anonymous ~roger>
User roger
Group other
UserAlias proftpd roger
AnonRequirePassword on
# Deny write operations to all directories, underneath root-dir
# Default is to allow, so we don't need a <Limit> for read operations.
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
# Deny all read/write operations in incoming. Because these are command-group
# limits, we can explicitly permit certain operations which will take precedence
# over our group limit.
<Directory incoming>
<Limit READ WRITE>
DenyAll
</Limit>
# The only command allowed in incoming is STOR
# (transfer file from client to server)
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous> |
| 06.00.2003 20:02 |
|
|
| |
| Name | AnonymousGroup | |
| Syntax | AnonymousGroup group-expression |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| From version | 1.1.3 |
| Description | The AnonymousGroup directive specifies a group-expression to which all matching users will be considered anonymous logins. The group-expression argument is a boolean logically ANDed list of groups to which the user must be a member of (or non-member if the group name is prefixed with a `!' character). For more information on group-expressions see the DefaultRoot directive. If the authenticating user is matched by an AnonymousGroup directive, no valid password is required, and a special dynamic anonymous configuration is created, with the user's home directory as the default root directory. If a DefaultRoot directive also applies to the user, this directory is used instead of the user's home dir. Great care should be taken when using AnonymousGroup, as improper configuration can open up user home directories to full read/write access to the entire world. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AuthAliasOnly | |
| Syntax | AuthAliasOnly on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | off |
| From version | 1.1.3 |
| Description | AuthAliasOnly restricts authentication to "aliased" logins only; i.e. those usernames provided by clients which are "mapped" to a real userid by the UserAlias directive. Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context. If no contexts are available without AuthAliasOnly set to `on', proftpd rejects the client login and sends an appropriate message to syslog. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AuthGroupFile | |
| Syntax | AuthGroupFile path |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_unixpw |
| From version | 1.1.1 |
| Description | AuthGroupFile specifies an alternate groups file, having the same format as the system /etc/group file, and if specified is used during authentication and group lookups for directory/access control operations. The path argument should be the full path to the specified file. AuthGroupFile can be configured on a per-VirtualHost basis, so that virtual FTP servers can each have their own authentication database (most often used in conjunction with AuthUserFile).
Note that this file need not reside inside a chroot()ed directory structure for Anonymous or DefaultRoot logins, as it is held open for the duration of client connections. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AuthPAM | |
| Syntax | AuthPAM on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_pam |
| Standard | on |
| From version | 1.2.0rc1 |
| Description | This directive determines whether PAM is used as an authentication method by ProFTPD. Enabled by default to fit in with the design policy of using PAM as the primary authentication mechanism. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AuthPAMConfig | |
| Syntax | AuthPAMConfig service |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_pam |
| Standard | ftp |
| From version | 0.99.0 |
| Description | This directive allows you to specify the PAM service name used in authentication. PAM allows you to specify a service name to use when authenticating. This allows you to configure different PAM service names to be used for different virtual hosts. The directive was renamed from PAMConfig post 1.2.0 pre10. |
| Example 1 | # Virtual host foobar authenticates differently than the rest
AuthPAMConfig foobar
# This assumes, that you have a PAM service named foobar
# configured in your /etc/pam.conf file or /etc/pam.d directory. |
| 06.00.2003 20:02 |
|
|
| |
| Name | AuthUserFile | |
| Syntax | AuthUserFile path |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_unixpw |
| Standard | |
| From version | 1.1.1 |
| Description | AuthUserFile specifies an alternate passwd file, having the same format as the system /etc/passwd file, and if specified is used during authentication and user lookups for directory/access control operations. The path argument should be the full path to the specified file. AuthUserFile can be configured on a per-VirtualHost basis, so that virtual FTP servers can each have their own authentication database (most often used in conjunction with AuthGroupFile).
Note that this file need not reside inside a chroot()ed directory structure for Anonymous or DefaultRoot logins, as it is held open for the duration of client connections. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 03:01 |
|
|
| |
| Name | AuthUsingAlias | |
| Syntax | AuthUsingAlias on|off |
| Context | <Anonymous> |
| Modul | mod_core |
| Standard | off |
| From version | 1.2.0pre9 |
| Description | AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp". |
| Example 1 | Ein Beispiel für einen anonymen Zugang mit AuthUsingAlias
# Standard "NUR LESEN" Konfiguration
<Anonymous /home/ftp>
UserAlias anonymous nobody
UserAlias ftp nobody
AuthAliasOnly on
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
# Voller "Lesen/Schreiben" Zugriff für bestimte User
<Anonymous /home/ftp>
AnonRequirePassword on
AuthAliasOnly on
AuthUsingAlias on
# Die Liste aller authentisierten Benutzer
# User/Passwort Abfrage ist für jeden User, nicht für die Passwort der Uid,
# unter dem der Server läuft ('nobody' in diesem Beispiel)
UserAlias fred nobody
UserAlias joe nobody
<Limit ALL>
AllowAll
</Limit>
</Anonymous> |
| 06.00.2003 20:02 |
|
|
| |
| Name | Bind | |
| Syntax | Bind address |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| From version | 1.1.6 |
| Description | The Bind directive allows additional IP addresses to be bound to a main or VirtualHost configuration. Multiple Bind directives can be used to bind multiple addresses. The address argument should be either a fully qualified domain name or a numeric dotted-quad IP address. Incoming connections destined to an additional address added by Bind are serviced by the context containing the directive. Additionally, if SocketBindTight is set to on, a specific listen connection is created for each additional address. |
| 06.00.2003 20:02 |
|
|
| |
| Name | ByteRatioErrMsg | |
| Syntax | ByteRatioErrMsg foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | The ByteRatioErrMsg directive |
| Example 1 | ByteRatioErrMsg |
| 06.00.2003 20:02 |
|
|
| |
| Name | CDPath | |
| Syntax | CDPath directory |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 1.2.0pre2 |
| Description | Adds an entry to a search path that is used when changing directories. For example: CDPath /home/public CDPath /var/devel This allows a user to cd into any directory directly under /home/public or /var/devel, provided they have the appropriate rights. So, if /home/public/proftpd exists, cd proftpd will bring the user to that directory, regardless of where they currently are in the directory tree. |
| Example 1 | CDPath /net/mp3/musik
CDPath /var/
# Angenommen in /net/mp3/musik liegt ein Verzeichnis "/U2",
# dann kann der User mittels "cd U2" direkt in das Verzeichnis
# wechseln (vorausgesetzt die Rechte stimmen), egal wo im
# Verzeichnisbaum er sich gerade befindet. Quasi als Abkürzung... |
| 06.00.2003 20:02 |
|
|
| |
| Name | Class | |
| Syntax | Class "name" limit|regex|ip value |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| From version | 1.2.0pre9 |
| Description | Controls class based access. Class base access allows each connecting IP to be classified into a separate class. Each class has its own maximum number of connections. limit sets the maximum number of connections (default is 100) for that class name, regex sets a hostname regex (POSIX) for inclusion in the class and ip sets an IP/netmask based inclusion. |
| Example 1 | Classes on
Class local limit 100
Class default limit 10
Class local regex .*foo.com
Class local ip 172.16.1.0/24
# Dieses erstellt zwei Klassen (local & default), wobei "local" die IP's # von
#"*.foo.com" und "172.16.1.*" beinhaltet. Für "default" stehen maximal
#10 gleichzeitige Verbingen bereit, für "local" 100. |
| 06.00.2003 20:02 |
|
|
| |
| Name | Classes | |
| Syntax | Classes on | off |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | off |
| From version | 1.2.0pre9 |
| Description | Controls class based access. Enables class based access control. see: Class |
| 06.00.2003 20:02 |
|
|
| |
| Name | CommandBufferSize | |
| Syntax | CommandBufferSize size |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| From version | 1.2.0pre7 |
| Description | The CommandBufferSize directive controls the maximum command length permitted to be sent to the server. This allows you to effectively control what the longest command the server may accept it, and can help protect the server from various Denial of Service or resource-consumption attacks. |
| 06.00.2003 20:02 |
|
|
| |
| Name | CwdRatioMsg | |
| Syntax | CwdRatioMsg foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | The CwdRatioMsg directive |
| Example 1 | CwdRatioMsg |
| 06.00.2003 20:02 |
|
|
| |
| Name | DefaultChdir | |
| Syntax | DefaultChdir directory [group-expression] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | ~ |
| From version | 1.2.0pre2 |
| Description | Determines the directory a user is placed in after logging in. By default, the user is put in their home directory. The specified directory can be relative to the user's home directory. NOTE: if the specified directory is not available the user will not be able to log in. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DefaultRoot | |
| Syntax | DefaultRoot directory [group-expression] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_auth |
| Standard | / |
| From version | 0.99.0pl7 |
| Description | The DefaultRoot directive controls the default root directory assigned to a user upon login. If DefaultRoot is set to a directory other than "/", a chroot operation is performed immediately after a client authenticates. This can be used to effectively isolate the client from a portion of the host system filespace. The specified root directory must begin with a / or can be the magic character '~'; meaning that the client is chroot jailed into their home directory.
When the specified chroot directory is a symlink this will be resolved to it's parent first before setting up the chroot. This can have unwanted side effects. For example if a chroot is to be configured within space to which a user as shell access, the chroot directory could be converted to a symlink pointing at '/'. Thus the chroot would be to the root directory of the server.
If the DefaultRoot directive specifies a directory which disallows access to the logged-in user's home directory, the user's current working directory after login is set to the DefaultRoot instead of their normal home directory. DefaultRoot cannot be used in <Anonymous> configuration blocks, as the <Anonymous> directive explicitly contains a root directory used for Anonymous logins. The special character '~' is replaced with the authenticating user's home directory immediately after login. Note that the default root may be a subdirectory of the home directory, such as "~/anon-ftp".
The optional group-expression argument can be used to restrict the DefaultRoot directive to a unix group, groups or subset of groups. The expression takes the format: [!]group-name1[,[!]group-name2[,...]]. The expression is parsed in a logical boolean AND fashion, such that each member of the expression must evaluate to logically TRUE in order for the DefaultRoot directive to apply. The special character '!' is used to negate group membership.
Care should be taken when using DefaultRoot. Chroot "jails" should not be used as methods for implementing general system security as there are potentially ways that a user can "escape" the jail. |
| Example 1 | ServerName "A test ProFTPD Server"
ServerType inetd
User ftp
Group ftp
# Hiermit wird nun der User direkt in sein Heimatverzeichnis "gesperrt"
# Anschliessend kann der User keine höheren Verzeichnisse sehen
# Aufgrund der Gruppenangabe, nur Benutzer der Gruppe "user", jedoch
# nicht User der Gruppe "staff" werden in das Heimatverzeichnis gesperrt
DefaultRoot ~ users,!staff
|
| 06.00.2003 20:02 |
|
|
| |
| Name | DefaultServer | |
| Syntax | DefaultServer on|off |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0pl6 |
| Description | The DefaultServer directive controls which server configuration is used as the default when an incoming connection is destined for an IP address which is neither the host's primary IP address or one of the addresses specified in a <VirtualHost> configuration block. Normally such "unknown" connections are issued a "no server available to service your request" message and disconnected. When DefaultServer is turned on for either the primary server configuration or a virtual server, all unknown destination connections are serviced by the default server. Only a single server configuration can be set to default. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DefaultTransferMode | |
| Syntax | DefaultTransferMode ascii|binary |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | ascii |
| From version | 1.2.0pre9 |
| Description | DefaultTransferMode sets the default transfer mode of the server. By default, carriage-return/linefeed translation will be performed (ASCII mode). |
| 06.00.2003 20:02 |
|
|
| |
| Name | DeferWelcome | |
| Syntax | DeferWelcome on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0 |
| Description | The DeferWelcome directive configures a master or virtual server to delay transmitting the ServerName and address to new connections, until a client has successfully authenticated. If enabled, the initial welcome message will be exceedingly generic and will not give away any type of information about the host that the daemon is actively running on. This can be used by security-conscious administrators to limit the amount of "probing" possible from non-trusted networks/hosts. |
| Example 1 | |
| Example 2 | |
| 01.00.2004 23:01 |
|
|
| |
| Name | DeleteAbortedStores | |
| Syntax | DeleteAbortedStores on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | off |
| From version | 1.2.0rc3 |
| Description | The DeleteAbortedStores directive controls whether ProFTPD deletes partially uploaded files if the transfer is stopped via the ABOR command rather than a connection failure. |
| 06.00.2003 20:02 |
|
|
| |
| Name | Deny | |
| Syntax | Deny [ Deny ["from"] "all"|"none"|host|network[,host|network[,...]]] |
| Context | <Limit> |
| Modul | mod_core |
| Standard | |
| From version | 0.99.0pl6 |
| Description | The Deny directive is used to create a list of hosts and/or networks which will explicitly be denied access to a given <Limit> context block. The magic keywords all and none can be used to indicate that all hosts are denied access, or that no hosts are explicitly denied (respectively). For more information on the syntax and usage of Deny see: Allow and Order. The selection made can be selectively negated using the ! operator,this allows a large block of hosts or IPs to be blocked while stillallowing single hosts to be excluded from the filter Deny from example.net !trustedhost.example.net |
| Example 1 | Zugang nur von gewissen IPs erlauben
<Limit LOGIN>
Order allow,deny
Allow from 128.44.26.,128.44.26.,myhost.mydomain.edu,.trusted-domain.org
Deny from all
</Limit> |
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | DenyAll | |
| Syntax | DenyAll |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | |
| From version | 0.99.0 |
| Description | The DenyAll directive is analogous to a combination of "order deny,allow <cr> deny from all", with the exception that it has a higher precedence when parsed. It is provided as a convenient method of completely denying access to a directory, anonymous ftp or limit block. Because of its precedence, it should not be intermixed with normal Order/Deny directives. The DenyAll directive can be overridden at a lower level directory by using AllowAll. DenyAll and AllowAll are mutually exclusive. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | DenyFilter | |
| Syntax | DenyFilter regular-expression |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 1.2.0pre7 |
| Description | Similar to AllowFilter, DenyFilter specifies a regular expression which must not match any of the command arguments. If the regex does match, a "Forbidden command" error is returned to the client. This can be especially useful for forbidding certain command argument combinations from ever reaching ProFTPD.
Notes: The 'PASV' command cannot be blocked using this directive. |
| Example 1 | # keine Befehle mit % erlauben
DenyFilter "%" |
| 06.00.2003 20:02 |
|
|
| |
| Name | DenyGroup | |
| Syntax | DenyGroup group-expression |
| Context | <Limit> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.1, geändert in 1.2.10 RC1 |
| Description | DenyGroup specifies a group-expression that is specifically denied within the context of the <Limit> block it is applied to. group-expression has the same format as that used in DefaultRoot, in that it should contain a comma separated list of groups or "not" groups (by prefixing a group name with the `!' character) that are to be denied access to the block. The expression is parsed as a boolean "and" list, meaning that ALL elements of the expression must evaluate to logically true in order for the explicit deny to apply. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 02:01 |
|
|
| |
| Name | DenyUser | |
| Syntax | DenyUser user-expression |
| Context | <Limit> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.7a, geändert in 1.2.10 RC1 |
| Description | DenyUser specifies a user-expression that is specifically denied within the context of the <Limit> block it is applied to. user-expression is a comma delimited list of users or "not" users (by prefixing a user name with the `!' character). The expression is parsed as a boolean "and" list, meaning that all elements of the expression must evaluate to logically true in order for the explicit deny to apply. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 02:01 |
|
|
| |
| Name | DirFakeGroup | |
| Syntax | DirFakeGroup On|Off [groupname] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_ls |
| Standard | off |
| From version | 1.1.5 |
| Description | DirFakeGroup can be used to hide the true group of files (including directories, fifos, etc.) in a directory listing. If simply turned On, DirFakeGroup will display all files as being owned by group 'ftp'. Optionally, the groupname argument can be used to specify a specific group other than 'ftp'. "~" can be used as the argument in order to display the primary group name of the current user.
Both DirFakeGroup and DirFakeUser are completely cosmetic; the groupname or username specified don't need to exist on the system, and neither directive affects permissions, real ownership or access control in any way. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DirFakeMode | |
| Syntax | DirFakeMode octal-mode |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Directory> |
| Modul | mod_ls |
| From version | 1.1.6 |
| Description | The DirFakeMode directive configures a mode (or permissions) which will be displayed for ALL files and directories in directory listings. For each subset of permissions (user, group, other), the "execute" permission for directories is added in listings if the "read" permission is specified by this directive. As with DirFakeUser, and DirFakeGroup, the "fake" permissions shown in directory listings are cosmetic only, they do not affect real permissions or access control in any way. |
| Example 1 | DirFakeMode 0640
Will result in:
-rw-r----- ... arbitrary.file
drwxr-x--- ... arbitrary.directory |
| 06.00.2003 20:02 |
|
|
| |
| Name | DirFakeUser | |
| Syntax | DirFakeUser On|Off [username] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_ls |
| Standard | off |
| From version | 1.1.5 |
| Description | DirFakeUser can be used to hide the true user owners of files (including directories, fifos, etc.) in a directory listing. If simply turned On, DirFakeUser will display all files as being owned by user 'ftp'. Optionally, the username argument can be used to specify a specific user other than 'ftp'. "~" can be used as the argument in order to display the current user's username.
Both DirFakeGroup and DirFakeUser are completely cosmetic; the groupname or username specified don't need to exist on the system, and neither directive affects permissions, real ownership or access control in any way. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayConnect | |
| Syntax | DisplayConnect filename |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| From version | 1.2.0pre2 |
| Description | The DisplayConnect directive configures an ASCII text filename which will be displayed to the user when they initially connect but before they login. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for starting in the home directory of the user the server is running as. As this can lead confusion, absolute pathnames are suggested. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayFirstChdir | |
| Syntax | DisplayFirstChdir filename |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Directory> |
| Modul | mod_core |
| From version | 0.99.0pl10 |
| Description | The DisplayFirstChdir directive configures an ASCII text filename which will be displayed to the user the first time they change into a directory (via CWD) per a given session. The file will also be displayed if proftpd detects that its last modification time has changed since the previous CWD into a given directory. If the filename is relative, it is looked for in the new directory that the user has changed into. Note that for anonymous ftp logins (see <Anonymous>), the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client.
DisplayFirstChdir, DisplayConnect, DisplayLogin and DisplayQuit support the following "magic cookies" (only in 0.99.0pl10 and later), which are replaced with their respective strings before being displayed to the user.
%T Current Time
%F Available space on file system
%C Current working directory
%R Remote host name
%L Local host name
%u Username reported by ident protocol
%U Username originally used in login
%M Max number of connections
%N Current number of connections
%E Server admin's e-mail address
%i The number of files uploaded (input) in this session
%o The number of files downloaded (output) in this session
%t The number of files transfered (uploaded and downloaded) in this session
%x The name of the user's class
%y Current number of connections from the user's class
%z Max number of connections from the user's class
NOTE: not all of these may have a rational value, depending on the context in which they're used (e.g., %u if ident lookups are off). |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayGoAway | |
| Syntax | DisplayGoAway filename |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 1.2.0pre8 |
| Description | The DisplayGoAway directive specifies an ASCII text filename which will be displayed to the user if the class they're a member of has too many users logged in and their login request has been denied. DisplayGoAway supports the same "magic cookies" as DisplayFirstChdir |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayLogin | |
| Syntax | DisplayLogin filename |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The DisplayLogin directive configures an ASCII text filename which will be displayed to the user when they initially login. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for in the initial directory a user is placed in immediately after login (home directory for unix user logins, anonymous-root directory for anonymous logins). Note: that for jailed logins, the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client. DisplayLogin supports the same "magic cookies" as DisplayFirstChdir. |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayQuit | |
| Syntax | DisplayQuit filename |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 1.2.0pre8 |
| Description | DisplayQuit configures an ASCII text filename which will be displayed to the user when they quit. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for in current directory a user is in when they logout -- for this reason, a absolute filename is usually preferable. NOTE: for jailed logins, the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client. DisplayQuit supports the "magic cookies" listed under DisplayFirstChdir |
| 06.00.2003 20:02 |
|
|
| |
| Name | DisplayReadme | |
| Syntax | DisplayReadme filename or pattern |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_readme |
| Standard | |
| From version | 1.2.0pre8 |
| Description | Module: mod_readme The DisplayReadme directive notifies the user of the last change date of the specified file or pattern. Only a single DisplayReadme directive is allowed per configuration scope. DisplayReadme README Will result in: Please read the file README it was last modified on Sun Oct 17 10:36:14 1999 - 0 days ago Being displayed to the user on a cwd. DisplayReadmePattern README* Will result in: Please read the file README it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago Please read the file README.first it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago Being displayed to the user on a cwd. |
| Example 1 | DisplayReadme README
ergibt:
Please read the File README it was kast modified on SUN Oct 17 10:36:14 1999 - 0 days ago |
| Example 2 | DisplayReadmePattern README*
ergibt:
Please read the file README it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago
Please read the file README.first it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago |
| 07.00.2003 19:02 |
|
|
| |
| Name | ExtendedLog | |
| Syntax | ExtendedLog [ filename [[command-classes] format-nickname]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_log |
| From version | 1.1.6pl1 |
| Description | The ExtendedLog directive allows customizable logfiles to be generated, either globally or per VirtualHost. The filename argument must contain an absolute pathname to a logfile which will be appended to when proftpd starts; the pathname should not be to a file in a nonexistent directory, to a world-writeable directory, or be a symbolic link (unless AllowLogSymlinks is set to on). Multiple logfiles (potentially with different command classes and formats) can be created. Optionally, the command-classes argument can be used to control which types of commands are logged. If not command classes are specified, proftpd logs all commands by default (passwords are hidden). command-classes is a comma delimited (no whitespace!) list of which commands to log.
The following are valid classes: NONE No commands AUTH Authentication commands (USER, PASS) INFO Informational commands (PWD, SYST, etc) DIRS Directory commands (LIST, CWD, MKD, etc) READ File reading (RETR) WRITE File/directory writing or creation MISC Miscellaneous commands (SITE, etc) ALL All commands (default)
If a format-nickname argument is supplied, ExtendedLog will use the predefined logformat (created by LogFormat). Otherwise, the default format of "%h %l %u %t \"%r\" %s %b" is used. |
| Example 1 | # alle Lesende und Schreibende Zugriffe zu /var/log/ftp.log
ExtendedLog /var/log/ftp.log read,write
|
| 06.00.2003 20:02 |
|
|
| |
| Name | FileRatioErrMsg | |
| Syntax | FileRatioErrMsg foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| Example 1 | FileRatioErrMsg |
| 06.00.2003 20:02 |
|
|
| |
| Name | FooBarDirective | |
| Syntax | FooBarDirective thingy |
| Context | Server config <Anonymous> <Limit> |
| Modul | mod_sample |
| From version | 1.2.0 |
| Description | FooBarDirective is a dummy directive to be used as a coding example only. |
| 06.00.2003 20:02 |
|
|
| |
| Name | Group | |
| Syntax | Group groupid |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The Group directive configures which group the server daemon will normally run at. See User for more details. |
| 06.00.2003 20:02 |
|
|
| |
| Name | GroupOwner | |
| Syntax | GroupOwner groupname |
| Context | <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The GroupOwner directive configures which group all newly created directories and files will be owned by, within the context that GroupOwner is applied to. The group ID of groupname cannot be 0. Note that GroupOwner cannot be used to override the host OS/file system user/group paradigm. If the current user is not a member of the specified group, new files and directories will not be able to be chown()ed to the GroupOwner group. If this happens, file STOR (send file from client to server) and MKD/XMKD (mkdir) operations will succeed normally, however the new directory entries will be owned by the current user's default group (a warning message is also logged) instead of by the desired group. If you also use UserOwner in the same context, this restriction is lifted. |
| 06.00.2003 20:02 |
|
|
| |
| Name | GroupPassword | |
| Syntax | GroupPassword groupid hashed-password |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0pl5 |
| Description | The GroupPassword directive creates a special "group" password which allows all users in the specified group to authenticate using a single password. The group/password supplied is only effective inside the context to which GroupPassword is applied. The hashed-password argument is a standard cleartext password which has been passed through the standard unix crypt() library function. Extreme care should be taken when using GroupPassword, as serious security problems may arise if group membership is not carefully controlled. |
| 06.00.2003 20:02 |
|
|
| |
| Name | GroupRatio | |
| Syntax | GroupRatio foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | The GroupRatio directive .... INCOMPLETE |
| 06.00.2003 20:02 |
|
|
| |
| Name | HideGroup | |
| Syntax | HideGroup groupid |
| Context | <Anonymous> <Directory> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The HideGroup directive configures a <Directory> or < Anonymous> block to hide all directory entries owned by the specified group, unless the group is the primary group of the currently logged-in, authenticated user . Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc). This behavior can be modified via the IgnoreHidden directive. |
| 06.00.2003 20:02 |
|
|
| |
| Name | HideNoAccess | |
| Syntax | HideNoAccess on|off |
| Context | <Anonymous> <Directory> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The HideNoAccess directive configures a <Directory> or <Anonymous> block to hide all directory entries in a directory listing (via the LIST or NLST FTP commands) to which the current logged-in, authenticated user has no access. Normal Unix-style permissions always apply, so that although a user may not be able to see a directory entry that has HideNoAccess applied, they will receive a normal "Permission denied" error message when attempting to blindly manipulate the file system object. The directory or file can be made completely invisible to all FTP commands by applying IgnoreHidden in conjunction with HideNoAccess. |
| 06.00.2003 20:02 |
|
|
| |
| Name | HideUser | |
| Syntax | HideUser userid |
| Context | <Anonymous> <Directory> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | The HideUser directive configures a <Directory> or <Anonymous> block to hide all directory entries owned by the specified user, unless the owning user is the currently logged-in, authenticated user. Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc). This behavior can be modified via the IgnoreHidden directive. |
| 06.00.2003 20:02 |
|
|
| |
| Name | HostRatio | |
| Syntax | HostRatio foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 0.99.0 |
| Description | The HostRatio directive .... INCOMPLETE |
| 06.00.2003 20:02 |
|
|
| |
| Name | HostsAllowSyslogLevel | |
| Syntax | HostsAllowSyslogLevel facility-level |
| Context | Server config <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| From version | 1.2.0 |
| Description | Proftpd can log when a connection is allowed as the result of a rule in the file specified in UseHostsAllowFile to the Unix syslog mechanism. A discussion on the facility levels which can be used is given in the SyslogFacility directive.
See Also: HostsDenySyslogLevel |
| Example 1 | HostsAllowSyslogLevel local3 |
| 06.00.2003 20:02 |
|
|
| |
| Name | HostsDenySyslogLevel | |
| Syntax | HostsDenySyslogLevel facility-level |
| Context | Server config <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| From version | 1.2.0 |
| Description | Proftpd can log when a connection is rejected as the result of a rule in the file specified in UseHostsAllowFile to the Unix syslog mechanism. A discussion on the facility levels which can be used is given in the SyslogFacility directive |
| 06.00.2003 20:02 |
|
|
| |
| Name | IdentLookups | |
| Syntax | IdentLookups on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | on |
| From version | 1.1.5 |
| Description | Normally, when a client initially connects to proftpd, the ident protocol (RFC1413) is used to attempt to identify the remote username. This can be controlled via the IdentLookups directive. |
| 06.00.2003 20:02 |
|
|
| |
| Name | IgnoreHidden | |
| Syntax | IgnoreHidden on|off |
| Context | <Limit> |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | Include | |
| Syntax | Include file |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> <Directory> |
| Modul | mod_core |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPAuthBinds | |
| Syntax | LDAPAuthBinds on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | LDAPAuthBinds off in mod_ldap <= 2.7.6, LDAPAuthBinds on in mod_ldap >= 2.8 |
| From version | mod_ldap v2.5 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDefaultAuthScheme | |
| Syntax | LDAPDefaultAuthScheme crypt|clear |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | crypt |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDefaultGID | |
| Syntax | LDAPDefaultGID default-gid |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDefaultUID | |
| Syntax | LDAPDefaultUID default-uid |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDNInfo | |
| Syntax | LDAPDNInfo "ldap-dn" "dn-password" |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | " " (anonymous bind) |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDoAuth | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDoGIDLookups | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPDoUIDLookups | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPForceDefaultGID | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPForceDefaultUID | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPHomedirOnDemand | |
| Syntax | LDAPHomedirOnDemand on|off directory-mode |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPHomedirOnDemandPrefix | |
| Syntax | ?? |
| Context | |
| Modul | |
| Standard | ?? |
| From version | 0.99.0 |
| Description | No Entry |
| Example 1 | |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPHomedirOnDemandPrefixNoUsername | |
| Syntax | ? |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPHomedirOnDemandSuffix | |
| Syntax | LDAPHomedirOnDemandSuffix "additional-directory" |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | "" |
| From version | mod_ldap v2.6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPNegativeCache | |
| Syntax | LDAPNegativeCache on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | off |
| From version | mod_ldap v1.1 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPQueryTimeout | |
| Syntax | LDAPQueryTimeout timeout-seconds |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | default-api-timeout |
| From version | mod_ldap v2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPSearchScope | |
| Syntax | LDAPSearchScope onelevel|subtree |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | subtree |
| From version | mod_ldap v2.6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LDAPServer | |
| Syntax | LDAPServer "hostname1:port hostname2:port ..." |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | localhost |
| From version | mod_ldap v1.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LeechRatioMsg | |
| Syntax | LeechRatioMsg foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | LogFormat | |
| Syntax | LogFormat nickname "format-string" |
| Context | Server config |
| Modul | mod_log |
| Standard | default "%h %l %u %t %r %s %b" |
| From version | 1.1.6pl1 |
| Description | |
| Example 1 | # Some logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
# Log file/dir access
ExtendedLog /var/log/proftpd.access_log WRITE,READ write
# Record all logins
ExtendedLog /var/log/proftpd.auth_log AUTH auth
# Paranoia logging level....
ExtendedLog /var/log/proftpd.paranoid_log ALL default |
| Example 2 | |
| 02.00.2004 05:01 |
|
|
| |
| Name | LoginPasswordPrompt | |
| Syntax | LoginPasswordPrompt on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | on |
| From version | 1.2.0pre1 |
| Description | If set to off, ProFTPd will skip the password request if the login will be denied regardless of password, e.g., if a <Limit LOGIN> directive forbids the connection. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | MasqueradeAddress | |
| Syntax | MasqueradeAddress ip-address|dns-hostname |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.2 |
| Description |
|
| Example 1 | MasqueradeAddress natbox.example.com |
| Example 2 | MasqueradeAddress 213.133.103.252
|
| 02.00.2004 03:01 |
|
|
| |
| Name | MaxClients | |
| Syntax | MaxClients number | none [message] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | MaxClientsPerHost | |
| Syntax | MaxClientsPerHost number|none [message] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.7 |
| Description | |
| Example 1 | Beispiel:
MaxClientsPerHost 1 "Bitte nicht öfters als 1x verbinden"
Ergebnis: 530 Bitte nicht öfters als 1x verbinden |
| Example 2 | |
| 02.00.2004 05:01 |
|
|
| |
| Name | MaxHostsPerUser | |
| Syntax | MaxHostsPerUser number|none [message] |
| Context | <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.4 |
| Description | The MaxHostsPerUser directive configures the maximum number of times different hosts, using a given login, can connect at any given time. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value. If message is not supplied, a default message of "Sorry, the maximum number of hosts (%m) for this user already connected." |
| Example 1 | |
| Example 2 | |
| 02.00.2004 05:01 |
|
|
| |
| Name | MaxInstances | |
| Syntax | MaxInstances number |
| Context | Server config |
| Modul | mod_core |
| From version | 1.1.6pl1 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | MaxLoginAttempts | |
| Syntax | MaxLoginAttempts number |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | 3 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | MultilineRFC2228 | |
| Syntax | MultilineRFC2228 on|off |
| Context | Server config |
| Modul | mod_core |
| Standard | off |
| From version | 1.2.0pre3 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | Order | |
| Syntax | Order allow,deny|deny,allow |
| Context | <Limit> |
| Modul | mod_core |
| Standard | allow,deny |
| From version | 0.99.0pl6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | PassivePorts | |
| Syntax | PassivePorts min-pasv-port max-pasv-port |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| From version | 1.2.0rc3 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | PathAllowFilter | |
| Syntax | PathAllowFilter regular-expression |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.7 |
| Description | PathAllowFilter allows the configuration of a regular expression that must be matched for all newly uploaded (stored) files. The regular expression is applied against the entire pathname specified by the client, so care must be taken when creating a proper regex. Paths that fail the regex match result in a "Forbidden filename" error being returned to the client. If the regular-expression argument contains whitespace, it must be enclosed in quotes. |
| Example 1 | # Only allow filenames containing alphanumeric characters
PathAllowFilter ".*/[a-zA-Z0-9]+$" |
| Example 2 | |
| 02.00.2004 03:01 |
|
|
| |
| Name | PathDenyFilter | |
| Syntax | PathDenyFilter regular-expression |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | |
| From version | 1.1.7 |
| Description | Similar to PathAllowFilter, PathDenyFilter specifies a regular expression which must not match any uploaded pathnames. If the regex does match, a "Forbidden filename" error is returned to the client. This can be especially useful for forbidding .ftpaccess or .htaccess files. Note, if the regex is placed insite quotes ( ie "foo.*" ) then any slashes will need to be escaped twice. ie PathDenyFilter "\.ftpaccess$" |
| Example 1 | # Verhindert Files mit ausfuehrbaren Dateiendungen
PathDenyFilter "\.(js|vbs|shs|scr|exe)$"
# Verhindert alle Files mit führendem Punkt oder Strich
PathDenyFilter "(^|/)[-.]"
# Verhindert alle beiden Möglichkeiten
PathDenyFilter "((^|/)[-.])| (\.(js|vbs|shs|scr|exe)$)" |
| Example 2 | |
| 02.00.2004 03:01 |
|
|
| |
| Name | PersistentPasswd | |
| Syntax | PersistentPasswd on|off |
| Context | Server config |
| Modul | mod_unixpw |
| Standard | Platform dependent |
| From version | 1.1.5 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | PidFile | |
| Syntax | PidFile filename |
| Context | Server config <Global> |
| Modul | mod_core |
| From version | 1.2.0rc2 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | Port | |
| Syntax | Port port-number |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | 21 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RatioFile | |
| Syntax | RatioFile foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | Ratios | |
| Syntax | Ratios foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RatioTempFile | |
| Syntax | RatioTempFile foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RequireValidShell | |
| Syntax | RequireValidShell on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | on |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RLimitCPU | |
| Syntax | RLimitCPU soft-limit|"max" [hard-limit|"max"] |
| Context | Server config |
| Modul | mod_core |
| From version | 1.2.2 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RLimitMemory | |
| Syntax | RLimitMemory [ RLimitMemory ["daemon"|"session"|"none"] soft-limit[units]|"max" [hard-limit[units]|"max"]] |
| Context | Server config |
| Modul | mod_core |
| From version | 1.2.2 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RLimitOpenFiles | |
| Syntax | RLimitOpenFiles soft-limit|"max" |
| Context | Server config |
| Modul | mod_core |
| From version | 1.2.2 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RootLogin | |
| Syntax | RootLogin on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | off |
| From version | 1.1.5 |
| Description | Normally, proftpd disallows root logins under any circumstance. If a client attempts to login as root, using the correct password, a special security message is sent to syslog. When the RootLogin directive is turned On, the root user may authenticate just as any other user could (assuming no other access control measures deny access); however the root login security message is still sysloged. Obviously, extreme care should be taken when using this directive. |
| Example 1 | |
| Example 2 | |
| 01.-1.2003 22:01 |
|
|
| |
| Name | SaveRatios | |
| Syntax | SaveRatios foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ServerAdmin | |
| Syntax | ServerAdmin "admin-email-address" |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | root@[ServerName] |
| From version | 0.99.0pl10 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ServerIdent | |
| Syntax | ServerIdent off|on [identification string] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | ProFTPD [version] Server (server name) [hostname] |
| From version | 1.2.0pre2 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ServerName | |
| Syntax | ServerName "name" |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | ProFTPD Server [version] |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ServerType | |
| Syntax | ServerType type-identifier |
| Context | Server config |
| Modul | mod_core |
| Standard | standalone |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ShowSymlinks | |
| Syntax | ShowSymlinks on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | on |
| From version | 0.99.0pl6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SocketBindTight | |
| Syntax | SocketBindTight on|off |
| Context | Server config |
| Modul | mod_core |
| Standard | off |
| From version | 0.99.0pl6 |
| Description | |
| Example 1 | #Two servers have been configured (one master and one virtual),
#with the IP addresses 10.0.0.1 and 10.0.0.2, respectively.
#The 10.0.0.1 server runs on port 21, while 10.0.0.2 runs on port 2001.
SocketBindTight off
# default proftpd creates two sockets, both bound to ALL available addresses.
# one socket listens on port 21, the other on 2001.
# Because each socket is bound to all available addresses,
#no other daemon or user process will be
# allowed to bind to ports 21 or 2001.
SocketBindTight on
# proftpd creates two sockets again, however one is bound to 10.0.0.1, port 21
# and the other to 10.0.0.2, port 2001. Because these sockets are "tightly"
# bound to IP addresses, port 21 can be reused on any address OTHER than
# 10.0.0.1, and visa-versa with 10.0.0.2, port 2001.
#One side-effect of setting SocketBindTight to on is that connections to
# non-bound addresses will result in a "connection refused" message
#rather than the typical
# "500 Sorry, no server available to handle request on xxx.xxx.xxx.xxx.",
#due to the fact that no listen socket has been bound to the particular
# address/port pair. This may or may not be aesthetically desirable,
# depending on your circumstances. |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLAuthenticate | |
| Syntax | SQLAuthenticate on|off oder SQLAuthenticate [ users [*] ] [ group [*] ] [ userset [fast] ] [ groupset [fast] ] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | on |
| From version | mod_sql 4.x |
| Description | |
| Example 1 | Normalerweise behandelt mod_sql alle drei Tabellenxakt gleich.
|-----------------------------------------------|
| GROUPNAME | GID | MEMBERS |
|-----------------------------------------------|
| Gruppe1 | 1000 | Stonki |
| Gruppe2 | 1000 | Paul |
| Gruppe3 | 1000 | Weller |
|-----------------------------------------------|
|-----------------------------------------------|
| GROUPNAME | GID | MEMBERS |
|-----------------------------------------------|
| Gruppe1 | 1000 | Stonki, Paul |
| Gruppe2 | 1000 | Weller |
|-----------------------------------------------|
|-----------------------------------------------|
| GROUPNAME | GID | MEMBERS |
|-----------------------------------------------|
| Gruppe1 | 1000 | Stonki, Paul, Weller |
|-----------------------------------------------|
Falls Du die "fast" Option benutzt, geht mod_sql davon aus,
dass alle Einträge wie im letzten Bespiel strukturiert sind. |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLAuthTypes | |
| Syntax | SQLAuthTypes OpenSSL|Crypt|Backend|Plaintext|Empty |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | 1.2.0, mod_sql 3.x und 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLConnectInfo | |
| Syntax | SQLConnectInfo connection-info [username] [password] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | 1.2.0, mod_sql 4.x |
| Description | |
| Example 1 | #Versuche mit den Datanbank "ftpuser" zu verbinden
#am server "foo.com" auf dem Standard Port.
#Benutze als Usernamen und Passwort NULL.
#Benutze die PERSESSION Methode.
SQLConnectInfo ftpusers@foo.com
# Versuche mit der Datenbank "ftpuser" am Server
#"localhost" auf dem Port 3000 zu verbinden.
#Benutze den Usernamen "admin" und
#als Passwort NULL.
#Benutze die PERSESSION Methode.
SQLConnectInfo ftpusers:3000 admin
#Versuche mit der Datenbank "ftpuser" auf dem
#Server "foo.com", Port 3000 zu verbinden.
#Benutze dafür den Usernamen "admin" und das
# Passwort "mypassword". Benutze die PERCALL Methode.
SQLConnectInfo ftpusers@foo.com:3000 admin mypassword PERCALL
#Versuche mit der Datenbank "ftpuser" auf dem
#Server "foo.com", Port 3000 zu verbinden.
#Benutze dafür den Usernamen "admin" und
#das Passwort "mypassword". Begrenze die inaktive Zeit auf 30 sekunden
SQLConnectInfo ftpusers@foo.com:3000 admin mypassword 30 |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLDefaultGID | |
| Syntax | SQLDefaultGID number |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | 65533 |
| From version | 1.2.0, mod_sql 3.x und 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLDefaultHomedir | |
| Syntax | SQLDefaultHomedir /pfad/zum/home/dir |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLDefaultUID | |
| Syntax | SQLDefaultUID number |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | 65533 |
| From version | 1.2.0, mod_sql 3.x und 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLGroupInfo | |
| Syntax | SQLGroupInfo grouptable groupname gid members |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | groups groupname gid members |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLGroupWhereClause | |
| Syntax | SQLGroupWhereClause whereclause |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLHomedirOnDemand | |
| Syntax | SQLHomedirOnDemand on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | off |
| From version | 1.2.0, mod_sql 3.x und 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLLog | |
| Syntax | SQLLog cmd-set query-name [IGNORE_ERRORS] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| Example 1 | #Dieses ersetzt die alte 'SQLLoginCountField count' Anweisung und zählt bei
#jedem Einloggen den Wert des Feldes count in der Tabelle users einen höher.
#Ist der aktuelle User 'joe', so würde dieses übersetzt werden in:
#"update users set count=count+1 where userid='joe'"
#Diese Abfrage würde immer gestartet werden, wenn ein User sich angemeldet hat.
SQLLog PASS updatecount
SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users
#Dieses ersetzt die alte 'SQLLogDirs cwd' Anweisung und schreibt jedes
#Verzeichnis in das der User wechselt in die Datenbank, Tabelle "users".
#Ist aktuelle User 'joe' und das aktuelle Verzeichnis '/tmp',
#wird dieses übersetzt in:
#"update users set cwd='/tmp' where userid='joe'".
#Diese Anfrage wird immer gestartet, wenn ein User ein Verzeichnis wechselt.
SQLLog CWD updatedir
SQLNamedQuery updatedir UPDATE "cwd='%d' where userid='%u'" users
#Dieses schreibt bei jedem (erfolgreich) senden oder empfangen einer Datei
#den Namen, die Grösse in Bytes, den User und Host sowie die aktülle Zeit
# (zumindest unter MySQL) in die Tabelle filehistory. Dieses würde übersetzt
# werden Abfrage ähnlich:
#"insert into filehistory values
# ('somefile', 12345, 'joe@joe.org', '21-05-2001 20:01:00')"
SQLLog RETR,STOR insertfileinfo
SQLNamedQuery insertfileinfo INSERT "'%f', %b, '%u@%v', now()" filehistory
|
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLMinID | |
| Syntax | SQLMinID minumumid |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | 999 |
| From version | 1.2.0, mod_sql 3.x und 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLMinUserGID | |
| Syntax | SQLMinUserGID number |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | 999 |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLMinUserUID | |
| Syntax | SQLMinUserUID number |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| Standard | 999 |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLNamedQuery | |
| Syntax | SQLNamedQuery name type query-string [table] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| Example 1 | #Erstellt eine Abfrage mit dem Namen 'count', die einem User mittels SQLShowInfo
#während dessen Login angezeigt wird. Die eigentliche Abfrage wäre ähnlich:
#"SELECT count from users where userid='matilda'" for user 'matilda'.
SQLNamedQuery count SELECT "count from users where userid='%u'"
#Erstellt eine Abfrage mit dem Namen 'updatecount', die mittels SQLLOG dazu
#benutzt wird einen Login Zähler in der Tabelle 'users' zu erhöhen. Die eigentlich
# Abfrage für den User 'stonki' wäre ähnlich:
#"UPDATE users SET count=count+1 WHERE userid='stonki'"
SQLNamedQuery updatecount UPDATE "count=count+1 WHERE userid='%u'" users |
| Example 2 | #Erstellt eine Abfrage mit den Namen 'accesslog', die mittels
#SQLLOG zum loggen der Onlinezeiten benutzt werden kann.
# Die eigentlich Abfrage wäre für den User 'paul' ähnlich:
#"INSERT INTO accesslog valueS (now(), 'paul')"
SQLNamedQuery accesslog INSERT "now(), '%u'" accesslog
#Diese Tabellenstruktur mag für den täglich Gebrauch zu einfach sein,
#da die meisten Datenbanken die Daten für JEDE Feld benötigen.
#Falls man nur eine Felder ändern will, ist ggf. die
#FREEFORM Abfrage besser geeignet:
#Erstellt eine Abfrage mit dem Namen 'accesslog',
#die mittels SQLLOG zum loggen der Onlinezeiten benutzt werden kann.
#Die eigentlich Abfrage wäre für den User 'weller' ähnlich:
#"INSERT INTO acclog(date, user) valueS (now(), 'weller')"
SQLNamedquery acclog FREEFORM "INSERT INTO acclog(date, user) values (now(), '%u')" |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLProcessPwEnt | |
| Syntax | SQLProcessPwEnt "name" limit|regex|ip value |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLRatios | |
| Syntax | SQLRatios "name" limit|regex|ip value |
| Context | <Global> <VirtualHost> |
| Modul | mod_ratio mod_sql |
| From version | 1.2.0, mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLRatioStats | |
| Syntax | SQLRatioStats "name" limit|regex|ip value |
| Context | Server config <Global> <VirtualHost> <Limit> |
| Modul | mod_ratio mod_sql |
| Standard | off |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLShowInfo | |
| Syntax | SQLShowInfo cmd-set numeric query-string |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| Example 1 | SQLNamedQuery count SELECT "count from users where userid='%u'"
SQLShowInfo PASS "230" "You've logged on % times, %u"
#Angenommen die Informationen existieren in der Datenbank, geben diese
#beiden Anweisungen an, dass der User nach einem erfolgreichen Login mit
#seinem Login Counter begrüsst wird. Beachte die Verwendung des "230"
#Codes. Diese ist in der RFC für FTP definiert als "230 User logged in, proceed",
#was soviel bedeutet, daß alles ok ist. Dieser Code ist hier angebracht, da die
#Nachricht unmittelbar nach Akzeptieren des Passwortes geschickt wird und
#die Verbindung gestartet ist. (siehe auch http://www.rfc-editor.org/rfc/rfc959.txt) |
| 06.00.2003 20:02 |
|
|
| |
| Name | SQLUserWhereClause | |
| Syntax | SQLUserWhereClause whereclause |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_sql |
| From version | mod_sql 4.x |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SyslogFacility | |
| Syntax | SyslogFacility facility-level |
| Context | Server config |
| Modul | mod_core |
| From version | 1.1.6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SyslogLevel | |
| Syntax | SyslogLevel level |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | Post 1.2.0rc2 CVS |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SystemLog | |
| Syntax | SystemLog filename |
| Context | Server config |
| Modul | mod_log |
| From version | 1.1.6pl1 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TCPAccessFiles | |
| Syntax | TCPAccessFiles allow-filename deny-filename |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| From version | 1.2.1 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TCPAccessSyslogLevels | |
| Syntax | TCPAccessSyslogLevels <match>; <remote-server> |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| Standard | TCPAccessSyslogLevels info warn |
| From version | 1.2.1 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | tcpBackLog | |
| Syntax | tcpBackLog backlog-size |
| Context | Server config |
| Modul | mod_core |
| Standard | 5 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TCPGroupAccessFiles | |
| Syntax | TCPGroupAccessFiles group-expression allow-filename deny-filename |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | tcpNoDelay | |
| Syntax | tcpNoDelay on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | on |
| From version | 1.2.0pre3a |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | tcpReceiveWindow | |
| Syntax | tcpReceiveWindow window-size |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | 8192 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | tcpSendWindow | |
| Syntax | tcpSendWindow window-size |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | 8192 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TCPUserAccessFiles | |
| Syntax | TCPUserAccessFiles user-expression allow-filename deny-filename |
| Context | |
| Modul | |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TimeoutIdle | |
| Syntax | TimeoutIdle seconds |
| Context | Server config |
| Modul | mod_core |
| Standard | 600 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TimeoutLogin | |
| Syntax | TimeoutLogin seconds |
| Context | Server config |
| Modul | mod_core |
| Standard | 300 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TimeoutNoTransfer | |
| Syntax | TimeoutNoTransfer seconds |
| Context | Server config |
| Modul | mod_core |
| Standard | 300 |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TimeoutStalled | |
| Syntax | TimeoutStalled seconds |
| Context | Server config |
| Modul | mod_core |
| Standard | 3600 |
| From version | 1.1.6 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TimesGMT | |
| Syntax | TimesGMT on|off |
| Context | Server config |
| Modul | mod_core |
| Standard | ab 1.2.0pre9: on, vorher off |
| From version | 1.2.0pre9 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TransferLog | |
| Syntax | TransferLog filename|NONE |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | /var/log/xferlog |
| From version | 1.1.4 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | Umask | |
| Syntax | Umask file octal-mask [directory octal-mask] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | none |
| From version | 0.99.0 |
| Description | Umask sets the mask applied to newly created file and directory permissions within a given context. By default, the Umask in the server configuration, <VirtualHost> or <Anonymous> block is used, unless overridden by a "per-directory" Umask setting. Any arguments supplied must be an octal number, in the format 0xxx. An optional second argument can specify a Umask to be used when creating directories. If a second argument isn't specified, directories are created using the default Umask in the first argument. For more information on umasks, consult your operating system documentation/man pages. |
| Example 1 | # Alle Files auf 644, Verzeichnisse 755
Umask 022
# Alle Files und Verzeichnisse NUR für den Owner
Umask 066 077
|
| Example 2 | |
| 04.00.2006 03:00 |
|
|
| |
| Name | UseFtpUsers | |
| Syntax | UseFtpUsers on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | on |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | UseGlobbing | |
| Syntax | UseGlobbing on | off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_ls |
| Standard | on |
| From version | 1.2.5.rc1 |
| Description | |
| Example 1 | UseGlobbing ON (default)
ftp> ls kb*
227 Entering Passive Mode (127,0,0,1,73,233).
150 Opening ASCII mode data connection for file list
drwxr-xr-x 3 stonki users 4096 Aug 2 2003 kbarcode
226 Transfer complete.
UseGlobbing OFF
ftp> ls kb*
227 Entering Passive Mode (127,0,0,1,73,241).
150 Opening ASCII mode data connection for file list
226 Transfer complete.
|
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | UseHostsAllowFile | |
| Syntax | UseHostsAllowFile filename |
| Context | Server config <VirtualHost> <Directory> |
| Modul | mod_wrap |
| Standard | /etc/hosts.allow |
| From version | 1.2.0 |
| Description | |
| Example 1 | UseHostsAllowFile /etc/ftpd.allow |
| 06.00.2003 20:02 |
|
|
| |
| Name | UseHostsDenyFile | |
| Syntax | UseHostsDenyFile filename |
| Context | Server config <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| Standard | /etc/hosts.deny |
| From version | 1.2.0 |
| Description | |
| Example 1 | UseHostsDenyFile /etc/ftpd.deny |
| 06.00.2003 20:02 |
|
|
| |
| Name | User | |
| Syntax | User userid |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | UserAlias | |
| Syntax | UserAlias login-user userid |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| From version | 0.99.0 |
| Description | |
| Example 1 | UserAlias anonymous ftp |
| 06.00.2003 20:02 |
|
|
| |
| Name | UserDirRoot | |
| Syntax | UserDirRoot on|off |
| Context | <Anonymous> |
| Modul | mod_auth |
| Standard | off |
| From version | 1.2.0pre2 |
| Description | |
| Example 1 | Benutzer "foo" ist der Alias für "ftp", wenn man sich als "foo" einloggt,
wird ProFTPD unter der UserID "ftp" laufen,
jedoch das Verzeichnis "~ftp/foo" als root benutzen anstatt nur "~ftp". |
| 06.00.2003 20:02 |
|
|
| |
| Name | UseReverseDNS | |
| Syntax | UseReverseDNS on|off |
| Context | Server config |
| Modul | mod_core |
| Standard | on |
| From version | 1.1.7 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | UserOwner | |
| Syntax | UserOwner username |
| Context | <Anonymous> <Directory> |
| Modul | mod_core |
| From version | 1.2.pre11 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | UserPassword | |
| Syntax | UserPassword userid hashed-password |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| From version | 0.99.0pl5 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | UserRatio | |
| Syntax | UserRatio foo1 foo2 foo3 |
| Context | <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_ratio |
| From version | 1.2.0 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | WtmpLog | |
| Syntax | WtmpLog on|off|NONE |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | on |
| From version | 1.1.7 |
| Description | |
| 06.00.2003 20:02 |
|
|
| |
| Name | TransferRate | |
| Syntax | TransferRate FTP-Kommandos Kilobytes-pro-Sekunde:Freie Bytes ["user"|"group"|"class" expression] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_xfer |
| From version | 1.2.8rc1 |
| Description | The TransferRate directive is used to set transfer rates limits on the transfer of data. This directive allows for transfer rates to be set in a wide variety of contexts, on a per-command basis, and for certain subsets of users.
The cmds parameter may be an comma-separated list of any of the following commands: APPE, RETR, STOR, and STOU.
The kilobytes-per-sec parameter is the actual transfer rate to be applied.
The free-bytes parameter, if configured, allows that many bytes to be transferred before the rate controls are applied. This allows for clients transferring small files to be unthrottled, but for larger files, such as MP3s and ISO images, to be throttled.
The optional parameters are used to restrict the application of the rate controls only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rate applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rate will apply. |
| Example 1 | # Limit downloads for everyone except the special group of users
TransferRate RETR 1.5 group !special-users |
| Example 2 | # Limit uploads (and appends!) to the prolific users in the
# lotsofuploadfiles.net domain. This presumes that a Class has been defined
# for that domain, and that that Class has been named "uploaders". Let them
# upload small files without throttling, though.
TransferRate APPE,STOR 8.0:1024 class uploaders |
| 06.00.2003 20:02 |
|
|
| |
| Name | ControlsMaxClients | |
| Syntax | ControlsMaxClients number |
| Context | Server config |
| Modul | mod_ctrls |
| Standard | 5 |
| From version | 1.2.8rc1 and later |
| Description | |
| Example 1 | |
| Example 2 | |
| 02.00.2004 05:01 |
|
|
| |
| Name | ExecBeforeCommand | |
| Syntax | ExecBeforeCommand cmds path [arg1 arg2 ...] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Directory> |
| Modul | mod_exec |
| Standard | ExecBeforeCommand cmds path [arg1 arg2 ...] |
| From version | 1.2.8 and later |
| Description | The ExecBeforeCommand directive is used to execute the program or script at path before the handling of any FTP command listed in cmds, where cmds is a comma-delimited list of FTP commands. The command groups of the <Limit> directive, such as READ, WRITE, and ALL, may also be used. The program will be executed with the privileges of the logged-in user.
Any number of arbitrary arguments may be configured to pass to the script. In addition, the "cookies" supported by the ExecEnviron directive may also be used in the script argument list.
Important: use of DefaultRoot will cause complications (to be elaborated upon soon). |
| Example 1 | ExecBeforeCommand RETR /path/to/ftp-prep --file %f |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | RootRevoke | |
| Syntax | RootRevoke on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | off |
| From version | 1.2.5rc1 and later |
| Description | The RootRevoke directive causes all root privileges to be dropped once a user is authenticated. This will also cause active transfers to be disabled, if the server is listening on a port less than 1025. Note that this only affects active transfers; passive transfers will not be blocked. |
| Example 1 | |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | MD5FS | |
| Syntax | MD5FS path |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_md5fs |
| Standard | |
| From version | 1.2.5rc1 and later |
| Description | This directive specifies a path to a directory. Files uploaded to that directory (and its subdirectories) will automatically have MD5 digests calculated and printed to a file.md5 file. Multiple directories can be configured with multiple MD5FS directives |
| Example 1 | # path can use "~/" notation, in which case the path is resolved after successful login
MD5FS ~/public_ftp/md5
# calculate digests in the normal upload directory
MD5FS /path/to/upload/dir
# im normalen Home Dir
MD5FS ~
|
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | QuotaDirectoryTally | |
| Syntax | QuotaDirectoryTally on|off |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | The QuotaDirectoryTally directive configures mod_quotatab to take directory operations (e.g. creating a directory, removing a directory) into account when tallying |
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaDisplayUnits | |
| Syntax | QuotaDisplayUnits "b"|"Kb"|"Mb"|"Gb" |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | This directive configures how the user's current byte quota values will be reported to them. Note that this directive does not affect how the quota values are stored in the quota table, only their presentation to the user.
"b" causes quotas to be displayed in bytes; "Kb", kilobytes; "Mb", megabytes; and "Gb", gigabytes
|
| Example 1 | # display quota information in megabytes
QuotaDisplayUnits Mb
|
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaEngine | |
| Syntax | QuotaEngine on|off |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | The QuotaEngine directive enables or disables the module's runtime quota engine. If it is set to off this module does no runtime processing at all. Use this directive to disable the module instead of commenting out all mod_quotatab directives |
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaLimitTable | |
| Syntax | QuotaLimitTable source-type:source-info |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | This directive configures the information necessary for the module to locate and use the table containing the quota limit, the maximum number of bytes and/or files defined for use by specific users, groups, classes, etc, and is required for mod_quotatab to function.
Please consult the relevant submodule documentation for details on that module's syntax for this configuration directive. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaLog | |
| Syntax | QuotaLog file|"none" |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | The QuotaLog directive is used to a specify a log file for mod_quotatab reporting, and can be done a per-server basis. The file parameter must be the full path to the file to use for logging. Note that this path must not be to a world-writeable directory and, unless AllowLogSymlinks is explicitly set to on (generally a bad idea), the path must not be a symbolic link.
If file is "none", no logging will be done at all; this setting can be used to override a QuotaLog setting inherited from a <Global> context
|
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaShowQuotas | |
| Syntax | QuotaShowQuotas on|off |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | The QuotaShowQuotas directive can be used to enable/disable mod_quotatab's response to a SITE QUOTA request. For some sites, revealing the current quota information may be considered an unnecessary, perhaps even detrimental, information leak; other sites may consider this a definite feature. |
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | QuotaTallyTable | |
| Syntax | QuotaTallyTable source-type:source-info |
| Context | |
| Modul | mod_quotatab |
| Standard | |
| From version | 1.2.5rc2 and later |
| Description | This directive configures the information necessary for the module to locate and use the table containing the quota tally, or the current byte/file counts for users, groups, classes, etc, and is required for mod_quotatab to function.
Please consult the relevant submodule documentation for details on that module's syntax for this configuration directive
|
| Example 1 | |
| Example 2 | |
| 05.00.2004 03:01 |
|
|
| |
| Name | VirtualRootEngine | |
| Syntax | VRootEngine on|off |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_vroot |
| Standard | |
| From version | 1.2.8rc1 |
| Description | The VRootEngine module enables the virtual chroot engine implemented by mod_vroot. If enabled, the virtual chroot will be used in place of the operating system's chroot(2). This directive affects any DefaultRoot directives and any <Anonymous> contexts within the server context in which the VRootEngine directive appears. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 04:02 |
|
|
| |
| Name | WrapUserTables | |
| Syntax | WrapUserTables user-OR-expression source-type:allow-source-info source-info:deny-source-info |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_wrap |
| Standard | |
| From version | 1.2.8rc1 and later |
| Description | The WrapUserTables directive configures the information necessary for mod_wrap to locate and use the tables containing the access rules for specific users.
The user-OR-expression parameter is a logical OR expression, which means that the connecting user can be any the users listed for this directive to apply. User names may be negated with a ! prefix.
The next two parameters specify two tables, an allow and a deny table, each of which contain the IP addresses, networks or host/network masks to be allowed or denied.
Please consult the relevant submodule documentation for details on that module's syntax for specifying tables. The service name for which mod_wrap will look in the indicated access tables is "proftpd" by default; this can be configured via the WrapGroupTables, WrapServiceName, WrapTables |
| Example 1 | |
| Example 2 | |
| 01.-1.2003 29:00 |
|
|
| |
| Name | <IfClass> | |
| Syntax | <IfClass ["AND"|"OR"] class-expression|"regex" regexp> |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ifsession |
| Standard | |
| From version | 1.2.8rc1 and later |
| Description | The <IfClass> context should contain any configuration directives that should be in effect for any sessions that match the class-expression. Classes must be enabled for this context to work properly; the connecting client must be in any of the classes listed in the expression for the directives contained to be applied. Note that ! notation in front of a class name in the expression is supported.
The given class-expression may optionally be prefixed with either the "AND" or "OR" keywords, which affect how the expression is evaluated: if "AND" is used, then all portions of the expression must evaluate to TRUE for the configuration context to be applied to the current session; if "OR" is used, then any portion of the expression must be TRUE for the context to be applied. The default setting for <IfClass> is "OR".
If the "regex" keyword is used, the regexp should be a regular expression to match class names |
| Example 1 | # Give friends, and local users, better transfer rates
<IfClass local, friends>
TransferRate RETR 8192
</IfClass>
TransferRate RETR 4096
|
| Example 2 | |
| 01.-1.2003 15:01 |
|
|
| |
| Name | AuthOrder | |
| Syntax | AuthOrder [ module-name...] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.8rc1 and later |
| Description | The AuthOrder directive rebuilds the tables of modules' authentication functions, reordering the tables such that only the listed modules' authentication functions are used, in the order in which the modules are listed.
At least one module name must be given; there is no maximum number of modules that can be listed. The listed module names must the full name of the source file, e.g. "mod_auth_unix.c". |
| Example 1 | # If the user's information is not in LDAP,
# they're not a user to use this server.
AuthOrder mod_ldap.c |
| Example 2 | # Use SQL tables first, then LDAP, for authentication
AuthOrder mod_sql.c mod_ldap.c |
| 05.00.2004 03:01 |
|
|
| |
| Name | AnonRejectPasswords | |
| Syntax | AnonRejectPasswords regular-expression |
| Context | <Anonymous> |
| Modul | mod_auth |
| Standard | |
| From version | 1.2.2rc3 and later |
| Description | The AnonRejectPasswords directive configures a regular expression filter for passwords given for anonymous logins. If the given anonymous password matches the configured regular expression, the anonymous login is denied. |
| Example 1 | # reject all <Anonymous> logins that use "evil.org"
# as part of the password
AnonRejectPasswords @evil\.org$ |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | SocketOptions | |
| Syntax | SocketOptions [maxseg size] [rcvbuf size] [sndbuf size] |
| Context | Server config <VirtualHost> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.8rc2 and later |
| Description | Replaces the tcpReceiveWindow and tcpSendWindow directives.
The rcvbuf and sndbuf parameters are used for setting the send/receive window sizes. The maxseg parameter is used for setting a MSS via setsockopt(2)'s TCP_MAXSEG option. If the MSS is larger than the interface's MTU, it is ignored and has no effect.
Also, if accepted, this directive should probably expand to take in SocketBindTight (e.g. [bind each|any] parameters), and possibly the tcpBacklog and tcpNodelay directives. However, these directives are only allowed in the server config context (ideally, a <Daemon> context, but...that's for later). |
| Example 1 | |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | ScoreboardFile | |
| Syntax | ScoreboardFile path |
| Context | Server config |
| Modul | mod_core |
| Standard | /var/run/proftpd.scoreboard |
| From version | 1.2.7rc1 and later |
| Description | The ScoreboardFile directive sets the path to the file where the daemon will store its run-time "scoreboard" session information. This file is necessary for MaxClients to work properly, as well as other utilities (such as ftpwho and ftpcount). This directive deprecates ScoreboardPath. |
| Example 1 | ScoreboardFile /var/run/proftpd.scoreboard |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | AllowOverride | |
| Syntax | AllowOverride [ on|off ["user"|"group"|"class" expression]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_core |
| Standard | on |
| From version | 1.2.7rc1 and later |
| Description | Normally, the server will look for and parse any files in the encountered directories called ".ftpaccess". The files provide a functionality similar to Apache's .htaccess files -- mini-configuration files. This directive controls when those .ftpaccess files will be parsed.
Die zusaetzlichen Parameter koennen die Auswertung auf gewisse User, Gruppen oder Classen begrenzen. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | CapabilitiesEngine | |
| Syntax | CapabilitiesEngine [ on off] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_cap |
| Standard | On, if running on a Linux hosts that supports capabilities |
| From version | 1.2.8rc1 and later |
| Description | The CapabilitiesEngine directive enables or disables the module's runtime capabilities engine. If set to off, this module does no runtime capabilities processing at all. Use this directive to disable the module |
| Example 1 | |
| Example 2 | |
| 06.00.2003 20:02 |
|
|
| |
| Name | CapabilitiesSet | |
| Syntax | CapabilitiesSet [ [+/-]capability...] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_cap |
| Standard | +CAP_CHOWN |
| From version | 1.2.8rc1 and later |
| Description | By default, mod_cap removes all but two capabilities from the session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower than 1024 (required for active data transfers), and CAP_CHOWN, for allowing a process to change a file's ownership to a different user. The latter capability is only strictly necessary if the UserOwner configuration directive is in use; if not being used, the CAP_CHOWN capability is best removed. The CapabilitiesSet directive is used to manipulate the set of capabilities that mod_cap grants.
To remove a capability, prefix the name with a '-'; to enable a capability, use '+'. At present, this directive only supports one capability: CAP_CHOWN. |
| Example 1 | <IfModule mod_cap.c>
CapabilitiesEngine on
CapabilitiesSet -CAP_CHOWN
</IfModule> |
| Example 2 | |
| 06.00.2003 21:00 |
|
|
| |
| Name | CreateHome | |
| Syntax | CreateHome [ off|on [<mode>] [skel <path>] [dirmode <mode>]] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_auth |
| Standard | |
| From version | 1.2.8rc2 and later |
| Description | The CreateHome directive configures the server to automatically create a user's home directory, if that directory does not exist, during the login process.
The mode parameter is used to configure the absolute mode of the home directory created. If not specified, the module will default to 700.
The optional skel path parameter can be used to configure an /etc/skel-like directory containing account initialization files and directories. The parameter must be the full path to the directory. The directory must not be world-writeable. Files copied from this directory into the new home directory will have the UID and GID of the logging-in user. Note that sockets and FIFOs in the skeleton directory will not be copied; any setuid or setgid bits on files will be removed from the copied files in the target home directory.
The optional dirmode parameter can be used to specify the mode for intermediate directories that may need to be created in order to create the target home directory. By default, the mode for such intermediate directories will be 711. NOTE: using a mode that does not allow for the execute bit to be enabled can cause havoc. You have been warned. |
| Example 1 | # Use the CreateHome default settings
CreateHome on |
| Example 2 | # Specify a skeleton directory
CreateHome on skel /etc/ftpd/skel
# Skeleton directory, with 700 intermediate directories
CreateHome on skel /etc/ftpd/skel dirmode 700
# No skeleton, but make sure that intermediate
# directories have 755 permissions.
CreateHome on dirmode 755 |
| 01.-1.2003 22:01 |
|
|
| |
| Name | DebugLevel | |
| Syntax | DebugLevel [ level] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_core |
| Standard | 0 |
| From version | 1.2.8rc1 and later |
| Description | The DebugLevel directive configures the debugging level the server will use when logging. The level parameter must be between 0 and 9. This configuration directive will take precedence over any command-line debugging options used. |
| Example 1 | DebugLevel 9 |
| Example 2 | |
| 01.00.2004 29:01 |
|
|
| |
| Name | DefaultAddress | |
| Syntax | DefaultAddress [ dns-name|ip-address] |
| Context | Server config |
| Modul | mod_core |
| Standard | |
| From version | 1.2.7rc1 and later |
| Description | This directive sets the the address the main server instance will bind to, the default behaviour is to select whatever IP the system reports as being the primary IP. |
| Example 1 | # We want the main server instance to listen on a specific IP
DefaultAddress 192.168.10.30
|
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | Define | |
| Syntax | Define [ parameter-name] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.6rc1 and later |
| Description | This directive is used to initialise defines for use in conjunction with the IfDefine directive |
| Example 1 | IfDefine LoadLimiting |
| Example 2 | IfDefine HighPerformanceSetup |
| 06.00.2003 21:02 |
|
|
| |
| Name | HiddenStores | |
| Syntax | HiddenStores on|off |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> |
| Modul | mod_xfer |
| Standard | off |
| From version | 1.2.7rc1 and later |
| Description | The HiddenStor directive enables two-step file uploads: files are uploaded as ".in.filename." and once the upload is complete, renamed to just "filename". This provides a degree of atomicity and helps prevent 1) incomplete uploads and 2) files being used while they're still in the progress of being uploaded. Note: if the temporary file name is already in use (e.g., a server crash during upload), it will prevent the file from being uploaded.
The REST (Restart STOR) command is automatically blocked when HiddenStor is enabled, with the server returning a 501 error code to the client. |
| Example 1 | |
| Example 2 | |
| 02.00.2004 04:02 |
|
|
| |
| Name | <IfDefine> | |
| Syntax | <IfDefine [ [!]define-label]> |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.6rc1 and later |
| Description | The <IfDefine test>...</IfDefine> section is used to mark directives that are conditional. The directives within an IfDefine section are only processed if the test is true. If the test is false, everything between the start and end markers is ignored.
The test in the <IfDefine> section directive can be one of two forms: 'parameter-name' or '!parameter-name'
In the former case, the directives between the start and end markers are only processed if the parameter named parameter-name is defined. The second format reverses the test, and only processes the directives if parameter-name is not defined.
The parameter-name argument is a define as given on the command line via -Dparameter-name, at the time the server was started.
<IfDefine> sections are nest-able, which can be used to implement simple multiple-parameter tests. |
| Example 1 | $ proftpd -DDoSomething
--[ proftpd.conf ]--
<IfDefine DoSomething>
# do something here
</IfDefine>
--[ end ]-- |
| Example 2 | |
| 01.-1.2003 15:01 |
|
|
| |
| Name | <IfModule> | |
| Syntax | IfModule [ [!]module-name] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess <Directory> |
| Modul | mod_core |
| Standard | |
| From version | 1.2.6rc1 and later |
| Description | The <IfModule test>...</IfModule> section is used to mark directives that are conditional. The directives within an IfModule section are only processed if the test is true. If the test is false, everything between the start and end markers is ignored.
The test in the <IfModule> section directive can be one of two forms: "module name" or "!module name"
In the former case, the directives between the start and end markers are only processed if the module named module name is compiled in to ProFTPD. The second format reverses the test, and only processes the directives if module name is not compiled in.
The module name argument is a module name as given as the file name of the module, at the time it was compiled. For example, mod_sql.c.
<IfModule> sections are nest-able, which can be used to implement simple multiple-module tests. |
| Example 1 | <IfModule mod_load.c>
MaxLoad 10 "Access denied, server load too high"
</IfModule> |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | LDAPDoQuotaLookups | |
| Syntax | LDAPDoQuotaLookups [ on off ] [ "auth-base-prefix" ] [ "search-filter-template" ] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | off |
| From version | mod_ldap v2.8.11 and later |
| Description | This configuration directive activates LDAP quota lookups. The second argument to this directive is the LDAP prefix to use for authentication. The third argument is a template to be used for the search filter; %v will be replaced with the username that is being authenticated. By default, the search filter template "(&(uid=%v)(objectclass=posixAccount))" is used. Search filter templates are only supported in mod_ldap v2.7 and later. |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | LDAPForceHomedirOnDemand | |
| Syntax | LDAPForceHomedirOnDemand [ on off ] [ directory-mode ] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_ldap |
| Standard | off |
| From version | mod_ldap v2.8.11 and later |
| Description | Even when a LDAPHomeDironDemandPrefix is configured, mod_ldap will allow individual users to have homeDirectory attributes that will override the default. With LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given the default prefix and/or suffix; homedirs may not be overridden by LDAP homeDirectory attributes. |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | ListOptions | |
| Syntax | ListOptions [ "options string"] [ ["strict"]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_ls |
| Standard | |
| From version | 1.2.8rc1 and later |
| Description | Normally, FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. The ListOptions directive can alter the behaviour of such listings by making it such that a certain option (or options) is always in effect, or is always disabled.
In addition to the normal dash-prefixed options that the builtin ls takes, the directive allows for plus-prefixed options. The plus-prefixed options allow for their dash-prefixed equivalents, potentially given by a user, to be disabled, while still allowing other options to function normally.
In the optional "strict" keyword is used, then the configured options will override any options given by the user (i.e. the user's options will be ignored). |
| Example 1 | # Erzwingt grundsätzlich das Anzeigen von versteckten Files.
ListOptions "-a" |
| Example 2 | # Hier wird nur das rekursive Listen verboten,
# alle anderen Optionen sind jedoch erlaubt.
# Das "+R" verbietet alle "-R" Optionen, die vom
# Client übermittelt werden
ListOptions "+R"
# Erlaubt nur das einfache auflisten, keine Optionen
# IMMER
ListOptions "" strict |
| 02.00.2004 10:01 |
|
|
| |
| Name | MaxClientsPerUser | |
| Syntax | MaxClientsPerUser [ MaxClientsPerUser number|none [message]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | |
| From version | 1.2.7rc1 and later |
| Description | The MaxClientsPerUser directive configures the maximum number of clients that may be connected at any given time using the same user name. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value. If message is not supplied, a default message of "Sorry, the maximum number of clients (%m) for this user already connected." |
| Example 1 | MaxClientsPerUser 1 "Only one such user at a time."
#Results in: 530 Only one such user at a time. |
| Example 2 | |
| 02.00.2004 05:01 |
|
|
| |
| Name | MaxRetrieveFileSize | |
| Syntax | MaxRetrieveFileSize [ number|"*" units ["user"|"group"|"class" expression]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_xfer |
| Standard | |
| From version | 1.2.7rc1 and later |
| Description | When downloading files to clients (eg serving a RETR request), the server will check for any configured limit against the size of the file being requested, and abort any transfers if the requested file's size exceeds the configured limit.
A single "*" argument configures unlimited file sizes, and is used primarily to override any inherited restrictions from higher contexts. The given number is the number of bytes for the limit, and is followed by a units specifier of (case-insensitive) "Gb" (Gigabytes), "Mb" (Megabytes), "Kb" (Kilobytes), or "B" (bytes). The given number of bytes is multiplied by the appropriate factor.
The optional parameters are used to restrict the file size limits only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply. If no matching user, group, or class expression is found for the current user (in that order), then a limit with no expression (i.e. no "user", "group", or "class" identifier) is applied.
See Also: MaxStoreFileSize |
| Example 1 | # Download bis zu 1 GB erlauben
MaxRetrieveFileSize 1 Gb |
| Example 2 | # Den Download nur für den User "fred" begrezen
# für alle anderen aber nicht begrenzen
MaxStoreFileSize 50 Kb user fred
MaxStoreFileSize * |
| 02.00.2004 04:02 |
|
|
| |
| Name | VRootOptions | |
| Syntax | VRootOptions opt1 ... |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_vroot |
| Standard | |
| From version | 1.2.9rc2 and later |
| Description | The VRootOptions directive is used to configure various optional behavior of mod_vroot.
Example:
VRootOptions allowSymlinks
The currently implemented options are:
* allowSymlinks
Normally, any symlinks that point outside of the vroot area simply do not work. When the allowSymlinks option is enabled, these symlinks will be allowed. Note that by enabling symlinks, the efficacy of the vroot "jail" is reduced. |
| Example 1 | VRootOptions allowSymlinks |
| Example 2 | |
| 02.00.2004 04:02 |
|
|
| |
| Name | MaxConnectionRate | |
| Syntax | MaxConnectionRate [ connections per second] |
| Context | Server config |
| Modul | mod_core |
| Standard | |
| From version | 1.2.7rc1 and later |
| Description | Set the maxiumum rate at which new TCP connections are accepted, this applies to the entire server, therefore too low a value on a high traffic server can result in all VirtualHosts being made unavailable due to normal traffic levels.
The value is the number of connections in a given second at which the block comes into effect, thus a value of "1" will result in all connections being blocked. |
| Example 1 | MaxConnectionRate 4 |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | MaxStoreFileSize | |
| Syntax | MaxStoreFileSize [ number|"*" units ["user"|"group"|"class" expression]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_xfer |
| Standard | |
| From version | 1.2.7rc1 and later |
| Description | When uploading files from a client (eg serving a STOR request), the server will check for any configured limit against the size of the file being sent, and abort any transfers if/when the given file's size exceeds the configured limit.
A single "*" argument configures unlimited file sizes, and is used primarily to override any inherited restrictions from higher contexts. The given number is the number of bytes for the limit, and is followed by a units specifier of (case-insensitive) "Gb" (Gigabytes), "Mb" (Megabytes), "Kb" (Kilobytes), or "B" (bytes). The given number of bytes is multiplied by the appropriate factor.
Weiterhin kann man durch die Angabe eines Users, einer Gruppe oder ein Klasse die Ausfuehrung des Befehls aus eben diese beschraenken. Sollte dabei keine Angabe zutreffen, so wird der Befehl dann nicht ausgefuehrt.
Ausserdem: MaxRetrieveFileSize |
| Example 1 | # Restrict upload to only 3 megabytes
MaxStoreFileSize 3 Mb |
| Example 2 | # Restrict anonymous uploads to 50k,
# but allow unlimited upload size for everyone else
MaxStoreFileSize 50 Kb user anonymous
MaxStoreFileSize * |
| 02.00.2004 04:02 |
|
|
| |
| Name | SQLLogFile | |
| Syntax | SQLLogFile [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_sql |
| Standard | |
| From version | 1.2.8rc2 and later |
| Description | ????? |
| Example 1 | SQLLogFile /var/log/proftpd_sql.log
Alle SQL Befehle werden in die Datei "/var/log/proftpd_sql.log" geloggt. |
| Example 2 | |
| 06.00.2003 23:00 |
|
|
| |
| Name | SQLUserInfo | |
| Syntax | SQLUserInfo [users userid password uid gid homedir shell] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_sql |
| Standard | ???? |
| From version | 1.2.5rc1 and later |
| Description | ??????? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 23:01 |
|
|
| |
| Name | ServerLog | |
| Syntax | ServerLog [ path] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_log |
| Standard | |
| From version | 1.2.8rc1 and later |
| Description | The ServerLog directive disables the daemon's use of the syslog mechanism and instead redirects all logging output for the server to the specified filename. The filename argument must contain an absolute path. Use of this directive overrides any facility set by the SyslogFacility directive, as well as overriding any configured SystemLog. |
| Example 1 | DebugLevel 5
ServerLog /var/log/proftpd.debug.log
|
| Example 2 | |
| 02.00.2004 04:01 |
|
|
| |
| Name | StoreUniquePrefix | |
| Syntax | StoreUniquePrefix [ "prefix"] |
| Context | Server config <Global> <VirtualHost> <Anonymous> .ftpaccess <Directory> |
| Modul | mod_xfer |
| Standard | |
| From version | 1.2.6rc1 and later |
| Description | The StoreUniquePrefix is used to configure a prefix for the generated unique random filenames used for the STOU FTP command. The last six characters of the filename will be random. Slashes are not allowed in the prefix string.
All valid filename characters are allowed except '/' |
| Example 1 | StoreUniquePrefix "test"
[...]
230 User xx logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> sunique
Store unique on.
ftp> mput coolness.pl
mput coolness.pl [anpqy?]? a
Prompting off for duration of mput.
229 Entering Extended Passive Mode (|||1373|)
150 FILE: test4kzRvu
100% |*************************************| 323 1.26 MB/s 00:00 ETA
226 Transfer complete.
ftp> sunique
Store unique off.
ftp> mput coolness.pl
mput coolness.pl [anpqy?]? a
Prompting off for duration of mput.
229 Entering Extended Passive Mode (|||1374|)
150 Opening BINARY mode data connection for coolness.pl
100% |*************************************| 323 2.24 MB/s 00:00 ETA
226 Transfer complete.
|
| Example 2 | |
| 02.00.2004 03:01 |
|
|
| |
| Name | TCPServiceName | |
| Syntax | TCPServiceName [ name] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_wrap |
| Standard | proftpd |
| From version | 1.2.1 and later |
| Description | TCPServiceName is used to configure the name of the service under which mod_wrap will check the allow/deny files. By default, this is the name of the program started, i.e. "proftpd". However, some administrators may want to use a different, more generic service name, such as "ftpd"; use this directive for such needs. |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCACertificateFile | |
| Syntax | TLSCACertificateFile [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ???? |
| From version | 1.2.8rc1 and later |
| Description | ??????? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCACertificatePath | |
| Syntax | TLSCACertificatePath [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ???? |
| From version | 1.2.8rc1 and later |
| Description | ??????? |
| Example 1 | ????????? |
| Example 2 | ???????? |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCARevocationFile | |
| Syntax | TLSCARevocationFile [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ???? |
| From version | 1.2.8rc1 and later |
| Description | ??????? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCARevocationPath | |
| Syntax | TLSCARevocationPath [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ????? |
| From version | 1.2.8rc1 and later |
| Description | ??????? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCertificateChainFile | |
| Syntax | TLSCertificateChainFile [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ??????? |
| From version | 1.2.8rc1 and later |
| Description | ?????????? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TLSCipherSuite | |
| Syntax | TLSCipherSuite [ "name" limit|regex|ip value] |
| Context | Server config <Global> <VirtualHost> <Anonymous> <Limit> .ftpaccess |
| Modul | mod_tls |
| Standard | ??? |
| From version | 1.2.8rc1 and later |
| Description | ???? |
| Example 1 | |
| Example 2 | |
| 06.00.2003 21:02 |
|
|
| |
| Name | TimeoutSession | |
| Syntax | TimeoutSession [ seconds ["user"|"group"|"class" expression]] |
| Context | Server config <Global> <VirtualHost> <Anonymous> |
| Modul | mod_auth |
| Standard | |
| From version | 1.2.6rc1 and later |
| Description | The TimeoutSession directive sets the maximum number of seconds a control connection between the proftpd server and an FTP client can exist after the client has successfully authenticated. If the seconds argument is set to 0, sessions are allowed to last indefinitely (the default).
The optional parameters are used to restrict the session time limit only to specific users. If "user" restriction is given, then expression is a user-expression specifying to which users the time limit applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the time limit will apply. Note that use of the "user" or "group" classifiers within an <Anonymous> context will not make much sense. |
| Example 1 | # Kick the user off after 60 minutes
TimeoutSession 3600 |
| Example 2 | # set a draconian session time limit
TimeoutSession 60
# set session time limits for everyone except a few privileged users
TimeoutSession 300 user !bob,!dave,!jenni |
| 06.00.2003 21:02 |
|
|
| |
| Name | sql:// | |
| Syntax | sql://dbuser:dbpass@dbserver/db:dbname/ctxt:table[:id,parent_id,name,value]/conf:table[:id,name,value]/map:table[:conf_id,ctxt_id] |
| Context | Server config |
| Modul | mod_conf_sql |
| Standard | sql://foo:bar@localhost/db:proftpd/ctxt:ftpctxt:id,parent_id,name,value/conf:ftpconf:id,name,value/map:ftpmap:conf_id,ctxt_id |
| From version | 1.2.9rc1 + mod_conf_sql-0.3 |
| Description | Conceptually, there are two basic elements in proftpd.conf: contexts and directives. Contexts include <Anonymous>, <VirtualHost>, the "server config" default context, and conditional contexts such as <IfDefine> and <IfModule>. Configuration directives are contained within a context.
Thus, to represent the configuration file contents within SQL tables, three things are needed: a table of contexts, a table of configuration directives, and a table that describes which directives are contained within which contexts. mod_conf_sql thus relies on a database schema of three tables. The SQL queries it uses rely on inner joins; this means that the underlying database must support INNER JOINs.
Database Schema
Here is an example MySQL schema for the tables mod_conf_sql uses:
DROP TABLE ftpctxt
CREATE TABLE ftpctxt (
id INTEGER UNSIGNED UNIQUE PRIMARY KEY NOT NULL AUTO_INCREMENT,
parent_id INTEGER UNSIGNED,
name VARCHAR(255),
value VARCHAR(255)
)
DROP TABLE ftpconf
CREATE TABLE ftpconf (
id INTEGER UNSIGNED UNIQUE PRIMARY KEY NOT NULL AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
value BLOB
)
DROP TABLE ftpmap
CREATE TABLE ftpmap (
conf_id INTEGER UNSIGNED NOT NULL,
ctxt_id INTEGER UNSIGNED NOT NULL
)
Each context and configuration directive is assigned a unique ID. The ftpmap table maps the configuration directive to its appropriate context by IDs. In addition, each context has a parent context, which allows for nested contexts, such as:
<Directory incoming>
<Limit DELE MKD RMD STOR XMKD XRMD>
DenyAll
</Limit>
</Directory>
The one allowed exception to this parent requirement context is the "server config" context, which is the default context in the proftpd.conf file. mod_conf_sql always starts by searching for this top-level context, which must have a NULL parent ID.
Configuration URI
How does mod_conf_sql do its magic? This module uses ProFTPD's FSIO API to temporarily redefine what it means to open and read a file; it presents a file-like interface to a SQL table such that ProFTPD's configuration parser does not know that the configuration is coming from a database rather than a flat file.
In order to accomplish this magic, mod_conf_sql needs to know some things about the database, so that it can connect and retrieve the configuration data. This information is provided in the "path" to the configuration file, using proftpd's -c/--config command-line option. The specific "path" to use for mod_conf_sql uses an URI-like syntax:
sql://dbuser:dbpass@dbserver/db:dbname/ctxt:table[:id,parent_id,name,value]/conf:table[:id,name,value]/map:table[:conf_id,ctxt_id]
The syntax is long, but it has to be so in order to provide all of the information mod_conf_sql needs. (This information cannot be stored in the configuration file because mod_conf_sql will be constructing that configuration file).
The "sql://" prefix informs the FSIO API that this "path" should be handled differently from a normal Unix filesystem path. The dbuser, dbpass, and dbserver parts are the usual data needed to connect to a database; database server information, such as port number or Unix domain socket path, can be added to the dbserver string. dbname configures the name of the database to use. Then, one specifies the names of the three tables to use (the context table, the directives table, and the mapping table); one can optionally configure the column names in those tables. Note that if column names are specified, all of the columns in the table must be provided.
The following example shows a "path" where the table names are specified, but the column names in those tables are left to the default values:
proftpd -c sql://foo:bar@localhost/db:proftpd/ctxt:ftpctxt/conf:ftpconf/map:ftpmap
Explicitly specifying the column names in the above URI would make the "path" look like:
proftpd -c sql://foo:bar@localhost/db:proftpd/ctxt:ftpctxt:id,parent_id,name,value/conf:ftpconf:id,name,value/map:ftpmap:conf_id,ctxt_id
This URI-like path syntax can also be used as the parameter to the Include configuration directive. Note, though, that at present mod_conf_sql will always search for the "server config" context in the ftpctxt table first, and then recurse through all its contained contexts. This means that using something like this in a proftpd.conf configuration file:
<VirtualHost 1.2.3.4>
Include sql://foo:bar@localhost/db:proftpd/ctxt:vhostctxt/conf:vhostconf/map:vhostmap
</VirtualHost>
is currently unsupported, and will not function as one would assume.
The mod_conf_sql module does not actually need mod_sql to be configured, using the normal mod_sql configuration directives; however, mod_conf_sql does require that mod_sql be compiled into proftpd. It is possible to store the configuration information in one database, and the user/group authentication information in a completely different database.
Importing/Exporting
While storing configuration information in SQL tables may make some tasks easier, it will making editing of configurations more complex. To help with this, mod_conf_sql is accompanied by two Perl scripts that can be used to import existing proftpd.conf files into a database, and to export configuration information from SQL tables back into a proftpd.conf file.
The conf2sql.pl script reads a given proftpd.conf configuration file and populates the SQL tables with the information from that file. One specifies the database connection information, and the full path to the proftpd.conf to be imported. The script will delete any existing information in the SQL tables. Use conf2sql.pl --help to see usage information.
Example:
conf2sql.pl --dbdriver=mysql --dbname=proftpd --dbuser=foo --dbpass=bar --dbserver=localhost /etc/proftpd.conf
Note that the script currently allows the SQL table names to be specified via command-line options, but the column names are assumed to be those mentioned above.
The sql2conf.pl script reads the SQL tables and reconstructs the proftpd.conf configuration file represented by those tables. One specifies the database connection information. Use sql2conf.pl --help to see usage information.
Example:
sql2conf.pl --dbdriver=mysql --dbname=proftpd --dbuser=foo --dbpass=bar --dbserver=localhost
Note that the script currently allows the SQL table names to be specified via command-line options, but the column names are assumed to be those mentioned above.
|
| Example 1 | proftpd -c sql://foo:bar@localhost/db:proftpd/ctxt:ftpctxt:id,parent_id,name,value/conf:ftpconf:id,name,value/map:ftpmap:conf_id,ctxt_id |
| Example 2 | CREATE TABLE ftpctxt (
id INTEGER UNSIGNED UNIQUE PRIMARY KEY NOT NULL AUTO_INCREMENT,
parent_id INTEGER UNSIGNED,
name VARCHAR(255),
value VARCHAR(255)
)
CREATE TABLE ftpconf (
id INTEGER UNSIGNED UNIQUE PRIMARY KEY NOT NULL AUTO_INCREMENT,
name VARCHAR(255) NOT NULL,
value BLOB
)
CREATE TABLE ftpmap (
conf_id INTEGER UNSIGNED NOT NULL,
ctxt_id INTEGER UNSIGNED NOT NULL
)
|
| 07.00.2003 09:00 |
|
|
| |
| Name | HideFiles | |
| Syntax | HideFiles [ [!]regexp|"none" ["user"|"group"|"class" expression]] |
| Context | .ftpaccess <Directory> |
| Modul | |
| Standard | |
| From version | 1.2.7rc1 |
| Description | The HideFiles directive configures a <Directory> section to hide all directory entries, e.g. its files and sub-directories, that match the given regular expression. These files can still be operated on by other FTP commands (DELE, RETR, etc), as constrained by any applicable <Limit>s, but this can be modified using the IgnoreHidden directive. Note that this directive manipulates a file's "hidden-ness", but doesn't do any hiding by itself. A <Limit> section, with IgnoreHidden enabled, does the actual hiding of the files from the <Limit>ed commands.
As <Directory> configurations are inherited by sub-directories, the "none" parameter can be used to disable any inherited file hiding within a sub-directory, usually through the use of a .ftpaccess file.
The optional parameters are used to restrict the rule for hiding files only to specific users. If "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply.
An unrestricted HideFiles directive and an unrestriected ShowFiles directive cannot be used simultaneously in the context.
Example: # Hide configuration and passwd files from view HideFiles "(\.conf|passwd)$" # ...or the same regex, without the quotes HideFiles (\.conf|passwd)$ # Hide those same files from everyone _except_ a special user HideFiles (\.conf|passwd)$ user !tj # Using the ! prefix to "invert" the regular expression matching, # allow only .txt and .html files to be seen HideFiles !(\.txt|\.html)$ # Only let users of the webmaster group see HTML files, but nothing else HideFiles !(\.htm|\.html)$ group webmaster
See Also: HideGroup, HideUser, HideNoAccess |
| Example 1 | Beispiel:
# Hide configuration and passwd files from view
HideFiles "(\.conf|passwd)$"
# ...or the same regex, without the quotes
HideFiles (\.conf|passwd)$
# Hide those same files from everyone _except_ a special user named "tj"
HideFiles (\.conf|passwd)$ user !tj
# Using the ! prefix to "invert" the regular expression matching,
# allow only .txt and .html files to be seen
HideFiles !(\.txt|\.html)$
# Only let users of the webmaster group see HTML files, but nothing else
HideFiles !(\.htm|\.html)$ group webmaster
|
| Example 2 | |
| 05.00.2004 02:01 |
|
|
| |
| Name | QuotaLock | |
| Syntax | QuotaLock file |
| Context | |
| Modul | mod_quotatab |
| Standard | None |
| From version | ab 1.2.9 RC1 |
| Description | NEU |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 02:01 |
|
|
| |
| Name | ShaperAll | |
| Syntax | ShaperAll ["priority" num] ["rate" num] ["shares" num] |
| Context | Server config |
| Modul | mod_shaper |
| Standard | ShaperAll priority 10 rate -1.0 shares 5 |
| From version | 1.2.10RC1 |
| Description | The ShaperAll directive is used to configure the overall mod_shaper settings: the rate for the entire daemon, the default shares for shaped sessions, and the default priority for shaped sessions. If specified, the priority cannot be a negative number, the rate is in KB/s and must be greater than zero, and the shares must be greater than one. For configuring the priority and shares for individual sessions, use the ShaperSession directive.
The default rate is -1.0, which means that in order for mod_shaper to function properly, a rate must be specified. The default shares setting is 5, the default priority is 10.
Examples:
# Change the overall daemon rate to 100 KB/s
ShaperAll rate 100
# Give 20 shares to each session by default, and have an overall rate of 1000
ShaperAll rate 1000 shares 20
See also: ShaperSession |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | ShaperControlsACLs | |
| Syntax | ShaperControlsACLs actions|"all" "allow"|"deny" "user"|"group" list |
| Context | Server config |
| Modul | mod_shaper |
| Standard | none |
| From version | 1.2.10 RC1 |
| Description | The ShaperControlsACLs directive configures access lists of users or groups who are allowed (or denied) the ability to use the actions implemented by mod_ctrls. The default behavior is to deny everyone unless an ACL allowing access has been explicitly configured.
If "allow" is used, then list, a comma-delimited list of users or groups, can use the given actions; all others are denied. If "deny" is used, then the list of users or groups cannot use actions all others are allowed. Multiple ShaperControlsACLs directives may be used to configure ACLs for different control actions, and for both users and groups.
The actions provided by mod_shaper are "all", "info", and "sess".
Examples:
# Allow only user root to alter the overall settings
ShaperControlsACLs all allow user root
# Allow the ftpadm group to shape current sessions
ShaperControlsACLs sess allow group ftpadm
# Allow everyone but user bob to see the current shaper stats
ShaperControlsACLs info deny user bob
|
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | ShaperEngine | |
| Syntax | ShaperEngine on|off |
| Context | Server config |
| Modul | mod_shaper |
| Standard | off |
| From version | 1.2.10 RC1 |
| Description | The ShaperEngine directive enables or disables the "shaping" of sessions by mod_shaper. If it is set to off this module does no shaping of transmitted traffic. Use this directive to disable the module instead of commenting out all mod_shaper directives. |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | ShaperLog | |
| Syntax | ShaperLog path|"none" |
| Context | Server config |
| Modul | mod_shaper |
| Standard | none |
| From version | 1.2.10 RC1 |
| Description | The ShaperLog directive is used to a specify a log file for mod_shaper reporting and debugging. The path parameter must be the full path to the file to use for logging. Note that this path must not be to a world-writeable directory and, unless AllowLogSymlinks is explicitly set to on (generally a bad idea), the path must not be a symbolic link.
If path is "none", no logging will be done at all. |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | ShaperSession | |
| Syntax | ShaperSession ["priority" num] ["shares" +|-num] |
| Context | Server config |
| Modul | mod_shaper |
| Standard | ShaperSession priority 10 |
| From version | 1.2.10 RC1 |
| Description | The ShaperSession directive is used to set shaping data on a per-session basis. It is intended to be used within mod_ifsession conditional configuration blocks. If used, the priority must not be a negative number. The shares parameter must start with '+' or '-'; this value adjusts the default numbers of shares allotted to a session, increasing or reducing the sessions's shares. The ShaperAll directive is used for configuring overall shaping data.
Example:
# Reward my friends
ShaperSession shares +2
# Punish my enemies
ShaperSession shares -4
# Let <Directory>-level TransferRate directives take priority
ShaperSession priority 3
See also: ShaperAll |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | ShaperTable | |
| Syntax | ShaperTable path |
| Context | Server config |
| Modul | mod_shaper |
| Standard | none |
| From version | 1.2.10 RC1 |
| Description | The ShaperTable directive configures a path to a file that mod_shaper uses for storing its shaping data. The given path must be an absolute path. Note: this directive is required for mod_shaper to function. |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | shaper all | |
| Syntax | ftpdctl shaper all [priority num] [rate num] [shares num] |
| Context | Control Program |
| Modul | mod_shaper |
| Standard | |
| From version | 1.2.10 RC1 |
| Description | NEU |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | shaper info | |
| Syntax | ftpdctl shaper info |
| Context | Control Program |
| Modul | mod_shaper |
| Standard | |
| From version | 1.2.10 RC1 |
| Description | Purpose: Print information about current shaped sessions
The shaper info control action can be used to view information on currently shaped sessions. This includes the current overall rate, the default number of shares per session, and the total number of currently shaped sessions. It also lists the following for each shaped session: process ID (PID), share adjustments, priority, and session rate.
Example listing:
# ftpdctl shaper info
ftpdctl: Overall Rate: 100.00 KB/s
ftpdctl: Default Shares Per Session: 5
ftpdctl: Default Priority: 10
ftpdctl: Number of Shaped Sessions: 2
ftpdctl: PID Shares Priority Rate (KB/s)
ftpdctl: ----- -------------- -------- -----------
ftpdctl: 3912 7/14 (+2) 10 50.00
ftpdctl: 3915 7/14 (+2) 10 50.00
The "Shares" column is formatted as:
sharessession/sharestotal (+|-sharesadjust)
The +2 in the listing above is due to a ShaperSession affecting these sessions:
ShaperSession shares +2
|
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | shaper sess | |
| Syntax | ftpdctl shaper sess class|host|user name [priority num] [shares +|-num] |
| Context | Control Program |
| Modul | mod_shaper |
| Standard | |
| From version | 1.2.10 rc1 |
| Description | Purpose: Alter specific session's mod_shaper settings
The shaper sess action is used to change session-specific shaping data on-the-fly. If given, the priority must not be a negative number. The shares parameter must start with '+' or '-'; this value adjusts the default numbers of shares allotted to a session, increasing or reducing the sessions's shares.
This example gives user alex an additional 10 shares:
ftpdctl shaper sess user alex shares +10
The following sets the priority for host cache.example.com such that TransferRate directives in <Anonymous> sections, <Directory> sections and .ftpacccess files have precedence (see the usage instructions for more details on priority):
ftpdctl shaper sess host cache.example.com priority 2
One can even change the settings on entire Classes of sessions:
ftpdctl shaper sess class proxy shares -3 priority 1
See also: shaper all |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
| |
| Name | MaxClientsPerClass | |
| Syntax | MaxClientsPerClass name number|"none" [message] |
| Context | Server config <Global> <VirtualHost> |
| Modul | mod_auth |
| Standard | None |
| From version | 1.2.10RC1 |
| Description | The MaxClientsPerClass directive configures the maximum number of clients
that may be connected at any given time from the same Class. The
optional argument message may be used which will be displayed to a client
attempting to exceed the maximum value. If message is not supplied, a default
message of "Sorry, the maximum number of clients (%m) from your class are
already connected."</para> |
| Example 1 | NEU |
| Example 2 | NEU |
| 05.00.2004 03:01 |
|
|
View all
Deutsch
Offline
Search