The best way to install proftpd is to complile it yourself. Download the tarball from ProFTPd's website, and unzip it to the directory of your choice.
Once untarred, go into the new directory and type:
./configure
This will allow ProFTPd to detect your system's settings and create a make file to complile the program. You SHOULDN'T get any errors, but if you do, use rpmfind.net to find any dependencies that you may be missing. Once your ./configure has finished without errors, you are ready to actually compile the daemon. To do this, type:
make
ProFTPd is fairly small (~600k), so the compile time should be pretty short. Once the program is compiled, become root using 'su' (if you aren't root already), and type:
make install
This will copy all the ProFTPd files where they need to go. You only need to be aware of two of these directories:
/etc/init.d/
This is where the actual service is installed, called 'proftpd'.
/etc/proftpd
This is where the ProFTPd config files are located, your default config being 'proftpd.conf'.
ProFTPd has now been successfully installed on your system. Now we can go on to configure the FTP
Configuration of ProFTPd
------------------------
Once ProFTPd is installed, as root, go into /etc/proftpd and take a look at the config files there. You should see two of them:
proftpd.conf.distrib
proftpd.conf.sample
These two config files give you good examples on how to set up a basic config file. Open up proftpd.conf.sample. There are a few options we want to change to personalize our server even more.
First, let's name the FTP server. Find the line beginning with 'ServerName'. Here, go ahead and change what's in the quotes to whatever you'd like. This will be displyed whenever the user logs into the system. Using your hostname is usually fine, but if your FTP has a specific purpose you can name it after that as well.
The next line is 'ServerType'. The default setting is 'standalone'. This means that the server will run as it's own separate process, and as users connect, new proftpd processes will be spawned to service those users. If you want to have ProFTPd run by inetd, which is in itself a "super server" for internet related processes, then you can change this line to inetd. If your user load isn't going to be larger than 10 or 15, then you don't need to worry about having inetd run your server. For the purposes of this install, we'll stick with running ProFTPd as a standalone server. The configuration is very similar, but this will allow us more time to configure ProFTPd itself.
We can skip over the lines 'AuthPAM' and 'AuthPAMConfig', because on a base linux system we aren't going to be using PAM. PAM is a centralized authentication system that is used often on a network of systems with hundreds of users -- ProFTPd can be configured to check usernames and passwords with the PAM servers as opposed to the system the FTP server is on. PAM is a complete project in itself, so we will leave these settings alone, as the defaults turn off PAM authentication.
The 'Port' setting determines which port on whicih ProFTPd runs. The default here is port 21, the standard ftp port. If you wish to prevent random access to your FTP, it's best to change this. If you want to make sure that your FTP is easy to find, however, leave this setting as is.
The 'Umask' setting is the default setting for folders and files created during an FTP session. This is the safest setting, as it prevents world and group write ability so that uploaded files and directories are safer.
The 'MaxInstances' setting is only used when ProFTPd is set to run as a 'standalone' server. If it is, this defines the maximum number of instances of ProFTPd that can be running. This is helpful in preventing denial of service attacks. The maximum setting should be 30, and anything less than that is safer.
The 'User' and 'Group' settings determine how ProFTPd is run. We DEFINITELY don't want to have it run as root (as a server crash could be exploited by a hacker), so a new username and group is kosher for your ftp server. The default is proftpd/proftpd, which is perfectly fine.
Within the '' brackets, we see the setup for an anonymous user. If you wish to disallow anonymous access to your ftp, simply remove the block of code.
Inside these brackets, there are several options we should look at:
'UserAlias' -- If you wish to have several usernames associated with the same type of login, this is where you list them. In the case of anonymous access, 'anonymous' and 'ftp' both log you in as the same user. This is helpful when defining types of users that have access to only certain files on the disk.
'MaxClients' -- This defines how many users can log in under this account name at one time.
'DisplayLogin' -- This points to a text file that is printed out to console when a user logs into your ftp. Rules and general information about the ftp are common place in this file.
'Limit ...' -- This is a limit tag that allows you to limit certain permissions. Within the anonymous login, there is a limit tag denying upload ability to all users who log in as anonymous. The config structure here is very similar to Apache.
Once you have edited your file to your liking, go ahead and save it as 'proftpd.conf' in /etc/proftpd/. Once this is done, you can start up your server using this command:
/etc/init.d/proftpd start
ProFTPd is now running on your system. Now we need to set up the users who can have access to the FTP. By default, ProFTPd allows any login to the FTP to members of the 'ftp' group on your system. You don't need to worry about setting up passwords for users either, because the daemon will grab the Unix password that already exists for that user on the system. To add users to the ftp group, edit your /etc/group file and list any user you wish to have access to the ftp after the ftp group. Once this is done, you're all set. Any user that you have in that list can access the ftp.
No comments:
Post a Comment