glfs/server/major/proftpd.xml
2024-01-19 22:39:35 +01:00

470 lines
14 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
<!ENTITY proftpd-download-http "https://github.com/proftpd/proftpd/archive/v&proftpd-version;/proftpd-&proftpd-version;.tar.gz">
<!ENTITY proftpd-download-ftp " ">
<!ENTITY proftpd-md5sum "778cdeeac86e1d26451112bb7d4662af">
<!ENTITY proftpd-size "19 MB">
<!ENTITY proftpd-buildsize "66 MB">
<!ENTITY proftpd-time "0.3 SBU">
]>
<sect1 id="proftpd" xreflabel="ProFTPD-&proftpd-version;">
<?dbhtml filename="proftpd.html"?>
<title>ProFTPD-&proftpd-version;</title>
<indexterm zone="proftpd">
<primary sortas="a-proftpd">Proftpd</primary>
</indexterm>
<sect2 role="package">
<title>Introduction to ProFTPD</title>
<para>
The <application>ProFTPD</application> package contains a secure
and highly configurable FTP daemon. This is useful for serving large
file archives over a network.
</para>
&lfs120_checked;
<bridgehead renderas="sect3">Package Information</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Download (HTTP): <ulink url="&proftpd-download-http;"/>
</para>
</listitem>
<listitem>
<para>
Download (FTP): <ulink url="&proftpd-download-ftp;"/>
</para>
</listitem>
<listitem>
<para>
Download MD5 sum: &proftpd-md5sum;
</para>
</listitem>
<listitem>
<para>
Download size: &proftpd-size;
</para>
</listitem>
<listitem>
<para>
Estimated disk space required: &proftpd-buildsize;
</para>
</listitem>
<listitem>
<para>
Estimated build time: &proftpd-time;
</para>
</listitem>
</itemizedlist>
<!--
<bridgehead renderas="sect3">Additional Downloads</bridgehead>
<itemizedlist spacing="compact">
<listitem>
<para>
Required patch:
<ulink url="&patch-root;/proftpd-&proftpd-version;-consolidated_fixes-1.patch"/>
</para>
</listitem>
</itemizedlist>
-->
<bridgehead renderas="sect3">ProFTPD Dependencies</bridgehead>
<bridgehead renderas="sect4">Optional</bridgehead>
<para role="optional">
<xref linkend="libcap-pam"/>,
<xref linkend="libssh2"/>,
<xref linkend="linux-pam"/>,
<xref linkend="mariadb"/> or <ulink url="https://www.mysql.com/">MySQL</ulink>,
<xref linkend="pcre"/>,
<xref linkend="postgresql"/>, and
<ulink url="https://metacpan.org/pod/Net::SSH2">Net::SSH2</ulink>
</para>
</sect2>
<sect2 role="installation">
<title>Installation of ProFTPD</title>
<para>
For security reasons, you should install
<application>ProFTPD</application> using an unprivileged user and group.
As the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>groupadd -g 46 proftpd &amp;&amp;
useradd -c proftpd -d /srv/ftp -g proftpd \
-s /usr/bin/proftpdshell -u 46 proftpd &amp;&amp;
install -v -d -m775 -o proftpd -g proftpd /srv/ftp &amp;&amp;
ln -v -s /usr/bin/false /usr/bin/proftpdshell &amp;&amp;
echo /usr/bin/proftpdshell &gt;&gt; /etc/shells</userinput></screen>
<!--
<para>
First, apply a patch containing various security fixes from
the upstream developers:
</para>
<screen><userinput remap="pre">patch -Np1 -i ../proftpd-&proftpd-version;-consolidated_fixes-1.patch</userinput></screen>
-->
<para>
Install <application>ProFTPD</application> as an unprivileged user by
running the following commands:
</para>
<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/run &amp;&amp;
make</userinput></screen>
<para>
This packages does not come with a usable test suite.
</para>
<para>
Now, as the <systemitem class="username">root</systemitem> user:
</para>
<screen role="root"><userinput>make install &amp;&amp;
install -d -m755 /usr/share/doc/proftpd-&proftpd-version; &amp;&amp;
cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version;</userinput></screen>
</sect2>
<sect2 role="commands">
<title>Command Explanations</title>
<para>
<command>install -v -d -m775 -o proftpd -g proftpd /srv/ftp</command>:
Create the home directory for <application>ProFTPD</application>.
</para>
<para>
<command>ln -v -s /usr/bin/false /usr/bin/proftpdshell</command>:
Set the default shell as a link to an invalid shell.
</para>
<para>
<command>echo /usr/bin/proftpdshell &gt;&gt; /etc/shells</command>:
Fake a valid shell for compatibility purposes.
</para>
<note>
<para>
The above two commands can be omitted if the following directive is
placed in the configuration file:
</para>
<screen><literal>RequireValidShell off</literal></screen>
<para>
By default, proftpd will require that users logging in have valid
shells. The RequireValidShell directive turns off this requirement.
This is only recommended if you are setting up your FTP server
exclusively for anonymous downloads.
</para>
</note>
<note>
<para>
Support for most of the dependency packages requires using options
passed to the <command>configure</command> script. View the output
from <command>./configure --help</command> for complete information
about enabling dependency packages.
</para>
</note>
</sect2>
<sect2 role="configuration">
<title>Configuring ProFTPD</title>
<sect3 id='proftpd-config'>
<title>Config Files</title>
<para>
<filename>/etc/proftpd.conf</filename>
</para>
<indexterm zone="proftpd proftpd-config">
<primary sortas="e-etc-proftpd">/etc/proftpd.conf</primary>
</indexterm>
</sect3>
<sect3>
<title>Configuration Information</title>
<para>
This is a simple, download-only sample configuration. See the
<application>ProFTPD</application> documentation in
<filename class="directory">/usr/share/doc/proftpd</filename> and
consult the website at <ulink url="http://www.proftpd.org/"/> for
example configurations.
</para>
<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /etc/proftpd.conf &lt;&lt; "EOF"
<literal># This is a basic ProFTPD configuration file
# It establishes a single server and a single anonymous login.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
<!--# (such as xinetd)-->
MaxInstances 30
# Set the user and group that the server normally runs at.
User proftpd
Group proftpd
# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
#DefaultRoot ~
# Normally, files should be overwritable.
&lt;Directory /*&gt;
AllowOverwrite on
&lt;/Directory&gt;
# A basic anonymous configuration, no upload directories.
&lt;Anonymous ~proftpd&gt;
User proftpd
Group proftpd
# Clients should be able to login with "anonymous" as well as "proftpd"
UserAlias anonymous proftpd
# Limit the maximum number of anonymous logins
MaxClients 10
# 'welcome.msg' should be displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Limit WRITE everywhere in the anonymous chroot
&lt;Limit WRITE&gt;
DenyAll
&lt;/Limit&gt;
&lt;/Anonymous&gt;</literal>
EOF</userinput></screen>
</sect3>
<sect3 id="proftpd-init">
<title><phrase revision="sysv">Boot Script</phrase>
<phrase revision="systemd">Systemd Unit</phrase></title>
<para>
Install the
<phrase revision="sysv"><filename>/etc/rc.d/init.d/proftpd</filename>
init script</phrase>
<phrase revision="systemd"><filename>proftpd.service</filename>
unit</phrase> included in the
<xref linkend="bootscripts" revision="sysv"/>
<xref linkend="systemd-units" revision="systemd"/>
package:
</para>
<indexterm zone="proftpd proftpd-init">
<primary sortas="f-proftpd">proftpd</primary>
</indexterm>
<screen role="root"><userinput>make install-proftpd</userinput></screen>
</sect3>
</sect2>
<sect2 role="content">
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directory</segtitle>
<seglistitem>
<seg>
ftpasswd, ftpcount, ftpdctl, ftpmail, ftpquota, ftpscrub, ftpshut,
ftptop, ftpwho, in.proftpd (symlink to proftpd), proftpd, and prxs
</seg>
<seg>
None
</seg>
<seg>
/usr/{include,lib}/proftpd,
/usr/share/doc/proftpd-&proftpd-version;, and
/srv/ftp
</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
<?dbhtml list-presentation="table"?>
<varlistentry id="proftpd-prog">
<term><command>proftpd</command></term>
<listitem>
<para>
is the FTP daemon
</para>
<indexterm zone="proftpd proftpd-prog">
<primary sortas="b-proftpd">proftpd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpcount">
<term><command>ftpcount</command></term>
<listitem>
<para>
shows the current number of connections
</para>
<indexterm zone="proftpd ftpcount">
<primary sortas="b-ftpcount">ftpcount</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpdctl">
<term><command>ftpdctl</command></term>
<listitem>
<para>
is used to control the proftpd daemon while it is running
</para>
<indexterm zone="proftpd ftpdctl">
<primary sortas="b-ftpdctl">ftpdctl</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpasswd">
<term><command>ftpasswd</command></term>
<listitem>
<para>
is a Perl script designed to create and manage
AuthUserFiles and AuthGroupFiles of the correct format for proftpd
</para>
<indexterm zone="proftpd ftpasswd">
<primary sortas="b-ftpasswd">ftpasswd</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpmail">
<term><command>ftpmail</command></term>
<listitem>
<para>
is a Perl script for sending email based on the proftpd TransferLog
</para>
<indexterm zone="proftpd ftpmail">
<primary sortas="b-ftpmail">ftpmail</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpquota">
<term><command>ftpquota</command></term>
<listitem>
<para>
is a Perl script designed to create and manage limits and tally
files for the mod_quotatab + mod_quotatab_file module combination
for proftpd
</para>
<indexterm zone="proftpd ftpquota">
<primary sortas="b-ftpquota">ftpquota</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpscrub">
<term><command>ftpscrub</command></term>
<listitem>
<para>
provides a way to scrub the scoreboard file on demand
</para>
<indexterm zone="proftpd ftpscrub">
<primary sortas="b-ftpscrub">ftpscrub</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpshut">
<term><command>ftpshut</command></term>
<listitem>
<para>
shuts down all <application>proftpd</application> servers
at a given time
</para>
<indexterm zone="proftpd ftpshut">
<primary sortas="b-ftpshut">ftpshut</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftptop">
<term><command>ftptop</command></term>
<listitem>
<para>
displays running status on connections
</para>
<indexterm zone="proftpd ftptop">
<primary sortas="b-ftptop">ftptop</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="ftpwho">
<term><command>ftpwho</command></term>
<listitem>
<para>
shows current process information for each session
</para>
<indexterm zone="proftpd ftpwho">
<primary sortas="b-ftpwho">ftpwho</primary>
</indexterm>
</listitem>
</varlistentry>
<varlistentry id="prxs">
<term><command>prxs</command></term>
<listitem>
<para>
is a Perl script designed to compile and install third-party
modules, from source code, as DSO modules for the installed
proftpd
</para>
<indexterm zone="proftpd prxs">
<primary sortas="b-prxs">prxs</primary>
</indexterm>
</listitem>
</varlistentry>
</variablelist>
</sect2>
</sect1>