1#Configuration file for bftpd. 2#The given values are only examples, modify this file for your own needs. 3 4global { 5 6 #If set to no, access is allowed. 7 #If set to yes, access is denied without giving a reason. 8 #If set to anything else, access is denied giving the content of this 9 #variable as a reason. 10 DENY_LOGIN="no" 11 12 #The port number where the daemon should listen (only for daemon mode) 13 PORT="21" 14 15 #You can force bftpd to use a specific port range in passive mode. 16 #Passive mode means that the client will open data connections 17 #and the server stays 'passive'. 18 #This option can be very useful with some firewall configurations. 19 #Seperate values with "," and define ranges with "-". 20 #bftpd will try to bind one of these ports in ascending order as 21 #you specify them here. 22 #If none of the given ports could be bound, the connection is 23 #is refused. If you want to bind any free port in that case, add 24 #"0" to the list. 25 #PASSIVE_PORTS="10000,12000-12100,13000" 26 PASSIVE_PORTS="0" 27 28 #If PORT data connections should be opened from port 20, say yes here. You 29 #will probably need this if your server is behind a firewall that restricts 30 #outgoing packets from ports higher than 1024. Note that this may be a 31 #security hole, as the server can not drop its root privileges completely 32 #if you say yes here. 33 DATAPORT20="no" 34 35 #The password for the administration commands, encrypted (man mkpasswd). 36 ADMIN_PASS="x" 37 38 #With this option, you can put your entire FTP environment into a chroot 39 #jail. Apart from security, this offers you the possibility of having 40 #virtual users that don't exist in the system. 41 #Additionally, you can make some kind of 'file pool' by creating a directory 42 #with files which you can symlink from the users' homes (this means setting 43 #DO_CHROOT=no in order for the users to be able to access that dir. 44 #Note that you need the following files in your initial chroot directory: 45 #/etc/passwd, /etc/shadow, /etc/group 46 #On GNU systems, you will also need the NSS libraries in /lib. 47 #INITIAL_CHROOT="/ftp" 48 49 #The bftpdutmp file enables you to record user logins and logouts in 50 #bftpd, which is useful for the administration interface (which is not 51 #finished yet). You also need the file to be able to restrict the number 52 #of users simultaneously logged on, and so on. 53 #Note that the directory in which the file resides must already exist. 54 #Set the option to "" if you do not want that. This is discouraged for normal 55 #use, but can be helpful if you want to create a boot floppy or something. 56 PATH_BFTPDUTMP="/var/run/bftpd/bftpdutmp" 57 58 #This option controls the buffer size while transferring files. 59 #If you are on a very fast network (fast meaning 100 Mbit/s or more), 60 #you should set this to 64000 or something like that. 61 #Transferring from localhost to localhost, I had a transfer speed of 62 #approx. 15 MB/s with XFER_BUFSIZE=2048 and a speed of approx. 20 MB/s 63 #with XFER_BUFSIZE=64000. You should not set big values for this if you have 64 #slow (dialup) clients. 65 # This option can also be used to (crudely) throttle back 66 # transfer speeds. Setting this to a very low value 67 # can slow transfer speeds. 68 XFER_BUFSIZE="2048" 69 70 # This option allows you to add a delay (in microseconds) to 71 # the time between when one piece of data was sent 72 # and when the next will be sent. This is to aid in 73 # throttling bandwidth and applies to each client. The 74 # throttling effects the DATA transfers only (not control 75 # connections). 76 # A value of zero (0) means there is no added delay. 77 # A value of about 500000 (five hundred thousand) should 78 # delay for about half a second. 79 # These delays should be kept low to avoid triggering 80 # data transfer timeouts. 81 XFER_DELAY="0" 82 83 #When set to yes, this option makes the server allow data connections which 84 #don't go to the client who initiated them. 85 #This is needed for FXP. 86 ALLOW_FXP="no" 87 88 #After how many seconds of idle time should a user be kicked from the server? 89 CONTROL_TIMEOUT="300" 90 91 #After how many seconds of idle time should a user be kicked from the server 92 #during a file transfer? 93 DATA_TIMEOUT="30" 94 95 #Use Ratio if you want the client to send a file before he can get a file. 96 #Usage: RATIO=send/receive or RATIO=none. Example: RATIO=2/1 lets the client 97 #receive a 1 MB file when he has sent a 2 MB file. 98 RATIO="none" 99 100 #ROOTDIR specifies the root directory of the client. It defaults to %h 101 #(user's home directory). %u is replaced by the user name. 102 ROOTDIR="%h" 103 104 #Umask for the files or directories users create. 105 UMASK="022" 106 107 #Name of the log file. Say "syslog" to log into syslog. 108 #Say "" for no logging. 109 LOGFILE="/var/log/bftpd.log" 110 111 #Use %v for version, %h for the server FQDN and %i for the server IP address. 112 # Note: If you use the "%h" option and you do an inital CHROOT, then 113 # you'll need to copy your /etc/hosts and /etc/host.conf files into 114 # the chroot jail. 115 HELLO_STRING="bftpd %v at %i ready." 116 117 #The server automatically chdirs to the directory given here after login. 118 AUTO_CHDIR="/" 119 120 #Authentication type, values: PAM, PASSWD 121 AUTH="PASSWD" 122 123 # The FILE_AUTH varible over-rides the AUTH value. If the FILE_AUTH 124 # value is set to something other than an empty string ("") 125 # bftpd will search through the pathname given in order 126 # to find username/password matches. 127 # The format of this file is as shown below: 128 # username password group home_folder 129 # (for example:) 130 # robert secret users /home/robert 131 # james moose users /mnt/storage 132 # 133 # A entry with the password field set to * (star) requires 134 # no password. Any password the users enters will be accepted. 135 # The following example is for a user with no password. 136 # anyone * users /home/ftp 137 #FILE_AUTH="/tmp/ftpdpassword" 138 139 140 #Enable this if you want the client's IP address to be resolved to a host 141 #name. Note that it increases the overhead and it may not work if your DNS 142 #is not configured correctly. Clients without a valid DNS name will take very 143 #long to connect. 144 RESOLVE_CLIENT_IP="no" 145 146 #Path to the message of the day, seen by all users before login. 147 MOTD_GLOBAL="/etc/ftpmotd" 148 149 #Path to the message of the day, seen after login, relative to the root 150 #path of the user (see ROOTDIR). 151 MOTD_USER="/.ftpmotd" 152 153 #If RESOLVE_UIDS is enabled, in directory lists the user and group names 154 #are shown instead of UID/GID. This may slow down directory listings. 155 RESOLVE_UIDS="yes" 156 157 #If DO_CHROOT is enabled, a user can not access directories other than his 158 #HOMEDIR and its subdirectories. DON'T disable this globally if you don't 159 #want to have a security hole! 160 DO_CHROOT="yes" 161 162 #Enable this to log each login to wtmp. 163 LOG_WTMP="yes" 164 165 #If you want bftpd to bind itself to one specific network interface, enter 166 #its IP address here. Else enter 'any'. This option only works in standalone 167 #mode. 168 BIND_TO_ADDR="any" 169 170 171 # This option allows you to over-ride the IP address Bftpd 172 # sends to the client. This may be useful is you are behind 173 # a router. If an address is given in this option, it over-rides 174 # the LAN IP your PC had. It is recommended you leave this option 175 # commented out unless you have a special setup. 176 #OVERRIDE_IP="127.0.0.1" 177 178 179 #Path to the ftpusers file. It can contain user names that are denied. 180 #If it does not exist, every user can log in. If you don't want this, 181 #just put a nonexistent filename here. 182 PATH_FTPUSERS="/tmp/ftpusers" 183 184 #Enable this if you want to deny any user who has a shell which is not in 185 #/etc/shells. 186 AUTH_ETCSHELLS="no" 187 188 #With the option ALLOWCOMMAND_XXXX, you can disable the command XXXX. 189 #For example, if you don't want any user to delete files, you can do 190 #ALLOWCOMMAND_DELE="no" 191 #Of course, you can disable it for specific users by writing the appropiate 192 #lines into the user structures. 193 ALLOWCOMMAND_DELE="no" 194 ALLOWCOMMAND_STOR="yes" 195 ALLOWCOMMAND_SITE="yes" 196 197 #Files that belong to these groups (comma-separated) are hidden in LIST/NLST. 198 HIDE_GROUP="" 199 200 #What message should be used as reply for the QUIT command? 201 QUIT_MSG="See you later..." 202 203 #The number of users that can be logged in at the same time. 204 #If set to "0", an unlimited users will be able to connect. This is not 205 #recommended, as it makes DoS attacks possible, even if the clients are 206 #kicked after a short time. 207 USERLIMIT_GLOBAL="0" 208 209 #This variable controls how often one user can be logged in at one time. 210 #This allows you to have a big connection limit (see above) and nevertheless 211 #prevent single users from having a lot of connections. 212 #This option may also be useful in a user {} or group {} environment. 213 USERLIMIT_SINGLEUSER="0" 214 215 #This variable controls how many users are allowed to connect from the same IP 216 #address. This prvents one user (or machine) from taking all of the avail 217 #connections. 218 #If you want to allow unlimited connections, leave this option as "0". 219 USERLIMIT_HOST="0" 220 221 #This option allows you to force files to be compressed 222 #on the fly during upload. A ".gz" extension will be given 223 #to the file. This should usually be turned off ("no"), but 224 #may be useful to servers with smaller storage space. 225 #To enable this option set the value to "yes". 226 # 227 # To use this option, bftpd must be configured using 228 # "./configure --enable-libz" _before_ running "make". 229 GZ_UPLOAD="no" 230 231 #This option allows you to set whether or not files 232 #with the extension .gz should be uncompressed on-the-fly 233 #during downloads. This should usually be turned off ("no"). 234 #To enable this feature, set the value to "yes". 235 # 236 #To use this option, bftpd must be configured using 237 # "./configure --enable-libz" _before_ running "make". 238 GZ_DOWNLOAD="no" 239 240 # This option is enabled when the server should run 241 # a script before writing to the file system. This should 242 # usually be commented out, unless you need to prepare the 243 # file system for writing. 244 # NOTE: Be careful when using this option and the DO_CHROOT option. 245 # The location of the root directory can change when using DO_CHROOT. 246 # The current working directory (cwd) is passed to the script you run. 247 # PRE_WRITE_SCRIPT="/bin/true" 248 249 # This option is enabled when the server should run 250 # a script after writing to the file system. This should 251 # usually be commented out, unless you need to do something 252 # to the file system after writing. 253 # NOTE: Be careful when using this option and the DO_CHROOT option. 254 # The location of the root directory can change when using DO_CHROOT. 255 # The current working directory (cwd) is passed to the script you run. 256 # POST_WRITE_SCRIPT="/bin/false" 257} 258 259user ftp { 260 #Any password fits. 261 ANONYMOUS_USER="yes" 262} 263 264user anonymous { 265 #If the client wants anonymous, ftp is taken instead. 266 ALIAS="ftp" 267} 268 269user root { 270 DENY_LOGIN="Root login not allowed." 271} 272 273 274