1#Configuration file for bftpd.
2#The given values are only examples, modify this file for your own needs.
3
4global {
5
6  #If set to no, access is allowed.
7  #If set to yes, access is denied without giving a reason.
8  #If set to anything else, access is denied giving the content of this
9  #variable as a reason.
10  DENY_LOGIN="no"
11
12  #The port number where the daemon should listen (only for daemon mode)
13  PORT="21"
14
15  #You can force bftpd to use a specific port range in passive mode.
16  #Passive mode means that the client will open data connections
17  #and the server stays 'passive'.
18  #This option can be very useful with some firewall configurations.
19  #Seperate values with "," and define ranges with "-".
20  #bftpd will try to bind one of these ports in ascending order as
21  #you specify them here.
22  #If none of the given ports could be bound, the connection is
23  #is refused. If you want to bind any free port in that case, add
24  #"0" to the list.
25  #PASSIVE_PORTS="10000,12000-12100,13000"
26  PASSIVE_PORTS="0"
27
28  #If PORT data connections should be opened from port 20, say yes here. You
29  #will probably need this if your server is behind a firewall that restricts
30  #outgoing packets from ports higher than 1024. Note that this may be a
31  #security hole, as the server can not drop its root privileges completely
32  #if you say yes here.
33  DATAPORT20="no"
34
35  #The password for the administration commands, encrypted (man mkpasswd).
36  ADMIN_PASS="x"
37
38  #With this option, you can put your entire FTP environment into a chroot
39  #jail. Apart from security, this offers you the possibility of having
40  #virtual users that don't exist in the system.
41  #Additionally, you can make some kind of 'file pool' by creating a directory
42  #with files which you can symlink from the users' homes (this means setting
43  #DO_CHROOT=no in order for the users to be able to access that dir.
44  #Note that you need the following files in your initial chroot directory:
45  #/etc/passwd, /etc/shadow, /etc/group
46  #On GNU systems, you will also need the NSS libraries in /lib.
47  #INITIAL_CHROOT="/ftp"
48
49  #The bftpdutmp file enables you to record user logins and logouts in
50  #bftpd, which is useful for the administration interface (which is not
51  #finished yet). You also need the file to be able to restrict the number
52  #of users simultaneously logged on, and so on.
53  #Note that the directory in which the file resides must already exist.
54  #Set the option to "" if you do not want that. This is discouraged for normal
55  #use, but can be helpful if you want to create a boot floppy or something.
56  PATH_BFTPDUTMP="/var/run/bftpd/bftpdutmp"
57
58  #This option controls the buffer size while transferring files.
59  #If you are on a very fast network (fast meaning 100 Mbit/s or more),
60  #you should set this to 64000 or something like that.
61  #Transferring from localhost to localhost, I had a transfer speed of
62  #approx. 15 MB/s with XFER_BUFSIZE=2048 and a speed of approx. 20 MB/s
63  #with XFER_BUFSIZE=64000. You should not set big values for this if you have
64  #slow (dialup) clients.
65  # This option can also be used to (crudely) throttle back
66  # transfer speeds. Setting this to a very low value
67  # can slow transfer speeds.
68  XFER_BUFSIZE="2048"
69
70  # This option allows you to add a delay (in microseconds) to
71  # the time between when one piece of data was sent
72  # and when the next will be sent. This is to aid in
73  # throttling bandwidth and applies to each client. The
74  # throttling effects the DATA transfers only (not control
75  # connections).
76  # A value of zero (0) means there is no added delay.
77  # A value of about 500000 (five hundred thousand) should
78  # delay for about half a second.
79  # These delays should be kept low to avoid triggering
80  # data transfer timeouts.
81  XFER_DELAY="0"
82
83  #When set to yes, this option makes the server allow data connections which
84  #don't go to the client who initiated them.
85  #This is needed for FXP.
86  ALLOW_FXP="no"
87
88  #After how many seconds of idle time should a user be kicked from the server?
89  CONTROL_TIMEOUT="300"
90
91  #After how many seconds of idle time should a user be kicked from the server
92  #during a file transfer?
93  DATA_TIMEOUT="30"
94
95  #Use Ratio if you want the client to send a file before he can get a file.
96  #Usage: RATIO=send/receive or RATIO=none. Example: RATIO=2/1 lets the client
97  #receive a 1 MB file when he has sent a 2 MB file.
98  RATIO="none"
99
100  #ROOTDIR specifies the root directory of the client. It defaults to %h
101  #(user's home directory). %u is replaced by the user name.
102  ROOTDIR="%h"
103
104  #Umask for the files or directories users create.
105  UMASK="022"
106
107  #Name of the log file. Say "syslog" to log into syslog.
108  #Say "" for no logging.
109  LOGFILE="/var/log/bftpd.log"
110
111  #Use %v for version, %h for the server FQDN and %i for the server IP address.
112  # Note: If you use the "%h" option and you do an inital CHROOT, then
113  # you'll need to copy your /etc/hosts and /etc/host.conf files into
114  # the chroot jail.
115  HELLO_STRING="bftpd %v at %i ready."
116
117  #The server automatically chdirs to the directory given here after login.
118  AUTO_CHDIR="/"
119
120  #Authentication type, values: PAM, PASSWD
121  AUTH="PASSWD"
122
123  # The FILE_AUTH varible over-rides the AUTH value. If the FILE_AUTH
124  # value is set to something other than an empty string ("")
125  # bftpd will search through the pathname given in order
126  # to find username/password matches.
127  # The format of this file is as shown below:
128  # username password group home_folder
129  # (for example:)
130  # robert secret users /home/robert
131  # james moose users /mnt/storage
132  #
133  # A entry with the password field set to * (star) requires
134  # no password. Any password the users enters will be accepted.
135  # The following example is for a user with no password.
136  # anyone * users /home/ftp
137  #FILE_AUTH="/tmp/ftpdpassword"
138
139
140  #Enable this if you want the client's IP address to be resolved to a host
141  #name. Note that it increases the overhead and it may not work if your DNS
142  #is not configured correctly. Clients without a valid DNS name will take very
143  #long to connect.
144  RESOLVE_CLIENT_IP="no"
145
146  #Path to the message of the day, seen by all users before login.
147  MOTD_GLOBAL="/etc/ftpmotd"
148
149  #Path to the message of the day, seen after login, relative to the root
150  #path of the user (see ROOTDIR).
151  MOTD_USER="/.ftpmotd"
152
153  #If RESOLVE_UIDS is enabled, in directory lists the user and group names
154  #are shown instead of UID/GID. This may slow down directory listings.
155  RESOLVE_UIDS="yes"
156
157  #If DO_CHROOT is enabled, a user can not access directories other than his
158  #HOMEDIR and its subdirectories. DON'T disable this globally if you don't
159  #want to have a security hole!
160  DO_CHROOT="yes"
161  
162  #Enable this to log each login to wtmp.
163  LOG_WTMP="yes"
164
165  #If you want bftpd to bind itself to one specific network interface, enter
166  #its IP address here. Else enter 'any'. This option only works in standalone
167  #mode.
168  BIND_TO_ADDR="any"
169
170
171  # This option allows you to over-ride the IP address Bftpd
172  # sends to the client. This may be useful is you are behind
173  # a router. If an address is given in this option, it over-rides
174  # the LAN IP your PC had. It is recommended you leave this option
175  # commented out unless you have a special setup.
176  #OVERRIDE_IP="127.0.0.1"
177  
178
179  #Path to the ftpusers file. It can contain user names that are denied.
180  #If it does not exist, every user can log in. If you don't want this,
181  #just put a nonexistent filename here.
182  PATH_FTPUSERS="/tmp/ftpusers"
183
184  #Enable this if you want to deny any user who has a shell which is not in
185  #/etc/shells.
186  AUTH_ETCSHELLS="no"
187
188  #With the option ALLOWCOMMAND_XXXX, you can disable the command XXXX.
189  #For example, if you don't want any user to delete files, you can do
190  #ALLOWCOMMAND_DELE="no"
191  #Of course, you can disable it for specific users by writing the appropiate
192  #lines into the user structures.
193  ALLOWCOMMAND_DELE="no"
194  ALLOWCOMMAND_STOR="yes"
195  ALLOWCOMMAND_SITE="yes"
196
197  #Files that belong to these groups (comma-separated) are hidden in LIST/NLST.
198  HIDE_GROUP=""
199
200  #What message should be used as reply for the QUIT command?
201  QUIT_MSG="See you later..."
202
203  #The number of users that can be logged in at the same time.
204  #If set to "0", an unlimited users will be able to connect. This is not
205  #recommended, as it makes DoS attacks possible, even if the clients are
206  #kicked after a short time.
207  USERLIMIT_GLOBAL="0"
208
209  #This variable controls how often one user can be logged in at one time.
210  #This allows you to have a big connection limit (see above) and nevertheless
211  #prevent single users from having a lot of connections.
212  #This option may also be useful in a user {} or group {} environment.
213  USERLIMIT_SINGLEUSER="0"
214
215  #This variable controls how many users are allowed to connect from the same IP
216  #address. This prvents one user (or machine) from taking all of the avail
217  #connections.
218  #If you want to allow unlimited connections, leave this option as "0".
219  USERLIMIT_HOST="0"
220
221  #This option allows you to force files to be compressed
222  #on the fly during upload. A ".gz" extension will be given
223  #to the file. This should usually be turned off ("no"), but
224  #may be useful to servers with smaller storage space.
225  #To enable this option set the value to "yes".
226  #
227  # To use this option, bftpd must be configured using
228  # "./configure --enable-libz" _before_ running "make".
229  GZ_UPLOAD="no"
230
231  #This option allows you to set whether or not files
232  #with the extension .gz should be uncompressed on-the-fly
233  #during downloads. This should usually be turned off ("no").
234  #To enable this feature, set the value to "yes".
235  #
236  #To use this option, bftpd must be configured using
237  # "./configure --enable-libz" _before_ running "make".
238  GZ_DOWNLOAD="no"
239
240  # This option is enabled when the server should run
241  # a script before writing to the file system. This should
242  # usually be commented out, unless you need to prepare the
243  # file system for writing.
244  # NOTE: Be careful when using this option and the DO_CHROOT option.
245  # The location of the root directory can change when using DO_CHROOT.
246  # The current working directory (cwd) is passed to the script you run.
247  # PRE_WRITE_SCRIPT="/bin/true"
248
249  # This option is enabled when the server should run
250  # a script after writing to the file system. This should
251  # usually be commented out, unless you need to do something
252  # to the file system after writing.
253  # NOTE: Be careful when using this option and the DO_CHROOT option.
254  # The location of the root directory can change when using DO_CHROOT.
255  # The current working directory (cwd) is passed to the script you run.
256  # POST_WRITE_SCRIPT="/bin/false"
257}
258
259user ftp {
260  #Any password fits.
261  ANONYMOUS_USER="yes"
262}
263
264user anonymous {
265  #If the client wants anonymous, ftp is taken instead.
266  ALIAS="ftp"
267}
268
269user root {
270  DENY_LOGIN="Root login not allowed."
271}
272
273
274