Learn Linux Series (#2) - Proftpd management and configuration

• What is proftpd
  
  
  
  FTP allows you to transfer files between a server computer and a client computer.

The connection via the FTP protocol can work in two modes:

 active
 passive.

In active mode, FTP uses port 21 for commands and port 20 for data transfer. In passive mode, FTP uses port 21 for commands and a port number above 1024 for data transmission.

• Proftpd Installation
  
  
  In the terminal, we must execute the command to download the proftpd software.
  To do this, enter the command:

apt-get install proftpd

if a message pops up that we do not have administrator rights, we must execute the command:

sudo -s

(this command gives us administrator privileges, and keeps them at all times while the terminal is running).
After downloading the software, it's time to launch it.

• Starting, restarting and stopping the server
  
  We will need these commands:
  
  Server launch:

/etc/init.d/proftpd start

Message that should appear when the Proftpd server is successfully started:

Server restart:

/etc/init.d/proftpd restart

Server stop:

/etc/init.d/proftpd stop

If we already know how to install, run, disable, restart the server, then we have to get to the configuration.

• Proftpd configuration
  
  The basic configuration file is /etc/proftpd.conf
  
  The simplest, enabling the server to work properly, the configuration file is:

ServerName   "utopian"
ServerAdmin   [email protected]
ServerType   standalone
DefaultServer   on
DefaultRoot   ~
Port    21
Umask    002
User    utopian   
Group    utopian

• Restrictions about IP and hosts from which you can log in
  
  Sometimes it happens that we have to set access restrictions to the server.
  Limitations can be determined in two ways.
  
  
  Method 1:
  
  By default, let everyone in, except for some addresses.
  

<Limit LOGIN> 
     Order allow,deny
     Deny from c.utopian.io
     Deny from p.utopian2.io
     </Limit>

Computers from "Deny from" will not be allowed into the server. All others will be let in.


Method 2:

By default, allow selected people, and the rest do not allow.

<Limit LOGIN> 
 Order deny,allow
 Allow from c.utopian.io
 </Limit>

Only computers entered in "Allow from" will be allowed to the server.

• Logging in as an anonymous user to the server
  
  Anonymous is a special user that have allowed access to public server resources. We can log in without entering the password and freely download the software available.
  An example configuration of an anonymous account:

User    ftp    - user
Group    ftp  - group
AnonRequirePassword          off  - loggining without password
UserAlias   anonymous ftp    - user's aliases
DisplayLogin   .welcome.msg   - welcome message
DisplayFirstChdir  .message  -message that appears after entering the catalog
GroupOwner                    ftp   
Umask                         002     

<Limit  WRITE>     
DenyAll    
<Limit>       

<Limit  READ DIRS>      
IgnoreHidden  on     
<Limit>   

• Server load constraints
  
  It happens that the traffic on the server is so big, it overloads the server so much that it can not be operated. In this case, we need to introduce server load constraints.
  We use two commands for this:
  

MaxClients

and

MaxClientsPerHost

Sample configuration:

MaxClients 100 "There are currently too many people on the utopian server, try again later!"

MaxClientsPerHost 12 "You have too many open connections, you can not enter to utopian."

• Troubleshooting ProFTPD
  
  Error messages can be found in

/var/log/proftpd/proftpd.log

by default, if the Proftpd server does not work after installation, you can check this file.
Sometimes, the server is delayed and you can not access the server. The message "Connection refused" will then pop up. It is not a problem. You must restart the ProFTPD server until it works.


Default log message if everything is okay:

2018-03-08 13:04:35,072 vitusc-utopian proftpd[2205] vitusc-utopian: ProFTPD 1.3.5d (maint) (built Thu Ja$

Curriculum

Part 1 - TCP/IP Computer Adaptation