############################################################################# # Copyright (c) 2002 Pelle Johansson. # # All rights reserved. # # # # This file is part of the moftpd package. Use and distribution of # # this software is governed by the terms in the file LICENCE, which # # should have come with this package. # ############################################################################# # $Id: moftpd.conf.dist 1265 2005-04-06 14:25:58Z morth $ # moftpd.conf.dist # # Example configuration file containing all current options. # Options commented out are set to their default values in the comment. # Unless otherwise specified, all options are inherited to subtags # that can contain them. However, subtags do only inherit options # put above the subtag, not those below. # Options and tag names are not case sensitive. # Semicolons (;) are optional (they didn't use to be). Whitespace is # not important except to separate words (newlines end comments though). # # For numbers you can append a character as a multiplier. K (kilobytes) # for 1024, M (megabytes) for 1024 * 1024, G (gigabytes) for # 1024 * 1024 * 1024, m (minutes) for 60, h (hours) for 60 * 60 and # d (days) for 60 * 60 * 24. # # Strings can be quoted or unquoted. Unquoted strings mustn't # contain any of ; > , or whitespace and mustn't start with < # ' # or ". Quoted strings start with " or ' and end with the same # character. Repeating the quote twice lets you put it inside the # string (example: "a ""quoted"" string"). # The uid to run as when no privileges are needed. Note that the # server will retain the ability to change uid (even to root). # Privileges will be dropped permanently when a user logs in and # ForkClients is on (or we're started from inetd). # Default is to run as whatever we were started as. # Uid (number or name). Allowed in toplevel. UnprivUid nobody; # The gid to run as when no privileges are needed. # Default is to run as whatever we were started as. # Gid (number or name). Allowed in toplevel. UnprivGid nogroup; # The size of the transfer buffer. The larger this is the less cpu the # server will use. If set to big however, the OS buffers will have time to # clear and the transfer speed will go down. 1K seems reasonable on # most ethernet hosts. # Numeric. Allowed in toplevel. #XferBuffSize 1K; # Where the .loc files are located. Usually not needed to specify. #LocaleDir "/usr/local/share/moftpd/locale/"; # Should we fake the chroot. This is not recommended unless you have # to. Then use this option to get rid of the warning. # Boolean. Allowed in toplevel. #FakeChroot no; # Should we fork for every new client. Forking is recommended. # Boolean. Allowed in toplevel. #ForkClients yes; # Should connections be handled in the parent process if forking fails. # If off, an error message will be printed and the connection closed. # Only applies if ForkClients is on. #HandleFailedFork yes # Directory that contains certificates this server trusts to verify # clients. Needed if you will be using TLS. # Default is whatever OpenSSL uses by default, or /etc/certs failing that. # String. Allowed in toplevel. TrustedCertsDir "/etc/openssl/certs"; # The maximum file size to mmap instead of open/read (if mmap is available). # Use 0 to always use open/read. # Numeric. Allowed in top level. #MaxMmapSize 10M; # The path to the pidfile. #PidFile "/usr/local/var/run/moftpd.pid" # The path to the accounter socket. #AccounterSock "/usr/local/var/run/moftpd.acct" # This option will reset the soft file size limit of moftpd. # When the size is exceeded, uploads will fail with a "File too big" error. # As moftpd obeys the soft limit, it will always try to unlimit the hard # limit, to avoid crashes. Only root can raise hard limits though. # Numeric + special value unlimit. LimitFileSize unlimit # Start of a new server. The name you put here will be the name # displayed in the welcome message. # Allowed in toplevel, . # Port to listen on, this is still needed when running from inetd since # servers are matched on local address/port pair. A server with no ports # will not be connected to. (Can be useful for creating groups of servers.) # Numeric. Allowed in . Each entry adds a new port. Port 21; # Address to bind to. moftpd will only listen to the addresses put # here and to the servername if it resolves. The fastest is to put # numeric addresses here. Wildcards are supported (* and ?). If # used, moftpd will always listen on all addresses for the ports in # this server. # String. Allowed in . Not inherited. Each entry adds a new address. Bind 1.2.3.*; # The range of client addresses this server applies to, in format # address/mask. This server can only be connected from these ranges. # When there's a choice which of several servers were connected to the # one with the most specific applying range (highest mask) is the # one choosen. However, numeric bindings are checked before hostname ones # (to avoid dns lookups), so that controls the choise as well. # The mask can be given either as a number (24) or an address # (255.255.255.0) or a hexadecimal bit field (0xffffff00). For IPv6 you # can only give the prefixlen (eg. 48). # Default is 0.0.0.0/0 and ::/0 (ie. accept from all addresses). # String. Allowed in . Not inherited. Each entry adds a new range. Range 1.2.0.0/16; # Do this server accept connections on any address instead of only # those bound. Bound addresses of all servers are always checked before # this is applied. When this is used, moftpd will always listen on all # addresses for the ports in this server. # Boolean. Allowed in . Not inherited. #AllowUnbound no; # Do we allow data connections to/from others than the remote end of the # control connection? # Boolean. Allowed in , . #AllowForeign no; # Do we allow data connections outside the range of this server. This # only applies if AllowForeign is on and you have limited the range of # clients. It will deny data connections outside of the server range # if off. # Boolean. Allowed in , . #AllowOutOfRange no; # Do we accept connections from ports < 1024. # Boolean. Allowed in . #AllowLowPorts no; # Minimum port to bind passive listeners to. # Numeric. Allowed in . #MinPasvPort 49152; # Maximum port to bind passive listeners to. # Numeric. Allowed in . #MaxPasvPort 65534; # Do we request password if the user requested is unknown/can't # login, or do we give error message at once. # Boolean. Allowed in . #PassIfInvalid yes; # Message to give upon first connecting to the server. # If started with / it will be taken as a path to a file containing # the message. The same applies to all the *Msg options. # String. Allowed in . #WelcomeMsg "Service available at (moftpd )." # Message to give when asking for a password. # String. Allowed in . #PassRequestMsg "User name ok. Need password."; # Message to give when asking for a password for an anonymous user. # String. Allowed in . #AnonPassMsg "Anonymous login ok. Send your email as password."; # Message to give when PassIfInvalid is no and the user is invalid. # String. Allowed in . #UserInvalidMsg "Invalid user."; # Message to give when a login fails. # String. Allowed in . #LoginFailedMsg "Login incorrect."; # Are users allowed to login? This applies to system users as well # as specified users. Only applies to nonsecured connections. # Notice that this is checked in addition to PAM. Both have to say # yes. # Boolean. Allowed in , . #AllowLogin yes; # Are users allowed to login over a secure connection. This is tested # completely separate from AllowLogin. # Boolean. Allowed in , . #AllowSecLogin yes; # Default location to chroot users. Note that the server will not # chroot until a user logs in, and that if you are not running as # root or if you are not forking connections the chroot will be faked. # You can put ~ here and the home directory of each user will be used. # String. Allowed in , . #Chroot "/"; # Do we require a password to login. Default is yes, however, if # the password is empty no password is needed. # Boolean. Allowed in , . #PasswordNeeded yes; # Max idle time. If this is exceeded the user will be given a # message and be disconnected when the next command is given. # If it is exceeded by twice the user will be disconnected # directly. Use 0 to disable. # Numeric. Allowed in , . #MaxIdle 10m; # The maximum number of connects to this server. # Set to 0 to disable checking. # Numeric. Allowed in . #MaxConnects 0; # When a login fails, the server can sleep for some time before # allowing a new attempt. This is recommended to disallow brute # force password guessing. This options specifies how long to sleep. # Numeric. Allowed in . #SleepOnFail 5; # After how many login attempts do we disconnect the client? # Currently it's possible to just reconnect though. Set to 0 for # unlimited. This option only affects logins not made with PAM (see # README for more info). # Numeric. Allowed in . #MaxLoginAttempts 3; # Do we accept TLS/SSL. This is initiated by the AUTH TLS command. # The parameters are the files containing the server certificate and the # private key. Both must be in PEM format. # If you don't put an absolute path they'll be relative to the # TrustedCertsDir. # Default is to not allow TLS. # String, String. Allowed in . Not inherited. AcceptTLS "cert.pem", "privkey.pem"; # Do we request and verify a certifikate from the client? # If verification fails, or the client does not present a certificate, # the connection will be closed. When off, TLS will be accepted from # anyone. Default is no. # Boolean. Allowed in . Not inherited. #TLSVerifyClient no; # Do we try to login using the common name in the client certificate? # This option has no effect unless TLSVerifyClient is set to yes. # Extract the common name from the verified certificate given by the # client and try to login. No password will be asked, and the user will # be logged in even if AllowLogin is off. AllowSecLogin has to be on # however (which is default). You can use an alias to map the common name # to the user name. Default is to not try to login. # Boolean. Allowed in . Not inherited. #TLSAutoLogin no; # Do we prevent users logged in over a secure connection to use the # USER command? This option only has effect if TLSAutoLogin is yes. # If yes, the user can not use the USER command to switch to another # user. She can still use the REIN command to end the TLS session # and then reopen a new one or login normally. She can also use the # USER command for the user she's already logged in as. # This option will also make the server close the connection if the # user could not be logged in using the certificate. # Boolean. Allowed in . Not inherited. #TLSNoNewUser no; # Add an alias. This is the same as the Alias directive in , # but easier if that's all you wish to do for a user. The first # argument is the user, the second the alias. # String, String. Allowed in . Each entry adds a new alias. UserAlias "anonymous", "ftp"; # PAM service name to use if PAM is available. # String. Allowed in . #PAMService moftpd; # Treat all symlinks as hard links, except those explicitly declared # as not. See the HardLink entry in below. # Enabling this is not recommended. # Boolean. Allowed in , . #DefaultHardLink no; # When cwding into a directory check for the existence of a file # with this name and if it exists type it in the command output. # Each directory in the cwd path is checked so it might actually be # multiple files that get typed. # String. Allowed in , , . DirectoryMsgFile "README"; # SQL connection information. SQL will be connected the first time # information about a user is required and will be disconnected # after a successful login. # Arguments are database type, host/url/path, user, database. # Currently only mysql is supported. # String, string, string, string. Allowed in . SQLConnect mysql, localhost, moftpd, ftpsites; # SQL Password, if needed. # String. Allowed in . SQLPassword abc123; # SQL TLS information, if needed. # Arguments are certfile, keyfile. # If you don't put an absolute path they'll be relative to the # TrustedCertsDir. # String, String. Allowed in . SQLTLSConnect "cert.pem", "key.pem"; # SQL Query to find a user. If there's multiple matches the first # line will be used. Result column names should correspond against # option names valid in the tag. A value of NULL is ignored. # %u is replaced by the (quoted) user name, but only outside strings, # to not conflict with LIKE. # %s is replaced by the server name. # %l is replaced by the local ip. %L is replaced by the local port. # %r is replaced by the remote ip. %R is replaced by the remote port. # You can type \% to generate a % and \\ to generate a backslash. # String. Allowed in . SQLUserQuery "select * from users where name = %u"; # SQL Query to find directory information for a user. # Each row in the result will be added to the directory permissions # list for this login. One column should be "directory", with value # the full path of this directory/file. The rest should be options # valid in the tag. # The order of the rows are not unimportant. Generally, you should # return parent directories before subdirectories. # %u is replaced by the user name. # %s is replaced by the server name. # %l is replaced by the local ip. %L is replaced by the local port. # %r is replaced by the remote ip. %R is replaced by the remote port. # String. Allowed in , . SQLDirQuery "select directory,deny,allow from directories where user = %u"; # SQL query upon connect to server. # If there's multiple matches the first line will be used. A zero # row result will result in the connection being denied. # The result column names should be one of allow or lang (unknown columns are ignored, # as are NULL values). The allow value should be a bool representing if the connection is allowed. # The lang value should be the default language for the connection, in lower case. # If the allow column is missing, the connection will be allowed. # %s is replaced by the server name.< # %l is replaced by the (quoted) local ip. %L is replaced by the local port. # %r is replaced by the remote ip. %R is replaced by the remote port. SQLConnectQuery "select allow,lang from ips where %r like remote"; # Start of a user. For system users, information here overrides the # information gotten from the system. # By default there are only the system users, but one is put here # for example purposes. # Allowed in , . # Alias name for this user. It will be as if the real user name # was entered instead of this. # String. Not inherited. Allowed in . Each entry adds a new alias. Alias ftp; # Is this an anonymous user. Setting this to yes has the effects # to change to password request message to AnonPassMsg, accept # any password, set AllowLogin yes, set PasswordNeeded yes. # Setting it to no will reset the password request message, and no # longer accept any password. It won't affect AllowLogin or # PasswordNeeded. # Boolean. Allowed in . Anonymous yes; # What uid should we use for this user. # Default is to use the system user uid or the # unprivileged uid failing that. # A system user retain all groups by default. Using this directive # will clear those. # Uid (number or name). Allowed in . Uid nobody; # What gid should we use for this user. # Default is to use the system user gid or the # unprivileged gid failing that. # A system user retain all groups by default. Using this directive # will clear those. # Gid (number or name). Allowed in . Gid nogroup; # The home directory of this user. # String. Allowed in . #Home "/"; # The encrypted password to require for this user. Using this will # also set PasswordNeeded yes, and Anonymous no. #Password DsekUPIL0zJgg; # "abc123" # The maximum number of simultaneous logins this user can have. # Set to 0 to disable checking. #MaxLogins 0 # Use an external login handler. For more information see the readme # file and the sample login_script.sh. # String. Allowed in . ExternLogin "~ftp/scripts/login.sh" # Use an external access handler. When this is used allow, deny and # require options in are ignored. See the readme file # and the sample access_script.sh for more information. # String. Allowed in . ExternAccess "~ftp/scripts/access.sh" # What admin commands are accessible to this user. # Available are: # list List connections (LIST). # msg Send a message (MSG and MSGALL). # abort Abort data transfers (ABORT and DISCABORT). # disconnect Disconnect users (DISCONNECT and DISCABORT). # reload Close servers and reload configuration (RELOAD). # all All of the above. Admin list, msg # Special directory handling. The default is to allow everything, # however the current uid/gid of the ftp server sets additional # restriction naturally. Normally you would put a full path in the # first entry and then subdirectories inside. Directories are # relative to the real root, not the chroot. # Subdirectories are effected as well, but if they have an entry # of their own they may override. # With directories it is especially useful to make use of the fact # that subtags only inherit whats put above them. # You can specify the path to a file if you wish, it doesn't have to # be a directory. Wildcards do not work at the moment. # Allowed in , , . # Apply this only to files matching this mask. # Useful to hide dot-files for example. The mask is only applied to # file name but only works in the directory named in the tag of course. # Directory entries with a matching mask overrides those without, # even if they are subdirectories. # String. Allowed in . Not inherited. # Each entry adds a new mask. Mask ".*" # Here we put what is allowed, what is denied, and what is required. # As said above, default is to allow all. Require only works with # encrypted and signed, it will ignore the others. # Valid things to toggle are: # search Is the user allowed to enter here. If you deny # search permission, you deny everything. # readFile Reading files. # listing Listing directories. # createFile Creating files (and writing into them). # createDir Creating directories. # append Appending to files. # overwrite Overwriting files, either completely or # partially. # delete Deleting files and directories. # rename Renaming files and directories. # encrypted Encrypted data connections (excluding list). # signed Certified data connections (excluding list). # Note that these two require a secure connection. # If you require them, nonsecured won't be able to # read or write to files this directory. # reading Alias for search, readFile and listing. # writing Alias for createFile, createDir, append, # overwrite and delete. # storing Alias for createFile, createDir and append. # all Alias for all the above. Deny all; Allow reading, signed; Require encrypted; # Fake all the owner entries with this string. Especially useful # when chrooted to avoid numeric entries. # Newer clients will use MLSD instead of LIST so this doesn't apply # to them. None of the Fake options do. # String. Allowed in . FakeUser ftp; # Fake all the group entries with this string. Especially useful # when chrooted to avoid numeric entries. # String. Allowed in . FakeGroup ftp; # Fake the file mode of all files with this string. Can be used # if you don't want to give away the real mode. You can put # anything here, but some ftp clients parse it. # String. Allowed in . FakeFileMode "-rw-r--r--"; # Fake the file mode of all directories with this string. Can be used # if you don't want to give away the real mode. You can put # anything here, but some ftp clients parse it. # String. Allowed in . FakeDirMode "drwxr-xr-x"; # Is this directory hidden from listing in the parent directory. # Boolean. Not inherited. Allowed in . #Hidden no; # This entry is a symlink. Treat it as a hard link anyway (it # works on directories too). This has the effect that you can # put symlinks out of a faked chroot that still will work or can # put different permissions on the same directory for whatever # reason. Permissions are applied through the symlink path and # not through the real path as is usual the case. # Boolean. Not inherited. Allowed in . #HardLink no; # Example subdirectory, All the above is still in effect. Allow storing; Deny listing; # Finally the Reset option should be mentioned. It resets other # options to their default values. # In , it is allowed with Port, Bind, Range, PassRequestMsg, # AnonPassMsg, LoginFailedMsg, UserInvalidMsg, WelcomeMsg, # DirectoryMsgFile, SQLUserQuery and SQLDirQuery. # In , it is allowed with Uid, Gid, Home, Password, # ExternLogin, ExternAccess and SQLDirQuery. # In it is allowed with FakeUser, FakeGroup, # FakeFileMode and FakeDirMode. #Reset Port, Bind;