forked from proftpd/proftpd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
anonymous.conf
141 lines (113 loc) · 3.33 KB
/
anonymous.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)
ServerName "ProFTPD Anonymous Server"
ServerType standalone
# Port 21 is the standard FTP port.
Port 21
# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
# DenyAll
#</Limit>
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled 300
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayChdir .message
# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>
# Allow logins if they are disabled above.
<Limit LOGIN>
AllowAll
</Limit>
# Maximum clients with message
MaxClients 5 "Sorry, max %m users -- try again later"
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
# An upload directory that allows storing files but not retrieving
# or creating directories.
<Directory uploads/*>
<Limit READ>
DenyAll
</Limit>
<Limit STOR>
AllowAll
</Limit>
</Directory>
</Anonymous>
# A second anonymous ftp section. Users can login as "private". Here
# we hide files owned by root from being manipulated in any way.
<Anonymous /usr/local/private>
User bobf
Group users
UserAlias private bobf
UserAlias engineering bobf
# Deny access from *.evil.net and *.otherevil.net, but allow
# all others.
<Limit LOGIN>
Order deny,allow
Deny from .evil.net, .otherevil.net
Allow from all
</Limit>
# We want all uploaded files to be owned by 'engdept' group and
# group writable.
GroupOwner engdept
Umask 006
# Hide all files owned by user 'root'
HideUser root
<Limit WRITE>
DenyAll
</Limit>
# Disallow clients from any access to hidden files.
<Limit READ DIRS>
IgnoreHidden on
</Limit>
# Permit uploading and creation of new directories in
# submissions/public
<Directory submissions/public>
<Limit READ>
DenyAll
IgnoreHidden on
</Limit>
<Limit STOR MKD RMD XMKD XRMD>
AllowAll
IgnoreHidden on
</Limit>
</Directory>
</Anonymous>
# The last anonymous example creates a "guest" account, which clients
# can authenticate to only if they know the user's password.
<Anonymous ~guest>
User guest
Group nobody
AnonRequirePassword on
<Limit LOGIN>
AllowAll
</Limit>
# Deny write access from all except trusted hosts.
<Limit WRITE>
Order allow, deny
Allow from 10.0.0.
Deny from all
</Limit>
</Anonymous>