how-to: PROFTPD on Fedora 10

[lollysticky]

Hi, this will be my first how-to on these forums, so bare with me! Any pointers or advice are very welcome.


First, let's start with proftpd. What, Why and How?

link: http://www.proftpd.org/
I have had no previous experience with setting up an ftp whatsoever in the past, but this week, I got bored with constantly accessing my external hard drive for every file I need to transfer between my computers. Therefore, i needed something easy and quick to install, without having to configure too much. If you need to know more about the history of proftpd, plz click the link above.
The next how-to is based on several (outdated) websites I read, together with my own experiences. I hope it'll help someone who wants to do the same thing.

Installation

If you don't have internet (like I did my first month on Fedora, damn wifi support :P), you can download proftpd manually from any repository (assuming you have another computer with internet off course): http://rpm.pbone.net/

If you do have internet (like a sensible person does), just use yum. First check if it isn't installed allready, if not then go ahead and install it.

Quote:

yum info proftpd
sudo yum install proftpd

Configuration

first of all, you can create a new account on your linux machine if needed. This will be the account which can be used by the ftp server.

Quote:

> Menu > Administration > Users and Groups (enter root password)
> Add User
-------> User Name: ftp (or whatever you want)
-------> Password: ftp (or whatever you want)
-------> Create home directory: tick this off... we don't need it
-------> Login Shell: /sbin/nologin

Check whether the 'ftp' user is in the 'ftp' group!

Next up is the actual proftpd configuration. For this, we need to edit the file /etc/proftpd.conf. First start by making a backup file for when things go wrong. Afterwards, open the config file and start editing:

Quote:

sudo cp /etc/proftpd.conf /etc/proftpd.conf_backup
sudo nano /etc/proftpd.conf (use whatever editor you like, i always use nano :P)

I copy-pasted a very basic configuration file below. Make sure that the 'User' and 'Group' settings are related to the account you made above.

HTML Code:

#make sure this file is /etc/proftpd.conf
#and is owned by 'root' who has read+write rights

ServerName			"LOLLYSERVER"
ServerIdent			on "LOLLYSERVER ready."
ServerAdmin			lollysticky@LOLLYSERVER.com
ServerType			standalone
DefaultServer			on
Port				21		#standard FTP port
Umask 				022		#prevent new dirs and files to be writable by everyone
MaxInstances			10		#maximum number of child processes
TimeoutStalled			100		#maximum number of seconds a data connection is allowed to stall

User				nobody	        #user and group that the server runs at
Group				ftp		#group with little privileges
AuthPAM				off



<Global>
        DefaultRoot             ~	         #put '~' here if you want non-anonymous users to be chrooted to their homedir
        ListOptions             "-a"             #list 'invisible' directories and files
</Global>

<Anonymous ~ftp>
        User                    ftp
        Group                   ftp
        UserAlias               anonymous ftp   #be able to login as both 'ftp' and 'anonymous'
        MaxClients              10 "Sorry, max %m users -- try again later"
        DefaultChdir            /pub            #/var/ftp/pub
        RequireValidShell	off             #don't give a valid shell to user ftp
        DisplayLogin            welcome.msg
        #DisplayFirstChdir	.message
        AccessGrantMsg          "User %u logged in."
</Anonymous>

After editing the configuration file to your liking, it is probably very wise to check it for errors. When performing this command, you should get "Syntax check complete." back in the console window. Check if it displays errors. If it does, you need to recheck your configuration file to find the errors.

Quote:

sudo proftpd -td5

Make sure that the '/etc/sysconfig/proftpd' file contains this line at the bottom (to enable anonymous login)

Quote:

PROFTPD_OPTIONS="-DANONYMOUS_FTP"

If everything went well, it is time to start the ftp server and check if everything works well.

Quote:

sudo /etc/init.d/proftpd start
ps -ef | grep proftpd

The first command should return "Starting proftpd: [ OK ]". The second one should return something similar to:

Quote:

[lollysticky@LOLLYSTICKY Documents]$ ps -ef | grep proftpd
proftpd 4328 1 0 19:19 ? 00:00:00 proftpd: (accepting connections)
500 4339 4269 0 19:21 pts/1 00:00:00 grep proftpd

Connecting

Let's try to connect to the ftp:
you can connect using your normal linux username (in my case: lollysticky), or you can use 'ftp' or 'anonymous' to connect. With the accounts 'ftp' and 'anonymous', you only need to enter your email (or nothing) as a password.
If you logged in with the linux username, you'll be directed to your home directory. When you use 'ftp' or 'anonymous' to login, the linux system will 'chroot' you to /var/ftp/, which will be seen as the ftp 'root'.

I then tried to connect remotely to my ftp server with several programs (Transmit, FileZilla,...). This succeeded both from my own home network as from a remote area.


I hope this will helpe someone. If there is need for more pictures, just ask!

-lollysticky-

[lollysticky]

I'll be updating this thread while I keep on discovering things:

next up: security...

anonymous logins are well... but virtually anyone could access the ftp. The next step is to assign passwords to the accounts as a first line of defence


How?
You can do it manually By going to the User Manager (see first post). If you don't see the user 'ftp' in the list, click Edit > Preferences and tick off the "Hide system users and groups" option. Now you'll see a whole bunch of users. Locate 'ftp' and click Properties to assign a password. You could also do it via the console:

Quote:

sudo passwd ftp
(fill in the password you like)

After doing that we'll have to edit the /etc/proftpd.conf file again.
locate the <Anonymous ~ ftp> section and make the first lines look like this (and recheck your config after you edit with the command from the first post):

Quote:

<Anonymous ~ftp>
User ftp
Group ftp
AnonRequirePassword on

restart the ftp (sudo /etc/init.d/proftpd restart). When you connect to the ftp (using both the usernames 'ftp' and 'anonymous'), you'll be prompted for a password. This will be the password of the ftp user you previously configured.

[bianchi77]

[root@localhost ftp]# ftp localhost
Trying ::1...
Connected to localhost (::1).
220 ProFTPD 1.3.2d Server (Basic FTP server) [::1]
Name (localhost:riko): ftp
331 Anonymous login ok, send your complete email address as your password
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
=============
I have followed the tutorial above but get login failed...
Anyone can help?

Tx

[lollysticky]

Did you try logging in as a non-anonymous user?

[bianchi77]

i haven't login with user...
how can i test anonymous user?

tx

[lollysticky]

Quote:

Originally Posted by bianchi77

i haven't login with user...
how can i test anonymous user?

tx

Have you set up any accounts or enabled anonymous login like I explained above? i'm starting to wonder if you've read my how-to

in your example you log in as 'ftp' user; that only works if you have an ftp user on your linux OS...
try logging in as anonymous by:
1) when it asks your name, enter 'anonymous' (without the ' marks)
2) as a password, either just ENTER, or give in your email (just ENTER )

that should do the trick if you have followed my guide correctly

P.S. if you have also enabled the password for the anonymous account, you should not ENTER, but provide this password.

[alain.roger]

i did everything as you wrote in the how-to, but everytime i have a login failed message.
it does not matter if i use ftp, anonymous or linux user accounts.
the result is still the same :-()
any idea ?

my goal is to use filezilla (on my windows 7 OS) later on to access to my linux ftp.

thanks a lot,

A.

Quote:

Originally Posted by lollysticky

Have you set up any accounts or enabled anonymous login like I explained above? i'm starting to wonder if you've read my how-to

in your example you log in as 'ftp' user; that only works if you have an ftp user on your linux OS...
try logging in as anonymous by:
1) when it asks your name, enter 'anonymous' (without the ' marks)
2) as a password, either just ENTER, or give in your email (just ENTER )

that should do the trick if you have followed my guide correctly

P.S. if you have also enabled the password for the anonymous account, you should not ENTER, but provide this password.

[lollysticky]

euhm confused here... is it the exact same message/error as the person above?

Could you provide the error displayed on your terminal screen when logging in? I will try to answer your question as soon as possible but atm I don't have access to my F10 server

[errorxp]

Thanks for this guide but using Filezilla or any other programs that save passwords in PLAIN TEXT is a bad idea. I made the mistake of using Filezilla once to log on to my ftp site and what do you know, shortly after that the site was infected with javascript.

[lollysticky]

Quote:

Originally Posted by errorxp

Thanks for this guide but using Filezilla or any other programs that save passwords in PLAIN TEXT is a bad idea. I made the mistake of using Filezilla once to log on to my ftp site and what do you know, shortly after that the site was infected with javascript.

I can only concur with this...

[alain.roger]

Quote:

Originally Posted by lollysticky

euhm confused here... is it the exact same message/error as the person above?

Could you provide the error displayed on your terminal screen when logging in? I will try to answer your question as soon as possible but atm I don't have access to my F10 server

here it is :-)
this it a test with ftp account and just ENTER (blank) as password

[alain.roger]

ok, so i discovered that writing PROFTPD_OPTIONS="-DANONYMOUS_FTP"
in /etc/sysconfig/proftpd make the ftp or anonymous connection works.

but how can i make any authenticated user (for example myself under account "alain") connect to this FTP server and directly go to /var/www/html/ folder ?

thanks a lot.

A.

[lollysticky]

ok I checked everything out and apparently proftpd has changed quite a bit since I installed it (which was allmost 2 years ago)... I've updated proftpd to the latest version and my configuration file is now giving problems where it didn't yesterday. Hence why this guide isn't working anymore I guess :P
I will try to setup my proftpd server again and update the 'guide'... (it will take some time tho... work and stuff :P)



EDIT 1: changed entire guide... everything works now according to the latest proftpd update.... Tested all cases:
* Anonymous login works, both with username 'anonymous' and 'ftp'
* Password login works with username 'anonymous' and 'ftp' if 'AnonRequirepassword on' is set
* Username (f.e. lollysticky) login to home directory succesful.

Please see the first post to get the new basic user details, configuration files,...
However, I would strongly advice everyone to switch to vsftpd both for usability and safety reasons!


EDIT 2: to Alain
If you wish that all authenticated users are chrooted to /var/www/html folder, then change

Quote:

DefaultRoot /var/www/html

In this example, all authenticated users will be chrooted to /var/www/html, and all anonymous users will go to /var/ftp/pub (as described in the configuration file above). I tested this and it all works

[glennzo]

Great job LollySticky. I just configured an FTP server here at home and by following your guide I was easily able to get this working the way I wanted. I now have a betrer basic understanding of how this is done. Thank you.

[lollysticky]

Thanks.. I'm glad it worked