source: server/major/proftpd.xml@ 339af0e7

10.0 10.1 11.0 11.1 9.0 9.1 lazarus qt5new trunk upgradedb xry111/intltool xry111/test-20220226
Last change on this file since 339af0e7 was 339af0e7, checked in by Douglas R. Reno <renodr@…>, 3 years ago

Tag proftpd and add the consolidated security patch

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@22069 af4574ff-66df-0310-9fd7-8a98e5e911e0

  • Property mode set to 100644
File size: 13.8 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../../general.ent">
5 %general-entities;
6
7 <!ENTITY proftpd-download-http " ">
8 <!ENTITY proftpd-download-ftp "ftp://ftp.proftpd.org/distrib/source/proftpd-&proftpd-version;.tar.gz">
9 <!ENTITY proftpd-md5sum "13270911c42aac842435f18205546a1b">
10 <!ENTITY proftpd-size "19 MB">
11 <!ENTITY proftpd-buildsize "65 MB">
12 <!ENTITY proftpd-time "0.3 SBU">
13]>
14
15<sect1 id="proftpd" xreflabel="ProFTPD-&proftpd-version;">
16 <?dbhtml filename="proftpd.html"?>
17
18 <sect1info>
19 <othername>$LastChangedBy$</othername>
20 <date>$Date$</date>
21 </sect1info>
22
23 <title>ProFTPD-&proftpd-version;</title>
24
25 <indexterm zone="proftpd">
26 <primary sortas="a-proftpd">Proftpd</primary>
27 </indexterm>
28
29 <sect2 role="package">
30 <title>Introduction to ProFTPD</title>
31
32 <para>The <application>ProFTPD</application> package contains a secure
33 and highly configurable FTP daemon. This is useful for serving large
34 file archives over a network.</para>
35
36 &lfs90_checked;
37
38 <bridgehead renderas="sect3">Package Information</bridgehead>
39 <itemizedlist spacing="compact">
40 <listitem>
41 <para>Download (HTTP): <ulink url="&proftpd-download-http;"/></para>
42 </listitem>
43 <listitem>
44 <para>Download (FTP): <ulink url="&proftpd-download-ftp;"/></para>
45 </listitem>
46 <listitem>
47 <para>Download MD5 sum: &proftpd-md5sum;</para>
48 </listitem>
49 <listitem>
50 <para>Download size: &proftpd-size;</para>
51 </listitem>
52 <listitem>
53 <para>Estimated disk space required: &proftpd-buildsize;</para>
54 </listitem>
55 <listitem>
56 <para>Estimated build time: &proftpd-time;</para>
57 </listitem>
58 </itemizedlist>
59
60 <bridgehead renderas="sect3">Additional Downloads</bridgehead>
61 <itemizedlist spacing="compact">
62 <listitem>
63 <para>
64 Required patch:
65 <ulink url="&patch-root;/proftpd-&proftpd-version;-consolidated_fixes-1.patch"/>
66 </para>
67 </listitem>
68 </itemizedlist>
69
70 <bridgehead renderas="sect3">ProFTPD Dependencies</bridgehead>
71
72 <bridgehead renderas="sect4">Optional</bridgehead>
73 <para role="optional">
74 <xref linkend="libcap-pam"/>,
75 <xref linkend="libssh2"/>,
76 <xref linkend="linux-pam"/>,
77 <xref linkend="mariadb"/> or <ulink url="http://www.mysql.com/">MySQL</ulink>,
78 <xref linkend="pcre"/>,
79 <xref linkend="postgresql"/>, and
80 <ulink url="https://metacpan.org/pod/Net::SSH2">Net::SSH2</ulink>
81 </para>
82
83 <para condition="html" role="usernotes">User Notes:
84 <ulink url="&blfs-wiki;/proftpd"/></para>
85
86 </sect2>
87
88 <sect2 role="installation">
89 <title>Installation of ProFTPD</title>
90
91 <para>For security reasons, you should install
92 <application>ProFTPD</application> using an unprivileged user and group.
93 As the <systemitem class="username">root</systemitem> user:</para>
94
95<screen role="root"><userinput>groupadd -g 46 proftpd &amp;&amp;
96useradd -c proftpd -d /srv/ftp -g proftpd \
97 -s /usr/bin/proftpdshell -u 46 proftpd &amp;&amp;
98
99install -v -d -m775 -o proftpd -g proftpd /srv/ftp &amp;&amp;
100ln -v -s /bin/false /usr/bin/proftpdshell &amp;&amp;
101echo /usr/bin/proftpdshell &gt;&gt; /etc/shells</userinput></screen>
102
103 <para>
104 First, apply a patch containing various security fixes from
105 the upstream developers:
106 </para>
107
108<screen><userinput remap="pre">patch -Np1 -i ../proftpd-&proftpd-version;-consolidated_fixes-1.patch</userinput></screen>
109
110 <para>Install <application>ProFTPD</application> as an unprivileged user by
111 running the following commands:</para>
112
113<screen><userinput>./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run &amp;&amp;
114make</userinput></screen>
115
116 <para>This packages does not come with a usable test suite.</para>
117
118 <para>Now, as the <systemitem class="username">root</systemitem> user:</para>
119
120<screen role="root"><userinput>make install &amp;&amp;
121install -d -m755 /usr/share/doc/proftpd-&proftpd-version; &amp;&amp;
122cp -Rv doc/* /usr/share/doc/proftpd-&proftpd-version;</userinput></screen>
123
124 </sect2>
125
126 <sect2 role="commands">
127 <title>Command Explanations</title>
128
129 <para><command>install -v -d -m775 -o proftpd -g proftpd
130 /srv/ftp</command>: Create the home directory for
131 <application>ProFTPD</application>.</para>
132
133 <para><command>ln -v -s /bin/false /usr/bin/proftpdshell</command>:
134 Set the default shell as a link to an invalid shell.</para>
135
136 <para><command>echo /usr/bin/proftpdshell &gt;&gt;
137 /etc/shells</command>: Fake a valid shell for compatibility purposes.</para>
138
139 <note>
140 <para>The above two commands can be omitted if the following directive is
141 placed in the configuration file:</para>
142
143<screen><literal>RequireValidShell off</literal></screen>
144
145 <para>By default, proftpd will require that users logging in have valid
146 shells. The RequireValidShell directive turns off this requirement. This
147 is only recommended if you are setting up your FTP server exclusively
148 for anonymous downloads.</para>
149 </note>
150
151 <note>
152 <para>
153 Support for most of the dependency packages requires using options
154 passed to the <command>configure</command> script. View the output
155 from <command>./configure --help</command> for complete information
156 about enabling dependency packages.
157 </para>
158 </note>
159
160 </sect2>
161
162 <sect2 role="configuration">
163 <title>Configuring ProFTPD</title>
164
165 <sect3 id='proftpd-config'>
166 <title>Config Files</title>
167
168 <para><filename>/etc/proftpd.conf</filename></para>
169
170 <indexterm zone="proftpd proftpd-config">
171 <primary sortas="e-etc-proftpd">/etc/proftpd.conf</primary>
172 </indexterm>
173
174 </sect3>
175
176 <sect3>
177 <title>Configuration Information</title>
178
179 <para>This is a simple, download-only sample configuration. See the
180 <application>ProFTPD</application> documentation in
181 <filename class="directory">/usr/share/doc/proftpd</filename> and
182 consult the website at <ulink url="http://www.proftpd.org/"/> for
183 example configurations.</para>
184
185<screen role="root"><?dbfo keep-together="auto"?><userinput>cat &gt; /etc/proftpd.conf &lt;&lt; "EOF"
186<literal># This is a basic ProFTPD configuration file
187# It establishes a single server and a single anonymous login.
188
189ServerName "ProFTPD Default Installation"
190ServerType standalone
191DefaultServer on
192
193# Port 21 is the standard FTP port.
194Port 21
195# Umask 022 is a good standard umask to prevent new dirs and files
196# from being group and world writable.
197Umask 022
198
199# To prevent DoS attacks, set the maximum number of child processes
200# to 30. If you need to allow more than 30 concurrent connections
201# at once, simply increase this value. Note that this ONLY works
202# in standalone mode, in inetd mode you should use an inetd server
203# that allows you to limit maximum number of processes per service
204<!--# (such as xinetd)-->
205MaxInstances 30
206
207# Set the user and group that the server normally runs at.
208User proftpd
209Group proftpd
210
211# To cause every FTP user to be "jailed" (chrooted) into their home
212# directory, uncomment this line.
213#DefaultRoot ~
214
215
216# Normally, files should be overwritable.
217&lt;Directory /*&gt;
218 AllowOverwrite on
219&lt;/Directory&gt;
220
221# A basic anonymous configuration, no upload directories.
222&lt;Anonymous ~proftpd&gt;
223 User proftpd
224 Group proftpd
225 # Clients should be able to login with "anonymous" as well as "proftpd"
226 UserAlias anonymous proftpd
227
228 # Limit the maximum number of anonymous logins
229 MaxClients 10
230
231 # 'welcome.msg' should be displayed at login, and '.message' displayed
232 # in each newly chdired directory.
233 DisplayLogin welcome.msg
234 DisplayChdir .message
235
236 # Limit WRITE everywhere in the anonymous chroot
237 &lt;Limit WRITE&gt;
238 DenyAll
239 &lt;/Limit&gt;
240&lt;/Anonymous&gt;</literal>
241EOF</userinput></screen>
242
243 </sect3>
244
245 <sect3 id="proftpd-init">
246 <title><phrase revision="sysv">Boot Script</phrase>
247 <phrase revision="systemd">Systemd Unit</phrase></title>
248
249 <para>Install the
250 <phrase revision="sysv"><filename>/etc/rc.d/init.d/proftpd</filename>
251 init script</phrase>
252 <phrase revision="systemd"><filename>proftpd.service</filename>
253 unit</phrase> included in the
254 <xref linkend="bootscripts" revision="sysv"/>
255 <xref linkend="systemd-units" revision="systemd"/>
256 package.</para>
257
258 <indexterm zone="proftpd proftpd-init">
259 <primary sortas="f-proftpd">proftpd</primary>
260 </indexterm>
261
262<screen role="root"><userinput>make install-proftpd</userinput></screen>
263
264 </sect3>
265
266 </sect2>
267
268 <sect2 role="content">
269 <title>Contents</title>
270
271 <segmentedlist>
272 <segtitle>Installed Programs</segtitle>
273 <segtitle>Installed Libraries</segtitle>
274 <segtitle>Installed Directory</segtitle>
275
276 <seglistitem>
277 <seg>
278 ftpasswd, ftpcount, ftpdctl, ftpmail, ftpquota, ftpscrub, ftpshut,
279 ftptop, ftpwho, in.proftpd (symlink to proftpd), proftpd, and prxs
280 </seg>
281 <seg>
282 None
283 </seg>
284 <seg>
285 /usr/{include,lib}/proftpd
286 </seg>
287 </seglistitem>
288 </segmentedlist>
289
290 <variablelist>
291 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
292 <?dbfo list-presentation="list"?>
293 <?dbhtml list-presentation="table"?>
294
295 <varlistentry id="proftpd-prog">
296 <term><command>proftpd</command></term>
297 <listitem>
298 <para>is the FTP daemon.</para>
299 <indexterm zone="proftpd proftpd-prog">
300 <primary sortas="b-proftpd">proftpd</primary>
301 </indexterm>
302 </listitem>
303 </varlistentry>
304
305 <varlistentry id="ftpcount">
306 <term><command>ftpcount</command></term>
307 <listitem>
308 <para>shows the current number of connections.</para>
309 <indexterm zone="proftpd ftpcount">
310 <primary sortas="b-ftpcount">ftpcount</primary>
311 </indexterm>
312 </listitem>
313 </varlistentry>
314
315 <varlistentry id="ftpdctl">
316 <term><command>ftpdctl</command></term>
317 <listitem>
318 <para>is used to control the proftpd daemon while it is running.</para>
319 <indexterm zone="proftpd ftpdctl">
320 <primary sortas="b-ftpdctl">ftpdctl</primary>
321 </indexterm>
322 </listitem>
323 </varlistentry>
324
325 <varlistentry id="ftpasswd">
326 <term><command>ftpasswd</command></term>
327 <listitem>
328 <para>is a Perl script designed to create and manage
329 AuthUserFiles and AuthGroupFiles of the correct format for proftpd.</para>
330 <indexterm zone="proftpd ftpasswd">
331 <primary sortas="b-ftpasswd">ftpasswd</primary>
332 </indexterm>
333 </listitem>
334 </varlistentry>
335
336 <varlistentry id="ftpmail">
337 <term><command>ftpmail</command></term>
338 <listitem>
339 <para>is a Perl script for sending email based on the proftpd TransferLog.
340 </para>
341 <indexterm zone="proftpd ftpmail">
342 <primary sortas="b-ftpmail">ftpmail</primary>
343 </indexterm>
344 </listitem>
345 </varlistentry>
346
347 <varlistentry id="ftpquota">
348 <term><command>ftpquota</command></term>
349 <listitem>
350 <para>is a Perl script designed to create and manage limits and tally
351 files for the mod_quotatab + mod_quotatab_file module combination
352 for proftpd.</para>
353 <indexterm zone="proftpd ftpquota">
354 <primary sortas="b-ftpquota">ftpquota</primary>
355 </indexterm>
356 </listitem>
357 </varlistentry>
358
359 <varlistentry id="ftpscrub">
360 <term><command>ftpscrub</command></term>
361 <listitem>
362 <para>provides a way to scrub the scoreboard file on demand.</para>
363 <indexterm zone="proftpd ftpscrub">
364 <primary sortas="b-ftpscrub">ftpscrub</primary>
365 </indexterm>
366 </listitem>
367 </varlistentry>
368
369 <varlistentry id="ftpshut">
370 <term><command>ftpshut</command></term>
371 <listitem>
372 <para>shuts down all <application>proftpd</application> servers
373 at a given time.</para>
374 <indexterm zone="proftpd ftpshut">
375 <primary sortas="b-ftpshut">ftpshut</primary>
376 </indexterm>
377 </listitem>
378 </varlistentry>
379
380 <varlistentry id="ftptop">
381 <term><command>ftptop</command></term>
382 <listitem>
383 <para>displays running status on connections.</para>
384 <indexterm zone="proftpd ftptop">
385 <primary sortas="b-ftptop">ftptop</primary>
386 </indexterm>
387 </listitem>
388 </varlistentry>
389
390 <varlistentry id="ftpwho">
391 <term><command>ftpwho</command></term>
392 <listitem>
393 <para>shows current process information for each session.</para>
394 <indexterm zone="proftpd ftpwho">
395 <primary sortas="b-ftpwho">ftpwho</primary>
396 </indexterm>
397 </listitem>
398 </varlistentry>
399
400 <varlistentry id="prxs">
401 <term><command>prxs</command></term>
402 <listitem>
403 <para>is a Perl script designed to compile and install third-party
404 modules, from source code, as DSO modules for the installed
405 proftpd.</para>
406 <indexterm zone="proftpd prxs">
407 <primary sortas="b-prxs">prxs</primary>
408 </indexterm>
409 </listitem>
410 </varlistentry>
411
412 </variablelist>
413
414 </sect2>
415
416</sect1>
Note: See TracBrowser for help on using the repository browser.