# Disable sendfile by default since it breaks displaying the download speeds in # To prevent DoS attacks, set the maximum number of child processes # Set the user and group that the server runs as # Don't do reverse DNS lookups (hangs on DNS problems) # Use pam to authenticate (default) and be authoritativeĪuthOrder mod_auth_pam.c* mod_auth_unix.c # Cause every FTP user except adm to be chrooted into their home directory I removed commented lines to prevent the page to be too long but it’s a good idea to keep them in your file. Change the configuration file to have something like this. The configuration of proftpd is done in /etc/nf. To get familiar with proftpd and it’s configuration file, let’s start with a basic FTP-server configuration so we can be sure that our FTP-server works fine before we start with quotas. Nf_conntrack 101024 9 nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,ip6table_nat,nf_conntrack_ftp,iptable_nat,nf_conntrack_ipv4,nf_conntrack_ipv6īe default, SELinux won’t allow the FTP-users to write to their home directory which would immediately take away the need to set up a quota :) Let’s allow read and write access for the ftp-users to their home directory by setting SELinux boolean ftp_home_dir to 1: ~]$ sudo setsebool -P ftp_home_dir=1 Basic proftpd configuration Open up TCP port 21 for incoming traffic, save the rules and restart iptables to load the kernel ~]$ lsmod|grep nf_conntrack_ftp # are loaded after the firewall rules are applied. # Space separated list of nat helpers (e.g. On el6, we need to configure iptables directly:Īdd the ip_conntrack_ftp module in /etc/sysconfig/iptables-config: # Load additional iptables modules (nat helpers) Firewall and SELinuxīefore we will start with the actual configuration, we need to allow FTP to pass trough our firewall and trough SELinux.īy default, iptables will block incoming connections so we need to open up TCP port 21 to allow incoming FTP-connections. Because we would like to support passive FTP, since most FTP-clients use that by default, we’ll also need to load the ip_conntrack_ftp kernel module for iptables. Because of the difference in versions, there are some differences regarding quota configuration but more about that later. To be able to test the ftp-server on the same machine, let’s also install the cli ftp-client: ~]$ sudo yum -y install proftpd ftpĪt the time of writing, for CentOS 7, the latest version was: 1.3.5-2 and for CentOS 6, the latest version was: 1.3.3g-4. Now that we have access to packages in the EPEL repository, we can go ahead and install proftpd itself. To be able to use the EPEL-repository, we need to make it available first: ~]$ sudo yum -y install epel-release The package can be found in the EPEL repository. The first thing to do is to install the proftpd package from the repositories. If nothing’s written, it means that an action can be executed fine on both RHEL/CentOS 6 and RHEL/CentOS 7. The steps in this post are fairly equal for el6 and el7 installations so I’ll only point out version-specific actions. The documentation that I found was mainly for LDAP or MySQL integration and while that’s a good idea, I was looking for something more simple, using a simple file containing the quotas for the users. Suprisingly, there isn’t a lot of documentation to find on how to setup proftpd with quotas on CentOS or RHEL. In this post, I’ll describe how to setup a basic proftpd FTP-server with quotas on RHEL or CentOS 6 and 7. To avoid that some users would fill up the complete machine, you can use quotas. To receive answers to any questions regarding web-hosting upgrade please contact our customer support service via Skype, ticket system or online chat.Using FTP actually should be avoided whenever that’s possible but sometimes it’s just the most handy and convenient way of transferring files. In most cases, your FTP-users will be able to upload files to the FTP-server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |