Default Sever Configuration

• Networking Options access to the netwoking options.
  
• Logging Options logging support.
  
• Files and Directories access to the Files and Directories options.
  
• Access Control specifies Access Control options.
  
• Miscellaneous sets the email address of the administrator for the server; controls options of wtmp file.
  
• User and Group configures the user and group under which the ProFTPD server will run.
  
• Authentication options of Authentication module.
  
• Anonymous FTP defines an anonymous server.
  
• Per-directory and Per-command options:
  
  • Add per-directory options for ..: creates a block of configuration directives which applies only to the specified directory and its sub-directories.
  • Add per-command options for ..: is used to place access restrictions on one or more FTP commands, within a given context.
  • Directory: directory-limited configuration directives.

Networking Options

• Allow foreign data transfers?: controls the use of the PORT command. Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port.
• Allow restarted downloads?: permits or denies clients from performing "restart" retrieve file transfers via the FTP REST command. By default this is enabled, so that clients may resume interrupted file transfers at a later time without losing previously collected data.
• Allow restarted uploads?:permits or denies clients from "restarting" interrupted store file transfers (those sent from client to server). By default restarting (via the REST command) is not permitted when sending files to the server.
• Bind to address: allows additional IP addresses to be bound to a VirtualServer configuration. The address argument should be either a fully qualified domain name or a numeric dotted-quad IP address. Incoming connections destined to an additional address added by Bind are serviced by the given context.
• Maximum FTP command length: controls the maximum command length permitted to be sent to the server.
• Default transfer mode: sets the default transfer mode of the server. By default, carriage-return/linefeed translation will be performed (ASCII mode).
• Defer welcome message until after login?: configures a virtual server to delay transmitting the ServerName and address to new connections, until a client has successfully authenticated. If enabled, the initial welcome message will be exceedingly generic and will not give away any type of information about the host that the daemon is actively running on.
• Lookup remote Ident username?: normally, when a client initially connects to proftpd, the ident protocol (RFC1413) is used to attempt to identify the remote username.
• Masquerade as address: causes the server to display the network information for the specified IP address or DNS hostname to the client, on the assumption that IP address or DNS host is acting as a NAT gateway or port forwarder for the server.
• Maximum concurrent logins: configures the maximum number of authenticated clients which may be logged into a server or anonymous account. Once this limit is reached, additional clients attempting to authenticate will be disconnected.
• Maximum concurrent logins per host: configures the maximum number of clients allowed to connect per host. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value.
• PASV port range: restricts the range of ports from which the server will select when sent the PASV command from a client. The server will randomly choose a number from within the specified range until an open port is found. Should no open ports be found within the given range, the server will default to a normal kernel-assigned port, and a message logged.
• Listen on port: configures the TCP port which proftpd will listen on while running in stand-alone mode. It has no effect when used upon a server running in inetd mode. For any server setting Port 0 effectively turns off that server.
• Client connection message: sets the default message displayed when a new client connects. Setting this to off displays "[hostname] FTP server ready." If set to on, it can take an optional string argument, which will be displayed instead of the default text.
• Use TCP_NODELAY socket option?: controls the use of the TCP_NODELAY socket option. Proftpd uses TCP_NODELAY by default.
• TCP receive window size: configures the size (in octets) of all data connections' tcp receive windows. It is only used when receiving a file from a client over the data connection.
• TCP send window size: configures the size (in octets) of all data connections' tcp send windows. It is only used when sending a file from the server to a client on the data connection.

Logging Options

• FTP transfers logfile: configures the full path to the "wu-ftpd style" file transfer log. The special keyword NONE can be used, which disables wu-ftpd style transfer logging for the given context.
• System log level: adjusts the verbosity of the messages recorded in the error logs. The following levels are available, in order of decreasing significance:
  - emerg, emergencies - system is unusable;
  - alert, action must be taken immediately;
  - crit, critical conditions;
  - error, error conditions;
  - warn, warning conditions;
  - notice, normal but significant condition;
  - info, informational;
  - debug, debug-level messages.
  When a particular level is specified, messages from all other levels of higher significance will be reported as well.
• Custom logfiles: allows customizable logfiles to be generated per VirtualServer. The filename argument must contain an absolute pathname to a logfile which will be appended to when proftpd starts; the pathname should not be to a file in a nonexistent directory, to a world-writeable directory, or be a symbolic link (unless AllowLogSymlinks is set to on).

Files and Directories

• Initial login directory: determines the directory a user is placed in after logging in. By default, the user is put in their home directory. The specified directory can be relative to the user's home directory.
• Limit users to directories: controls the default root directory assigned to a user upon login. A chroot operation is performed immediately after a client authenticates. This can be used to effectively isolate the client from a portion of the host system filespace.
• Shortcut CD directories: sets "search paths" for the cd command. Adds an entry to a search path that is used when changing directories. For example: CDPath /home/public CDPath /var/devel. This allows a user to cd into any directory directly under /home/public or /var/devel, provided they have the appropriate rights. So, if /home/public/proftpd exists, cd proftpd will bring the user to that directory, regardless of where they currently are in the directory tree.
• Delete aborted uploads?: controls whether proftpd deletes partially uploaded files if the transfer is stopped via the ABOR command rather than a connection failure.
• Directory README filename: configures an ASCII text filename which will be displayed to the user the first time they change into a directory (via CWD) per a given session.
• Hide files during upload?: enables more safe file uploads. It enables two-step file uploads: files are uploaded as ".in.filename." and once the upload is complete, renamed to just "filename". This provides a degree of atomicity and helps prevent:
  1) incomplete uploads;
  2) files being used while they're still in the progress of being uploaded.
  Note: if the temporary file name is already in use, it will prevent the file from being uploaded.
• Allowed uploaded filename regex: allows the configuration of a regular expression that must be matched for all newly uploaded (stored) files. The regular expression is applied against the entire pathname specified by the client, so care must be taken when creating a proper regex. Paths that fail the regex match result in a "Forbidden filename" error being returned to the client.
• Denied uploaded filename regex: specifies a regular expression which must not match any uploaded pathnames. If the regex does match, a "Forbidden filename" error is returned to the client. This can be especially useful for forbidding .ftpaccess or .htaccess files.
• Show symbolic links?: toggles the display of symlinks. The default behavior is to show all symbolic links when normal users are logged in, and hide them for anonymous sessions.
• New file umask: sets the mask applied to newly created file permissions within a given context. An argument supplied must be an octal number, in the format 0xxx.
• New directory mask: sets the mask applied to newly created directory permissions within a given context. An argument supplied must be an octal number, in the format 0xxx.
• Fake group in directory listings?: can be used to hide the true group of files (including directories, fifos, etc.) in a directory listing. By Default, it will display all files as being owned by group 'ftp'. If specify Yes, as group .., it will display all files as being owned by group 'ftp', or by 'Connected group', or by any existen group.
• Fake permissions in directory listings: configures a mode (or permissions) which will be displayed for all files and directories in directory listings. For each subset of permissions (user, group, other), the "execute" permission for directories is added in listings if the "read" permission is specified by this option.
• Fake user in directory listings?: can be used to hide the true user owners of files (including directories, fifos, etc.) in a directory listing. By Default, it will display all files as being owned by user 'ftp'. If specify as Yes, as user .., it will display all files as being owned by user 'ftp', or by 'Connected user', or by any existen user.
• Directory list options: FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. It can alter the behaviour of such listings by making it such that a certain option (or options) is always in effect, or is always disabled.
• Additional ls options: FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. It can alter the default behavior of such listings, but implying that a certain option (or options) is always present.
• Notify user of readme files matching: notifies the user of the last change date of the specified file or pattern.

Access Control

• Don't ask for password if login is denied?: if set to No, proftpd will skip the password request if the login will be denied regardless of password.
• Failed login message: response message is sent to an FTP client immediately after a failed authentication attempt, with a standard message indicating the reason of failure.
• Successful login message: response message is sent to an FTP client immediately after authentication, with a standard message indicating that the user has logged in.
• Allowed FTP commands regexp: allows the configuration of a regular expression that must be matched for all command arguments sent to ProFTPD. Commands that fail the regex match result in a "Forbidden command" error being returned to the client.
• Allow overwriting of files?: permits newly transfered files to overwrite existing files. By default, ftp clients cannot overwrite existing files.
• Access control classes: classes base access allows each connecting IP to be classified into a separate class. Each class has its own maximum number of connections. Limit sets the maximum number of connections (default is 100) for that class name, regex sets a hostname regex (POSIX) for inclusion in the class and ip sets an IP/netmask based inclusion.
• Denied FTP commands regexp: specifies a regular expression which must not match any of the command arguments. If the regex does match, a "Forbidden command" error is returned to the client.
• Hosts to allow file: specifies from which ip's connections are allowed.
• Hosts to deny file: specifies from which ip's connections are denied.

Miscellaneous

• Server administrator's email address: sets the email address of the administrator for the server. This address is displayed in magic cookie replacements.
• Record logins in wtmp?: controls proftpd's logging of ftp connections to the host system's wtmp file. By default, all connections are logged via wtmp.

User and Group

• Run as Unix group: configures which group the server daemon will normally run at.
• Run as Unix user: configures which user the proftpd daemon will normally run as. By default, proftpd runs as root which is considered undesirable in all but the most trustful network configurations. This option is used in conjunction with the Run as Unix group option instructs the daemon to switch to the specified user and group as quickly as possible after startup.

Authentication

• Allow login by root?: permits root user logins. Normally, proftpd disallows root logins under any circumstance. If a client attempts to login as root, using the correct password, a special security message is sent to syslog. When enabled, the root user may authenticate just as any other user could (assuming no other access control measures deny access); however the root login security message is still sysloged.
• Groups to treat members as anonymous: specifies a group-expression to which all matching users will be considered anonymous logins.
• Only allow aliased users to login?: restricts authentication to "aliased" logins only.
• Pre-login message file: configures an ASCII text filename which will be displayed to the user when they initially connect but before they login.
• Too many connections message file: sets the file to display to a rejected connection. This option specifies an ASCII text filename which will be displayed to the user if the class they're a member of has too many users logged in and their login request has been denied.
• Post-login message file: configures an ASCII text filename which will be displayed to the user when they initially login.
• Logout message file: configures an ASCII text filename which will be displayed to the user when they quit.
• Group passwords: creates a special "group" password which allows all users in the specified group to authenticate using a single password.
• Maximum failed logins per session: configures the maximum number of times a client may attempt to authenticate to the server during a given connection. After the number of attempts exceeds this value, the user is disconnected and an appropriate message is logged via the syslog mechanism.
• Only allow login by users with valid shell?: configures the server, virtual host or anonymous login to allow or deny logins which do not have a shell binary listed in /etc/shells. By default, proftpd disallows logins if the user's default shell is not listed in /etc/shells. If /etc/shells cannot be found, all default shells are assumed to be valid.
• Deny users in /etc/ftpusers file?: legacy FTP servers generally check a special authorization file (typically /etc/ftpusers) when a client attempts to authenticate. If the user's name is found in this file, FTP access is denied.
• Username aliases: proftpd requires a real username/uid when authenticating users as provided by PAM, AuthUserFile or another authentication mechanism. There are however times when additional aliases are required but it is undesirable to provide additional login accounts.
• User passwords overrides: creates a password for a particular user which overrides the user's normal password in /etc/passwd (or /etc/shadow).