Anonymous FTP

• Networking Options access to the netwoking options.
  
• Logging Options logging support.
  
• Files and Directories access to the Files and Directories options.
  
• Access Control specifies Access Control options.
  
• Miscellaneous controls options of wtmp file.
  
• Authentication options of Authentication module.
  
• User and Group configures the user and group under which the ProFTPD server will run.
  
• Configure Anonymous FTP form to configue Anonymous FTP.
  
• Per-directory and Per-command options:
  
  • Add per-directory options for ..: creates a block of configuration directives which applies only to the specified directory and its sub-directories.
  • Add per-command options for ..: is used to place access restrictions on one or more FTP commands, within a given context.
• Commands WRITE sets the commands/actions to be controlled.

Networking Options

• Allow foreign data transfers?: controls the use of the PORT command. Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port.
• Allow restarted downloads?: permits or denies clients from performing "restart" retrieve file transfers via the FTP REST command. By default this is enabled, so that clients may resume interrupted file transfers at a later time without losing previously collected data.
• Allow restarted uploads?: permits or denies clients from "restarting" interrupted store file transfers (those sent from client to server). By default restarting (via the REST command) is not permitted when sending files to the server. Care should be taken to disallow anonymous ftp "incoming" transfers to be restarted, as this will allow clients to corrupt or increase the size of previously stored files (even if not their own).
• Maximum concurrent logins: configures the maximum number of authenticated clients which may be logged into a server or anonymous account.
• Maximum concurrent logins per host: configures the maximum number of clients allowed to connect per host.

Logging Options

• FTP transfers logfile: configures the full path to the "wu-ftpd style" file transfer log. Additionally, the special keyword NONE can be used, which disables wu-ftpd style transfer logging for the given context.
• System log level: adjusts the verbosity of the messages recorded in the error logs. The following levels are available, in order of decreasing significance:
  - emerg, emergencies - system is unusable;
  - alert, action must be taken immediately;
  - crit, critical conditions;
  - error, error conditions;
  - warn, warning conditions;
  - notice, normal but significant condition;
  - info, informational;
  - debug, debug-level messages.
  When a particular level is specified, messages from all other levels of higher significance will be reported as well.
• Custom logfiles: allows customizable logfiles to be generated, either globally or per VirtualHost. The filename argument must contain an absolute pathname to a logfile which will be appended to when proftpd starts; the pathname should not be to a file in a nonexistent directory, to a world-writeable directory, or be a symbolic link (unless AllowLogSymlinks is set to on).

Files and Directories

• Initial login directory: determines the directory a user is placed in after logging in. By default, the user is put in their home directory. The specified directory can be relative to the user's home directory.
• Shortcut CD directories: sets "search paths" for the cd command. Adds an entry to a search path that is used when changing directories. For example: CDPath /home/public CDPath /var/devel. This allows a user to cd into any directory directly under /home/public or /var/devel, provided they have the appropriate rights. So, if /home/public/proftpd exists, cd proftpd will bring the user to that directory, regardless of where they currently are in the directory tree.
• Delete aborted uploads?: controls whether proftpd deletes partially uploaded files if the transfer is stopped via the ABOR command rather than a connection failure.
• Directory README filename: configures an ASCII text filename which will be displayed to the user the first time they change into a directory (via CWD) per a given session.
• Hide files during upload?: enables more safe file uploads. It enables two-step file uploads: files are uploaded as ".in.filename." and once the upload is complete, renamed to just "filename". This provides a degree of atomicity and helps prevent:
  1) incomplete uploads;
  2) files being used while they're still in the progress of being uploaded.
  Note: if the temporary file name is already in use, it will prevent the file from being uploaded.
• Hide files owned by groups: configures a Anonymous block to hide all directory entries owned by the specified group, unless the group is the primary group of the currently logged-in, authenticated user . Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc).
• Hide files that cannot be accessed?: configures a Anonymous block to hide all directory entries in a directory listing (via the LIST or NLST FTP commands) to which the current logged-in, authenticated user has no access.
• Hide files owned by users: configures a Anonymous block to hide all directory entries owned by the specified user, unless the owning user is the currently logged-in, authenticated user. Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc).
• Allowed uploaded filename regex: allows the configuration of a regular expression that must be matched for all newly uploaded (stored) files. The regular expression is applied against the entire pathname specified by the client, so care must be taken when creating a proper regex. Paths that fail the regex match result in a "Forbidden filename" error being returned to the client.
• Denied uploaded filename regex: specifies a regular expression which must not match any uploaded pathnames. If the regex does match, a "Forbidden filename" error is returned to the client. This can be especially useful for forbidding .ftpaccess or .htaccess files.
• Show symbolic links?: toggles the display of symlinks. The default behavior is to show all symbolic links when normal users are logged in, and hide them for anonymous sessions.
• Chroot to username subdirectory?: sets the chroot directory to a subdirectory of the anonymous server. When set to Yes, the chroot base directory becomes a subdirectory of the anonymous ftp directory, based on the username of the current user.
• Fake group in directory listings?: can be used to hide the true group of files (including directories, fifos, etc.) in a directory listing. By Default, it will display all files as being owned by group 'ftp'. If specify Yes, as group .., it will display all files as being owned by group 'ftp', or by 'Connected group', or by any existen group.
• Fake permissions in directory listings: configures a mode (or permissions) which will be displayed for all files and directories in directory listings. For each subset of permissions (user, group, other), the "execute" permission for directories is added in listings if the "read" permission is specified by this option.
• Fake user in directory listings?: can be used to hide the true user owners of files (including directories, fifos, etc.) in a directory listing. By Default, it will display all files as being owned by user 'ftp'. If specify as Yes, as user .., it will display all files as being owned by user 'ftp', or by 'Connected user', or by any existen user.
• Directory list options: FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. It can alter the behaviour of such listings by making it such that a certain option (or options) is always in effect, or is always disabled.
• Additional ls options: FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. It can alter the default behavior of such listings, but implying that a certain option (or options) is always present.
• Notify user of readme files matching: notifies the user of the last change date of the specified file or pattern.

Access Control

• Don't ask for password if login is denied?: if set to No, proftpd will skip the password request if the login will be denied regardless of password.
• Failed login message: response message is sent to an FTP client immediately after a failed authentication attempt, with a standard message indicating the reason of failure.
• Successful login message: response message is sent to an FTP client immediately after authentication, with a standard message indicating that the user has logged in.
• Access control policy: allows access to a Anonymous block.
• Allow overwriting of files?: permits newly transfered files to overwrite existing files. By default, ftp clients cannot overwrite existing files.
• Allowed FTP commands regexp: allows the configuration of a regular expression that must be matched for all command arguments sent to ProFTPD. Commands that fail the regex match result in a "Forbidden command" error being returned to the client.
• Denied FTP commands regexp: specifies a regular expression which must not match any of the command arguments. If the regex does match, a "Forbidden command" error is returned to the client.
• Hosts to allow file: specifies from which ip's connections are allowed.
• Hosts to deny file: specifies from which ip's connections are denied.

Miscellaneous

Authentication

• Allow login by root?: permits root user logins. Normally, proftpd disallows root logins under any circumstance. If a client attempts to login as root, using the correct password, a special security message is sent to syslog. When enabled, the root user may authenticate just as any other user could (assuming no other access control measures deny access); however the root login security message is still sysloged. The use of RootLogin in the Anonymous context is only valid when the User / Group defined in the Anonymous block is set to 'root'.
• Require password for anonymous login?: normally, anonymous FTP logins do not require the client to authenticate themselves via the normal method of a transmitted cleartext password which is hashed and matched against an existing system user's password. Instead, anonymous logins are expected to enter their e-mail address when prompted for a password. Enabling this option requires anonymous logins to enter a valid password which must match the password of the user that the anonymous daemon runs as.
• Only allow aliased users to login?: restricts authentication to "aliased" logins only.
• Use alias password for anonymous login?: authenticates via Alias-name instead of mapped username. It disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When this option is disabled, the checked username would be "ftp".
• Too many connections message file: sets the file to display to a rejected connection. This option specifies an ASCII text filename which will be displayed to the user if the class they're a member of has too many users logged in and their login request has been denied.
• Post-login message file: configures an ASCII text filename which will be displayed to the user when they initially login.
• Logout message file: configures an ASCII text filename which will be displayed to the user when they quit.
• Group passwords: creates a special "group" password which allows all users in the specified group to authenticate using a single password.
• Only allow login by users with valid shell?: configures the server, virtual host or anonymous login to allow or deny logins which do not have a shell binary listed in /etc/shells. By default, proftpd disallows logins if the user's default shell is not listed in /etc/shells. If /etc/shells cannot be found, all default shells are assumed to be valid.
• Deny users in /etc/ftpusers file?: legacy FTP servers generally check a special authorization file (typically /etc/ftpusers) when a client attempts to authenticate. If the user's name is found in this file, FTP access is denied.
• Username aliases: proftpd requires a real username/uid when authenticating users as provided by PAM, AuthUserFile or another authentication mechanism. There are however times when additional aliases are required but it is undesirable to provide additional login accounts.
• User passwords overrides: creates a password for a particular user which overrides the user's normal password in /etc/passwd (or /etc/shadow).

User and Group

• Run as Unix group: sets the group the server normally runs as.
• Group owner of uploaded files: changes default group for new files and directories. It configures which group all newly created directories and files will be owned by.
• Run as Unix user: configures which user the proftpd daemon will normally run as. By default, proftpd runs as root. This option used in conjunction with the Run as Unix group instructs the daemon to switch to the specified user and group as quickly as possible after startup.
• Owner of uploaded files: configures which user all newly created directories and files will be owned by.

Configure Anonymous FTP

Commands WRITE