#Configuration file for bftpd.#The given values are only examples, modify this

1. #Configuration file for bftpd.
2. #The given values are only examples, modify this file for your own needs.
3.  
4. global {
5.  
6. #If set to no, access is allowed.
7. #If set to yes, access is denied without giving a reason.
8. #If set to anything else, access is denied giving the content of this
9. #variable as a reason.
10. DENY_LOGIN="no"
11.  
12. #The port number where the daemon should listen (only for daemon mode)
13. PORT="21"
14.  
15. #You can force bftpd to use a specific port range in passive mode.
16. #Passive mode means that the client will open data connections
17. #and the server stays 'passive'.
18. #This option can be very useful with some firewall configurations.
19. #Seperate values with "," and define ranges with "-".
20. #bftpd will try to bind one of these ports in ascending order as
21. #you specify them here.
22. #If none of the given ports could be bound, the connection is
23. #is refused. If you want to bind any free port in that case, add
24. #"0" to the list.
25. #PASSIVE_PORTS="10000,12000-12100,13000"
26. PASSIVE_PORTS="0"
27.  
28. #If PORT data connections should be opened from port 20, say yes here. You
29. #will probably need this if your server is behind a firewall that restricts
30. #outgoing packets from ports higher than 1024. Note that this may be a
31. #security hole, as the server can not drop its root privileges completely
32. #if you say yes here.
33. DATAPORT20="no"
34.  
35. #The password for the administration commands, encrypted (man mkpasswd).
36. ADMIN_PASS="ftp8921"
37.  
38. #With this option, you can put your entire FTP environment into a chroot
39. #jail. Apart from security, this offers you the possibility of having
40. #virtual users that don't exist in the system.
41. #Additionally, you can make some kind of 'file pool' by creating a directory
42. #with files which you can symlink from the users' homes (this means setting
43. #DO_CHROOT=no in order for the users to be able to access that dir.
44. #Note that you need the following files in your initial chroot directory:
45. #/etc/passwd, /etc/shadow, /etc/group
46. #On GNU systems, you will also need the NSS libraries in /lib.
47. #INITIAL_CHROOT="/ftp"
48.  
49. #The bftpdutmp file enables you to record user logins and logouts in
50. #bftpd, which is useful for the administration interface (which is not
51. #finished yet). You also need the file to be able to restrict the number
52. #of users simultaneously logged on, and so on.
53. #Note that the directory in which the file resides must already exist.
54. #Set the option to "" if you do not want that. This is discouraged for normal
55. #use, but can be helpful if you want to create a boot floppy or something.
56. PATH_BFTPDUTMP="/var/run/bftpd/bftpdutmp"
57.  
58. #This option controls the buffer size while transferring files.
59. #If you are on a very fast network (fast meaning 100 Mbit/s or more),
60. #you should set this to 64000 or something like that.
61. #Transferring from localhost to localhost, I had a transfer speed of
62. #approx. 15 MB/s with XFER_BUFSIZE=2048 and a speed of approx. 20 MB/s
63. #with XFER_BUFSIZE=64000. You should not set big values for this if you have
64. #slow (dialup) clients.
65. # This option can also be used to (crudely) throttle back
66. # transfer speeds. Setting this to a very low value
67. # can slow transfer speeds.
68. XFER_BUFSIZE="2048"
69.  
70.  
71. # This variable controls whether the transfer buffer (see above option)
72. # should change size as more (or less) clients connect to the server.
73. # Setting this option to "yes" will put more work on your CPU, but
74. # will avoid chewing up as much bandwidth as more people connect.
75. # Setting this option to "no" is easier on the CPU, but may cause
76. # your bandwidth to spike.
77. CHANGE_BUFSIZE="no"
78.  
79.  
80.  
81. # This option allows you to add a delay (in microseconds) to
82. # the time between when one piece of data was sent
83. # and when the next will be sent. This is to aid in
84. # throttling bandwidth and applies to each client. The
85. # throttling effects the DATA transfers only (not control
86. # connections).
87. # A value of zero (0) means there is no added delay.
88. # A value of about 500000 (five hundred thousand) should
89. # delay for about half a second.
90. # These delays should be kept low to avoid triggering
91. # data transfer timeouts.
92. XFER_DELAY="0"
93.  
94. # This option determines whether hidden files
95. # ( files that start with a "." )
96. # will be shown in a directory listing.
97. SHOW_HIDDEN_FILES="no"
98.  
99. # This option determines whether files not readable
100. # to the ftp user will be shown in a directory listing.
101. SHOW_NONREADABLE_FILES="no"
102.  
103. #When set to yes, this option makes the server allow data connections which
104. #don't go to the client who initiated them.
105. #This is needed for FXP.
106. ALLOW_FXP="no"
107.  
108. #After how many seconds of idle time should a user be kicked from the server?
109. CONTROL_TIMEOUT="300"
110.  
111. #After how many seconds of idle time should a user be kicked from the server
112. #during a file transfer?
113. DATA_TIMEOUT="30"
114.  
115. #Use Ratio if you want the client to send a file before he can get a file.
116. #Usage: RATIO=send/receive or RATIO=none. Example: RATIO=2/1 lets the client
117. #receive a 1 MB file when he has sent a 2 MB file.
118. RATIO="none"
119.  
120. # Use this option to track bandwidth usage. After each session, the server
121. # will log how much data was uploaded and downloaded for each user.
122. # This option should point to the directory where the log files will
123. # be saved.
124. # Each day gets its own log file, to make it easier to rotate logs.
125. # Please note, this directory must be created manually.
126. # BANDWIDTH="/var/log/bftpd"
127.  
128. #ROOTDIR specifies the root directory of the client. It defaults to %h
129. #(user's home directory). %u is replaced by the user name.
130. #ROOTDIR="%h"
131. ROOTDIR="/mnt/1"
132. #Umask for the files or directories users create.
133. UMASK="022"
134.  
135. #Name of the log file. Say "syslog" to log into syslog.
136. #Say "" for no logging.
137. LOGFILE="/var/log/bftpd.log"
138.  
139. #Use %v for version, %h for the server FQDN and %i for the server IP address.
140. # Note: If you use the "%h" option and you do an inital CHROOT, then
141. # you'll need to copy your /etc/hosts and /etc/host.conf files into
142. # the chroot jail.
143. HELLO_STRING="bftpd %v at %i ready."
144.  
145. #The server automatically chdirs to the directory given here after login.
146. AUTO_CHDIR="/mnt/1/"
147.  
148. #Authentication type, values: PAM, PASSWD
149. #AUTH="PASSWD"
150. AUTH="PAM"
151. # The FILE_AUTH varible over-rides the AUTH value. If the FILE_AUTH
152. # value is set to something other than an empty string ("")
153. # bftpd will search through the pathname given in order
154. # to find username/password matches.
155. # The format of this file is as shown below:
156. # username password group home_folder
157. # (for example:)
158. # robert secret users /home/robert
159. # james moose users /mnt/storage
160. #
161. # A entry with the password field set to * (star) requires
162. # no password. Any password the users enters will be accepted.
163. # The following example is for a user with no password.
164. # anyone * users /home/ftp
165. FILE_AUTH="/etc/ftpdpassword"
166.  
167.  
168. #Enable this if you want the client's IP address to be resolved to a host
169. #name. Note that it increases the overhead and it may not work if your DNS
170. #is not configured correctly. Clients without a valid DNS name will take very
171. #long to connect.
172. RESOLVE_CLIENT_IP="no"
173.  
174. #Path to the message of the day, seen by all users before login.
175. MOTD_GLOBAL="/etc/ftpmotd"
176.  
177. #Path to the message of the day, seen after login, relative to the root
178. #path of the user (see ROOTDIR).
179. # Use symbols %u and %h in place of user's username and home directory.
180. MOTD_USER="/.ftpmotd"
181.  
182. #If RESOLVE_UIDS is enabled, in directory lists the user and group names
183. #are shown instead of UID/GID. This may slow down directory listings.
184. RESOLVE_UIDS="yes"
185.  
186. #If DO_CHROOT is enabled, a user can not access directories other than his
187. #HOMEDIR and its subdirectories. DON'T disable this globally if you don't
188. #want to have a security hole!
189. DO_CHROOT="yes"
190.  
191. #Enable this to log each login to wtmp.
192. LOG_WTMP="yes"
193.  
194. #If you want bftpd to bind itself to one specific network interface, enter
195. #its IP address here. Else enter 'any'. This option only works in standalone
196. #mode.
197. BIND_TO_ADDR="any"
198.  
199.  
200. # This option allows you to over-ride the IP address Bftpd
201. # sends to the client. This may be useful is you are behind
202. # a router. If an address is given in this option, it over-rides
203. # the LAN IP your PC had. It is recommended you leave this option
204. # commented out unless you have a special setup.
205. #OVERRIDE_IP="127.0.0.1"
206.  
207.  
208. #Path to the ftpusers file. It can contain user names that are denied.
209. #If it does not exist, every user can log in. If you don't want this,
210. #just put a nonexistent filename here.
211. PATH_FTPUSERS="/etc/ftpusers"
212.  
213. #Enable this if you want to deny any user who has a shell which is not in
214. #/etc/shells.
215. AUTH_ETCSHELLS="no"
216.  
217. #With the option ALLOWCOMMAND_XXXX, you can disable the command XXXX.
218. #For example, if you don't want any user to delete files, you can do
219. #ALLOWCOMMAND_DELE="no"
220. #Of course, you can disable it for specific users by writing the appropiate
221. #lines into the user structures.
222. ALLOWCOMMAND_DELE="no"
223. ALLOWCOMMAND_STOR="yes"
224. ALLOWCOMMAND_SITE="no"
225.  
226. #Files that belong to these groups (comma-separated) are hidden in LIST/NLST.
227. HIDE_GROUP=""
228.  
229. #What message should be used as reply for the QUIT command?
230. QUIT_MSG="See you later..."
231.  
232. #The number of users that can be logged in at the same time.
233. #If set to "0", an unlimited users will be able to connect. This is not
234. #recommended, as it makes DoS attacks possible, even if the clients are
235. #kicked after a short time.
236. USERLIMIT_GLOBAL="0"
237.  
238. #This variable controls how often one user can be logged in at one time.
239. #This allows you to have a big connection limit (see above) and nevertheless
240. #prevent single users from having a lot of connections.
241. #This option may also be useful in a user {} or group {} environment.
242. USERLIMIT_SINGLEUSER="0"
243.  
244. #This variable controls how many users are allowed to connect from the same IP
245. #address. This prvents one user (or machine) from taking all of the avail
246. #connections.
247. #If you want to allow unlimited connections, leave this option as "0".
248. USERLIMIT_HOST="0"
249.  
250. #This option allows you to force files to be compressed
251. #on the fly during upload. A ".gz" extension will be given
252. #to the file. This should usually be turned off ("no"), but
253. #may be useful to servers with smaller storage space.
254. #To enable this option set the value to "yes".
255. #
256. # To use this option, bftpd must be configured using
257. # "./configure --enable-libz" _before_ running "make".
258. GZ_UPLOAD="no"
259.  
260. #This option allows you to set whether or not files
261. #with the extension .gz should be uncompressed on-the-fly
262. #during downloads. This should usually be turned off ("no").
263. #To enable this feature, set the value to "yes".
264. #
265. #To use this option, bftpd must be configured using
266. # "./configure --enable-libz" _before_ running "make".
267. GZ_DOWNLOAD="no"
268.  
269. # This option is enabled when the server should run
270. # a script before writing to the file system. This should
271. # usually be commented out, unless you need to prepare the
272. # file system for writing.
273. # NOTE: Be careful when using this option and the DO_CHROOT option.
274. # The location of the root directory can change when using DO_CHROOT.
275. # The current working directory (cwd) is passed to the script you run.
276. # PRE_WRITE_SCRIPT="/bin/true"
277.  
278. # This option is enabled when the server should run
279. # a script after writing to the file system. This should
280. # usually be commented out, unless you need to do something
281. # to the file system after writing.
282. # NOTE: Be careful when using this option and the DO_CHROOT option.
283. # The location of the root directory can change when using DO_CHROOT.
284. # The current working directory (cwd) is passed to the script you run.
285. # POST_WRITE_SCRIPT="/bin/false"
286. }
287.  
288. user ftp {
289. #Any password fits.
290. ANONYMOUS_USER="yes"
291. }
292.  
293. user anonymous {
294. #If the client wants anonymous, ftp is taken instead.
295. ALIAS=»ftp»
296. }
297.  
298. user root {
299. DENY_LOGIN="Root login not allowed."
300. }