This is the config file I ran into issues with and causes no issues with proftpd 1.3.3x.
# # Includes required DSO modules. This is mandatory in proftpd 1.3 # #Include /etc/proftpd/modules.conf
ServerName "example.com" ServerIdent on "EXAMPLE FTP Server ready." ServerAdmin r...@example.com ServerType standalone CapabilitiesEngine off DeferWelcome off MultilineRFC2228 on DefaultServer on ShowSymlinks on # Use the IANA registered ephemeral port range for passive FTP PassivePorts 49153 65534 LoadModule mod_vroot.c VRootEngine on DefaultRoot ~ VRootAlias etc/security/pam_env.conf /etc/security/pam_env.conf # Use pam to authenticate (default) and be authoritative AuthPAMConfig proftpd AuthOrder mod_auth_unix.c AuthPAM off # Disable wtmp logging since it produces a lot of data ~2G/month WtmpLog off # Don't do reverse DNS lookups (hangs on DNS problems) IdentLookups off UseReverseDNS off #DefaultTransferMode binary UseFtpUsers on # Set the user and group that the server runs as User proftpd Group nogroup MaxInstances 120 # Timeouts TimeoutLogin 60 TimeoutIdle 900 TimeoutNoTransfer 0 TimeoutStalled 300 # This is where we want to put the pid file ScoreboardFile /var/run/proftpd.score UseSendfile yes # increase tcp buffer sizes SocketOptions rcvbuf 16384 SocketOptions sndbuf 16384 CommandBufferSize 512 SyslogLevel error LogFormat xferlog "%t %[%a] tx:%b dly:%T usr:%u cmd:%m >%f %s" LogFormat auth "[%P] %h %t \"%r\" %s" ExtendedLog /var/log/proftpd/auth_log AUTH auth,all # Define log files TransferLog NONE # our xferlog is below ExtendedLog /home/user/logs/ftp.xferlog WRITE,READ xferlog # TLS (http://www.castaglia.org/proftpd/modules/mod_tls.html) <IfDefine TLS> TLSEngine on TLSRequired on TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem TLSCipherSuite ALL:!ADH:!DES TLSOptions NoCertRequest TLSVerifyClient off #TLSRenegotiate ctrl 3600 data 512000 required off timeout 300 TLSLog /var/log/proftpd/tls.log <IfModule mod_tls_shmcache.c> TLSSessionCache shm:/file=/var/run/proftpd/sesscache </IfModule> </IfDefine> # Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html) # Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd <IfDefine DYNAMIC_BAN_LISTS> LoadModule mod_ban.c BanEngine on BanLog /var/log/proftpd/ban.log BanTable /var/run/proftpd/ban.tab # If the same client reaches the MaxLoginAttempts limit 2 times # within 10 minutes, automatically add a ban for that client that # will expire after one hour. MaxLoginAttempts 3 BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00 # Allow the FTP admin to manually add/remove bans </IfDefine> <IfModule mod_cap.c> CapabilitiesEngine off </IfModule> # Global Config - config common to Server Config and all virtual hosts # See: http://www.proftpd.org/docs/howto/Vhost.html #<Global> <Limit LOGIN> Order allow, deny Allow from all </Limit> # Umask 022 is a good standard umask to prevent new dirs and files # from being group and world writable # Allow to resume uploads AllowStoreRestart on AllowRetrieveRestart on # Directory listing options: Show dot files by default and use local timestamps ListOptions -a TimesGMT off AllowOverwrite yes DeleteAbortedStores on <Directory /*> UserOwner user GroupOwner user AllowOverwrite yes Umask 013 022 </Directory> # A basic anonymous configuration, with an upload directory <IfDefine ANONYMOUS_FTP> <Anonymous /srv/ftp> User ftp Group ftp AccessGrantMsg "Anonymous login ok, restrictions apply." RequireValidShell off # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Cosmetic option to make all files appear to be owned by user "user" DirFakeUser on user DirFakeGroup on DirFakeMode 0640 # Set the ownership of new files / directories UserOwner user GroupOwner nogroup Umask 002 # Limit WRITE everywhere in the anonymous chroot <Limit WRITE SITE_CHMOD> DenyAll </Limit> <Directory /incoming/*> <Limit READ WRITE DIRS> DenyAll </Limit> <Limit CWD STOR> AllowAll </Limit> AllowOverwrite on </Directory> WtmpLog off </Anonymous> </IfDefine>
