<HTML ><HEAD ><TITLE >Configuration Directive List</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.77+"></HEAD ><BODY CLASS="BOOK" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="BOOK" ><A NAME="PROFTPD-CONFIG" ></A ><DIV CLASS="TITLEPAGE" ><H1 CLASS="TITLE" ><A NAME="AEN2" ></A >Configuration Directive List</H1 ><HR></DIV ><DIV CLASS="TOC" ><DL ><DT ><B >Table of Contents</B ></DT ><DT >1. <A HREF="#AEN4" >List of Directives</A ></DT ><DD ><DL ><DT ><A HREF="#ACCESSDENYMSG" > AccessDenyMsg</A > -- Customise the response on failed authentication</DT ><DT ><A HREF="#ACCESSGRANTMSG" > AccessGrantMsg</A > -- Customise the response on successful authentication</DT ><DT ><A HREF="#ALLOW" > Allow</A > -- Access control directive</DT ><DT ><A HREF="#ALLOWALL" > AllowAll</A > -- Allow all clients </DT ><DT ><A HREF="#ALLOWFILTER" > AllowFilter</A > -- Regular expression of command arguments to be accepted</DT ><DT ><A HREF="#ALLOWFOREIGNADDRESS" > AllowForeignAddress</A > -- Control the use of the PORT command</DT ><DT ><A HREF="#ALLOWGROUP" > AllowGroup</A > -- Group based allow rules</DT ><DT ><A HREF="#ALLOWLOGSYMLINKS" > AllowLogSymlinks</A > -- Permit logging to symlinked files</DT ><DT ><A HREF="#ALLOWOVERRIDE" > AllowOverride</A > -- Toggles handling of .ftpaccess files</DT ><DT ><A HREF="#ALLOWOVERWRITE" > AllowOverwrite</A > -- Enable files to be overwritten</DT ><DT ><A HREF="#ALLOWRETRIEVERESTART" > AllowRetrieveRestart</A > -- Allow clients to resume downloads</DT ><DT ><A HREF="#ALLOWSTORERESTART" > AllowStoreRestart</A > -- Allow clients to resume uploads</DT ><DT ><A HREF="#ALLOWUSER" > AllowUser</A > -- User based allow rules</DT ><DT ><A HREF="#ANONRATIO" > AnonRatio</A > -- Ratio directive</DT ><DT ><A HREF="#ANONREJECTPASSWORDS" > AnonRejectPasswords</A > -- Block certain anonymous user passwords</DT ><DT ><A HREF="#ANONREQUIREPASSWORD" > AnonRequirePassword</A > -- Make anonymous users supply a valid password</DT ><DT ><A HREF="#ANONYMOUS" > Anonymous</A > -- Define an anonymous server</DT ><DT ><A HREF="#ANONYMOUSGROUP" > AnonymousGroup</A > -- Treat group members as anonymous users</DT ><DT ><A HREF="#AUTHALIASONLY" > AuthAliasOnly</A > -- Allow only aliased login names</DT ><DT ><A HREF="#AUTHGROUPFILE" > AuthGroupFile</A > -- Specify alternate group file</DT ><DT ><A HREF="#AUTHORDER" > AuthOrder</A > -- Configure auth module checking order</DT ><DT ><A HREF="#AUTHPAM" > AuthPAM</A > -- Enable/Disable PAM authentication</DT ><DT ><A HREF="#AUTHPAMAUTHORITATIVE" > AuthPAMAuthoritative</A > -- Set whether PAM is the authoritive authentication scheme</DT ><DT ><A HREF="#AUTHPAMCONFIG" > AuthPAMConfig</A > -- Select PAM service name</DT ><DT ><A HREF="#AUTHUSERFILE" > AuthUserFile</A > -- Specify alternate passwd file</DT ><DT ><A HREF="#AUTHUSINGALIAS" > AuthUsingAlias</A > -- Authenticate via Alias-name instead of mapped username</DT ><DT ><A HREF="#BIND" > Bind</A > -- Bind the server or Virtualhost to a specific IP address</DT ><DT ><A HREF="#BYTERATIOERRMSG" > ByteRatioErrMsg</A > -- Ratio directive</DT ><DT ><A HREF="#CDPATH" > CDPath</A > -- Sets "search paths" for the cd command</DT ><DT ><A HREF="#CAPABILITIESENGINE" > CapabilitiesEngine</A > -- Enable/disable mod_cap</DT ><DT ><A HREF="#CAPABILITIESSET" > CapabilitiesSet</A > -- Configure the set of Linux capabilities processed</DT ><DT ><A HREF="#CLASS" > Class</A > -- Definition statements for class based tracking</DT ><DT ><A HREF="#CLASSES" > Classes</A > -- Enable Class based connection tracking</DT ><DT ><A HREF="#COMMANDBUFFERSIZE" > CommandBufferSize</A > -- Limit the maximum command length</DT ><DT ><A HREF="#CREATEHOME" > CreateHome</A > -- Create and populate users' home directories as needed</DT ><DT ><A HREF="#CWDRATIOMSG" > CwdRatioMsg</A > -- Ratio directive</DT ><DT ><A HREF="#DEBUGLEVEL" > DebugLevel</A > -- Set the debugging output level</DT ><DT ><A HREF="#DEFAULTADDRESS" > DefaultAddress</A > -- Set the address for the server to listen on</DT ><DT ><A HREF="#DEFAULTCHDIR" > DefaultChdir</A > -- Set starting directory for FTP sessions</DT ><DT ><A HREF="#DEFAULTROOT" > DefaultRoot</A > -- Sets default chroot directory</DT ><DT ><A HREF="#DEFAULTSERVER" > DefaultServer</A > -- Set the default server</DT ><DT ><A HREF="#DEFAULTTRANSFERMODE" > DefaultTransferMode</A > -- Set the default method of data transfer</DT ><DT ><A HREF="#DEFERWELCOME" > DeferWelcome</A > -- Don't show welcome message until user has authenticated</DT ><DT ><A HREF="#DEFINE" > Define</A > -- Initialises Defines for IfDefine</DT ><DT ><A HREF="#DELETEABORTEDSTORES" > DeleteAbortedStores</A > -- Enable automatic deletion of partially uploaded files</DT ><DT ><A HREF="#DENY" > Deny</A > -- Access control directive</DT ><DT ><A HREF="#DENYALL" > DenyAll</A > -- Deny all clients</DT ><DT ><A HREF="#DENYFILTER" > DenyFilter</A > -- Regular expression of command arguments to be blocked</DT ><DT ><A HREF="#DENYGROUP" > DenyGroup</A > -- Group based deny rules</DT ><DT ><A HREF="#DENYUSER" > DenyUser</A > -- User based deny rules</DT ><DT ><A HREF="#DIRFAKEGROUP" > DirFakeGroup</A > -- Hide real file/directory group</DT ><DT ><A HREF="#DIRFAKEMODE" > DirFakeMode</A > -- Hide real file/directory permissions</DT ><DT ><A HREF="#DIRFAKEUSER" > DirFakeUser</A > -- Hide real file/directory owner</DT ><DT ><A HREF="#DIRECTORY" > Directory</A > -- Directory-limited configuration directives</DT ><DT ><A HREF="#DISPLAYCONNECT" > DisplayConnect</A > -- Sets connect banner file</DT ><DT ><A HREF="#DISPLAYFIRSTCHDIR" > DisplayFirstChdir</A > -- Set the file to display when first entering a directory</DT ><DT ><A HREF="#DISPLAYGOAWAY" > DisplayGoAway</A > -- Set the file to display to a rejected connection</DT ><DT ><A HREF="#DISPLAYLOGIN" > DisplayLogin</A > -- Set the file to display on login</DT ><DT ><A HREF="#DISPLAYQUIT" > DisplayQuit</A > -- Set the file to display on quit</DT ><DT ><A HREF="#DISPLAYREADME" > DisplayReadme</A > -- Enable display of file modification times on a file pattern</DT ><DT ><A HREF="#EXTENDEDLOG" > ExtendedLog</A > -- Specify custom logfiles</DT ><DT ><A HREF="#FILERATIOERRMSG" > FileRatioErrMsg</A > -- (docs incomplete)</DT ><DT ><A HREF="#GLOBAL" > Global</A > -- Set some directives to apply across the entire daemon</DT ><DT ><A HREF="#GROUP" > Group</A > -- Set the group the server normally runs as</DT ><DT ><A HREF="#GROUPOWNER" > GroupOwner</A > -- Change default group for new files and directories</DT ><DT ><A HREF="#GROUPPASSWORD" > GroupPassword</A > -- (docs incomplete)</DT ><DT ><A HREF="#GROUPRATIO" > GroupRatio</A > -- Ratio directive</DT ><DT ><A HREF="#HIDDENSTOR" > HiddenStor</A > -- Enables more safe file uploads</DT ><DT ><A HREF="#HIDDENSTORES" > HiddenStores</A > -- (docs incomplete)</DT ><DT ><A HREF="#HIDEFILES" > HideFiles</A > -- Enable hiding of files based on regular expressions</DT ><DT ><A HREF="#HIDEGROUP" > HideGroup</A > -- Enable hiding of files based on group owner</DT ><DT ><A HREF="#HIDENOACCESS" > HideNoAccess</A > -- Block the listing of directory entries to which the user has no access permissions</DT ><DT ><A HREF="#HIDEUSER" > HideUser</A > -- (docs incomplete)</DT ><DT ><A HREF="#HOSTRATIO" > HostRatio</A > -- Ratio directive</DT ><DT ><A HREF="#IDENTLOOKUPS" > IdentLookups</A > -- Toggle ident lookups</DT ><DT ><A HREF="#IFDEFINE" > IfDefine</A > -- To control the use of sections of the configuration</DT ><DT ><A HREF="#IFMODULE" > IfModule</A > -- Parse a section of config based on module name</DT ><DT ><A HREF="#IGNOREHIDDEN" > IgnoreHidden</A > -- Treat 'hidden' files as if they don't exist</DT ><DT ><A HREF="#INCLUDE" > Include</A > -- Load additional configuration directives from a file</DT ><DT ><A HREF="#LDAPAUTHBINDS" > LDAPAuthBinds</A > -- (docs incomplete)</DT ><DT ><A HREF="#LDAPDNINFO" > LDAPDNInfo</A > -- Set DN information to be used for initial bind</DT ><DT ><A HREF="#LDAPDEFAULTAUTHSCHEME" > LDAPDefaultAuthScheme</A > -- Set the authentication scheme/hash that is used when no leading {hashname} is present. </DT ><DT ><A HREF="#LDAPDEFAULTGID" > LDAPDefaultGID</A > -- Set the default GID to be assigned to users when no uidNumber attribute is found. </DT ><DT ><A HREF="#LDAPDEFAULTUID" > LDAPDefaultUID</A > -- Set the default GID to be assigned to users when no uidNumber attribute is found. </DT ><DT ><A HREF="#LDAPDOAUTH" > LDAPDoAuth</A > -- Enable LDAP authentication</DT ><DT ><A HREF="#LDAPDOGIDLOOKUPS" > LDAPDoGIDLookups</A > -- Enable LDAP lookups for user group membership and GIDs in directory listings </DT ><DT ><A HREF="#LDAPDOQUOTALOOKUPS" > LDAPDoQuotaLookups</A > -- Enable LDAP quota limit support</DT ><DT ><A HREF="#LDAPDOUIDLOOKUPS" > LDAPDoUIDLookups</A > -- Enable LDAP lookups for UIDs in directory listings </DT ><DT ><A HREF="#LDAPFORCEDEFAULTGID" > LDAPForceDefaultGID</A > -- Force all LDAP-authenticated users to use the same GID.</DT ><DT ><A HREF="#LDAPFORCEDEFAULTUID" > LDAPForceDefaultUID</A > -- Force all LDAP-authenticated users to use the same UID.</DT ><DT ><A HREF="#LDAPFORCEHOMEDIRONDEMAND" > LDAPForceHomedirOnDemand</A > -- Force all LDAP-authenticated users to use the default HomeDironDemand prefix/suffix. </DT ><DT ><A HREF="#LDAPHOMEDIRONDEMAND" > LDAPHomedirOnDemand</A > -- Enable the creation of user home directories on demand </DT ><DT ><A HREF="#LDAPHOMEDIRONDEMANDPREFIX" > LDAPHomedirOnDemandPrefix</A > -- Enable the creation of user home directories on demand </DT ><DT ><A HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" > LDAPHomedirOnDemandPrefixNoUsername</A > -- (docs incomplete)</DT ><DT ><A HREF="#LDAPHOMEDIRONDEMANDSUFFIX" > LDAPHomedirOnDemandSuffix</A > -- Specify an additional directory to be created inside a user's home directory on demand. </DT ><DT ><A HREF="#LDAPNEGATIVECACHE" > LDAPNegativeCache</A > -- Enable negative caching for LDAP lookups</DT ><DT ><A HREF="#LDAPQUERYTIMEOUT" > LDAPQueryTimeout</A > -- Set a timeout for LDAP queries</DT ><DT ><A HREF="#LDAPSEARCHSCOPE" > LDAPSearchScope</A > -- Specify the search scope used in LDAP queries</DT ><DT ><A HREF="#LDAPSERVER" > LDAPServer</A > -- Specify the LDAP server to use for lookups</DT ><DT ><A HREF="#LDAPUSETLS" > LDAPUseTLS</A > -- Enable TLS/SSL connections to the LDAP server.</DT ><DT ><A HREF="#LEECHRATIOMSG" > LeechRatioMsg</A > -- Sets the 'over ratio' error message</DT ><DT ><A HREF="#LIMIT" > Limit</A > -- Set the commands/actions to be controlled</DT ><DT ><A HREF="#LISTOPTIONS" > ListOptions</A > -- Configure options used when listing directories</DT ><DT ><A HREF="#LOGFORMAT" > LogFormat</A > -- Specify a logging format</DT ><DT ><A HREF="#LOGINPASSWORDPROMPT" > LoginPasswordPrompt</A > -- (docs incomplete)</DT ><DT ><A HREF="#MASQUERADEADDRESS" > MasqueradeAddress</A > -- Configure the server address presented to clients</DT ><DT ><A HREF="#MAXCLIENTS" > MaxClients</A > -- Limits the number of users that can connect</DT ><DT ><A HREF="#MAXCLIENTSPERHOST" > MaxClientsPerHost</A > -- Limits the connections per client machine</DT ><DT ><A HREF="#MAXCLIENTSPERUSER" > MaxClientsPerUser</A > -- Limit the number of connections per userid</DT ><DT ><A HREF="#MAXCONNECTIONRATE" > MaxConnectionRate</A > -- Maximum TCP socket connection rate</DT ><DT ><A HREF="#MAXHOSTSPERUSER" > MaxHostsPerUser</A > -- Limit the number of connections per userid</DT ><DT ><A HREF="#MAXINSTANCES" > MaxInstances</A > -- Sets the maximum number of child processes to be spawned</DT ><DT ><A HREF="#MAXLOGINATTEMPTS" > MaxLoginAttempts</A > -- Sets how many password attempts are allowed before disconnection</DT ><DT ><A HREF="#MAXRETRIEVEFILESIZE" > MaxRetrieveFileSize</A > -- Restrict size of downloaded files</DT ><DT ><A HREF="#MAXSTOREFILESIZE" > MaxStoreFileSize</A > -- Restrict size of uploaded files</DT ><DT ><A HREF="#MULTILINERFC2228" > MultilineRFC2228</A > -- Enable RFC2228 multiline response mode</DT ><DT ><A HREF="#ORDER" > Order</A > -- Configures the precedence of the Limit directives</DT ><DT ><A HREF="#PASSIVEPORTS" > PassivePorts</A > -- Specify the ftp-data port range to be used</DT ><DT ><A HREF="#PATHALLOWFILTER" > PathAllowFilter</A > -- Only allow new files which match a specified pattern</DT ><DT ><A HREF="#PATHDENYFILTER" > PathDenyFilter</A > -- Disallow new files which match a specified pattern</DT ><DT ><A HREF="#PERSISTENTPASSWD" > PersistentPasswd</A > -- Sets handling of unix auth files</DT ><DT ><A HREF="#PIDFILE" > PidFile</A > -- Set the filepath to hold the pid of the master server</DT ><DT ><A HREF="#PORT" > Port</A > -- Set the port for the control socket</DT ><DT ><A HREF="#RLIMITCPU" > RLimitCPU</A > -- Configure the maximum CPU time in seconds used by a process</DT ><DT ><A HREF="#RLIMITMEMORY" > RLimitMemory</A > -- Configure the maximum memory in bytes used by a process</DT ><DT ><A HREF="#RLIMITOPENFILES" > RLimitOpenFiles</A > -- Configure the maximum number of open files used by a process</DT ><DT ><A HREF="#RADIUSACCTSERVER" > RadiusAcctServer</A > -- Setup RADIUS accounting details</DT ><DT ><A HREF="#RADIUSAUTHSERVER" > RadiusAuthServer</A > -- Setup RADIUS authenticator details</DT ><DT ><A HREF="#RADIUSENGINE" > RadiusEngine</A > -- Enable RADIUS support</DT ><DT ><A HREF="#RADIUSLOG" > RadiusLog</A > -- Specify the logfile for reporting / debugging</DT ><DT ><A HREF="#RADIUSREALM" > RadiusRealm</A > -- Setup the authentication realm</DT ><DT ><A HREF="#RADIUSUSERINFO" > RadiusUserInfo</A > -- Configure login information via RADIUS</DT ><DT ><A HREF="#RATIOFILE" > RatioFile</A > -- Ratio directive</DT ><DT ><A HREF="#RATIOTEMPFILE" > RatioTempFile</A > -- Ratio directive</DT ><DT ><A HREF="#RATIOS" > Ratios</A > -- (docs incomplete)</DT ><DT ><A HREF="#REQUIREVALIDSHELL" > RequireValidShell</A > -- Allow connections based on /etc/shells</DT ><DT ><A HREF="#REWRITECONDITION" > RewriteCondition</A > -- (docs incomplete)</DT ><DT ><A HREF="#REWRITEENGINE" > RewriteEngine</A > -- (docs incomplete)</DT ><DT ><A HREF="#REWRITELOCK" > RewriteLock</A > -- (docs incomplete)</DT ><DT ><A HREF="#REWRITELOG" > RewriteLog</A > -- (docs incomplete)</DT ><DT ><A HREF="#REWRITEMAP" > RewriteMap</A > -- (docs incomplete)</DT ><DT ><A HREF="#REWRITERULE" > RewriteRule</A > -- (docs incomplete)</DT ><DT ><A HREF="#ROOTLOGIN" > RootLogin</A > -- Permit root user logins</DT ><DT ><A HREF="#ROOTREVOKE" > RootRevoke</A > -- Drop root privileges completely</DT ><DT ><A HREF="#SQLAUTHTYPES" > SQLAuthTypes</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLAUTHENTICATE" > SQLAuthenticate</A > -- Specify authentication methods and what to authenticate </DT ><DT ><A HREF="#SQLAUTHORITATIVE" > SQLAuthoritative</A > -- Deprecated</DT ><DT ><A HREF="#SQLCONNECTINFO" > SQLConnectInfo</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLDEFAULTGID" > SQLDefaultGID</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLDEFAULTHOMEDIR" > SQLDefaultHomedir</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLDEFAULTUID" > SQLDefaultUID</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLDOAUTH" > SQLDoAuth</A > -- Deprecated</DT ><DT ><A HREF="#SQLDOGROUPAUTH" > SQLDoGroupAuth</A > -- Deprecated</DT ><DT ><A HREF="#SQLEMPTYPASSWORDS" > SQLEmptyPasswords</A > -- Allow zero length passwords (DEPRECATED)</DT ><DT ><A HREF="#SQLENCRYPTEDPASSWORDS" > SQLEncryptedPasswords</A > -- Assume SQL passwords are encrypted (DEPRECATED)</DT ><DT ><A HREF="#SQLGIDFIELD" > SQLGidField</A > -- Set the field holding gid information (deprecated)</DT ><DT ><A HREF="#SQLGROUPGIDFIELD" > SQLGroupGIDField</A > -- Deprecated</DT ><DT ><A HREF="#SQLGROUPINFO" > SQLGroupInfo</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLGROUPMEMBERSFIELD" > SQLGroupMembersField</A > -- Deprecated</DT ><DT ><A HREF="#SQLGROUPTABLE" > SQLGroupTable</A > -- Deprecated</DT ><DT ><A HREF="#SQLGROUPWHERECLAUSE" > SQLGroupWhereClause</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLGROUPNAMEFIELD" > SQLGroupnameField</A > -- Deprecated</DT ><DT ><A HREF="#SQLHOMEDIR" > SQLHomedir</A > -- Deprecated</DT ><DT ><A HREF="#SQLHOMEDIRFIELD" > SQLHomedirField</A > -- Deprecated</DT ><DT ><A HREF="#SQLHOMEDIRONDEMAND" > SQLHomedirOnDemand</A > -- Have mod_sql create home directories as needed</DT ><DT ><A HREF="#SQLLOG" > SQLLog</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLLOGDIRS" > SQLLogDirs</A > -- Deprecated</DT ><DT ><A HREF="#SQLLOGFILE" > SQLLogFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLLOGHITS" > SQLLogHits</A > -- Deprecated</DT ><DT ><A HREF="#SQLLOGHOSTS" > SQLLogHosts</A > -- Deprecated</DT ><DT ><A HREF="#SQLLOGSTATS" > SQLLogStats</A > -- Deprecated</DT ><DT ><A HREF="#SQLLOGINCOUNTFIELD" > SQLLoginCountField</A > -- Deprecated</DT ><DT ><A HREF="#SQLMINID" > SQLMinID</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLMINUSERGID" > SQLMinUserGID</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLMINUSERUID" > SQLMinUserUID</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLNAMEDQUERY" > SQLNamedQuery</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLNEGATIVECACHE" > SQLNegativeCache</A > -- Enable negative caching for SQL lookups</DT ><DT ><A HREF="#SQLPASSWORDFIELD" > SQLPasswordField</A > -- Deprecated</DT ><DT ><A HREF="#SQLPROCESSGRENT" > SQLProcessGrEnt</A > -- Deprecated</DT ><DT ><A HREF="#SQLPROCESSPWENT" > SQLProcessPwEnt</A > -- Deprecated</DT ><DT ><A HREF="#SQLRATIOSTATS" > SQLRatioStats</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLRATIOS" > SQLRatios</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLSSLHASHEDPASSWORDS" > SQLSSLHashedPasswords</A > -- Deprecated</DT ><DT ><A HREF="#SQLSCRAMBLEDPASSWORDS" > SQLScrambledPasswords</A > -- Deprecated</DT ><DT ><A HREF="#SQLSHELLFIELD" > SQLShellField</A > -- Deprecated</DT ><DT ><A HREF="#SQLSHOWINFO" > SQLShowInfo</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLUIDFIELD" > SQLUidField</A > -- Set the field holding uid information (deprecated)</DT ><DT ><A HREF="#SQLUSERINFO" > SQLUserInfo</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLUSERTABLE" > SQLUserTable</A > -- Deprecated</DT ><DT ><A HREF="#SQLUSERWHERECLAUSE" > SQLUserWhereClause</A > -- (docs incomplete)</DT ><DT ><A HREF="#SQLUSERNAMEFIELD" > SQLUsernameField</A > -- Deprecated</DT ><DT ><A HREF="#SQLWHERECLAUSE" > SQLWhereClause</A > -- (docs incomplete)</DT ><DT ><A HREF="#SAVERATIOS" > SaveRatios</A > -- FIXME FIXME</DT ><DT ><A HREF="#SCOREBOARDFILE" > ScoreboardFile</A > -- Sets the name and path of the scoreboard file</DT ><DT ><A HREF="#SERVERADMIN" > ServerAdmin</A > -- Set the address for the server admin</DT ><DT ><A HREF="#SERVERIDENT" > ServerIdent</A > -- Set the message displayed on connect</DT ><DT ><A HREF="#SERVERLOG" > ServerLog</A > -- Configure logs on a per-server basis</DT ><DT ><A HREF="#SERVERNAME" > ServerName</A > -- Configure the name displayed to connecting users</DT ><DT ><A HREF="#SERVERTYPE" > ServerType</A > -- Set the mode proftpd runs in</DT ><DT ><A HREF="#SHOWSYMLINKS" > ShowSymlinks</A > -- Toggle the display of symlinks</DT ><DT ><A HREF="#SOCKETBINDTIGHT" > SocketBindTight</A > -- Controls how TCP/IP sockets are created</DT ><DT ><A HREF="#SOCKETOPTIONS" > SocketOptions</A > -- Tune socket-level options</DT ><DT ><A HREF="#STOREUNIQUEPREFIX" > StoreUniquePrefix</A > -- Set the prefix to be added to uniquely generated filenames</DT ><DT ><A HREF="#SYSLOGFACILITY" > SyslogFacility</A > -- Set the facility level used for logging</DT ><DT ><A HREF="#SYSLOGLEVEL" > SyslogLevel</A > -- Set the verbosity level of system logging</DT ><DT ><A HREF="#SYSTEMLOG" > SystemLog</A > -- Redirect syslogging to a file</DT ><DT ><A HREF="#TCPACCESSFILES" > TCPAccessFiles</A > -- Sets the access files to use</DT ><DT ><A HREF="#TCPACCESSSYSLOGLEVELS" > TCPAccessSyslogLevels</A > -- Sets the logging levels for mod_wrap</DT ><DT ><A HREF="#TCPGROUPACCESSFILES" > TCPGroupAccessFiles</A > -- Sets the access files to use</DT ><DT ><A HREF="#TCPSERVICENAME" > TCPServiceName</A > -- Configures the name proftpd will use with mod_wrap</DT ><DT ><A HREF="#TCPUSERACCESSFILES" > TCPUserAccessFiles</A > -- Sets the access files to use</DT ><DT ><A HREF="#TLSCACERTIFICATEFILE" > TLSCACertificateFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSCACERTIFICATEPATH" > TLSCACertificatePath</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSCAREVOCATIONFILE" > TLSCARevocationFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSCAREVOCATIONPATH" > TLSCARevocationPath</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSCERTIFICATECHAINFILE" > TLSCertificateChainFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSCIPHERSUITE" > TLSCipherSuite</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSDHPARAMFILE" > TLSDHParamFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSDSACERTIFICATEFILE" > TLSDSACertificateFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSDSACERTIFICATEKEYFILE" > TLSDSACertificateKeyFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSENGINE" > TLSEngine</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSLOG" > TLSLog</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSOPTIONS" > TLSOptions</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSPROTOCOL" > TLSProtocol</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSRSACERTIFICATEFILE" > TLSRSACertificateFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSRSACERTIFICATEKEYFILE" > TLSRSACertificateKeyFile</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSRANDOMSEED" > TLSRandomSeed</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSRENEGOTIATE" > TLSRenegotiate</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSREQUIRED" > TLSRequired</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSVERIFYCLIENT" > TLSVerifyClient</A > -- (docs incomplete)</DT ><DT ><A HREF="#TLSVERIFYDEPTH" > TLSVerifyDepth</A > -- (docs incomplete)</DT ><DT ><A HREF="#TIMEOUTIDLE" > TimeoutIdle</A > -- Sets the idle connection timeout</DT ><DT ><A HREF="#TIMEOUTLOGIN" > TimeoutLogin</A > -- Sets the login timeout</DT ><DT ><A HREF="#TIMEOUTNOTRANSFER" > TimeoutNoTransfer</A > -- Sets the connection without transfer timeout</DT ><DT ><A HREF="#TIMEOUTSESSION" > TimeoutSession</A > -- Sets a timeout for an entire session</DT ><DT ><A HREF="#TIMEOUTSTALLED" > TimeoutStalled</A > -- Sets the timeout on stalled downloads</DT ><DT ><A HREF="#TIMESGMT" > TimesGMT</A > -- Toggle time display between GMT and local</DT ><DT ><A HREF="#TRANSFERLOG" > TransferLog</A > -- Specify the path to the transfer log</DT ><DT ><A HREF="#TRANSFERRATE" > TransferRate</A > -- Configure upload, download transfer rates</DT ><DT ><A HREF="#UMASK" > Umask</A > -- Set the default Umask</DT ><DT ><A HREF="#USEFTPUSERS" > UseFtpUsers</A > -- Block based on /etc/ftpusers</DT ><DT ><A HREF="#USEGLOBBING" > UseGlobbing</A > -- Toggles use of glob() functionality</DT ><DT ><A HREF="#USEREVERSEDNS" > UseReverseDNS</A > -- Toggle rDNS lookups</DT ><DT ><A HREF="#USER" > User</A > -- Set the user the daemon will run as</DT ><DT ><A HREF="#USERALIAS" > UserAlias</A > -- Alias a username to a system user</DT ><DT ><A HREF="#USERDIRROOT" > UserDirRoot</A > -- Set the chroot directory to a subdirectory of the anonymous server</DT ><DT ><A HREF="#USEROWNER" > UserOwner</A > -- Set the user ownership of new files / directories</DT ><DT ><A HREF="#USERPASSWORD" > UserPassword</A > -- Creates a hardcoded username/password pair</DT ><DT ><A HREF="#USERRATIO" > UserRatio</A > -- Ratio directive</DT ><DT ><A HREF="#VIRTUALHOST" > VirtualHost</A > -- Define a virtual ftp server</DT ><DT ><A HREF="#WTMPLOG" > WtmpLog</A > -- Toggle logging to wtmp</DT ><DT ><A HREF="#TCPBACKLOG" > tcpBackLog</A > -- Control the tcp backlog in standalone mode</DT ><DT ><A HREF="#TCPNODELAY" > tcpNoDelay</A > -- Control the use of TCP_NODELAY</DT ><DT ><A HREF="#TCPRECEIVEWINDOW" > tcpReceiveWindow</A > -- Set the size of the tcp receive window</DT ><DT ><A HREF="#TCPSENDWINDOW" > tcpSendWindow</A > -- Set the size of the tcp send window</DT ></DL ></DD ><DT >2. <A HREF="#AEN12176" >List of modules</A ></DT ><DD ><DL ><DT ><A HREF="#MOD-AUTH" > mod_auth</A > -- Authentication module</DT ><DT ><A HREF="#MOD-CAP" > mod_cap</A > -- Capabilities module</DT ><DT ><A HREF="#MOD-CORE" > mod_core</A > -- Core module</DT ><DT ><A HREF="#MOD-LDAP" > mod_ldap</A > -- LDAP authentication support</DT ><DT ><A HREF="#MOD-LOG" > mod_log</A > -- Logging support</DT ><DT ><A HREF="#MOD-LS" > mod_ls</A > -- file listing functionality</DT ><DT ><A HREF="#MOD-RADIUS" > mod_radius</A > -- RADIUS based authentication support</DT ><DT ><A HREF="#MOD-RATIO" > mod_ratio</A > -- FIX ME FIX ME</DT ><DT ><A HREF="#MOD-README" > mod_readme</A > -- "README" file support</DT ><DT ><A HREF="#MOD-REWRITE" > mod_rewrite</A > -- Rewriting support</DT ><DT ><A HREF="#MOD-SQL" > mod_sql</A > -- SQL support module</DT ><DT ><A HREF="#MOD-TLS" > mod_tls</A > -- TLS support</DT ><DT ><A HREF="#MOD-WRAP" > mod_wrap</A > -- Interface to libwrap</DT ><DT ><A HREF="#MOD-XFER" > mod_xfer</A > -- FIX ME FIX ME</DT ></DL ></DD ><DT >3. <A HREF="#AEN12683" >List of configuration contexts</A ></DT ><DD ><DL ><DT ><A HREF="#CONTEXT-SERVERCONFIG" > server config</A > -- server config</DT ><DT ><A HREF="#CONTEXT-GLOBAL" > Global</A > -- Global</DT ><DT ><A HREF="#CONTEXT-VIRTUALHOST" > VirtualHost</A > -- VirtualHost</DT ><DT ><A HREF="#CONTEXT-ANONYMOUS" > Anonymous</A > -- Anonymous</DT ><DT ><A HREF="#CONTEXT-LIMIT" > Limit</A > -- Limit</DT ><DT ><A HREF="#CONTEXT-FTPACCESS" > .ftpaccess</A > -- .ftpaccess</DT ></DL ></DD ></DL ></DIV ><DIV CLASS="CHAPTER" ><HR><H1 ><A NAME="AEN4" ></A >Chapter 1. List of Directives</H1 ><H1 ><A NAME="ACCESSDENYMSG" ></A > AccessDenyMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN14" ></A ><H2 >Name</H2 >AccessDenyMsg -- Customise the response on failed authentication</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN17" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AccessDenyMsg</B > [ <TT CLASS="OPTION" >"message"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Dependent on login type</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN44" ></A ><H2 >Description</H2 ><P >Normally, a 530 response message is sent to an FTP client immediately after a failed authentication attempt, with a standard message indicating the the reason of failure. In the case of a wrong password, the reason is usually "Login incorrect." It is this message can be customized with the AccessDenyMsg directive. In the message argument, the magic cookie '%u' is replaced with the username specified by the client during login.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN47" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN50" ></A ><H2 >Examples</H2 ><P >AccessDenyMsg "Guest access denied for %u."</P ></DIV ><H1 ><A NAME="ACCESSGRANTMSG" ></A > AccessGrantMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN61" ></A ><H2 >Name</H2 >AccessGrantMsg -- Customise the response on successful authentication</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN64" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AccessGrantMsg</B > [ <TT CLASS="OPTION" >"message"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Dependent on login type</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN91" ></A ><H2 >Description</H2 ><P >Normally, a 230 response message is sent to an FTP client immediately after authentication, with a standard message indicating that the user has either logged in or that anonymous access has been granted. This message can be customized with the AccessGrantMsg directive. In the message argument, the magic cookie '%u' is replaced with the username specified by the client during login.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN94" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN97" ></A ><H2 >Examples</H2 ><P >AccessGrantMsg "Guest access granted for %u."</P ></DIV ><H1 ><A NAME="ALLOW" ></A > Allow</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN108" ></A ><H2 >Name</H2 >Allow -- Access control directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN111" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Allow</B > [ <TT CLASS="OPTION" >["from"] "all"|"none"|host|network[,host|network[,...]]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Allow from all</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN138" ></A ><H2 >Description</H2 ><P >The Allow directive is used inside a <Limit> context to explicitly specify which hosts and/or networks have access to the commands or operations being limited. Allow is typically used in conjunction with Order and Deny in order to create sophisticated (or perhaps not-so-sophisticated) access control rules. Allow takes an optional first argument; the keyword from. Using from is purely cosmetic. The remaining arguments are expected to be a list of hosts and networks which will be explicitly granted access. The magic keyword all can be used to indicate that all hosts will explicitly be granted access (analogous to the AllowAll directive, except with a lower priority). Additionally, the magic keyword none can be used to indicate that no hosts or networks will be explicitly granted access (although this does not prevent them from implicitly being granted access). If all or none is used, no other hosts or networks can be supplied. Host and network addresses can be specified by name or numeric address. For security reasons, it is recommended that all address information be supplied numerically. Relying solely on named addresses causes security to depend a great deal upon DNS servers which may themselves be vulnerable to attack or spoofing. Numeric addresses which specify an entire network should end in a trailing period (i.e. 10.0.0. for the entire 10.0.0 subnet). Named addresses which specify an entire network should begin with a leading period (i.e. .proftpd.net for the entire proftpd.net domain).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN141" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOW" >Allow</A > <A HREF="#ORDER" >Order</A > <A HREF="#LIMIT" >Limit</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN147" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ><Limit LOGIN> Order allow,deny Allow from 128.44.26.,128.44.26.,myhost.mydomain.edu,.trusted-domain.org Deny from all </Limit></PRE ></DIV ><H1 ><A NAME="ALLOWALL" ></A > AllowAll</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN158" ></A ><H2 >Name</H2 >AllowAll -- Allow all clients </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN161" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowAll</B > [ <TT CLASS="OPTION" >AllowAll</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Default is to implicitly AllowAll, but not explicitly</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN188" ></A ><H2 >Description</H2 ><P >The AllowAll directive explicitly allows access to a <Directory>, <Anonymous> or <Limit> block. Although proftpd's default behavior is to allow access to a particular object, the default is an implicit allow. AllowAll creates an explicit allow, overriding any higher level denial directives.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN191" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYALL" >DenyAll</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN195" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWFILTER" ></A > AllowFilter</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN206" ></A ><H2 >Name</H2 >AllowFilter -- Regular expression of command arguments to be accepted</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN209" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowFilter</B > [ <TT CLASS="OPTION" >regular-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directoryl>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN236" ></A ><H2 >Description</H2 ><P >AllowFilter allows the configuration of a regular expression that must be matched for all command arguments sent to ProFTPD. It is extremely useful in controlling what characters may be sent in a command to ProFTPD, preventing some possible types of attacks against ProFTPD. The regular expression is applied against the arguments to the command sent by the client, so care must be taken when creating a proper regex. Commands that fail the regex match result in a "Forbidden command" error being returned to the client. If the regular-expression argument contains whitespace, it must be enclosed in quotes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN239" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYFILTER" >DenyFilter</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN243" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ># Only allow commands containing alphanumeric characters and whitespace AllowFilter "^[a-zA-Z0-9 ,]*$"</PRE ><P ></P ></DIV ><H1 ><A NAME="ALLOWFOREIGNADDRESS" ></A > AllowForeignAddress</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN255" ></A ><H2 >Name</H2 >AllowForeignAddress -- Control the use of the PORT command</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN258" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowForeignAddress</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AllowForeignAddress off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN285" ></A ><H2 >Description</H2 ><P >Normally, proftpd disallows clients from using the ftp PORT command with anything other than their own address (the source address of the ftp control connection), as well as preventing the use of PORT to specify a low-numbered (< 1024) port. In either case, the client is sent an "Invalid port" error and a message is syslog'd indicating either "address mismatch" or "bounce attack". By enabling this directive, proftpd will allow clients to transmit foreign data connection addresses that do not match the client's address. This allows such tricks as permitting a client to transfer a file between two FTP servers without involving itself in the actual data connection. Generally it's considered a bad idea, security-wise, to permit this sort of thing. AllowForeignAddress only affects data connection addresses; not tcp ports. There is no way (and no valid reason) to allow a client to use a low-numbered port in its PORT command.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN288" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN291" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWGROUP" ></A > AllowGroup</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN302" ></A ><H2 >Name</H2 >AllowGroup -- Group based allow rules</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN305" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowGroup</B > [ <TT CLASS="OPTION" >group-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN332" ></A ><H2 >Description</H2 ><P >AllowGroup specifies a group-expression that is specifically permitted within the context of the <Limit> block it is applied to. group-expression has the same format as that used in DefaultRoot, in that it should contain a comma separated list of groups or "not" groups (by prefixing a group name with the `!' character) that are to be allowed access to the block. The expression is parsed as a boolean "and" list, meaning that ALL elements of the expression must evaluate to logically true in order for the explicit allow to apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN335" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYGROUP" >DenyGroup</A >, <A HREF="#DENYUSER" >DenyUser</A >, <A HREF="#ALLOWUSER" >AllowUser</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN341" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWLOGSYMLINKS" ></A > AllowLogSymlinks</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN352" ></A ><H2 >Name</H2 >AllowLogSymlinks -- Permit logging to symlinked files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN355" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowLogSymlinks</B > [ <TT CLASS="OPTION" >"on"|"off"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AllowLogSymlinks off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_log</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.2rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN382" ></A ><H2 >Description</H2 ><P >By default, the server will the path of any configured SystemLog, any configured TransferLogs, and any configured ExtendedLogs to see if they are symbolic links. If the paths are symbolic links, the server will refuse to log to that link unless explicitly configured to do so via this directive.</P ><DIV CLASS="REFSECT2" ><A NAME="AEN385" ></A ><H3 >Security note:</H3 ><P >Security note: this behaviour should not be allowed unless for a very good reason. By allowing the server to open symbolic links with its root privileges, you are allowing a potential symlink attack where the server could be tricked into overwriting arbitrary system files. You have been warned.</P ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN388" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN391" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >AllowLogSymlinks on</PRE ></DIV ><H1 ><A NAME="ALLOWOVERRIDE" ></A > AllowOverride</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN402" ></A ><H2 >Name</H2 >AllowOverride -- Toggles handling of .ftpaccess files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN405" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowOverride</B > [ <TT CLASS="OPTION" >on|off ["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN432" ></A ><H2 >Description</H2 ><P >Normally, the server will look for and parse any files in the encountered directories called ".ftpaccess". The files provide a functionality similar to Apache's .htaccess files -- mini-configuration files. This directive controls when those .ftpaccess files will be parsed.</P ><P >The optional parameters are used to restrict the use of .ftpaccess files only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN436" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWOVERWRITE" ></A > AllowOverwrite</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN447" ></A ><H2 >Name</H2 >AllowOverwrite -- Enable files to be overwritten</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN450" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowOverwrite</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AllowOverwrite off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Directory>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN477" ></A ><H2 >Description</H2 ><P >The AllowOverwrite directive permits newly transfered files to overwrite existing files. By default, ftp clients cannot overwrite existing files.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN480" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN483" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWRETRIEVERESTART" ></A > AllowRetrieveRestart</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN494" ></A ><H2 >Name</H2 >AllowRetrieveRestart -- Allow clients to resume downloads</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN497" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowRetrieveRestart</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AllowRetrieveRestart on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Directory>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN524" ></A ><H2 >Description</H2 ><P >The AllowRetrieveRestart directive permits or denies clients from performing "restart" retrieve file transfers via the FTP REST command. By default this is enabled, so that clients may resume interrupted file transfers at a later time without losing previously collected data.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN527" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWSTORERESTART" >AllowStoreRestart</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN531" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWSTORERESTART" ></A > AllowStoreRestart</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN542" ></A ><H2 >Name</H2 >AllowStoreRestart -- Allow clients to resume uploads</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN545" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowStoreRestart</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AllowStoreRestart off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Directory>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN572" ></A ><H2 >Description</H2 ><P >The AllowStoreRestart directive permits or denies clients from "restarting" interrupted store file transfers (those sent from client to server). By default restarting (via the REST command) is not permitted when sending files to the server. Care should be taken to disallow anonymous ftp "incoming" transfers to be restarted, as this will allow clients to corrupt or increase the size of previously stored files (even if not their own).</P ><P >The REST (Restart STOR) command is automatically blocked when HiddenStor is enabled, with the server returning a 501 error code to the client.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN576" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWRETRIEVERESTART" >AllowRetrieveRestart</A > <A HREF="#DELETEABORTEDSTORES" >DeleteAbortedStores</A > <A HREF="#HIDDENSTOR" >HiddenStor</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN582" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ALLOWUSER" ></A > AllowUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN593" ></A ><H2 >Name</H2 >AllowUser -- User based allow rules</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN596" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AllowUser</B > [ <TT CLASS="OPTION" >user-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN623" ></A ><H2 >Description</H2 ><P >AllowUser specifies a user-expression that is specifically permitted access within the context of the <Limit> block it is applied to. user-expression has a similar syntax as that used in AllowGroup, in that it should contain a comma delimited list of users or "not" users (by prefixing a user name with the `!' character) that are to be allowed access to the block. The expression is parsed as a boolean "OR" list, meaning that ANY elements of the expression must evaluate to logically true in order to the explicit allow to apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN626" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYUSER" >DenyUser</A > <A HREF="#DENYGROUP" >DenyGroup</A > <A HREF="#ALLOWGROUP" >AllowGroup</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN632" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ANONRATIO" ></A > AnonRatio</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN643" ></A ><H2 >Name</H2 >AnonRatio -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN646" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AnonRatio</B > [ <TT CLASS="OPTION" >foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN673" ></A ><H2 >Description</H2 ><P >The AnonRatio directive ....</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN676" ></A ><H2 >See also</H2 ><P >AnonRatio</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN679" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ANONREJECTPASSWORDS" ></A > AnonRejectPasswords</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN690" ></A ><H2 >Name</H2 >AnonRejectPasswords -- Block certain anonymous user passwords</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN693" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AnonRejectePasswords</B > [ <TT CLASS="OPTION" >regex</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.9rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN720" ></A ><H2 >Description</H2 ><P >The AnonRejectPasswords directive configures a regular expression filter for passwords given for anonymous logins. If the given anonymous password matches the configured regular expression, the anonymous login is denied.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN723" ></A ><H2 >See also</H2 ><P ><A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN727" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" > # Reject all <Anonymous> logins that use "evil.org" as part of the password AnonRejectPasswords @evil\.org$</PRE ></DIV ><H1 ><A NAME="ANONREQUIREPASSWORD" ></A > AnonRequirePassword</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN738" ></A ><H2 >Name</H2 >AnonRequirePassword -- Make anonymous users supply a valid password</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN741" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AnonRequirePassword</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AnonRequirePassword off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN768" ></A ><H2 >Description</H2 ><P >Normally, anonymous FTP logins do not require the client to authenticate themselves via the normal method of a transmitted cleartext password which is hashed and matched against an existing system user's password. Instead, anonymous logins are expected to enter their e-mail address when prompted for a password. Enabling the AnonRequirePassword directive requires anonymous logins to enter a valid password which must match the password of the user that the anonymous daemon runs as. However using AuthUsingAlias authentication can be matched against the password of the login username. This can be used to create "guest" accounts, which function exactly as normal anonymous logins do (and thus present a "chrooted" protected file system to the client), but require a valid password on the server's host system.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN771" ></A ><H2 >See also</H2 ><P ><A HREF="#ANONYMOUSGROUP" >AnonymousGroup</A > <A HREF="#AUTHALIASONLY" >AuthAliasOnly</A > <A HREF="#AUTHUSINGALIAS" >AuthUsingAlias</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN777" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >Example of a "guest" account configuration: <Anonymous ~roger> User roger Group other UserAlias proftpd roger AnonRequirePassword on # Deny write operations to all directories, underneath root-dir # Default is to allow, so we don't need a <Limit> for read operations. <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # Deny all read/write operations in incoming. Because these are command-group # limits, we can explicitly permit certain operations which will take precedence # over our group limit. <Directory incoming> <Limit READ WRITE> DenyAll </Limit> # The only command allowed in incoming is STOR (transfer file from client to server) <Limit STOR> AllowAll </Limit> </Directory> </Anonymous></PRE ><P ></P ></DIV ><H1 ><A NAME="ANONYMOUS" ></A > Anonymous</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN789" ></A ><H2 >Name</H2 >Anonymous -- Define an anonymous server</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN792" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Anonymous</B > [ <TT CLASS="OPTION" >root-directory</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN819" ></A ><H2 >Description</H2 ><P >The Anonymous configuration block is used to create an anonymous FTP login, and is terminated by a matching </Anonymous> directive. The root-directory parameters specifies which directory the daemon will first chdir to, and then chroot, immediately after login. Once the chroot operation successfully completes, higher level directories are no longer accessible to the running child daemon (and thus the logged in user). By default, proftpd assumes an anonymous login if the remote client attempts to login as the currently running user; unless the current user is root, in which case anonymous logins are not allowed regardless of the presence of an <Anonymous> block. To force anonymous logins to be bound to a user other than the current user, see the User and Group directives. In addition, if a User or Group directive is present in an <Anonymous> block, the daemon permanently switches to the specified uid/gid before chroot()ing. Normally, anonymous logins are not required to authenticate with a password, but are expected to enter a valid e-mail address in place of a normal password (which is logged). If this behavior is undesirable for a given <Anonymous> configuration block, it can be overridden via the AnonRequirePassword directive.</P ><P >Note: Chroot()ed anonymous directories do not need to have supplemental system files in them, nor do they need to have any sort of specific directory structure. This is because proftpd is designed to acquire as much system information as possible before the chroot, and to leave open those files which are needed for normal operation and reside outside the new root directory.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN823" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN826" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >Example of a typical anonymous FTP configuration: <Anonymous /home/ftp> User ftp # After anonymous login, daemon runs as user ftp. Group ftp # After anonymous login, daemon runs as group ftp. UserAlias anonymous ftp # Client login as 'anonymous' is aliased to 'ftp'. # Deny write operations to all directories, underneath root-dir # Default is to allow, so we don't need a <Limit> for read operations. <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> <Directory incoming> <Limit READ WRITE> DenyAll </Limit> <Limit STOR> AllowAll </Limit> </Directory> </Anonymous></PRE ><P ></P ></DIV ><H1 ><A NAME="ANONYMOUSGROUP" ></A > AnonymousGroup</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN838" ></A ><H2 >Name</H2 >AnonymousGroup -- Treat group members as anonymous users</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN841" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AnonymousGroup</B > [ <TT CLASS="OPTION" >group-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.3 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN868" ></A ><H2 >Description</H2 ><P >The AnonymousGroup directive specifies a group-expression to which all matching users will be considered anonymous logins. The group-expression argument is a boolean logically ANDed list of groups to which the user must be a member of (or non-member if the group name is prefixed with a `!' character). For more information on group-expressions see the DefaultRoot directive. If the authenticating user is matched by an AnonymousGroup directive, no valid password is required, and a special dynamic anonymous configuration is created, with the user's home directory as the default root directory. If a DefaultRoot directive also applies to the user, this directory is used instead of the user's home dir. Great care should be taken when using AnonymousGroup, as improper configuration can open up user home directories to full read/write access to the entire world.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN871" ></A ><H2 >See also</H2 ><P ><A HREF="#AUTHALIASONLY" >AuthAliasOnly</A > <A HREF="#AUTHUSINGALIAS" >AuthUsingAlias</A > <A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A > <A HREF="#DEFAULTROOT" >DefaultRoot</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN878" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHALIASONLY" ></A > AuthAliasOnly</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN889" ></A ><H2 >Name</H2 >AuthAliasOnly -- Allow only aliased login names</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN892" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthAliasOnly</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AuthAliasOnly off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.3 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN919" ></A ><H2 >Description</H2 ><P >AuthAliasOnly restricts authentication to "aliased" logins only; i.e. those usernames provided by clients which are "mapped" to a real userid by the UserAlias directive. Turning AuthAliasOnly `on' in a particular context will cause proftpd to completely ignore all non-aliased logins for the entire context. If no contexts are available without AuthAliasOnly set to `on', proftpd rejects the client login and sends an appropriate message to syslog.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN922" ></A ><H2 >See also</H2 ><P ><A HREF="#ANONYMOUSGROUP" >AnonymousGroup</A > <A HREF="#AUTHUSINGALIAS" >AuthUsingAlias</A > <A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A > <A HREF="#USERALIAS" >UserAlias</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN929" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHGROUPFILE" ></A > AuthGroupFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN940" ></A ><H2 >Name</H2 >AuthGroupFile -- Specify alternate group file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN943" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthGroupFile</B > [ <TT CLASS="OPTION" >path</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_file</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.0.3/1.1.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN970" ></A ><H2 >Description</H2 ><P >AuthGroupFile specifies an alternate groups file, having the same format as the system /etc/group file, and if specified is used during authentication and group lookups for directory/access control operations. The path argument should be the full path to the specified file. AuthGroupFile can be configured on a per-VirtualHost basis, so that virtual FTP servers can each have their own authentication database (most often used in conjunction with AuthUserFile).</P ><P >Note that this file need not reside inside a chroot()ed directory structure for Anonymous or DefaultRoot logins, as it is held open for the duration of client connections.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN974" ></A ><H2 >See also</H2 ><P ><A HREF="#AUTHUSERFILE" >AuthUserFile</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN978" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHORDER" ></A > AuthOrder</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN989" ></A ><H2 >Name</H2 >AuthOrder -- Configure auth module checking order</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN992" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthOrder</B > [ <TT CLASS="OPTION" >module-name</TT >...]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1019" ></A ><H2 >Description</H2 ><P >The AuthOrder directive configures the names of auth modules, and the order in which they will be checked when authenticating a user.</P ><P >At least one module name must be given; there is no maximum number of modules that can be listed. The listed module names must the full name of the source file, e.g. "mod_auth_unix.c". To see a full list of module names, use "proftpd -l". Do not use "mod_auth.c", as that module is the authentication front end module, and is necessary.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1023" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" > # Use only AuthUserFiles when authenticating, and not the system's /etc/passwd AuthOrder mod_auth_file.c</PRE ><PRE CLASS="PROGRAMLISTING" > # If the user's information is not in LDAP, they're not a user to use # this server. AuthOrder mod_ldap.c</PRE ><PRE CLASS="PROGRAMLISTING" > # Use SQL tables first, then LDAP, for authentication AuthOrder mod_sql.c mod_ldap.c</PRE ></DIV ><H1 ><A NAME="AUTHPAM" ></A > AuthPAM</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1036" ></A ><H2 >Name</H2 >AuthPAM -- Enable/Disable PAM authentication</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1039" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthPAM</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_pam</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1066" ></A ><H2 >Description</H2 ><P >This directive determines whether PAM is used as an authentication method by ProFTPD. Enabled by default to fit in with the design policy of using PAM as the primary authentication mechanism.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1069" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1072" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHPAMAUTHORITATIVE" ></A > AuthPAMAuthoritative</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1083" ></A ><H2 >Name</H2 >AuthPAMAuthoritative -- Set whether PAM is the authoritive authentication scheme</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1086" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthPAMAuthoritative</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_pam</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre3 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1113" ></A ><H2 >Description</H2 ><P >This directive allows you to control whether or not PAM is the ultimate authority on authentication. Setting this directive to on will cause authentication to fail if PAM authentication fails. The default setting, off, allows other modules and directives such as AuthUserFile and friends to authenticate users, should PAM authentication fail. If you are having problems with PAM and using other directives like AuthUserFile, set this directive to off.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1116" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1119" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHPAMCONFIG" ></A > AuthPAMConfig</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1130" ></A ><H2 >Name</H2 >AuthPAMConfig -- Select PAM service name</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1133" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthPAMConfig</B > [ <TT CLASS="OPTION" >service</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ftp</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_pam</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1160" ></A ><H2 >Description</H2 ><P >This directive allows you to specify the PAM service name used in authentication. PAM allows you to specify a service name to use when authenticating. This allows you to configure different PAM service names to be used for different virtual hosts. The directive was renamed from PAMConfig post 1.2.0 pre10.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1163" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1166" ></A ><H2 >Examples</H2 ><P ><PRE CLASS="PROGRAMLISTING" ># Virtual host foobar authenticates differently than the rest AuthPAMConfig foobar # This assumes, that you have a PAM service named foobar # configured in your /etc/pam.conf file or /etc/pam.d directory. </PRE ></P ></DIV ><H1 ><A NAME="AUTHUSERFILE" ></A > AuthUserFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1178" ></A ><H2 >Name</H2 >AuthUserFile -- Specify alternate passwd file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1181" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthUserFile</B > [ <TT CLASS="OPTION" >path</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_file</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.0.3/1.1.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1208" ></A ><H2 >Description</H2 ><P >AuthUserFile specifies an alternate passwd file, having the same format as the system /etc/passwd file, and if specified is used during authentication and user lookups for directory/access control operations. The path argument should be the full path to the specified file. AuthUserFile can be configured on a per-VirtualHost basis, so that virtual FTP servers can each have their own authentication database (most often used in conjunction with AuthGroupFile).</P ><P >Note that this file need not reside inside a chroot()ed directory structure for Anonymous or DefaultRoot logins, as it is held open for the duration of client connections.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1212" ></A ><H2 >See also</H2 ><P ><A HREF="#AUTHGROUPFILE" >AuthGroupFile</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1216" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="AUTHUSINGALIAS" ></A > AuthUsingAlias</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1227" ></A ><H2 >Name</H2 >AuthUsingAlias -- Authenticate via Alias-name instead of mapped username</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1230" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >AuthUsingAlias</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >AuthUsingAlias off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre9 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1257" ></A ><H2 >Description</H2 ><P >AuthUsingAlias disables the resolving of mapped usernames for authentication purposes. For example, if you have mapped the username anonymous to the "real" user ftp, the password gets checked against the user "anonymous". When AuthUsingAlias is disabled, the checked username would be "ftp".</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1260" ></A ><H2 >See also</H2 ><P ><A HREF="#ANONYMOUSGROUP" >AnonymousGroup</A > <A HREF="#AUTHALIASONLY" >AuthAliasOnly</A > <A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1266" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >An example of an Anonymous configuration using AuthUsingAlias # Basic Read-Only Anonymous Configuration. <Anonymous /home/ftp> UserAlias anonymous nobody UserAlias ftp nobody AuthAliasOnly on <Limit WRITE> DenyAll </Limit> </Anonymous> # Give Full Read-Write Anonymous Access to certain users <Anonymous /home/ftp> AnonRequirePassword on AuthAliasOnly on AuthUsingAlias on # The list of authorized users. # user/pass lookup is for each user, not password entry # of server uid ('nobody' in this example). UserAlias fred nobody UserAlias joe nobody <Limit ALL> AllowAll </Limit> </Anonymous></PRE ><P ></P ></DIV ><H1 ><A NAME="BIND" ></A > Bind</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1278" ></A ><H2 >Name</H2 >Bind -- Bind the server or Virtualhost to a specific IP address</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1281" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Bind</B > [ <TT CLASS="OPTION" >IP address</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1308" ></A ><H2 >Description</H2 ><P >The Bind directive allows additional IP addresses to be bound to a main or VirtualHost configuration. Multiple Bind directives can be used to bind multiple addresses. The address argument should be either a fully qualified domain name or a numeric dotted-quad IP address. Incoming connections destined to an additional address added by Bind are serviced by the context containing the directive. Additionally, if SocketBindTight is set to on, a specific listen connection is created for each additional address.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1311" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1314" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="BYTERATIOERRMSG" ></A > ByteRatioErrMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1325" ></A ><H2 >Name</H2 >ByteRatioErrMsg -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1328" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ByteRatioErrMsg</B > [ <TT CLASS="OPTION" >foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1355" ></A ><H2 >Description</H2 ><P >The ByteRatioErrMsg directive .... Example: ByteRatioErrMsg</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1358" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1361" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="CDPATH" ></A > CDPath</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1372" ></A ><H2 >Name</H2 >CDPath -- Sets "search paths" for the cd command</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1375" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CDPath</B > [ <TT CLASS="OPTION" >directory</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1402" ></A ><H2 >Description</H2 ><P >Adds an entry to a search path that is used when changing directories. For example: CDPath /home/public CDPath /var/devel This allows a user to cd into any directory directly under /home/public or /var/devel, provided they have the appropriate rights. So, if /home/public/proftpd exists, cd proftpd will bring the user to that directory, regardless of where they currently are in the directory tree.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1405" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1408" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="CAPABILITIESENGINE" ></A > CapabilitiesEngine</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1419" ></A ><H2 >Name</H2 >CapabilitiesEngine -- Enable/disable mod_cap</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1422" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CapabilitiesEngine</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >CapabilitiesEngine On, if running on a Linux hosts that supports capabilities</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_cap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1450" ></A ><H2 >Description</H2 ><P >The CapabilitiesEngine directive enables or disables the module's runtime capabilities engine. If set to off, this module does no runtime capabilities processing at all. Use this directive to disable the module.</P ></DIV ><H1 ><A NAME="CAPABILITIESSET" ></A > CapabilitiesSet</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1461" ></A ><H2 >Name</H2 >CapabilitiesSet -- Configure the set of Linux capabilities processed</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1464" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CapabilitiesSet</B > [ <TT CLASS="OPTION" >[+/-]capability</TT >...]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >CapabilitiesSet +CAP_CHOWN</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_cap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1491" ></A ><H2 >Description</H2 ><P >By default, mod_cap removes all but two capabilities from the session-handling process: CAP_NET_BIND_SERVICE, for binding to ports lower than 1024 (required for active data transfers), and CAP_CHOWN, for allowing a process to change a file's ownership to a different user. The latter capability is only strictly necessary if the UserOwner configuration directive is in use; if not being used, the CAP_CHOWN capability is best removed. The CapabilitiesSet directive is used to manipulate the set of capabilities that mod_cap grants.</P ><P >To remove a capability, prefix the name with a '-'; to enable a capability, use '+'. At present, this directive only supports one capability: CAP_CHOWN.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1495" ></A ><H2 >Example</H2 ><P > <IfModule mod_cap.c> CapabilitiesEngine on CapabilitiesSet -CAP_CHOWN </IfModule></P ></DIV ><H1 ><A NAME="CLASS" ></A > Class</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1506" ></A ><H2 >Name</H2 >Class -- Definition statements for class based tracking</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1509" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Class</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre9 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1536" ></A ><H2 >Description</H2 ><P >Controls class based access. Class base access allows each connecting IP to be classified into a separate class. Each class has its own maximum number of connections. limit sets the maximum number of connections (default is 100) for that class name, regex sets a hostname regex (POSIX) for inclusion in the class and ip sets an IP/netmask based inclusion.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1539" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1542" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >Classes on<br> Class local limit 100<br> Class default limit 10<br> Class local regex .*foo.com<br> Class local ip 172.16.1.0/24</P ><P >This creates two classes, local and default, with local being everything in *.foo.com and 172.16.1.* combined.</P ></DIV ><H1 ><A NAME="CLASSES" ></A > Classes</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1554" ></A ><H2 >Name</H2 >Classes -- Enable Class based connection tracking</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1557" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Classes</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre9 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1584" ></A ><H2 >Description</H2 ><P >Controls class based access. Enables class based access control. see: Class</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1587" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1590" ></A ><H2 >Examples</H2 ><P >For examples, see <A HREF="#CLASS" >Class</A ></P ></DIV ><H1 ><A NAME="COMMANDBUFFERSIZE" ></A > CommandBufferSize</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1602" ></A ><H2 >Name</H2 >CommandBufferSize -- Limit the maximum command length</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1605" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CommandBufferSize</B > [ <TT CLASS="OPTION" >size</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >512</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1632" ></A ><H2 >Description</H2 ><P >The CommandBufferSize directive controls the maximum command length permitted to be sent to the server. This allows you to effectively control what the longest command the server may accept it, and can help protect the server from various Denial of Service or resource-consumption attacks. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1635" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1638" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="CREATEHOME" ></A > CreateHome</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1649" ></A ><H2 >Name</H2 >CreateHome -- Create and populate users' home directories as needed</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1652" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CreateHome</B > [ <TT CLASS="OPTION" >off|on [<mode>] [skel <path>] [dirmode <mode>]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1679" ></A ><H2 >Description</H2 ><P >The CreateHome directive configures the server to automatically create a user's home directory, if that directory does not exist, during the login process.</P ><P >The mode parameter is used to configure the absolute mode of the home directory created. If not specified, the module will default to 700.</P ><P >The optional skel path parameter can be used to configure an /etc/skel-like directory containing account initialization files and directories. The parameter must be the full path to the directory. The directory must not be world-writeable. Files copied from this directory into the new home directory will have the UID and GID of the logging-in user. Note that sockets and FIFOs in the skeleton directory will not be copied; any setuid or setgid bits on files will be removed from the copied files in the target home directory.</P ><P >The optional dirmode parameter can be used to specify the mode for intermediate directories that may need to be created in order to create the target home directory. By default, the mode for such intermediate directories will be 711. NOTE: using a mode that does not allow for the execute bit to be enabled can cause havoc. You have been warned.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1685" ></A ><H2 >Examples</H2 ><P > # Use the CreateHome default settings CreateHome on</P ><P > # Specify a skeleton directory CreateHome on skel /etc/ftpd/skel</P ><P > # No skeleton, but make sure that intermediate directories have 755 # permissions. CreateHome on dirmode 755</P ><P > # Skeleton directory, with 700 intermediate directories CreateHome on skel /etc/ftpd/skel dirmode 700</P ></DIV ><H1 ><A NAME="CWDRATIOMSG" ></A > CwdRatioMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1699" ></A ><H2 >Name</H2 >CwdRatioMsg -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1702" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >CwdRatioMsg</B > [ <TT CLASS="OPTION" >foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1729" ></A ><H2 >Description</H2 ><P >The CwdRatioMsg directive .... Example: CwdRatioMsg</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1732" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1735" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DEBUGLEVEL" ></A > DebugLevel</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1746" ></A ><H2 >Name</H2 >DebugLevel -- Set the debugging output level</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1749" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DebugLevel</B > [ <TT CLASS="OPTION" >level</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DebugLevel 0</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1776" ></A ><H2 >Description</H2 ><P >The DebugLevel directive configures the debugging level the server will use when logging. The level parameter must be between 0 and 9. This configuration directive will take precedence over any command-line debugging options used.</P ></DIV ><H1 ><A NAME="DEFAULTADDRESS" ></A > DefaultAddress</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1787" ></A ><H2 >Name</H2 >DefaultAddress -- Set the address for the server to listen on</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1790" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DefaultAddress</B > [ <TT CLASS="OPTION" >dns-name|ip-address</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1817" ></A ><H2 >Description</H2 ><P >This directive sets the the address the main server instance will bind to, the default behaviour is to select whatever IP the system reports as being the primary IP.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1820" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1823" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >ServerName "Default FTP Server"<br> Port 21<br> <br> # We want the main server instance to listen on a specific IP<br> DefaultAddress 192.168.10.30</P ></DIV ><H1 ><A NAME="DEFAULTCHDIR" ></A > DefaultChdir</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1834" ></A ><H2 >Name</H2 >DefaultChdir -- Set starting directory for FTP sessions</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1837" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DefaultChdir</B > [ <TT CLASS="OPTION" >directory [group-expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >~</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1864" ></A ><H2 >Description</H2 ><P >Determines the directory a user is placed in after logging in. By default, the user is put in their home directory. The specified directory can be relative to the user's home directory. NOTE: if the specified directory is not available the user will not be able to log in.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1867" ></A ><H2 >See also</H2 ><P ><A HREF="#DEFAULTROOT" >DefaultRoot</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1871" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DEFAULTROOT" ></A > DefaultRoot</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1882" ></A ><H2 >Name</H2 >DefaultRoot -- Sets default chroot directory</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1885" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DefaultRoot</B > [ <TT CLASS="OPTION" >directory [group-expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DefaultRoot /</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1912" ></A ><H2 >Description</H2 ><P >The DefaultRoot directive controls the default root directory assigned to a user upon login. If DefaultRoot is set to a directory other than "/", a chroot operation is performed immediately after a client authenticates. This can be used to effectively isolate the client from a portion of the host system filespace. The specified root directory must begin with a / or can be the magic character '~'; meaning that the client is chroot jailed into their home directory.</P ><P >When the specified chroot directory is a symlink this will be resolved to it's parent first before setting up the chroot. This can have unwanted side effects. For example if a chroot is to be configured within space to which a user as shell access, the chroot directory could be converted to a symlink pointing at '/'. Thus the chroot would be to the root directory of the server.</P ><P >If the DefaultRoot directive specifies a directory which disallows access to the logged-in user's home directory, the user's current working directory after login is set to the DefaultRoot instead of their normal home directory. DefaultRoot cannot be used in <Anonymous> configuration blocks, as the <Anonymous> directive explicitly contains a root directory used for Anonymous logins. The special character '~' is replaced with the authenticating user's home directory immediately after login. Note that the default root may be a subdirectory of the home directory, such as "~/anon-ftp".</P ><P >The optional group-expression argument can be used to restrict the DefaultRoot directive to a unix group, groups or subset of groups. The expression takes the format: [!]group-name1[,[!]group-name2[,...]]. The expression is parsed in a logical boolean AND fashion, such that each member of the expression must evaluate to logically TRUE in order for the DefaultRoot directive to apply. The special character '!' is used to negate group membership.</P ><P >Care should be taken when using DefaultRoot. Chroot "jails" should not be used as methods for implementing general system security as there are potentially ways that a user can "escape" the jail.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1919" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1922" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >Example of a DefaultRoot configuration: ServerName "A test ProFTPD Server" ServerType inetd User ftp Group ftp # # This causes proftpd to perform a chroot into the authenticating user's directory immediately after login. # Once this happens, the user is unable to "see" higher level directories. # Because a group-expression is included, only users who are a member of # the group 'users' and NOT a member of 'staff' will have their default # root directory set to '~'. DefaultRoot ~ users,!staff ... </PRE ><P ></P ></DIV ><H1 ><A NAME="DEFAULTSERVER" ></A > DefaultServer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1934" ></A ><H2 >Name</H2 >DefaultServer -- Set the default server</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1937" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DefaultServer</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DefaultServer off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config,<VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1964" ></A ><H2 >Description</H2 ><P >The DefaultServer directive controls which server configuration is used as the default when an incoming connection is destined for an IP address which is neither the host's primary IP address or one of the addresses specified in a <VirtualHost> configuration block. Normally such "unknown" connections are issued a "no server available to service your request" message and disconnected. When DefaultServer is turned on for either the primary server configuration or a virtual server, all unknown destination connections are serviced by the default server. Only a single server configuration can be set to default.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1967" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN1970" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DEFAULTTRANSFERMODE" ></A > DefaultTransferMode</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN1981" ></A ><H2 >Name</H2 >DefaultTransferMode -- Set the default method of data transfer</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN1984" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DefaultTransferMode</B > [ <TT CLASS="OPTION" >ascii|binary</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DefaultTransferMode ascii</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre9 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2011" ></A ><H2 >Description</H2 ><P >DefaultTransferMode sets the default transfer mode of the server. By default, carriage-return/linefeed translation will be performed (ASCII mode).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2014" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2017" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DEFERWELCOME" ></A > DeferWelcome</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2028" ></A ><H2 >Name</H2 >DeferWelcome -- Don't show welcome message until user has authenticated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2031" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DeferWelcome</B > [ <TT CLASS="OPTION" >DeferWelcome on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DeferWelcome off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2058" ></A ><H2 >Description</H2 ><P >The DeferWelcome directive configures a master or virtual server to delay transmitting the ServerName and address to new connections, until a client has successfully authenticated. If enabled, the initial welcome message will be exceedingly generic and will not give away any type of information about the host that the daemon is actively running on. This can be used by security-conscious administrators to limit the amount of "probing" possible from non-trusted networks/hosts.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2061" ></A ><H2 >See also</H2 ><P ><A HREF="#SERVERIDENT" >ServerIdent</A > <A HREF="#SERVERNAME" >ServerName</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2066" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DEFINE" ></A > Define</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2077" ></A ><H2 >Name</H2 >Define -- Initialises Defines for IfDefine</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2080" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Define</B > [ <TT CLASS="OPTION" >parameter-name</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >any context</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.6rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2107" ></A ><H2 >Description</H2 ><P >This directive is used to initialise defines for use in conjunction with the IfDefine directive</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2110" ></A ><H2 >See also</H2 ><P ><A HREF="#IFDEFINE" >IfDefine</A >, <A HREF="#IFMODULE" >IfModule</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2115" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >IfDefine LoadLimiting<br> IfDefine HighPerformanceSetup</P ></DIV ><H1 ><A NAME="DELETEABORTEDSTORES" ></A > DeleteAbortedStores</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2126" ></A ><H2 >Name</H2 >DeleteAbortedStores -- Enable automatic deletion of partially uploaded files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2129" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DeleteAbortedStores</B > [ <TT CLASS="OPTION" >DeleteAbortedStores on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server, <VirtualHost>, <Directory>, <Anonymous>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2156" ></A ><H2 >Description</H2 ><P >The DeleteAbortedStores directive controls whether ProFTPD deletes partially uploaded files if the transfer is stopped via the ABOR command rather than a connection failure.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2159" ></A ><H2 >See also</H2 ><P ><A HREF="#HIDDENSTOR" >HiddenStor</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2163" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DENY" ></A > Deny</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2174" ></A ><H2 >Name</H2 >Deny -- Access control directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2177" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Deny</B > [ <TT CLASS="OPTION" >Deny ["from"] "all"|"none"|host|network[,host|network[,...]]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2204" ></A ><H2 >Description</H2 ><P >The Deny directive is used to create a list of hosts and/or networks which will explicitly be denied access to a given <Limit> context block. The magic keywords "ALL" and "NONE" can be used to indicate that all hosts are denied access, or that no hosts are explicitly denied (respectively). For more information on the syntax and usage of Deny see: Allow and Order.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2207" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOW" >Allow</A > <A HREF="#ORDER" >Order</A > <A HREF="#LIMIT" >Limit</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2213" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DENYALL" ></A > DenyAll</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2224" ></A ><H2 >Name</H2 >DenyAll -- Deny all clients</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2227" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DenyAll</B > [ <TT CLASS="OPTION" >DenyAll</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2254" ></A ><H2 >Description</H2 ><P >The DenyAll directive is analogous to a combination of "order deny,allow <cr> deny from all", with the exception that it has a higher precedence when parsed. It is provided as a convenient method of completely denying access to a directory, anonymous ftp or limit block. Because of its precedence, it should not be intermixed with normal Order/Deny directives. The DenyAll directive can be overridden at a lower level directory by using AllowAll. DenyAll and AllowAll are mutually exclusive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2257" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWALL" >AllowAll</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2261" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DENYFILTER" ></A > DenyFilter</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2272" ></A ><H2 >Name</H2 >DenyFilter -- Regular expression of command arguments to be blocked</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2275" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DenyFilter</B > [ <TT CLASS="OPTION" >DenyFilter regular-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2302" ></A ><H2 >Description</H2 ><P >Similar to AllowFilter, DenyFilter specifies a regular expression which must not match any of the command arguments. If the regex does match, a "Forbidden command" error is returned to the client. This can be especially useful for forbidding certain command argument combinations from ever reaching ProFTPD.</P ><P ><SPAN CLASS="emphasis" ><I CLASS="EMPHASIS" >Notes:</I ></SPAN > The 'PASV' command cannot be blocked using this directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2307" ></A ><H2 >See also</H2 ><P >AllowFilter</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2310" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ># We don't want to allow any commands with % being sent to the server DenyFilter "%"</PRE ><P ></P ></DIV ><H1 ><A NAME="DENYGROUP" ></A > DenyGroup</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2322" ></A ><H2 >Name</H2 >DenyGroup -- Group based deny rules</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2325" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DenyGroup</B > [ <TT CLASS="OPTION" >DenyGroup group-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2352" ></A ><H2 >Description</H2 ><P >DenyGroup specifies a group-expression that is specifically denied within the context of the <Limit> block it is applied to. group-expression has the same format as that used in DefaultRoot, in that it should contain a comma separated list of groups or "not" groups (by prefixing a group name with the `!' character) that are to be denied access to the block. The expression is parsed as a boolean "and" list, meaning that ALL elements of the expression must evaluate to logically true in order for the explicit deny to apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2355" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYUSER" >DenyUser</A >, <A HREF="#ALLOWUSER" >AllowUser</A > <A HREF="#ALLOWGROUP" >AllowGroup</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2361" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DENYUSER" ></A > DenyUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2372" ></A ><H2 >Name</H2 >DenyUser -- User based deny rules</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2375" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DenyUser</B > [ <TT CLASS="OPTION" >DenyUser user-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2402" ></A ><H2 >Description</H2 ><P >DenyUser specifies a user-expression that is specifically denied within the context of the <Limit> block it is applied to. user-expression is a comma delimited list of users or "not" users (by prefixing a user name with the `!' character). The expression is parsed as a boolean "OR" list, meaning that any elements of the expression must evaluate to logically true in order for the explicit deny to apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2405" ></A ><H2 >See also</H2 ><P ><A HREF="#DENYGROUP" >DenyGroup</A >, <A HREF="#ALLOWUSER" >AllowUser</A > <A HREF="#ALLOWGROUP" >AllowGroup</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2411" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DIRFAKEGROUP" ></A > DirFakeGroup</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2422" ></A ><H2 >Name</H2 >DirFakeGroup -- Hide real file/directory group</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2425" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DirFakeGroup</B > [ <TT CLASS="OPTION" >DirFakeGroup On|Off [groupname]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DirFakeGroup Off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.5</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2452" ></A ><H2 >Description</H2 ><P >DirFakeGroup can be used to hide the true group of files (including directories, fifos, etc.) in a directory listing. If simply turned On, DirFakeGroup will display all files as being owned by group 'ftp'. Optionally, the groupname argument can be used to specify a specific group other than 'ftp'. "~" can be used as the argument in order to display the primary group name of the current user.</P ><P >Both DirFakeGroup and DirFakeUser are completely cosmetic; the groupname or username specified don't need to exist on the system, and neither directive affects permissions, real ownership or access control in any way.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2456" ></A ><H2 >See also</H2 ><P ><A HREF="#DIRFAKEUSER" >DirFakeUser</A > <A HREF="#DIRFAKEMODE" >DirFakeMode</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2461" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DIRFAKEMODE" ></A > DirFakeMode</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2472" ></A ><H2 >Name</H2 >DirFakeMode -- Hide real file/directory permissions</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2475" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DirFakeMode</B > [ <TT CLASS="OPTION" >DirFakeMode octal-mode</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directory></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2502" ></A ><H2 >Description</H2 ><P >The DirFakeMode directive configures a mode (or permissions) which will be displayed for ALL files and directories in directory listings. For each subset of permissions (user, group, other), the "execute" permission for directories is added in listings if the "read" permission is specified by this directive. As with DirFakeUser, and DirFakeGroup, the "fake" permissions shown in directory listings are cosmetic only, they do not affect real permissions or access control in any way.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2505" ></A ><H2 >See also</H2 ><P ><A HREF="#DIRFAKEUSER" >DirFakeUser</A > <A HREF="#DIRFAKEGROUP" >DirFakeGroup</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2510" ></A ><H2 >Examples</H2 ><P ><PRE CLASS="PROGRAMLISTING" > DirFakeMode 0640 Will result in: -rw-r----- ... arbitrary.file drwxr-x--- ... arbitrary.directory</PRE ></P ></DIV ><H1 ><A NAME="DIRFAKEUSER" ></A > DirFakeUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2522" ></A ><H2 >Name</H2 >DirFakeUser -- Hide real file/directory owner</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2525" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DirFakeUser</B > [ <TT CLASS="OPTION" >DirFakeUser On|Off [username]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >DirFakeUser Off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.5</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2552" ></A ><H2 >Description</H2 ><P >DirFakeUser can be used to hide the true user owners of files (including directories, fifos, etc.) in a directory listing. If simply turned On, DirFakeUser will display all files as being owned by user 'ftp'. Optionally, the username argument can be used to specify a specific user other than 'ftp'. "~" can be used as the argument in order to display the current user's username.</P ><P >Both DirFakeGroup and DirFakeUser are completely cosmetic; the groupname or username specified don't need to exist on the system, and neither directive affects permissions, real ownership or access control in any way.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2556" ></A ><H2 >See also</H2 ><P ><A HREF="#DIRFAKEGROUP" >DirFakeGroup</A > <A HREF="#DIRFAKEMODE" >DirFakeMode</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2561" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DIRECTORY" ></A > Directory</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2572" ></A ><H2 >Name</H2 >Directory -- Directory-limited configuration directives</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2575" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Directory</B > [ <TT CLASS="OPTION" ><Directory pathname></TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2602" ></A ><H2 >Description</H2 ><P >This directive creates a block of configuration directives which applies only to the specified directory and its sub-directories. The block is ended with </Directory>. Per-directory configuration is enabled during run-time with a "closest" match algorithm, meaning that the <Directory> directive with the closest matching path to the actual pathname of the file or directory in question is used. Per-directory configuration is inherited by all sub-directories until a closer matching <Directory> is encountered, at which time the original per-directory configuration is replaced with the closer match. Note that this does not apply to <Limit> </Limit> blocks, which are inherited by all sub-directories until a <Limit> block is reached in a closer match.</P ><P > A trailing slash and wildcard ("/*") can be appended to the directory, specifying that the configuration block applies only to the contents (and sub-contents), not to the actual directory itself. Such wildcard matches always take precedence over non-wildcard <Directory> configuration blocks. <Directory> blocks cannot be nested (they are automatically nested at run-time based on their pathnames). Pathnames must always be absolute (except inside <Anonymous>), and should not reference symbolic links. Pathnames inside an <Anonymous> block can be relative, indicating that they are based on the anonymous root directory.</P ><P >[Notes for ProFTPD 1.1.3 and later only] Pathnames that begin with the special character '~' and do not specify a username immediately after ~ are put into a special deferred mode. When in deferred mode, the directory context is not hashed and sorted into the configuration tree at boot time, but rather this hashing is deferred until a user authenticates, at which time the '~' character is replaced with the user's home directory. This allows a global <Directory> block which applies to all user's home directories, or sub-directories thereof.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2607" ></A ><H2 >See also</H2 ><P ><A HREF="#LIMIT" >Limit</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2611" ></A ><H2 >Examples</H2 ><P ><PRE CLASS="PROGRAMLISTING" >#Default usage of the directory directive <Directory /users/robroy/private> HideNoAccess on </Directory> #Example with username-expanding <Directory ~/anon-ftp> <Limit WRITE> DenyAll </Limit> </Directory></PRE ></P ></DIV ><H1 ><A NAME="DISPLAYCONNECT" ></A > DisplayConnect</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2623" ></A ><H2 >Name</H2 >DisplayConnect -- Sets connect banner file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2626" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayConnect</B > [ <TT CLASS="OPTION" >DisplayConnect filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2653" ></A ><H2 >Description</H2 ><P >The DisplayConnect directive configures an ASCII text filename which will be displayed to the user when they initially connect but before they login. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for starting in the home directory of the user the server is running as. As this can lead confusion, absolute pathnames are suggested. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2656" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2659" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DISPLAYFIRSTCHDIR" ></A > DisplayFirstChdir</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2670" ></A ><H2 >Name</H2 >DisplayFirstChdir -- Set the file to display when first entering a directory</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2673" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayFirstChdir</B > [ <TT CLASS="OPTION" >DisplayFirstChdir filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Directory>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later, magic cookies only in 0.99.0pl10 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2700" ></A ><H2 >Description</H2 ><P >The DisplayFirstChdir directive configures an ASCII text filename which will be displayed to the user the first time they change into a directory (via CWD) per a given session. The file will also be displayed if proftpd detects that its last modification time has changed since the previous CWD into a given directory. If the filename is relative, it is looked for in the new directory that the user has changed into. Note that for anonymous ftp logins (see <Anonymous>), the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client.</P ><P >DisplayFirstChdir, DisplayConnect, DisplayLogin and DisplayQuit support the following "magic cookies" (only in 0.99.0pl10 and later), which are replaced with their respective strings before being displayed to the user.</P ><PRE CLASS="PROGRAMLISTING" >%C Current working directory %E Server admin's e-mail address %F Available space on file system, in bytes %f Available space on file system, with units %i The number of files uploaded (input) in this session %L Local host name %M Max number of connections %N Current number of connections %o The number of files downloaded (output) in this session %R Remote host name %T Current Time %t The number of files transfered (uploaded and downloaded) in this session %U Username originally used in login %u Username reported by ident protocol %V Name of virtual host (if any) %x The name of the user's class %y Current number of connections from the user's class %z Max number of connections from the user's class </PRE ><P >NOTE: not all of these may have a rational value, depending on the context in which they're used (e.g., %u if ident lookups are off).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2706" ></A ><H2 >See also</H2 ><P ><A HREF="#DISPLAYCONNECT" >DisplayConnect</A > <A HREF="#DISPLAYLOGIN" >DisplayLogin</A > <A HREF="#DISPLAYQUIT" >DisplayQuit</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2712" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DISPLAYGOAWAY" ></A > DisplayGoAway</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2723" ></A ><H2 >Name</H2 >DisplayGoAway -- Set the file to display to a rejected connection</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2726" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayGoAway</B > [ <TT CLASS="OPTION" >DisplayGoAway filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre8 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2753" ></A ><H2 >Description</H2 ><P >The DisplayGoAway directive specifies an ASCII text filename which will be displayed to the user if the class they're a member of has too many users logged in and their login request has been denied. DisplayGoAway supports the same "magic cookies" as DisplayFirstChdir.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2756" ></A ><H2 >See also</H2 ><P >DisplayFirstChdir</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2759" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DISPLAYLOGIN" ></A > DisplayLogin</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2770" ></A ><H2 >Name</H2 >DisplayLogin -- Set the file to display on login</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2773" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayLogin</B > [ <TT CLASS="OPTION" >DisplayLogin filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2800" ></A ><H2 >Description</H2 ><P >The DisplayLogin directive configures an ASCII text filename which will be displayed to the user when they initially login. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for in the initial directory a user is placed in immediately after login (home directory for unix user logins, anonymous-root directory for anonymous logins). Note: that for jailed logins, the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client. DisplayLogin supports the same "magic cookies" as DisplayFirstChdir.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2803" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2806" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DISPLAYQUIT" ></A > DisplayQuit</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2817" ></A ><H2 >Name</H2 >DisplayQuit -- Set the file to display on quit</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2820" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayQuit</B > [ <TT CLASS="OPTION" >DisplayQuit filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre8 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2847" ></A ><H2 >Description</H2 ><P >DisplayQuit configures an ASCII text filename which will be displayed to the user when they quit. The filename can be either relative or absolute. In the case of a relative filename, the file is searched for in current directory a user is in when they logout -- for this reason, a absolute filename is usually preferable. NOTE: for jailed logins, the file must reside inside the chroot()ed file system space. If the file cannot be found or accessed, no error occurs and nothing is logged or displayed to the client. DisplayQuit supports the "magic cookies" listed under DisplayFirstChdir.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2850" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2853" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="DISPLAYREADME" ></A > DisplayReadme</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2864" ></A ><H2 >Name</H2 >DisplayReadme -- Enable display of file modification times on a file pattern</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2867" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >DisplayReadme</B > [ <TT CLASS="OPTION" >DisplayReadme filename or pattern</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_readme</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre8 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2894" ></A ><H2 >Description</H2 ><P >Module: mod_readme The DisplayReadme directive notifies the user of the last change date of the specified file or pattern. Only a single DisplayReadme directive is allowed per configuration scope. DisplayReadme README Will result in: Please read the file README it was last modified on Sun Oct 17 10:36:14 1999 - 0 days ago Being displayed to the user on a cwd. DisplayReadmePattern README* Will result in: Please read the file README it was last modified on Tue Jan 25 04:47:48 2000 - 0 days ago Please read the file README.first it was last modified on Tue Jan 25 04:48:04 2000 - 0 days ago Being displayed to the user on a cwd. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2897" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2900" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="EXTENDEDLOG" ></A > ExtendedLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2911" ></A ><H2 >Name</H2 >ExtendedLog -- Specify custom logfiles</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2914" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ExtendedLog</B > [ <TT CLASS="OPTION" >filename [[command-classes] format-nickname]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous> <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_log</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6pl1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2941" ></A ><H2 >Description</H2 ><P >The ExtendedLog directive allows customizable logfiles to be generated, either globally or per VirtualHost. The filename argument must contain an absolute pathname to a logfile which will be appended to when proftpd starts; the pathname should not be to a file in a nonexistent directory, to a world-writeable directory, or be a symbolic link (unless AllowLogSymlinks is set to on). Multiple logfiles (potentially with different command classes and formats) can be created. Optionally, the command-classes argument can be used to control which types of commands are logged. If not command classes are specified, proftpd logs all commands by default (passwords are hidden). command-classes is a comma delimited (no whitespace!) list of which commands to log.</P ><P >The following are valid classes: NONE No commands AUTH Authentication commands (USER, PASS) INFO Informational commands (PWD, SYST, etc) DIRS Directory commands (LIST, CWD, MKD, etc) READ File reading (RETR) WRITE File/directory writing or creation MISC Miscellaneous commands (SITE, etc) ALL All commands (default)</P ><P >If a format-nickname argument is supplied, ExtendedLog will use the predefined logformat (created by LogFormat). Otherwise, the default format of "%h %l %u %t \"%r\" %s %b" is used.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2946" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWLOGSYMLINKS" >AllowLogSymlinks</A >, <A HREF="#LOGFORMAT" >LogFormat</A >, <A HREF="#TRANSFERLOG" >TransferLog</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2952" ></A ><H2 >Examples</H2 ><P >For example, to log all read and write operations to /var/log/ftp.log (using the default format), you could:</P ><PRE CLASS="PROGRAMLISTING" >ExtendedLog /var/log/ftp.log read,write</PRE ><P ></P ></DIV ><H1 ><A NAME="FILERATIOERRMSG" ></A > FileRatioErrMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN2965" ></A ><H2 >Name</H2 >FileRatioErrMsg -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN2968" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >FileRatioErrMsg</B > [ <TT CLASS="OPTION" >FileRatioErrMsg foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2995" ></A ><H2 >Description</H2 ><P >The FileRatioErrMsg directive .... Example: FileRatioErrMsg</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN2998" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3001" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="GLOBAL" ></A > Global</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3012" ></A ><H2 >Name</H2 >Global -- Set some directives to apply across the entire daemon</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3015" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Global</B > [ <TT CLASS="OPTION" ><Global></TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3042" ></A ><H2 >Description</H2 ><P >The Global configuration block is used to create a set of configuration directives which is applied universally to both the main server configuration and all VirtualHost configurations. Most, but not all other directives can be used inside a Global block.</P ><P >In addition, multiple <Global> blocks can be created. At runtime, all Global blocks are merged together and finally into each server's configuration. Global blocks are terminated by a matching </Global> directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3046" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3049" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="GROUP" ></A > Group</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3060" ></A ><H2 >Name</H2 >Group -- Set the group the server normally runs as</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3063" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Group</B > [ <TT CLASS="OPTION" >Group groupid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3090" ></A ><H2 >Description</H2 ><P >The Group directive configures which group the server daemon will normally run at. See User for more details.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3093" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3096" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="GROUPOWNER" ></A > GroupOwner</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3107" ></A ><H2 >Name</H2 >GroupOwner -- Change default group for new files and directories</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3110" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >GroupOwner</B > [ <TT CLASS="OPTION" >GroupOwner groupname</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3137" ></A ><H2 >Description</H2 ><P >The GroupOwner directive configures which group all newly created directories and files will be owned by, within the context that GroupOwner is applied to. The group ID of groupname cannot be 0. Note that GroupOwner cannot be used to override the host OS/file system user/group paradigm. If the current user is not a member of the specified group, new files and directories will not be able to be chown()ed to the GroupOwner group. If this happens, file STOR (send file from client to server) and MKD/XMKD (mkdir) operations will succeed normally, however the new directory entries will be owned by the current user's default group (a warning message is also logged) instead of by the desired group. If you also use UserOwner in the same context, this restriction is lifted.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3140" ></A ><H2 >See also</H2 ><P ><A HREF="#USEROWNER" >UserOwner</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3144" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="GROUPPASSWORD" ></A > GroupPassword</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3155" ></A ><H2 >Name</H2 >GroupPassword -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3158" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >GroupPassword</B > [ <TT CLASS="OPTION" >GroupPassword groupid hashed-password</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3185" ></A ><H2 >Description</H2 ><P >The GroupPassword directive creates a special "group" password which allows all users in the specified group to authenticate using a single password. The group/password supplied is only effective inside the context to which GroupPassword is applied. The hashed-password argument is a standard cleartext password which has been passed through the standard unix crypt() library function. Extreme care should be taken when using GroupPassword, as serious security problems may arise if group membership is not carefully controlled.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3188" ></A ><H2 >See also</H2 ><P >UserPassword</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3191" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="GROUPRATIO" ></A > GroupRatio</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3202" ></A ><H2 >Name</H2 >GroupRatio -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3205" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >GroupRatio</B > [ <TT CLASS="OPTION" >GroupRatio foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3232" ></A ><H2 >Description</H2 ><P >The GroupRatio directive .... Example: GroupRatio</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3235" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3238" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="HIDDENSTOR" ></A > HiddenStor</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3249" ></A ><H2 >Name</H2 >HiddenStor -- Enables more safe file uploads</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3252" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HiddenStor</B > [ <TT CLASS="OPTION" >HiddenStor on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >HiddenStor off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3279" ></A ><H2 >Description</H2 ><P >The HiddenStor directive enables two-step file uploads: files are uploaded as ".in.filename." and once the upload is complete, renamed to just "filename". This provides a degree of atomicity and helps prevent 1) incomplete uploads and 2) files being used while they're still in the progress of being uploaded. Note: if the temporary file name is already in use (e.g., a server crash during upload), it will prevent the file from being uploaded.</P ><P >The REST (Restart STOR) command is automatically blocked when HiddenStor is enabled, with the server returning a 501 error code to the client.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3283" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWSTORERESTART" >AllowStoreRestart</A > <A HREF="#DELETEABORTEDSTORES" >DeleteAbortedStores</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3288" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="HIDDENSTORES" ></A > HiddenStores</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3299" ></A ><H2 >Name</H2 >HiddenStores -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3302" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HiddenStores</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3329" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3332" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="HIDEFILES" ></A > HideFiles</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3343" ></A ><H2 >Name</H2 >HideFiles -- Enable hiding of files based on regular expressions</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3346" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HideFiles</B > [ <TT CLASS="OPTION" >[!]regexp|"none" ["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3373" ></A ><H2 >Description</H2 ><P >The HideFiles directive configures a <Directory> section to hide all directory entries, e.g. its files and sub-directories, that match the given regular expression. These files can still be operated on by other FTP commands (DELE, RETR, etc), as constrained by any applicable <Limit>s, but this can be modified using the IgnoreHidden directive. Note that this directive manipulates a file's "hidden-ness", but doesn't do any hiding by itself. A <Limit> section, with IgnoreHidden enabled, does the actual hiding of the files from the <Limit>ed commands.</P ><P >As <Directory> configurations are inherited by sub-directories, the "none" parameter can be used to disable any inherited file hiding within a sub-directory, usually through the use of a .ftpaccess file.</P ><P >The optional parameters are used to restrict the rule for hiding files only to specific users. If "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply.</P ><P >An unrestricted HideFiles directive and an unrestriected ShowFiles directive cannot be used simultaneously in the context.</P ><P >Example: # Hide configuration and passwd files from view HideFiles "(\\.conf|passwd)$" # ...or the same regex, without the quotes HideFiles (\.conf|passwd)$ # Hide those same files from everyone _except_ a special user HideFiles (\.conf|passwd)$ user !tj # Using the ! prefix to "invert" the regular expression matching, # allow only .txt and .html files to be seen HideFiles !(\.txt|\.html)$ # Only let users of the webmaster group see HTML files, but nothing else HideFiles !(\.htm|\.html)$ group webmaster</P ><P >See Also: HideGroup, HideUser, HideNoAccess</P ></DIV ><H1 ><A NAME="HIDEGROUP" ></A > HideGroup</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3389" ></A ><H2 >Name</H2 >HideGroup -- Enable hiding of files based on group owner</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3392" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HideGroup</B > [ <TT CLASS="OPTION" >HideGroup groupid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3419" ></A ><H2 >Description</H2 ><P >The HideGroup directive configures a <Directory> or < Anonymous> block to hide all directory entries owned by the specified group, unless the group is the primary group of the currently logged-in, authenticated user . Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc). This behavior can be modified via the IgnoreHidden directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3422" ></A ><H2 >See also</H2 ><P >See Also: HideUser, HideNoAccess, IgnoreHidden</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3425" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="HIDENOACCESS" ></A > HideNoAccess</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3436" ></A ><H2 >Name</H2 >HideNoAccess -- Block the listing of directory entries to which the user has no access permissions</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3439" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HideNoAccess</B > [ <TT CLASS="OPTION" >HideNoAccess on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>,<Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3466" ></A ><H2 >Description</H2 ><P >The HideNoAccess directive configures a <Directory> or <Anonymous> block to hide all directory entries in a directory listing (via the LIST or NLST FTP commands) to which the current logged-in, authenticated user has no access. Normal Unix-style permissions always apply, so that although a user may not be able to see a directory entry that has HideNoAccess applied, they will receive a normal "Permission denied" error message when attempting to blindly manipulate the file system object. The directory or file can be made completely invisible to all FTP commands by applying IgnoreHidden in conjunction with HideNoAccess.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3469" ></A ><H2 >See also</H2 ><P >See Also: HideUser, HideGroup, IgnoreHidden</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3472" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="HIDEUSER" ></A > HideUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3483" ></A ><H2 >Name</H2 >HideUser -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3486" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HideUser</B > [ <TT CLASS="OPTION" >HideUser userid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3513" ></A ><H2 >Description</H2 ><P >The HideUser directive configures a <Directory> or <Anonymous> block to hide all directory entries owned by the specified user, unless the owning user is the currently logged-in, authenticated user. Normally, hidden directories and files cannot be seen via LIST or NLST commands but can be operated on via other FTP commands (CWD, DELE, RETR, etc). This behavior can be modified via the IgnoreHidden directive. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3516" ></A ><H2 >See also</H2 ><P >HideGroup, HideNoAccess, IgnoreHidden</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3519" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="HOSTRATIO" ></A > HostRatio</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3530" ></A ><H2 >Name</H2 >HostRatio -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3533" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >HostRatio</B > [ <TT CLASS="OPTION" >HostRatio foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3560" ></A ><H2 >Description</H2 ><P >The HostRatio directive .... Example: HostRatio</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3563" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3566" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="IDENTLOOKUPS" ></A > IdentLookups</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3577" ></A ><H2 >Name</H2 >IdentLookups -- Toggle ident lookups</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3580" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >IdentLookups</B > [ <TT CLASS="OPTION" >IdentLookups on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >IdentLookups on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3607" ></A ><H2 >Description</H2 ><P >Normally, when a client initially connects to proftpd, the ident protocol (RFC1413) is used to attempt to identify the remote username. This can be controlled via the IdentLookups directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3610" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3613" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="IFDEFINE" ></A > IfDefine</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3624" ></A ><H2 >Name</H2 >IfDefine -- To control the use of sections of the configuration</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3627" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >IfDefine</B > [ <TT CLASS="OPTION" >[!]define-label</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >any</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.6rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3654" ></A ><H2 >Description</H2 ><P >The <IfDefine test>...</IfDefine> section is used to mark directives that are conditional. The directives within an IfDefine section are only processed if the test is true. If the test is false, everything between the start and end markers is ignored.</P ><P >The test in the <IfDefine> section directive can be one of two forms: 'parameter-name' or '!parameter-name'</P ><P >In the former case, the directives between the start and end markers are only processed if the parameter named parameter-name is defined. The second format reverses the test, and only processes the directives if parameter-name is not defined. </P ><P >The parameter-name argument is a define as given on the command line via -Dparameter-name, at the time the server was started.</P ><P > <IfDefine> sections are nest-able, which can be used to implement simple multiple-parameter tests.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3661" ></A ><H2 >See also</H2 ><P ><A HREF="#DEFINE" >Define</A >, <A HREF="#IFMODULE" >IfModule</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3666" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >$ proftpd -DDoSomething<br> <br> --[ proftpd.conf ]--<br> <IfDefine DoSomething><br> # do something here<br> </IfDefine><br> --[ end ]--<br> </P ></DIV ><H1 ><A NAME="IFMODULE" ></A > IfModule</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3677" ></A ><H2 >Name</H2 >IfModule -- Parse a section of config based on module name</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3680" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >IfModule</B > [ <TT CLASS="OPTION" >[!]module-name</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >any</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.6rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3707" ></A ><H2 >Description</H2 ><P >The <IfModule test>...</IfModule> section is used to mark directives that are conditional. The directives within an IfModule section are only processed if the test is true. If the test is false, everything between the start and end markers is ignored.</P ><P >The test in the <IfModule> section directive can be one of two forms: "module name" or "!module name"</P ><P >In the former case, the directives between the start and end markers are only processed if the module named module name is compiled in to ProFTPD. The second format reverses the test, and only processes the directives if module name is not compiled in.</P ><P >The module name argument is a module name as given as the file name of the module, at the time it was compiled. For example, mod_sql.c.</P ><P ><IfModule> sections are nest-able, which can be used to implement simple multiple-module tests.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3714" ></A ><H2 >See also</H2 ><P ><A HREF="#DEFINE" >Define</A >, <A HREF="#IFDEFINE" >IfDefine</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3719" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" ><IfModule mod_load.c><br> MaxLoad 10 "Access denied, server load too high"<br> </IfModule></P ></DIV ><H1 ><A NAME="IGNOREHIDDEN" ></A > IgnoreHidden</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3730" ></A ><H2 >Name</H2 >IgnoreHidden -- Treat 'hidden' files as if they don't exist</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3733" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >IgnoreHidden</B > [ <TT CLASS="OPTION" >IgnoreHidden on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >IgnoreHidden off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3760" ></A ><H2 >Description</H2 ><P >Normally, files hidden via HideNoAccess, HideUser or HideGroup can be operated on by all FTP commands (assuming Unix file permissions allow access), even though they do not appear in directory listings. Additionally, even when normal file system permissions disallow access, proftpd returns a "Permission denied" error to the client, indicating that the requested object does exist, even if it cannot be acted upon. IgnoreHidden configures a <Limit> block to completely ignore any hidden directory entries for the set of limited FTP commands. This has the effect of returning an error similar to "No such file or directory" when the client attempts to use the limited command upon a hidden directory or file.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3763" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3766" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="INCLUDE" ></A > Include</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3777" ></A ><H2 >Name</H2 >Include -- Load additional configuration directives from a file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3780" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Include</B > [ <TT CLASS="OPTION" >Include file</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Directory>, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3807" ></A ><H2 >Description</H2 ><P >This directive allows you to include another configuration file within your current configuration file. The given file argument must be the full path to the file to be included.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3810" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3813" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPAUTHBINDS" ></A > LDAPAuthBinds</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3824" ></A ><H2 >Name</H2 >LDAPAuthBinds -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3827" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Syntax: LDAPAuthBinds</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B >(docs incomplete)</B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPAuthBinds off in mod_ldap <= 2.7.6, LDAPAuthBinds on in mod_ldap >= 2.8 </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.5 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3855" ></A ><H2 >Description</H2 ><P >By default, the DN specified by LDAPDNInfo will be used to bind to the LDAP server to obtain user information, including the userPassword attribute. If LDAPAuthBinds is set to on, the DN specified by LDAPDNInfo will be used to fetch all user information except the userPassword attribute. Then, mod_ldap will bind to the LDAP server as the user who is logging in via FTP with the user-supplied password. If this bind succeeds, the user is considered authenticated and is allowed to log in. This method of LDAP authentication has the added benefit of supporting any password encryption scheme that your LDAP server supports.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3858" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3861" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDNINFO" ></A > LDAPDNInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3872" ></A ><H2 >Name</H2 >LDAPDNInfo -- Set DN information to be used for initial bind</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3875" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDNInfo</B > [ <TT CLASS="OPTION" >LDAPDNInfo "ldap-dn" "dn-password"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDNInfo "" "" (anonymous bind) </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3902" ></A ><H2 >Description</H2 ><P >This directive specifies the LDAP DN and password to use when binding to the LDAP server. If this configuration directive is not specified, anonymous binds are used.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3905" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3908" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDEFAULTAUTHSCHEME" ></A > LDAPDefaultAuthScheme</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3919" ></A ><H2 >Name</H2 >LDAPDefaultAuthScheme -- Set the authentication scheme/hash that is used when no leading {hashname} is present. </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3922" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDefaultAuthScheme</B > [ <TT CLASS="OPTION" >crypt</TT > <TT CLASS="OPTION" >clear</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDefaultAuthScheme "crypt" </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3950" ></A ><H2 >Description</H2 ><P >Specifies the authentication scheme used for passwords with no {prefix} in the LDAP database. For example, if you are using something like userPassword: mypass in your LDAP database, you would want to set LDAPDefaultAuthScheme to clear.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3953" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3956" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDEFAULTGID" ></A > LDAPDefaultGID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN3967" ></A ><H2 >Name</H2 >LDAPDefaultGID -- Set the default GID to be assigned to users when no uidNumber attribute is found. </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN3970" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDefaultGID</B > [ <TT CLASS="OPTION" >default-gid</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > None </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN3997" ></A ><H2 >Description</H2 ><P >This directive is useful primarily in virtual-user environments common in large-scale ISPs and hosting organizations. If a user does not have a LDAP gidNumber attribute, the LDAPDefaultGID is used. This allows one to have a large number of users in an LDAP database without gidNumber attributes; setting this configuration directive will automatically assign those users a single GID.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4000" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4003" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDEFAULTUID" ></A > LDAPDefaultUID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4014" ></A ><H2 >Name</H2 >LDAPDefaultUID -- Set the default GID to be assigned to users when no uidNumber attribute is found. </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4017" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDefaultUID</B > [ <TT CLASS="OPTION" >default-uid</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > None </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4044" ></A ><H2 >Description</H2 ><P >This directive is useful primarily in virtual-user environments common in large-scale ISPs and hosting organizations. If a user does not have a LDAP uidNumber attribute, the LDAPDefaultUID is used. This allows one to have a large number of users in an LDAP database without uidNumber attributes; setting this configuration directive will automatically assign those users a single UID.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4047" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4050" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDOAUTH" ></A > LDAPDoAuth</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4061" ></A ><H2 >Name</H2 >LDAPDoAuth -- Enable LDAP authentication</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4064" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDoAuth</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >"auth-base-dn"</TT > ] [ <TT CLASS="OPTION" >"search-filter-template"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDoAuth off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4096" ></A ><H2 >Description</H2 ><P >This configuration directive activates LDAP authentication. The second argument to this directive is the LDAP base DN to use for authentication. The third argument is a template to be used for the search filter; %v will be replaced with the username that is being authenticated. By default, the search filter template "(&(uid=%v)(objectclass=posixAccount))" is used. Search filter templates are only supported in mod_ldap v2.7 and later.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4099" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4102" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDOGIDLOOKUPS" ></A > LDAPDoGIDLookups</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4113" ></A ><H2 >Name</H2 >LDAPDoGIDLookups -- Enable LDAP lookups for user group membership and GIDs in directory listings </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4116" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDoGIDLookups</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >"uid-base-dn"</TT > ] [ <TT CLASS="OPTION" >"search-filter-template"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDoGIDLookups off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4148" ></A ><H2 >Description</H2 ><P >This configuration directive activates LDAP GID-to-name lookups in directory listings. The second argument to this directive is the LDAP base DN to use for GID-to-name lookups. The third argument is a template to be used for the search filter; %v will be replaced with the GID that is being looked up. By default, the search filter template "(&(gidNumber=%v)(objectclass=posixGroup))" is used. Search filter templates are only supported in mod_ldap v2.7 and later.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4151" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4154" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDOQUOTALOOKUPS" ></A > LDAPDoQuotaLookups</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4165" ></A ><H2 >Name</H2 >LDAPDoQuotaLookups -- Enable LDAP quota limit support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4168" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDoQuotaLookups</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >"auth-base-dn"</TT > ] [ <TT CLASS="OPTION" >"search-filter-template"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDoQuotaLookups off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8.11 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4200" ></A ><H2 >Description</H2 ><P >This configuration directive activates LDAP quota lookups. The second argument to this directive is the LDAP base DN to use for quota limit search. The third argument is a template to be used for the search filter; %v will be replaced with the username that is being authenticated. By default, the search filter template "(&(uid=%v)(objectclass=posixAccount))" is used. Search filter templates are only supported in mod_ldap v2.7 and later.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4203" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4206" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPDOUIDLOOKUPS" ></A > LDAPDoUIDLookups</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4217" ></A ><H2 >Name</H2 >LDAPDoUIDLookups -- Enable LDAP lookups for UIDs in directory listings </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4220" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPDoUIDLookups</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >"uid-base-dn"</TT > ] [ <TT CLASS="OPTION" >"search-filter-template"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPDoUIDLookups off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4252" ></A ><H2 >Description</H2 ><P >This configuration directive activates LDAP UID-to-name lookups in directory listings. The second argument to this directive is the LDAP base DN to use for UID-to-name lookups. The third argument is a template to be used for the search filter; %v will be replaced with the UID that is being looked up. By default, the search filter template "(&(uidNumber=%v)(objectclass=posixAccount))" is used. Search filter templates are only supported in mod_ldap v2.7 and later.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4255" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4258" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPFORCEDEFAULTGID" ></A > LDAPForceDefaultGID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4269" ></A ><H2 >Name</H2 >LDAPForceDefaultGID -- Force all LDAP-authenticated users to use the same GID.</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4272" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Syntax: LDAPForceDefaultGID</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPForceDefaultGID off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4300" ></A ><H2 >Description</H2 ><P >Even when a <A HREF="#LDAPDEFAULTGID" >LDAPDefaultGID</A > is configured, mod_ldap will allow individual users to have gidNumber attributes that will override this default GID. With LDAPForceDefaultGID enabled, all LDAP-authenticated users are given the default GID; GIDs may not be overridden by gidNumber attributes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4304" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4307" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPFORCEDEFAULTUID" ></A > LDAPForceDefaultUID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4318" ></A ><H2 >Name</H2 >LDAPForceDefaultUID -- Force all LDAP-authenticated users to use the same UID.</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4321" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Syntax: LDAPForceDefaultUID</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPForceDefaultUID off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4349" ></A ><H2 >Description</H2 ><P >Even when a <A HREF="#LDAPDEFAULTUID" >LDAPDefaultUID</A > is configured, mod_ldap will allow individual users to have uidNumber attributes that will override this default UID. With LDAPForceDefaultUID enabled, all LDAP-authenticated users are given the default UID; UIDs may not be overridden by uidNumber attributes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4353" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4356" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPFORCEHOMEDIRONDEMAND" ></A > LDAPForceHomedirOnDemand</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4367" ></A ><H2 >Name</H2 >LDAPForceHomedirOnDemand -- Force all LDAP-authenticated users to use the default HomeDironDemand prefix/suffix. </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4370" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPForceHomedirOnDemand</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >directory-mode</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPForceHomedirOnDemand off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8.11 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4400" ></A ><H2 >Description</H2 ><P >Even when a <A HREF="#LDAPHOMEDIRONDEMANDPREFIX" >LDAPHomeDironDemandPrefix</A > is configured, mod_ldap will allow individual users to have homeDirectory attributes that will override the default. With LDAPForceHomeDironDemand enabled, all LDAP-authenticated users are given the default prefix and/or suffix; homedirs may not be overridden by LDAP homeDirectory attributes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4404" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4407" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPHOMEDIRONDEMAND" ></A > LDAPHomedirOnDemand</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4418" ></A ><H2 >Name</H2 >LDAPHomedirOnDemand -- Enable the creation of user home directories on demand </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4421" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPHomedirOnDemand</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ] [ <TT CLASS="OPTION" >directory-mode</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPHomedirOnDemand off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4451" ></A ><H2 >Description</H2 ><P >LDAPHomedirOnDemand activates on-demand home directory creation. If a user logs in and does not yet have a home directory, a home directory is created automatically.</P ><P >In mod_ldap <= 2.7.6, the home directory will be owned by the same user and group that ProFTPD runs as (see the User and Group configuration directives). mod_ldap >= 2.8 can create home directories for users with any UID/GID, not just those with the same UID/GID as the main ProFTPD server.</P ><P >The second argument allows you to specify the mode (default permissions) to use when creating home directories on demand, subject to ProFTPD's umask (see the Umask directive). If no directory mode is specified, the default of 0755 is used. Directory mode setting is only supported in mod_ldap v2.7 or later.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4456" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4459" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPHOMEDIRONDEMANDPREFIX" ></A > LDAPHomedirOnDemandPrefix</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4470" ></A ><H2 >Name</H2 >LDAPHomedirOnDemandPrefix -- Enable the creation of user home directories on demand </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4473" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPHomedirOnDemandPrefix</B > [ <TT CLASS="OPTION" >leading-path</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPHomedirOnDemandPrefix off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4500" ></A ><H2 >Description</H2 ><P >LDAPHomedirOnDemandPrefix enables a prefix to be specified for on-demand home directory creation. This is most useful if mod_ldap is being used to authenticate against an LDAP directory that does not return a homeDirectory attribute, either because it cannot (Microsoft Active Directory, for example) or because you do not wish to extend your existing directory schema.</P ><P >For example, setting this directive to "/home" and logging in as the user "joe" would result in his home directory being created as "/home/joe". The directory will be created with the mode specified in <A HREF="#LDAPHOMEDIRONDEMAND" >LDAPHomedirOnDemand</A >. To use this directive, <A HREF="#LDAPHOMEDIRONDEMAND" >LDAPHomedirOnDemand</A > must be enabled.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4506" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4509" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" ></A > LDAPHomedirOnDemandPrefixNoUsername</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4520" ></A ><H2 >Name</H2 >LDAPHomedirOnDemandPrefixNoUsername -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4523" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPHomedirOnDemandPrefixNoUsername</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4550" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4553" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPHOMEDIRONDEMANDSUFFIX" ></A > LDAPHomedirOnDemandSuffix</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4564" ></A ><H2 >Name</H2 >LDAPHomedirOnDemandSuffix -- Specify an additional directory to be created inside a user's home directory on demand. </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4567" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPHomedirOnDemandSuffix</B > [ <TT CLASS="OPTION" >additional-directory1</TT > <TT CLASS="OPTION" >additional-directory2</TT > <TT CLASS="OPTION" >additional-directory3</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPHomedirOnDemandSuffix "" </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.6 and later. </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4596" ></A ><H2 >Description</H2 ><P >to be created within a user's home directory when it is created on demand. For example, if a user's home directory is "/home/user", setting this configuration directive to "public_html" will also create "/home/user/public_html" on demand. In mod_ldap v2.7.6 and earlier, you must also activate LDAPHomedirOnDemand in your configuration.</P ><P >mod_ldap >= 2.8 supports multiple suffix arguments and does not require LDAPHomedirOnDemand to be enabled.</P ><P >mod_ldap >= 2.8.11 supports additional mode information; you can add ":octal-mode" to a directory argument to have it created with that mode. For example, LDAPHomedirOnDemandSuffix foo:700 will create the suffix directory foo with the mode 700.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4601" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4604" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPNEGATIVECACHE" ></A > LDAPNegativeCache</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4615" ></A ><H2 >Name</H2 >LDAPNegativeCache -- Enable negative caching for LDAP lookups</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4618" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPNegativeCache</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPNegativeCache off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v1.1 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4646" ></A ><H2 >Description</H2 ><P >LDAPNegativeCache specifies whether or not to cache negative responses from the LDAP server when using LDAP for UID/GID lookups. This option is useful if you also use/are in transition from another authentication system; if there are many users in your old authentication system that aren't in the LDAP database, there can be a significant delay when a directory listing is performed as the UIDs not in the LDAP database are repeatedly looked up in an attempt to present usernames instead of UIDs in directory listings. With LDAPNegativeCache set to on, negative ("not found") responses from the LDAP server will be cached and speed will improve on directory listings that contain many users not present in the LDAP database.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4649" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4652" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPQUERYTIMEOUT" ></A > LDAPQueryTimeout</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4663" ></A ><H2 >Name</H2 >LDAPQueryTimeout -- Set a timeout for LDAP queries</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4666" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPQueryTimeout</B > [ <TT CLASS="OPTION" >timeout-seconds</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPQueryTimeout default-api-timeout </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4693" ></A ><H2 >Description</H2 ><P >Sets the timeout used for LDAP directory queries. The default is the default timeout used by your LDAP API.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4696" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4699" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPSEARCHSCOPE" ></A > LDAPSearchScope</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4710" ></A ><H2 >Name</H2 >LDAPSearchScope -- Specify the search scope used in LDAP queries</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4713" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPSearchScope</B > [ <TT CLASS="OPTION" >onelevel</TT > <TT CLASS="OPTION" >subtree</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPSearchScope subtree </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.6 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4741" ></A ><H2 >Description</H2 ><P >Set the scope used for LDAP searches. The default setting, subtree, searches for all entries in the tree from the current level down. Setting this directive to onelevel searches only one level deep in the LDAP tree.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4744" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4747" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPSERVER" ></A > LDAPServer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4758" ></A ><H2 >Name</H2 >LDAPServer -- Specify the LDAP server to use for lookups</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4761" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LDAPServer</B > [ <TT CLASS="OPTION" >"hostname1:port1 hostname2:port2"</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPServer "localhost" </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v1.0 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4788" ></A ><H2 >Description</H2 ><P >LDAPServer allows you to to specify the hostname(s) and port(s) of the LDAP server(s) to use for LDAP authentication. If no LDAPServer configuration directive is present, the default LDAP servers specified by your LDAP API will be used.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4791" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4794" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LDAPUSETLS" ></A > LDAPUseTLS</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4805" ></A ><H2 >Name</H2 >LDAPUseTLS -- Enable TLS/SSL connections to the LDAP server.</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4808" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Syntax: LDAPUseTLS</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > LDAPUseTLS off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ldap </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_ldap v2.8 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4836" ></A ><H2 >Description</H2 ><P >By default, mod_ldap connects to the LDAP server via a non-encrypted connection. Enabling this option causes mod_ldap to use an encrypted (TLS/SSL) connection to the LDAP server. If a secure connection to the LDAP server fails, mod_ldap will not authenticate users (mod_ldap will *not* fall back to an unsecure connection).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4839" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4842" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LEECHRATIOMSG" ></A > LeechRatioMsg</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4853" ></A ><H2 >Name</H2 >LeechRatioMsg -- Sets the 'over ratio' error message</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4856" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LeechRatioMsg</B > [ <TT CLASS="OPTION" >LeechRatioMsg foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4883" ></A ><H2 >Description</H2 ><P >The LeechRatioMsg directive defines the response message sent back to the client upon breaking their quota limits.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4886" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4889" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >LeechRatioMsg "please upload as well as download"</PRE ><P ></P ></DIV ><H1 ><A NAME="LIMIT" ></A > Limit</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4901" ></A ><H2 >Name</H2 >Limit -- Set the commands/actions to be controlled</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4904" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Limit</B > [ <TT CLASS="OPTION" ><Limit command|command-group [command2 ..]></TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Directory>, <Anonymous>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4931" ></A ><H2 >Description</H2 ><P >The Limit configuration block is used to place access restrictions on one or more FTP commands, within a given context. Limits flow downward, so that a Limit configuration in the server config context applies to all <Directory> and <Anonymous> blocks that also reside in the configuration; until it is overridden by a "lower" <Limit> block. Any number of command parameters can be specified, against which the contents of the <Limit> block will be applied. command can be any valid FTP command, but is generally one of the following: CWD (Change Working Directory) Sent by client when changing directories. MKD / XMKD (MaKe Directory) Sent by client to create a new directory. RNFR (ReName FRom), RNTO (ReName TO) Sent as a pair by client to rename a directory entry. DELE (DELEte) Sent by client to delete a file. RMD / XRMD (ReMove Directory) Sent by client to remove a directory. RETR (RETRieve) Transfer a file from the server to the client. STOR (STORe) Transfer a file from the client to the server. In addition, the following command-groups are accepted. They have a lower precedence than real commands, meaning that a real command limit will always be applied instead of the command-group. READ All FTP commands which deal with file reading (directory listing not included): RETR, SITE, SIZE, STAT WRITE All FTP commands which deal with file or directory write/creation/deletion: APPE, DELE, MKD, RMD, RNTO, STOR, XMKD, XRMD DIRS All FTP commands which deal with directory listing: CDUP, CWD, LIST, MDTM, NLST, PWD, RNFR, XCUP, XCWD, XPWD ALL ALL FTP commands (identical to READ WRITE DIRS). Note this group has the lowest precedence of all; it will not override a limit imposed by another command-group (e.g. DIRS). Finally, a special command is allowed which can be used to control login access: LOGIN Connection or login to the server. Applying a <Limit> to this pseudo-command can be used to allow or deny initial connection or login to the context. It has no effect, and is ignored, when used in a context other than server config, <VirtualHost> or <Anonymous> (i.e. using it in a <Directory> context is meaningless). <Limit> command restrictions should not be confused with file/directory access permission. While limits can be used to restrict a command on a certain directory, they cannot be used to override the file permissions inherent to the base operating/file system. The following FTP commands cannot be restricted via <Limit>: ABOR HELP MODE (not implemented, always S) NOOP PASS (use <Limit LOGIN>) PASV PORT QUIT REST (use AllowRetrieveRestart, AllowStoreRestart) STRU (not implemented, always F) SYST TYPE USER (use <Limit LOGIN>)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4934" ></A ><H2 >See also</H2 ><P >See Also: IgnoreHidden</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4937" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LISTOPTIONS" ></A > ListOptions</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN4948" ></A ><H2 >Name</H2 >ListOptions -- Configure options used when listing directories</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN4951" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ListOptions</B > [ <TT CLASS="OPTION" >"options string"</TT >] [ <TT CLASS="OPTION" >["strict"]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4980" ></A ><H2 >Description</H2 ><P >Normally, FTP commands involving directory listings (NLST, LIST and STAT) use the arguments (options) passed by the client to determine what files are displayed and the format they are displayed in. The ListOptions directive can alter the behaviour of such listings by making it such that a certain option (or options) is always in effect, or is always disabled.</P ><P >In addition to the normal dash-prefixed options that the builtin ls takes, the directive allows for plus-prefixed options. The plus-prefixed options allow for their dash-prefixed equivalents, potentially given by a user, to be disabled, while still allowing other options to function normally.</P ><P >In the optional "strict" keyword is used, then the configured options will override any options given by the user (i.e. the user's options will be ignored).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4985" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN4988" ></A ><H2 >Examples</H2 ><P > # Force directory listings to always show dotfiles ListOptions "-a"</P ><P > # To prevent anyone from doing recursive listings, but still allowing # other user options, use +R to disable any -R option given by users ListOptions "+R"</P ><P > # To allow only the basic listing, no options, always ListOptions "" strict</P ></DIV ><H1 ><A NAME="LOGFORMAT" ></A > LogFormat</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5001" ></A ><H2 >Name</H2 >LogFormat -- Specify a logging format</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5004" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LogFormat</B > [ <TT CLASS="OPTION" >LogFormat nickname "format-string"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >LogFormat default "%h %l %u %t \"%r\" %s %b"</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_log</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6pl1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5031" ></A ><H2 >Description</H2 ><P >The LogFormat directive can be used to create a custom logging format for use with the ExtendedLog directive. Once created, the format can be referenced by the specified nickname. The format-string argument can consist of any combination of letters, numbers and symbols. The special character % is used to start a meta-sequence (see below). To insert a literal % character, use %%.</P ><P >The following meta sequences are available and are replaced as indicated when logging. %a Remote client IP address %A Anonymous username (password given), or UNKNOWN if non-anonymous %b Bytes sent for request %d Directory name (not full path) for CDUP, CWD, MKD, RMD, XCWD, XCUP, XMKD, XRMD %D Directory name (full path) for CDUP, CWD, MKD, RMD, XCWD, XCUP, XMKD, XRMD %{FOOBAR}e Contents of environment variable FOOBAR. Note that the server does not set any environment variables itself. %f Filename stored or retrieved, absolute path (not chrooted) %F Filename stored or retrieved, as the client sees it %h Remote client DNS name %J Command arguments received from client, e.g. file.txt %l Remote username (from ident), or UNKNOWN if ident lookup failed %L Local server IP address %m Command (method) name received from client, e.g. RETR %p Local server port number %P Local server process id (pid) %r Full command line received from client %s Numeric FTP response code (status) %t Current local time %{format}t Current local time formatted (strftime(3) format) %T Time taken to transmit/receive file, in seconds %u Local authenticated userid %U USER name originally sent by the client %v ServerName of server handling session %V DNS name of server handling session</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5035" ></A ><H2 >See also</H2 ><P ><A HREF="#EXTENDEDLOG" >ExtendedLog</A >, <A HREF="#TRANSFERLOG" >TransferLog</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5040" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="LOGINPASSWORDPROMPT" ></A > LoginPasswordPrompt</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5051" ></A ><H2 >Name</H2 >LoginPasswordPrompt -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5054" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >LoginPasswordPrompt</B > [ <TT CLASS="OPTION" >LoginPasswordPrompt on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >LoginPasswordPrompt on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5081" ></A ><H2 >Description</H2 ><P >If set to off, ProFTPd will skip the password request if the login will be denied regardless of password, e.g., if a <Limit LOGIN> directive forbids the connection.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5084" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5087" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="MASQUERADEADDRESS" ></A > MasqueradeAddress</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5098" ></A ><H2 >Name</H2 >MasqueradeAddress -- Configure the server address presented to clients</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5101" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MasqueradeAddress</B > [ <TT CLASS="OPTION" >MasqueradeAddress ip-address|dns-hostname</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5128" ></A ><H2 >Description</H2 ><P >MasqueradeAddress causes the server to display the network information for the specified IP address or DNS hostname to the client, on the assumption that that IP address or DNS host is acting as a NAT gateway or port forwarder for the server.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5131" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5134" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" > MasqueradeAddress nat-gw.mydomain.com</P ><P ></P ></DIV ><H1 ><A NAME="MAXCLIENTS" ></A > MaxClients</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5146" ></A ><H2 >Name</H2 >MaxClients -- Limits the number of users that can connect</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5149" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxClients</B > [ <TT CLASS="OPTION" >MaxClients number|none [message]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxClients none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5176" ></A ><H2 >Description</H2 ><P >The MaxClients directive configures the maximum number of authenticated clients which may be logged into a server or anonymous account. Once this limit is reached, additional clients attempting to authenticate will be disconnected. The special value none may be supplied which removes all maximum connection limits from the applicable configuration context. Additionally, an optional message argument may be used which will be displayed to a client attempting to exceed the maximum value; immediately before disconnection. The message argument is parsed for the magic string "%m", which is replaced with the configured maximum value. If message is not supplied, a system-wide default message is used. Example: MaxClients 5 "Sorry, the maximum number of allowed users are already connected (%m)" Results in: 530 Sorry, the maximum number of allowed users are already connected (5)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5179" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5182" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="MAXCLIENTSPERHOST" ></A > MaxClientsPerHost</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5193" ></A ><H2 >Name</H2 >MaxClientsPerHost -- Limits the connections per client machine</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5196" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxClientsPerHost</B > [ <TT CLASS="OPTION" >MaxClientsPerHost number|none [message]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxClientsPerHost none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5223" ></A ><H2 >Description</H2 ><P >The MaxClientsPerHost directive configures the maximum number of clients allowed to connect per host. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value. If message is not supplied, a default message of "Sorry, the maximum number clients (%m) from your host are already connected." is used. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5226" ></A ><H2 >See also</H2 ><P >MaxClients, MaxHostsPerUser</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5229" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >MaxClientsPerHost 1 "Sorry, you may not connect more than one time." Results in: 530 Sorry, you may not connect more than one time.</PRE ><P ></P ></DIV ><H1 ><A NAME="MAXCLIENTSPERUSER" ></A > MaxClientsPerUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5241" ></A ><H2 >Name</H2 >MaxClientsPerUser -- Limit the number of connections per userid</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5244" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxClientsPerUser</B > [ <TT CLASS="OPTION" >MaxClientsPerUser number|none [message]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxClientsPerUser none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5271" ></A ><H2 >Description</H2 ><P >The MaxClientsPerUser directive configures the maximum number of clients that may be connected at any given time using the same user name. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value. If message is not supplied, a default message of "Sorry, the maximum number of clients (%m) for this user already connected."</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5274" ></A ><H2 >See also</H2 ><P ><A HREF="#MAXCLIENTS" >MaxClients</A >, <A HREF="#MAXCLIENTSPERHOST" >MaxClientsPerHost</A > <A HREF="#MAXHOSTSPERUSER" >MaxHostsPerUser</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5280" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >MaxClientsPerUser 1 "Only one such user at a time." Results in: 530 Only one such user at a time.</PRE ><P ></P ></DIV ><H1 ><A NAME="MAXCONNECTIONRATE" ></A > MaxConnectionRate</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5292" ></A ><H2 >Name</H2 >MaxConnectionRate -- Maximum TCP socket connection rate</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5295" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxConnectionRate</B > [ <TT CLASS="OPTION" >connections per second</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5322" ></A ><H2 >Description</H2 ><P >Set the maxiumum rate at which new TCP connections are accepted, this applies to the entire server, therefore too low a value on a high traffic server can result in all VirtualHosts being made unavailable due to normal traffic levels.</P ><P >The value is the number of connections in a given second at which the block comes into effect, thus a value of "1" will result in all connections being blocked.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5326" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5329" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >MaxConnectionRate 4</P ></DIV ><H1 ><A NAME="MAXHOSTSPERUSER" ></A > MaxHostsPerUser</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5340" ></A ><H2 >Name</H2 >MaxHostsPerUser -- Limit the number of connections per userid</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5343" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxHostsPerUser</B > [ <TT CLASS="OPTION" >MaxHostsPerUser number|none [message]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxHostsPerUser none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.4 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5370" ></A ><H2 >Description</H2 ><P >The MaxHostsPerUser directive configures the maximum number of times different hosts, using a given login, can connect at any given time. The optional argument message may be used which will be displayed to a client attempting to exceed the maximum value. If message is not supplied, a default message of "Sorry, the maximum number of hosts (%m) for this user already connected."</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5373" ></A ><H2 >See also</H2 ><P ><A HREF="#MAXCLIENTS" >MaxClients</A >, <A HREF="#MAXCLIENTSPERHOST" >MaxClientsPerHost</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5378" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" >MaxHostsPerUser 1 "Sorry, you may not connect more than one time." Results in: 530 Sorry, you may not connect more than one time.</PRE ><P ></P ></DIV ><H1 ><A NAME="MAXINSTANCES" ></A > MaxInstances</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5390" ></A ><H2 >Name</H2 >MaxInstances -- Sets the maximum number of child processes to be spawned</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5393" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxInstances</B > [ <TT CLASS="OPTION" >MaxInstances number</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxInstances none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6pl1</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5420" ></A ><H2 >Description</H2 ><P >The MaxInstances directive configures the maximum number of child processes that may be spawned by a parent proftpd process in standalone mode. The directive has no effect when used on a server running in inetd mode. Because each child proftpd process represents a single client connection, this directive also controls the maximum number of simultaneous connections allowed. Additional connections beyond the configured limit are syslog'd and silently disconnected. The MaxInstances directive can be used to prevent undesirable denial-of-service attacks (repeatedly connecting to the ftp port, causing proftpd to fork-bomb). By default, no limit is placed on the number of child processes that may run at one time.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5423" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5426" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="MAXLOGINATTEMPTS" ></A > MaxLoginAttempts</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5437" ></A ><H2 >Name</H2 >MaxLoginAttempts -- Sets how many password attempts are allowed before disconnection</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5440" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxLoginAttempts</B > [ <TT CLASS="OPTION" >MaxLoginAttempts number</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MaxLoginAttempts 3</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5467" ></A ><H2 >Description</H2 ><P >The MaxLoginAttempts directive configures the maximum number of times a client may attempt to authenticate to the server during a given connection. After the number of attempts exceeds this value, the user is disconnected and an appropriate message is logged via the syslog mechanism.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5470" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5473" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="MAXRETRIEVEFILESIZE" ></A > MaxRetrieveFileSize</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5484" ></A ><H2 >Name</H2 >MaxRetrieveFileSize -- Restrict size of downloaded files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5487" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxRetrieveFileSize</B > [ <TT CLASS="OPTION" >number|"*" units ["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5514" ></A ><H2 >Description</H2 ><P >When downloading files to clients (eg serving a RETR request), the server will check for any configured limit against the size of the file being requested, and abort any transfers if the requested file's size exceeds the configured limit.</P ><P >A single "*" argument configures unlimited file sizes, and is used primarily to override any inherited restrictions from higher contexts. The given number is the number of bytes for the limit, and is followed by a units specifier of (case-insensitive) "Gb" (Gigabytes), "Mb" (Megabytes), "Kb" (Kilobytes), or "B" (bytes). The given number of bytes is multiplied by the appropriate factor.</P ><P > The optional parameters are used to restrict the file size limits only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply. If no matching user, group, or class expression is found for the current user (in that order), then a limit with no expression (i.e. no "user", "group", or "class" identifier) is applied.</P ><P >See Also: MaxStoreFileSize</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5520" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5523" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" > # Restrict downloads to only 1 gigabyte<br> MaxRetrieveFileSize 1 Gb<br> <br> # Restrict downloads for user fred, but allow unlimited download size for<br> # everyone else<br> MaxStoreFileSize 50 Kb user fred<br> MaxStoreFileSize *</P ></DIV ><H1 ><A NAME="MAXSTOREFILESIZE" ></A > MaxStoreFileSize</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5534" ></A ><H2 >Name</H2 >MaxStoreFileSize -- Restrict size of uploaded files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5537" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MaxStoreFileSize</B > [ <TT CLASS="OPTION" >number|"*" units ["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5564" ></A ><H2 >Description</H2 ><P >When uploading files from a client (eg serving a STOR request), the server will check for any configured limit against the size of the file being sent, and abort any transfers if/when the given file's size exceeds the configured limit.</P ><P >A single "*" argument configures unlimited file sizes, and is used primarily to override any inherited restrictions from higher contexts. The given number is the number of bytes for the limit, and is followed by a units specifier of (case-insensitive) "Gb" (Gigabytes), "Mb" (Megabytes), "Kb" (Kilobytes), or "B" (bytes). The given number of bytes is multiplied by the appropriate factor.</P ><P >The optional parameters are used to restrict the file size limits only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rule applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rule will apply. If no matching user, group, or class expression is found for the current user (in that order), then a limit with no expression (ie no "user", "group", or "class" identifier) is applied.</P ><P >See Also: MaxRetrieveFileSize</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5570" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5573" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" > # Restrict upload to only 3 megabytes<br> MaxStoreFileSize 3 Mb<br> <br> # Restrict anonymous uploads to 50k, but allow unlimited upload size for<br> # everyone else<br> MaxStoreFileSize 50 Kb user anonymous<br> MaxStoreFileSize *</P ></DIV ><H1 ><A NAME="MULTILINERFC2228" ></A > MultilineRFC2228</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5584" ></A ><H2 >Name</H2 >MultilineRFC2228 -- Enable RFC2228 multiline response mode</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5587" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >MultilineRFC2228</B > [ <TT CLASS="OPTION" >MultilineRFC2228 on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >MultilineRFC2228 off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre3 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5614" ></A ><H2 >Description</H2 ><P >By default, proftpd sends multiline responses as per RFC 959, i.e.: 200-First line More lines... 200 Last line RFC 2228 specifies that "6xy" response codes will be sent as follows: 600-First line 600-More lines... 600 Last line Note that 2228 ONLY specifies this for response codes starting with '6'. Enabling this directive causes ALL responses to be sent in this format, which may be more compatible with certain web browsers and clients. Also note that this is NOT the same as wu-ftpd's multiline responses, which do not comply with any RFC. Using this method of multilines is more likely to be compatible with all clients, although it isn't strictly RFC, and is thus not enabled by default.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5617" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5620" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ORDER" ></A > Order</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5631" ></A ><H2 >Name</H2 >Order -- Configures the precedence of the Limit directives</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5634" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Order</B > [ <TT CLASS="OPTION" >Order allow,deny|deny,allow</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Order allow,deny</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Limit></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5661" ></A ><H2 >Description</H2 ><P >The Order directive configures the order in which Allow and Deny directives are checked inside of a <Limit> block. Because Allow directives are permissive, and Deny directives restrictive, the order in which they are examined can significantly alter the way security functions. If the default setting of allow,deny is used, "allowed" access permissions are checked first. If an Allow directive explicitly allows access to the <Limit> context, access is granted and any Deny directives are never checked. If Allow did not explicitly permit access, Deny directives are checked. If any Deny directive applies, access is explicitly denied. Otherwise, access is granted. When deny,allow is used, "deny" access restrictions are checked first. If any restriction applies, access is denied immediately. If nothing is denied, Allow permissions are checked. If an Allow explicitly permits access, access to the entire context is permitted; otherwise access is implicitly denied. For clarification, the following illustrates the steps used when checking Allow/Deny access: Order allow,deny Check Allow directives. If one or more apply, exit with result: ALLOW Check Deny directives. If one or more apply, exit with result: DENY Exit with default implicit ALLOW Order deny,allow Check Deny directives. If one or more apply, exit with result: DENY Check Allow directives. If one or more apply, exit with result: ALLOW Exit with default implicit: DENY</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5664" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5667" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="PASSIVEPORTS" ></A > PassivePorts</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5678" ></A ><H2 >Name</H2 >PassivePorts -- Specify the ftp-data port range to be used</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5681" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >PassivePorts</B > [ <TT CLASS="OPTION" >PassivePorts min-pasv-port max-pasv-port</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5708" ></A ><H2 >Description</H2 ><P >PassivePorts restricts the range of ports from which the server will select when sent the PASV command from a client. The server will randomly choose a number from within the specified range until an open port is found. Should no open ports be found within the given range, the server will default to a normal kernel-assigned port, and a message logged.</P ><P >The port range selected must be in the non-privileged range (eg. greater than or equal to 1024); it is STRONGLY RECOMMENDED that the chosen range be large enough to handle many simultaneous passive connections (for example, 49152-65534, the IANA-registered ephemeral port range).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5712" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5715" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ># Use the IANA registered ephemeral port range PassivePorts 49152 65534</PRE ><P ></P ></DIV ><H1 ><A NAME="PATHALLOWFILTER" ></A > PathAllowFilter</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5727" ></A ><H2 >Name</H2 >PathAllowFilter -- Only allow new files which match a specified pattern</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5730" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >PathAllowFilter</B > [ <TT CLASS="OPTION" >PathAllowFilter regular-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global>, <Directory></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5757" ></A ><H2 >Description</H2 ><P >PathAllowFilter allows the configuration of a regular expression that must be matched for all newly uploaded (stored) files. The regular expression is applied against the entire pathname specified by the client, so care must be taken when creating a proper regex. Paths that fail the regex match result in a "Forbidden filename" error being returned to the client. If the regular-expression argument contains whitespace, it must be enclosed in quotes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5760" ></A ><H2 >See also</H2 ><P ><A HREF="#PATHDENYFILTER" >PathDenyFilter</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5764" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ># Only allow a-z 0-9 . - _ in file names, PathAllowFilter ^[a-z0-9._-]+$ # as above but with upper case characters as well PathAllowFilter ^[A-Za-z0-9._-]+$</PRE ><P ></P ></DIV ><H1 ><A NAME="PATHDENYFILTER" ></A > PathDenyFilter</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5776" ></A ><H2 >Name</H2 >PathDenyFilter -- Disallow new files which match a specified pattern</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5779" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >PathDenyFilter</B > [ <TT CLASS="OPTION" >PathDenyFilter regular-expression</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global>, <Directory></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5806" ></A ><H2 >Description</H2 ><P >Similar to PathAllowFilter, PathDenyFilter specifies a regular expression which must not match any uploaded pathnames. If the regex does match, a "Forbidden filename" error is returned to the client. This can be especially useful for forbidding .ftpaccess or .htaccess files.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5809" ></A ><H2 >See also</H2 ><P ><A HREF="#PATHALLOWFILTER" >PathAllowFilter</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5813" ></A ><H2 >Examples</H2 ><PRE CLASS="PROGRAMLISTING" ># We don't want .ftpaccess or .htaccess files to be uploaded PathDenyFilter "(\\.ftpaccess)|(\\.htaccess)$"</PRE ><P ></P ></DIV ><H1 ><A NAME="PERSISTENTPASSWD" ></A > PersistentPasswd</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5825" ></A ><H2 >Name</H2 >PersistentPasswd -- Sets handling of unix auth files</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5828" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >PersistentPasswd</B > [ <TT CLASS="OPTION" >PersistentPasswd on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Platform dependent</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth_unix</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5855" ></A ><H2 >Description</H2 ><P >The PersistentPasswd directive controls how proftpd handles authentication, user/group lookups, and user/group to name mapping. If set to On, proftpd will attempt to open the system-wide /etc/passwd, /etc/group (and /etc/shadow, potentially) files itself, holding them open even during a chroot()ed login (note that /etc/shadow is never held open, for security reasons). On some platforms, you must turn this option on, as the libc functions are incapable of accessing these databases from inside of a chroot(). At configure-time, the configuration script will attempt to detect whether or not you need this support, and make it the default. However, such "guessing" may fail, and you will have to manually enable or disable the feature. If you cannot see user or group names when performing a directory listing inside an anonymous chrooted login, this indicates you must enable the directive. Use of the AuthUserFile or AuthGroupFile directives will force partial support for persistent user or group database files; regardless of PersistentPasswd's setting.</P ><P >Note: NIS or NIS+ users will most likely want to disable this feature, regardless of proftpd's detected configuration defaults. Failure to disable this will make your NIS/NIS+ maps not work! On certain systems, you may also need to compile ProFTPD with the --enable-autoshadow option in order to authenticate both users from NIS maps and local users.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5859" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5862" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="PIDFILE" ></A > PidFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5873" ></A ><H2 >Name</H2 >PidFile -- Set the filepath to hold the pid of the master server</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5876" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >PidFile</B > [ <TT CLASS="OPTION" >PidFile filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5903" ></A ><H2 >Description</H2 ><P >The PidFile directive sets the file to which the server records the process id of the daemon. The filename should be relative to the system root, ie /var/run/proftpd/pidfile. The PidFile is only used in standalone mode. It is often useful to be able to send the server a signal, so that it closes and then reopens its ErrorLog and TransferLog, and re-reads its configuration files. This is done by sending a SIGHUP (kill -1) signal to the process id of the master daemon listed in the PidFile.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5906" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5909" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="PORT" ></A > Port</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5920" ></A ><H2 >Name</H2 >Port -- Set the port for the control socket</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5923" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Port</B > [ <TT CLASS="OPTION" >Port port-number</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >Port 21</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5950" ></A ><H2 >Description</H2 ><P >The Port directive configures the TCP port which proftpd will listen on while running in standalone mode. It has no effect when used upon a server running in inetd mode (see ServerType). The directive can be used in conjunction with <VirtualHost> in order to run a virtual server on the same IP address as the master server, but listening on a different port.</P ><P >For any server, either <VirtualHost> or server config, setting Port 0 effectively turns off that server.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5954" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5957" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="RLIMITCPU" ></A > RLimitCPU</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN5968" ></A ><H2 >Name</H2 >RLimitCPU -- Configure the maximum CPU time in seconds used by a process</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN5971" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RLimitCPU</B > [ <TT CLASS="OPTION" >RLimitCPU ["daemon"|"session"|"none"] soft-limit|"max" [hard-limit|"max"]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >System defaults</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN5998" ></A ><H2 >Description</H2 ><P >RLimitCPU takes from one to three parameters. The first parameter may be one of "daemon" (applies the limit only to the daemon process), "session" (applies the limit only to child processes handling each FTP session), or "none" (disables any possibly inherited limits). Note that if "daemon" is used, the directive may then only occur in the "server config" context. If none of these keywords are used, the limit is assumed to apply to both daemon and session processes. After any potential keyword, the resource limit must be set. The next parameter is also optional, and sets the maximum resource limit. Either limit parameter can be a number, or "max" to indicate to the server that the limit should be set to the maximum allowed by the operating system.</P ><P >CPU resource limits are expressed in seconds per process.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6002" ></A ><H2 >See Also:</H2 ><P ><A HREF="#RLIMITMEMORY" >RLimitMemory</A >, <A HREF="#RLIMITOPENFILES" >RLimitOpenFiles</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6007" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="RLIMITMEMORY" ></A > RLimitMemory</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6018" ></A ><H2 >Name</H2 >RLimitMemory -- Configure the maximum memory in bytes used by a process</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6021" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RLimitMemory</B > [ <TT CLASS="OPTION" >RLimitMemory ["daemon"|"session"|"none"] soft-limit[units]|"max" [hard-limit[units]|"max"]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6048" ></A ><H2 >Description</H2 ><P >RLimitMemory takes from one to three parameters. The first parameter may be one of "daemon" (applies the limit only to the daemon process), "session" (applies the limit only to child processes handling each FTP session), or "none" (disables any possibly inherited limits). Note that if "daemon" is used, the directive may then only occur in the "server config" context. If none of these keywords are used, the limit is assumed to apply to both daemon and session processes. After any potential keyword, the resource limit must be set. The next parameter is also optional, and sets the maximum resource limit. Either limit parameter can be a number, or "max" to indicate to the server that the limit should be set to the maximum allowed by the operating system.</P ><P >Memory resource limits are expressed in bytes per process. An optional case-insensitive units specifier may follow the number of bytes given: G (Gigabytes), M (Megabytes), K (Kilobytes), or B (bytes). If the units specifier is used, the given number of bytes is multiplied by the appropriate factor.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6052" ></A ><H2 >See Also</H2 ><P >RLimitCPU, RLimitOpenFiles</P ></DIV ><H1 ><A NAME="RLIMITOPENFILES" ></A > RLimitOpenFiles</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6063" ></A ><H2 >Name</H2 >RLimitOpenFiles -- Configure the maximum number of open files used by a process</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6066" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RLimitOpenFiles</B > [ <TT CLASS="OPTION" >RLimitOpenFiles ["daemon"|"session"|"none"] soft-limit|"max" [hard-limit|"max"]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6093" ></A ><H2 >Description</H2 ><P >RLimitOpenFiles takes from one to three parameters. The first parameter may be one of "daemon" (applies the limit only to the daemon process), "session" (applies the limit only to child processes handling each FTP session), or "none" (disables any possibly inherited limits). Note that if "daemon" is used, the directive may then only occur in the "server config" context. If none of these keywords are used, the limit is assumed to apply to both daemon and session processes. After any potential keyword, the resource limit must be set. The next parameter is also optional, and sets the maximum resource limit. Either limit parameter can be a number, or "max" to indicate to the server that the limit should be set to the maximum allowed by the operating system.</P ><P >File resource limits are expressed in number of files per process.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6097" ></A ><H2 >See Also:</H2 ><P >RLimitCPU, RLimitMemory</P ></DIV ><H1 ><A NAME="RADIUSACCTSERVER" ></A > RadiusAcctServer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6108" ></A ><H2 >Name</H2 >RadiusAcctServer -- Setup RADIUS accounting details</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6111" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusAcctServer</B > [ <TT CLASS="OPTION" >server[:port] shared-secret [timeout]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6138" ></A ><H2 >Description</H2 ><P >The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P ><P >Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P ><P >If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6143" ></A ><H2 >See also</H2 ><P ><A HREF="#RADIUSAUTHSERVER" >RadiusAuthServer</A ></P ></DIV ><H1 ><A NAME="RADIUSAUTHSERVER" ></A > RadiusAuthServer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6155" ></A ><H2 >Name</H2 >RadiusAuthServer -- Setup RADIUS authenticator details</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6158" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusAuthServer</B > [ <TT CLASS="OPTION" >server[:port] shared-secret [timeout]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6185" ></A ><H2 >Description</H2 ><P >The RadiusAcctServer is used to specify a RADIUS server to be used for accounting. The server parameter may be either an IP address or a DNS hostname. If not specified, the port used will be the IANA-registered 1813. The optional timeout parameter is used to tell mod_radius how long to wait for a response from the server; it defaults to 30 seconds.</P ><P >Multiple RadiusAcctServers may be configured; each will be tried, in order of appearance in the configuration file, until that server times out or mod_radius receives a response.</P ><P >If no RadiusAcctServers are configured, mod_radius will not use RADIUS for accounting.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6190" ></A ><H2 >See also</H2 ><P ><A HREF="#RADIUSAUTHSERVER" >RadiusAuthServer</A ></P ></DIV ><H1 ><A NAME="RADIUSENGINE" ></A > RadiusEngine</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6202" ></A ><H2 >Name</H2 >RadiusEngine -- Enable RADIUS support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6205" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusEngine</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6232" ></A ><H2 >Description</H2 ><P >The RadiusEngine directive enables or disables the module's runtime RADIUS engine. If it is set to off this module does no RADIUS authentication or accounting at all. Use this directive to disable the module instead of commenting out all mod_radius directives. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6235" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="RADIUSLOG" ></A > RadiusLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6246" ></A ><H2 >Name</H2 >RadiusLog -- Specify the logfile for reporting / debugging</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6249" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusLog</B > [ <TT CLASS="OPTION" >"file"|none</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6276" ></A ><H2 >Description</H2 ><P >The RadiusLog directive is used to a specify a log file for mod_radius reporting and debugging, and can be done a per-server basis. The file parameter must be the full path to the file to use for logging. Note that this path must not be to a world-writeable directory and, unless AllowLogSymlinks is explicitly set to on (generally a bad idea), the path must not be a symbolic link.</P ><P >If file is "none", no logging will be done at all; this setting can be used to override a RadiusLog setting inherited from a <Global> context.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6280" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="RADIUSREALM" ></A > RadiusRealm</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6291" ></A ><H2 >Name</H2 >RadiusRealm -- Setup the authentication realm</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6294" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusRealm</B > [ <TT CLASS="OPTION" >realm</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6321" ></A ><H2 >Description</H2 ><P >The RadiusRealm directive configures a realm string that will be added to the username in the constructed RADIUS packets.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6324" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6327" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" > RadiusRealm .castaglia.org</P ></DIV ><H1 ><A NAME="RADIUSUSERINFO" ></A > RadiusUserInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6338" ></A ><H2 >Name</H2 >RadiusUserInfo -- Configure login information via RADIUS</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6341" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RadiusUserInfo</B > [ <TT CLASS="OPTION" >uid gid home shell [suppl-group-names suppl-group-ids]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_radius</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6368" ></A ><H2 >Description</H2 ><P >The RadiusUserInfo directive is used to configure login information used for every user authenticated via RADIUS. The optional suppl-group-names and suppl-group-ids parameters are used to specify supplemental group membership for each user; the number of names and IDs must match if these parameters are used.</P ><P >In order to support RADIUS servers that may use custom attributes in their Access-Accept response packets to supply user information back to the RADIUS client (mod_radius in this case), this directive allows the following syntax for some of its parameters:</P ><P > <P CLASS="LITERALLAYOUT" > $(attribute-id:default-value)</P > </P ><P >where the enclosing $() signals that the parameter is to be supplied by the RADIUS server, attribute-id is the custom attribute ID for which to search in the response packet, and default-value is the value to use in case the requested attribute is not present in the response packet. This syntax is not supported for the suppl-group-names or suppl-group-ids parameters.</P ><P >If RadiusUserInfo is not used, mod_radius will perform pure "yes/no" authentication only, in the style of PAM. The information that would have been configured via this directive will be pulled from other sources (e.g. /etc/passwd, AuthUserFiles, MySQL tables, etc).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6376" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="RATIOFILE" ></A > RatioFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6387" ></A ><H2 >Name</H2 >RatioFile -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6390" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RatioFile</B > [ <TT CLASS="OPTION" >RatioFile foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6417" ></A ><H2 >Description</H2 ><P >The RatioFile directive .... Example: RatioFile</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6420" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6423" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="RATIOTEMPFILE" ></A > RatioTempFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6434" ></A ><H2 >Name</H2 >RatioTempFile -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6437" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RatioTempFile</B > [ <TT CLASS="OPTION" >RatioTempFile foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6464" ></A ><H2 >Description</H2 ><P >The RatioTempFile directive .... Example: RatioTempFile</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6467" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6470" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="RATIOS" ></A > Ratios</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6481" ></A ><H2 >Name</H2 >Ratios -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6484" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Ratios</B > [ <TT CLASS="OPTION" >Ratios foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6511" ></A ><H2 >Description</H2 ><P >The Ratios directive .... Example: Ratios</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6514" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6517" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="REQUIREVALIDSHELL" ></A > RequireValidShell</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6528" ></A ><H2 >Name</H2 >RequireValidShell -- Allow connections based on /etc/shells</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6531" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RequireValidShell</B > [ <TT CLASS="OPTION" >RequireValidShell on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >RequireValidShell on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6558" ></A ><H2 >Description</H2 ><P >The RequireValidShell directive configures the server, virtual host or anonymous login to allow or deny logins which do not have a shell binary listed in /etc/shells. By default, proftpd disallows logins if the user's default shell is not listed in /etc/shells. If /etc/shells cannot be found, all default shells are assumed to be valid.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6561" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6564" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="REWRITECONDITION" ></A > RewriteCondition</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6575" ></A ><H2 >Name</H2 >RewriteCondition -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6578" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteCondition</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6605" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6608" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6611" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="REWRITEENGINE" ></A > RewriteEngine</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6622" ></A ><H2 >Name</H2 >RewriteEngine -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6625" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteEngine</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6652" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6655" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6658" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="REWRITELOCK" ></A > RewriteLock</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6669" ></A ><H2 >Name</H2 >RewriteLock -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6672" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteLock</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6699" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6702" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6705" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="REWRITELOG" ></A > RewriteLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6716" ></A ><H2 >Name</H2 >RewriteLog -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6719" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteLog</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6746" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6749" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6752" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="REWRITEMAP" ></A > RewriteMap</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6763" ></A ><H2 >Name</H2 >RewriteMap -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6766" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteMap</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6793" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6796" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6799" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="REWRITERULE" ></A > RewriteRule</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6810" ></A ><H2 >Name</H2 >RewriteRule -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6813" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RewriteRule</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_rewrite</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6840" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6843" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6846" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="ROOTLOGIN" ></A > RootLogin</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6857" ></A ><H2 >Name</H2 >RootLogin -- Permit root user logins</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6860" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RootLogin</B > [ <TT CLASS="OPTION" >RootLogin on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >RootLogin off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6887" ></A ><H2 >Description</H2 ><P >Normally, proftpd disallows root logins under any circumstance. If a client attempts to login as root, using the correct password, a special security message is sent to syslog. When the RootLogin directive is turned On, the root user may authenticate just as any other user could (assuming no other access control measures deny access); however the root login security message is still sysloged. Obviously, extreme care should be taken when using this directive.</P ><P >The use of RootLogin in the Anonymous context is only valid when the User / Group defined in the Anonymous block is set to 'root'</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6891" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6894" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="ROOTREVOKE" ></A > RootRevoke</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6905" ></A ><H2 >Name</H2 >RootRevoke -- Drop root privileges completely</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6908" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >RootRevoke</B > [ <TT CLASS="OPTION" >RootRevoke on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >RootRevoke off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.9rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6935" ></A ><H2 >Description</H2 ><P >The RootRevoke directive causes all root privileges to be dropped once a user is authenticated. This will also cause active transfers to be disabled, if the server is listening on a port less than 1025. Note that this only affects active transfers; passive transfers will not be blocked.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6938" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6941" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SQLAUTHTYPES" ></A > SQLAuthTypes</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN6952" ></A ><H2 >Name</H2 >SQLAuthTypes -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN6955" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLAuthTypes</B > [ <TT CLASS="OPTION" >[OpenSSL]</TT >] [ <TT CLASS="OPTION" >[Crypt]</TT >] [ <TT CLASS="OPTION" >[Backend]</TT >] [ <TT CLASS="OPTION" >[Plaintext]</TT >] [ <TT CLASS="OPTION" >[Empty]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN6990" ></A ><H2 >Description</H2 ><P >This directive deprecates 'SQLEmptyPasswords', 'SQLScrambledPasswords', 'SQLSSLHashedPasswords', 'SQLPlaintextPasswords', and 'SQLEncryptedPasswords'. Specifies the allowed authentication types and their check order. YOU MUST SPECIFY AT LEAST ONE AUTHENTICATION METHOD. For example: SQLAuthTypes Crypt Empty means check whether the password in the database matches in UNIX crypt() format; if that fails, check to see if the password in the database is empty (matching ANY given password); if that fails, mod_sql refuses to authenticate the user. Current Types Plaintext: allows passwords in the database to be in plaintext OpenSSL: allows passwords in the database to be of the form '{digestname}hashedvalue'. This check is only available if you define 'HAVE_OPENSSL' when you compile proftd and you link with the OpenSSL 'crypto' library. Crypt: allows passwords in the database to be in UNIX crypt() form Backend: a database-specific backend check function. Not all backends support this. Specifically, the MySQL backend uses this type to authenticate MySQL 'PASSWORD()' encrypted passwords. The Postgres backend does nothing. Empty: allows empty passwords in the database, which match against ANYTHING the user types in. The database field must be a truly empty string -- that is, NULL values are never accepted. BE VERY CAREFUL WITH THIS AUTHTYPE.</P ></DIV ><H1 ><A NAME="SQLAUTHENTICATE" ></A > SQLAuthenticate</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7001" ></A ><H2 >Name</H2 >SQLAuthenticate -- Specify authentication methods and what to authenticate </DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7004" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLAuthenticate</B > {on | off}</P ><P > or</P ><P ><B CLASS="COMMAND" >SQLAuthenticate</B > [ users [*] ] [ group [*] ] [ userset [fast] ] [ groupset [fast] ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > SQLAuthenticate <TT CLASS="COMPUTEROUTPUT" >on</TT > </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P > mod_sql </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > 1.2.5rc1 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7044" ></A ><H2 >Description</H2 ><P >The SQLAuthenticate directive controls the behavior of mod_sql regarding the authentication process. SQLAuthenticate can provide fine grained control over authentication of logins and file access for both users and groups. Using this directive, mod_sql can be configured to be the authoritative authentication mechanism - in that case, mod_sql provides authentication and all other authentication mechanisms will be bypassed.</P ><P >The syntax for SQLAuthenticate can take one of two possible formats. The simplest syntax is a simple <TT CLASS="COMPUTEROUTPUT" >on | off</TT > format: <P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT >on</DT ><DD ><P >mod_sql will perform login authentication and will also control file access using both user ID and group ID. This is equivalent to the following alternative syntax: <A NAME="AEN7055" ></A ><BLOCKQUOTE CLASS="BLOCKQUOTE" ><P ><TT CLASS="COMPUTEROUTPUT" > SQLAuthenticate users groups userset groupset </TT ></P ></BLOCKQUOTE > </P ></DD ><DT >off</DT ><DD ><P >mod_sql will not perform user or group lookups nor will it control file access or functionality. </P ></DD ></DL ></DIV > </P ><P >A more complex syntax is provided to provide finer control of the behavior of mod_sql. Two features in particular may be controlled via this syntax: <P ></P ><UL ><LI ><P > Authorititative lookups and authentication</P ></LI ><LI ><P > File access or functionality control based on UID or GID</P ></LI ></UL > The following command options are used to control these features. Note that each of these options may be listed in any order. </P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT >users[*]</DT ><DD ><P >If this option is present, user lookups will take place. Appending an asterisk to <TT CLASS="COMPUTEROUTPUT" >users</TT > will cause mod_sql to become authoritiative for user lookups. All other user authentication methods will be ignored. If this option is not included, mod_sql will not perform any user lookups. </P ></DD ><DT >groups[*]</DT ><DD ><P >If this option is present, group lookups will take place. Appending an asterisk to <TT CLASS="COMPUTEROUTPUT" >groups</TT > will cause mod_sql to become authoritiative for group lookups. All other authentication methods will be ignored. If this option is not included, mod_sql will not perform any group lookups. </P ></DD ><DT >userset[fast]</DT ><DD ><P >If this option is present, mod_sql will control file access or functionality by processing the (get|set|end)pwent calls. These calls are used to determine file access rights based on username. This option has no effect if the <TT CLASS="COMPUTEROUTPUT" >user[*]</TT > option is not present.</P ><P >If mod_sql is used to authenticate a significant number of users, the (set|get|end)pwent calls can become expensive. The number of queries will be n+1, where n is the number of users to be looked up. On a large system, this can significantly slow logins. Using the <TT CLASS="COMPUTEROUTPUT" >usersetfast</TT > option will cause a single query to be performed to lookup all users, speeding up the login process. The drawback to this option is that memory utilization will be increased. </P ></DD ><DT >groupset[fast]</DT ><DD ><P >If this option is present, mod_sql will control file access or functionality by processing the (get|set|end)grent calls. These calls are used to determine file access rights based on groupname. This option has no effect if the <TT CLASS="COMPUTEROUTPUT" >group[*]</TT > option is not present.</P ><P >If mod_sql is used to authenticate a significant number of groups, the (set|get|end)grent calls can become expensive. The number of queries will be n+1, where n is the number of groups to be looked up. On a large system, this can significantly slow logins. Using the <TT CLASS="COMPUTEROUTPUT" >groupsetfast</TT > option will cause a single query to be performed to lookup all groups, speeding up the login process. The drawback to this option is that memory utilization will be increased. </P ></DD ></DL ></DIV ><P >Turning off (not including) userset or groupset affects the functionality of mod_sql. Not allowing these lookups may remove the ability to control access or control functionality by group membership, depending on your other auth handlers and the data available to them. At the same time, choosing not to do these lookups may dramatically speed login for many large sites. </P ><P >The 'fast' suffix is not appropriate for every site. Normally, mod_sql will retrieve a list of users and groups, and get information from the database on a per-user or per-group basis. This is query intensive -- it requires (n+1) queries, where n is the number of users or groups to lookup. By choosing 'fast' lookups, mod_sql will make a single SELECT query to get information from the database. </P ><P >In exchange for the radical reduction in the number of queries, the single query will increase the memory consumption of the process -- all group or user information will be read at once rather than in discrete chunks. </P ><P ><SPAN CLASS="bold" ><B CLASS="EMPHASIS" >Note:</B ></SPAN >If the <TT CLASS="COMPUTEROUTPUT" >groupset</TT > option is specified, mod_sql requires that the SQL group table contain only a single record for each group. All members of a group must be specified in the single record. Make sure that the group table is created with a sufficent column size for group members - for example, a MySQL group table should use type <TT CLASS="COMPUTEROUTPUT" >TEXT</TT > for the group members column, providing 65535 characters for listing all of the group members in a comma-separated list. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7101" ></A ><H2 >See also</H2 ><P > <A HREF="#SQLUSERTABLE" >SQLUserTable</A > , <A HREF="#SQLGROUPTABLE" >SQLGroupTable</A > , <A HREF="#SQLUSERINFO" >SQLUserInfo</A > , <A HREF="#SQLGROUPINFO" >SQLGroupInfo</A > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7108" ></A ><H2 >Examples</H2 ><P >If user and group lookups are desired, but other means will be used to perform file access control, and the user/group lookups are not to be authoritatuve, the following directive syntax is appropriate. This is not a particuarly interesting configuration.</P ><A NAME="AEN7111" ></A ><BLOCKQUOTE CLASS="BLOCKQUOTE" ><P > <TT CLASS="COMPUTEROUTPUT" >SQLAuthenticate users groups</TT > </P ></BLOCKQUOTE ><P >A more interesting configuration for mod_sql is shown below. In this configuration, mod_sql is authoritative for both users and groups, and also performs access control based on both user name and group membership. Utilizing a configuration such as this removes the need to provide a shell account for users on the server, while still providing "non-anonymous" ftp access with access control. The "fast" option is also used to speed up logins, at the expense of increased memory utilization.</P ><A NAME="AEN7115" ></A ><BLOCKQUOTE CLASS="BLOCKQUOTE" ><P > <TT CLASS="COMPUTEROUTPUT" > SQLAuthenticate users* groups* usersetfast groupsetfast </TT > </P ></BLOCKQUOTE ></DIV ><H1 ><A NAME="SQLAUTHORITATIVE" ></A > SQLAuthoritative</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7126" ></A ><H2 >Name</H2 >SQLAuthoritative -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7129" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLAuthoritative</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7156" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7159" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7162" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLCONNECTINFO" ></A > SQLConnectInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7173" ></A ><H2 >Name</H2 >SQLConnectInfo -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7176" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLConnectInfo</B > [ <TT CLASS="OPTION" >connection-info</TT >] [ <TT CLASS="OPTION" >[username]</TT >] [ <TT CLASS="OPTION" >[password]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7207" ></A ><H2 >Description</H2 ><P >This directive deprecates 'MySQLInfo', 'PostgresInfo', and 'PostgresPort'. Specifies connection information. Connection-info specifies the database, host, port, and other backend-specific information. username and password specify the username and password to connect as, respectively. Both default to NULL, which the backend will treat in some backend-specific manner. If you specify a password, you MUST specify a username. Any given backend has the opportunity (but not the responsibility) to check for syntax errors in the connection-info field at proftpd startup, but you shouldn't expect semantic errors (i.e., can't connect to the database) to be caught until mod_sql attempts to connect for a given host. The MySQL and Postgres backends connection-info is expected to be of the form: database[@hostname][:port] hostname will default to a backend-specific hostname (which happens to be 'localhost' for both the MySQL and Postgres backends), and port will default to a backend-specific default port (3306 for the MySQL backend, 5432 for the Postgres backend). Examples: SQLConnectInfo ftpusers@foo.com means "Try connecting to the database 'ftpuser' via the default port at 'foo.com'. Use a NULL username and a NULL password." SQLConnectInfo ftpusers:3000 admin means "Try connecting to the database 'ftpuser' via port 3000 at 'localhost'. Use the username 'admin' and a NULL password." SQLConnectInfo ftpusers@foo.com:3000 admin mypassword means "Try connecting to the database 'ftpuser' via port 3000 at 'foo.com'. Use the username 'admin' and the password 'mypassword'" Backends may require different information in the connection-info field; check your backend module for specifics.</P ></DIV ><H1 ><A NAME="SQLDEFAULTGID" ></A > SQLDefaultGID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7218" ></A ><H2 >Name</H2 >SQLDefaultGID -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7221" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLDefaultGID</B > [ <TT CLASS="OPTION" >defaultgid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >65533</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7248" ></A ><H2 >Description</H2 ><P >Sets the default GID for users. Must be greater than SQLMinID.</P ></DIV ><H1 ><A NAME="SQLDEFAULTHOMEDIR" ></A > SQLDefaultHomedir</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7259" ></A ><H2 >Name</H2 >SQLDefaultHomedir -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7262" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLDefaultHomedir</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7289" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7292" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7295" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLDEFAULTUID" ></A > SQLDefaultUID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7306" ></A ><H2 >Name</H2 >SQLDefaultUID -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7309" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLDefaultUID</B > [ <TT CLASS="OPTION" >defaultuid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >65533</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7336" ></A ><H2 >Description</H2 ><P >Sets the default UID for users. Must be greater than SQLMinID.</P ></DIV ><H1 ><A NAME="SQLDOAUTH" ></A > SQLDoAuth</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7347" ></A ><H2 >Name</H2 >SQLDoAuth -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7350" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLDoAuth</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7377" ></A ><H2 >Description</H2 ><P >Activates SQL authentication. This overrides all other directives -- SQLDoGroupAuth and SQLAuthoritative are ineffectual if SQLDoAuth is off.</P ></DIV ><H1 ><A NAME="SQLDOGROUPAUTH" ></A > SQLDoGroupAuth</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7388" ></A ><H2 >Name</H2 >SQLDoGroupAuth -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7391" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLDoGroupAuth</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7418" ></A ><H2 >Description</H2 ><P >This directive causes mod_sql to pretend it has no group information. It necessarily breaks ALL CONFIG FILES up to 1.2.0rc2, since mod_sql now assumes that group information is available UNLESS this directive is set to OFF. This DOESN'T override SQLAuthoritative -- if SQLAuthoritative is set to 'On' but SQLDoGroupAuth is set to 'Off', all group-related queries will fail without giving other modules the opportunity to handle them. Prior to 1.2.0, there was no way to provide group information from the database. This caused a few bugs, and reduced the functionality of this module.</P ></DIV ><H1 ><A NAME="SQLEMPTYPASSWORDS" ></A > SQLEmptyPasswords</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7429" ></A ><H2 >Name</H2 >SQLEmptyPasswords -- Allow zero length passwords (DEPRECATED)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7432" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLEmptyPasswords</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7459" ></A ><H2 >Description</H2 ><P >This directive is deprecated, please use SQLAuthTypes instead</P ><P >Specifies whether an empty (non-NULL but zero-length) password is acceped from the database. Default is no, and truly NULL passwords are never accepted. If the retrieved password is empty then whatever password the user typed is accepted as valid, but the module logs a warning at debug level 4.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7463" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7466" ></A ><H2 >Examples</H2 ><P >SQLEmptyPasswords on</P ></DIV ><H1 ><A NAME="SQLENCRYPTEDPASSWORDS" ></A > SQLEncryptedPasswords</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7477" ></A ><H2 >Name</H2 >SQLEncryptedPasswords -- Assume SQL passwords are encrypted (DEPRECATED)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7480" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLEncryptedPasswords</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7507" ></A ><H2 >Description</H2 ><P >This directive is deprecated, please SQLAuthTypes instead</P ><P >Specifies whether the password in the database may be in UNIX crypt() format. Default is true, with this being the only check done. A tool for generating crypted password text may be found at ftp://ftp.linpeople.org/pub/People/lilo/source/makepasswd-1.07.tar.gz</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7511" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7514" ></A ><H2 >Examples</H2 ><P >SQLEncryptedPasswords on</P ></DIV ><H1 ><A NAME="SQLGIDFIELD" ></A > SQLGidField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7525" ></A ><H2 >Name</H2 >SQLGidField -- Set the field holding gid information (deprecated)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7528" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGidField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >FIXFIXFIX</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7555" ></A ><H2 >Description</H2 ><P >FIX FIX FIX</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7558" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7561" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >FIXFIXFIX</P ><P >FIXFIX</P ></DIV ><H1 ><A NAME="SQLGROUPGIDFIELD" ></A > SQLGroupGIDField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7573" ></A ><H2 >Name</H2 >SQLGroupGIDField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7576" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupGIDField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7603" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7606" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7609" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLGROUPINFO" ></A > SQLGroupInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7620" ></A ><H2 >Name</H2 >SQLGroupInfo -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7623" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupInfo</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7650" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7653" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7656" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLGROUPMEMBERSFIELD" ></A > SQLGroupMembersField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7667" ></A ><H2 >Name</H2 >SQLGroupMembersField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7670" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupMembersField</B > [ <TT CLASS="OPTION" >fieldname</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >members</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7697" ></A ><H2 >Description</H2 ><P >Specifies the field in the group table that holds the group's member list. </P ></DIV ><H1 ><A NAME="SQLGROUPTABLE" ></A > SQLGroupTable</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7708" ></A ><H2 >Name</H2 >SQLGroupTable -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7711" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupTable</B > [ <TT CLASS="OPTION" >tablename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >groups</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7738" ></A ><H2 >Description</H2 ><P >Specifies the name of the table that holds group information.</P ></DIV ><H1 ><A NAME="SQLGROUPWHERECLAUSE" ></A > SQLGroupWhereClause</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7749" ></A ><H2 >Name</H2 >SQLGroupWhereClause -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7752" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupWhereClause</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7779" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7782" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7785" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLGROUPNAMEFIELD" ></A > SQLGroupnameField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7796" ></A ><H2 >Name</H2 >SQLGroupnameField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7799" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLGroupnameField</B > [ <TT CLASS="OPTION" >Syntax: fieldname</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >groupname</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7826" ></A ><H2 >Description</H2 ><P >Specifies the field in the group table that holds the group name.</P ></DIV ><H1 ><A NAME="SQLHOMEDIR" ></A > SQLHomedir</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7837" ></A ><H2 >Name</H2 >SQLHomedir -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7840" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLHomedir</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7867" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7870" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7873" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLHOMEDIRFIELD" ></A > SQLHomedirField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7884" ></A ><H2 >Name</H2 >SQLHomedirField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7887" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLHomedirField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7914" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7917" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7920" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLHOMEDIRONDEMAND" ></A > SQLHomedirOnDemand</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7931" ></A ><H2 >Name</H2 >SQLHomedirOnDemand -- Have mod_sql create home directories as needed</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7934" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLHomedirOnDemand</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN7961" ></A ><H2 >Description</H2 ><P >Specifies whether to automatically create a user's home directory if it doesn't exist at login.</P ></DIV ><H1 ><A NAME="SQLLOG" ></A > SQLLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN7972" ></A ><H2 >Name</H2 >SQLLog -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN7975" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLog</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8002" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8005" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8008" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGDIRS" ></A > SQLLogDirs</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8019" ></A ><H2 >Name</H2 >SQLLogDirs -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8022" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLogDirs</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8049" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8052" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8055" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGFILE" ></A > SQLLogFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8066" ></A ><H2 >Name</H2 >SQLLogFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8069" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLogFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8096" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8099" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8102" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGHITS" ></A > SQLLogHits</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8113" ></A ><H2 >Name</H2 >SQLLogHits -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8116" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLogHits</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8143" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8146" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8149" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGHOSTS" ></A > SQLLogHosts</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8160" ></A ><H2 >Name</H2 >SQLLogHosts -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8163" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLogHosts</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8190" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8193" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8196" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGSTATS" ></A > SQLLogStats</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8207" ></A ><H2 >Name</H2 >SQLLogStats -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8210" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLogStats</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8237" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8240" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8243" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLLOGINCOUNTFIELD" ></A > SQLLoginCountField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8254" ></A ><H2 >Name</H2 >SQLLoginCountField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8257" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLLoginCountField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8284" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8287" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8290" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLMINID" ></A > SQLMinID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8301" ></A ><H2 >Name</H2 >SQLMinID -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8304" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLMinID</B > [ <TT CLASS="OPTION" >minimumid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >999</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8331" ></A ><H2 >Description</H2 ><P >SQLMinID is checked whenever retrieving a user's GID or UID. If the retrieved values for GID or UID are less than the value of SQLMinID, they are reported as the values of, respectively, 'SQLDefaultGID' and 'SQLDefaultUID'.</P ></DIV ><H1 ><A NAME="SQLMINUSERGID" ></A > SQLMinUserGID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8342" ></A ><H2 >Name</H2 >SQLMinUserGID -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8345" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLMinUserGID</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8372" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8375" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8378" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLMINUSERUID" ></A > SQLMinUserUID</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8389" ></A ><H2 >Name</H2 >SQLMinUserUID -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8392" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLMinUserUID</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8419" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8422" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8425" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLNAMEDQUERY" ></A > SQLNamedQuery</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8436" ></A ><H2 >Name</H2 >SQLNamedQuery -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8439" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLNamedQuery</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8466" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8469" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8472" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLNEGATIVECACHE" ></A > SQLNegativeCache</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8483" ></A ><H2 >Name</H2 >SQLNegativeCache -- Enable negative caching for SQL lookups</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8486" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLNegativeCache</B > [ <TT CLASS="OPTION" >on</TT > <TT CLASS="OPTION" >off</TT > ]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P > SQLNegativeCache off </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P > server config, <VirtualHost>, <Global> </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql </P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P > mod_sql v4.10 and later </P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8514" ></A ><H2 >Description</H2 ><P >SQLNegativeCache specifies whether or not to cache negative responses from SQL lookups when using SQL for UID/GID lookups. Depending on your SQL tables, there can be a significant delay when a directory listing is performed as the UIDs not in the SQL database are repeatedly looked up in an attempt to present usernames instead of UIDs in directory listings. With SQLNegativeCache set to on, negative ("not found") responses from SQL queries will be cached and speed will improve on directory listings that contain many users not present in the SQL database.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8517" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8520" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SQLPASSWORDFIELD" ></A > SQLPasswordField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8531" ></A ><H2 >Name</H2 >SQLPasswordField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8534" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLPasswordField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8561" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8564" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8567" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLPROCESSGRENT" ></A > SQLProcessGrEnt</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8578" ></A ><H2 >Name</H2 >SQLProcessGrEnt -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8581" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLProcessGrEnt</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8608" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8611" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8614" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLPROCESSPWENT" ></A > SQLProcessPwEnt</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8625" ></A ><H2 >Name</H2 >SQLProcessPwEnt -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8628" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLProcessPwEnt</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8655" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8658" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8661" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLRATIOSTATS" ></A > SQLRatioStats</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8672" ></A ><H2 >Name</H2 >SQLRatioStats -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8675" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLRatioStats</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8702" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8705" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8708" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLRATIOS" ></A > SQLRatios</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8719" ></A ><H2 >Name</H2 >SQLRatios -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8722" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLRatios</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8749" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8752" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8755" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLSSLHASHEDPASSWORDS" ></A > SQLSSLHashedPasswords</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8766" ></A ><H2 >Name</H2 >SQLSSLHashedPasswords -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8769" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLSSLHashedPasswords</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8796" ></A ><H2 >Description</H2 ><P >This directive is DEPRECATED. Please use SQLAuthTypes instead. Specifies whether to accept passwords of the form {digestname}hashedpassword from the database. This directive is only available if you define 'HAVE_OPENSSL' when you compile proftd and you link with the OpenSSL 'crypto' library. As an example, any of the following password entries in the database would match if the user typed the password 'testpassword': {SHA}IoFZRnP0iujh/70lps6DjKPgwkk= {SHA1}i7YRj4/Wk1rQh2o740pxfTJwj/0= {MD2}nS6iguewvAdrCnOMyQjB1w== {MD4}5wsGtJCkyXBzDJoVsQKjSg== {MD5}4WsquNEjFL9O+9YgOQbqbA==</P ></DIV ><H1 ><A NAME="SQLSCRAMBLEDPASSWORDS" ></A > SQLScrambledPasswords</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8807" ></A ><H2 >Name</H2 >SQLScrambledPasswords -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8810" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLScrambledPasswords</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8837" ></A ><H2 >Description</H2 ><P >This directive is DEPRECATED. Please use SQLAuthTypes instead. Specifies whether to accept passwords in a backend specific format. For the MySQL backend, this means 'PASSWORD()' scrambled passwords. For the Postgres backend, this check does nothing.</P ></DIV ><H1 ><A NAME="SQLSHELLFIELD" ></A > SQLShellField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8848" ></A ><H2 >Name</H2 >SQLShellField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8851" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLShellField</B > [ <TT CLASS="OPTION" >fieldname</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >shell</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8878" ></A ><H2 >Description</H2 ><P >Specifies the field in the user table that holds the user's shell. If this field doesn't exist or the result of the query is NULL, the shell is reported as "".</P ></DIV ><H1 ><A NAME="SQLSHOWINFO" ></A > SQLShowInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8889" ></A ><H2 >Name</H2 >SQLShowInfo -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8892" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLShowInfo</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8919" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8922" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8925" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLUIDFIELD" ></A > SQLUidField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8936" ></A ><H2 >Name</H2 >SQLUidField -- Set the field holding uid information (deprecated)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8939" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLUidField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8966" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8969" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN8972" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLUSERINFO" ></A > SQLUserInfo</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN8983" ></A ><H2 >Name</H2 >SQLUserInfo -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN8986" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLUserInfo</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9013" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9016" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9019" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLUSERTABLE" ></A > SQLUserTable</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9030" ></A ><H2 >Name</H2 >SQLUserTable -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9033" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLUserTable</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9060" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9063" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9066" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLUSERWHERECLAUSE" ></A > SQLUserWhereClause</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9077" ></A ><H2 >Name</H2 >SQLUserWhereClause -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9080" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLUserWhereClause</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9107" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9110" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9113" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLUSERNAMEFIELD" ></A > SQLUsernameField</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9124" ></A ><H2 >Name</H2 >SQLUsernameField -- Deprecated</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9127" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLUsernameField</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9154" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9157" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9160" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="SQLWHERECLAUSE" ></A > SQLWhereClause</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9171" ></A ><H2 >Name</H2 >SQLWhereClause -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9174" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SQLWhereClause</B > [ <TT CLASS="OPTION" >whereclause</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_sql</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9201" ></A ><H2 >Description</H2 ><P >This directive deprecates 'SQLKey' and 'SQLKeyField'. Specifies a where clause that is added to every user query (this has no effect on group queries). The where clause *must* contain all relevant punctuation, and *must not* contain a leading 'and'. As an example of switching from the old-style 'SQLKey' and 'SQLKeyField' directives, if you had: SQLKey true SQLKeyfield LoginAllowed You would now use: SQLWhereClause "LoginAllowed = 'true'" This would be appended to every user-related query as the string " and (LoginAllowed = 'true')"</P ></DIV ><H1 ><A NAME="SAVERATIOS" ></A > SaveRatios</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9212" ></A ><H2 >Name</H2 >SaveRatios -- FIXME FIXME</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9215" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SaveRatios</B > [ <TT CLASS="OPTION" >SaveRatios foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9242" ></A ><H2 >Description</H2 ><P >The SaveRatios directive .... Example: SaveRatios</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9245" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9248" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SCOREBOARDFILE" ></A > ScoreboardFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9259" ></A ><H2 >Name</H2 >ScoreboardFile -- Sets the name and path of the scoreboard file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9262" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ScoreboardFile</B > [ <TT CLASS="OPTION" >path</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ScoreboardFile /usr/local/var/proftpd.scoreboard</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.7rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9289" ></A ><H2 >Description</H2 ><P >The ScoreboardFile directive sets the path to the file where the daemon will store its run-time "scoreboard" session information. This file is necessary for MaxClients to work properly, as well as other utilities (such as ftpwho and ftpcount).</P ><P >This directive deprecates ScoreboardPath.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9293" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9296" ></A ><H2 >Examples</H2 ><P >ScoreboardFile /var/run/proftpd.scoreboard</P ></DIV ><H1 ><A NAME="SERVERADMIN" ></A > ServerAdmin</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9307" ></A ><H2 >Name</H2 >ServerAdmin -- Set the address for the server admin</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9310" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ServerAdmin</B > [ <TT CLASS="OPTION" >ServerAdmin "admin-email-address"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ServerAdmin root@[ServerName]</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl10 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9337" ></A ><H2 >Description</H2 ><P >The ServerAdmin directive sets the email address of the administrator for the server or virtualhost. This address is displayed in magic cookie replacements (see DisplayLogin and DisplayFirstChdir).</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9340" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9343" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SERVERIDENT" ></A > ServerIdent</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9354" ></A ><H2 >Name</H2 >ServerIdent -- Set the message displayed on connect</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9357" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ServerIdent</B > [ <TT CLASS="OPTION" >ServerIdent off|on [identification string]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ServerIdent on "ProFTPD [version] Server (server name) [hostname]"</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9384" ></A ><H2 >Description</H2 ><P >The ServerIdent directive sets the default message displayed when a new client connects. Setting this to off displays "[hostname] FTP server ready." If set to on, the directive can take an optional string argument, which will be displayed instead of the default text. Sites desiring to give out minimal information will probably want a setting like ServerIdent on "FTP Server ready.", which won't even reveal the hostname. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9387" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9390" ></A ><H2 >Examples</H2 ><P >ServerIdent on "Welcome to ftp.linux.co.uk"</P ></DIV ><H1 ><A NAME="SERVERLOG" ></A > ServerLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9401" ></A ><H2 >Name</H2 >ServerLog -- Configure logs on a per-server basis</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9404" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ServerLog</B > [ <TT CLASS="OPTION" >path</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_log</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9431" ></A ><H2 >Description</H2 ><P >The ServerLog directive disables the daemon's use of the syslog mechanism and instead redirects all logging output for the server to the specified filename. The filename argument must contain an absolute path. Use of this directive overrides any facility set by the SyslogFacility directive, as well as overriding any configured SystemLog.</P ></DIV ><H1 ><A NAME="SERVERNAME" ></A > ServerName</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9442" ></A ><H2 >Name</H2 >ServerName -- Configure the name displayed to connecting users</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9445" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ServerName</B > [ <TT CLASS="OPTION" >ServerName "name"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ServerName "ProFTPD Server [version]"</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9472" ></A ><H2 >Description</H2 ><P >The ServerName directive configures the string that will be displayed to a user connecting to the server (or virtual server if the directive is located in a <VirtualHost> block). See Also: <VirtualHost></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9475" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9478" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SERVERTYPE" ></A > ServerType</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9489" ></A ><H2 >Name</H2 >ServerType -- Set the mode proftpd runs in</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9492" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ServerType</B > [ <TT CLASS="OPTION" >ServerType type-identifier</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >ServerType standalone</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9519" ></A ><H2 >Description</H2 ><P >The ServerType directive configures the server daemon's operating mode. The type-identifier can be one of two values: inetd The daemon will expect to be run from the inetd "super server." New connections are passed from inetd to proftpd and serviced immediately. standalone The daemon starts and begins listening to the configured port for incoming connections. New connections result in spawned child processes dedicated to servicing all requests from the newly connected client.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9522" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9525" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SHOWSYMLINKS" ></A > ShowSymlinks</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9536" ></A ><H2 >Name</H2 >ShowSymlinks -- Toggle the display of symlinks</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9539" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >ShowSymlinks</B > [ <TT CLASS="OPTION" >ShowSymlinks on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(versions 1.1.5 and beyond) ShowSymlinks On</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P ></P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9566" ></A ><H2 >Description</H2 ><P >Compatibility: 0.99.0pl6 and later Symbolic links (if supported on the host OS and filesystem) can be either shown in directory listings (including the target of the link) or can be "hidden" (proftpd dereferences symlinks and reports the target's permissions and ownership). The default behavior is to show all symbolic links when normal users are logged in, and hide them for anonymous sessions. If a symbolic link cannot be dereferenced for any reason (permissions, target does not exist, etc) and ShowSymlinks is off, proftpd displays the link as a directory entry of type 'l' (link) with the ownership and permissions of the actual link. Under ProFTPD versions 1.1.5 and higher, the default behavior in regard to ShowSymlinks has been changed so that symbolic links are always displayed as such (in all cases), unless ShowSymlinks off is explicitly set.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9569" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9572" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SOCKETBINDTIGHT" ></A > SocketBindTight</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9583" ></A ><H2 >Name</H2 >SocketBindTight -- Controls how TCP/IP sockets are created</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9586" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SocketBindTight</B > [ <TT CLASS="OPTION" >SocketBindTight on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >SocketBindTight off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9613" ></A ><H2 >Description</H2 ><P >The SocketBindTight directive controls how proftpd creates and binds its initial tcp listen sockets in standalone mode (see ServerType). The directive has no effect upon servers running in inetd mode, because listen sockets are not needed or created. When SocketBindTight is set to off (the default), a single listening socket is created for each port that the server must listen on, regardless of the number of IP addresses being used by <VirtualHost> configurations. This has the benefit of typically requiring a relatively small number of file descriptors for the master daemon process, even if a large number of virtual servers are configured. If SocketBindTight is set to on, a listen socket is created and bound to a specific IP address for the master server and all configured virtual servers. This allows for situations where an administrator may wish to have a particular port be used by both proftpd (on one IP address) and another daemon (on a different IP address). The drawback is that considerably more file descriptors will be required if a large number of virtual servers must be supported. Example: Two servers have been configured (one master and one virtual), with the IP addresses 10.0.0.1 and 10.0.0.2, respectively. The 10.0.0.1 server runs on port 21, while 10.0.0.2 runs on port 2001. SocketBindTight off #default # proftpd creates two sockets, both bound to ALL available addresses. # one socket listens on port 21, the other on 2001. Because each socket is # bound to all available addresses, no other daemon or user process will be # allowed to bind to ports 21 or 2001. ... SocketBindTight on # proftpd creates two sockets again, however one is bound to 10.0.0.1, port 21 # and the other to 10.0.0.2, port 2001. Because these sockets are "tightly" # bound to IP addresses, port 21 can be reused on any address OTHER than # 10.0.0.1, and visa-versa with 10.0.0.2, port 2001. One side-effect of setting SocketBindTight to on is that connections to non-bound addresses will result in a "connection refused" message rather than the typical "500 Sorry, no server available to handle request on xxx.xxx.xxx.xxx.", due to the fact that no listen socket has been bound to the particular address/port pair. This may or may not be aesthetically desirable, depending on your circumstances.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9616" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9619" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SOCKETOPTIONS" ></A > SocketOptions</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9630" ></A ><H2 >Name</H2 >SocketOptions -- Tune socket-level options</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9633" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SocketOptions</B > [ <TT CLASS="OPTION" >[maxseg <size>] [rcvbuf <size>] [sndbuf <size>]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >"server config", <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.9rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9660" ></A ><H2 >Description</H2 ><P >The rcvbuf and sndbuf parameters are used for setting the TCP send/receive window sizes. The maxseg parameter is used for setting a MSS (Maximum Segment Size) via setsockopt(2)'s TCP_MAXSEG option. If the MSS is larger than the interface's MTU, it is ignored and has no effect.</P ><P >If the send/receive window size is increased, it is helpful for performance to increase the internal buffer size. See the --enable-buffer-size argument to ./configure.</P ></DIV ><H1 ><A NAME="STOREUNIQUEPREFIX" ></A > StoreUniquePrefix</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9672" ></A ><H2 >Name</H2 >StoreUniquePrefix -- Set the prefix to be added to uniquely generated filenames</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9675" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >StoreUniquePrefix</B > [ <TT CLASS="OPTION" >"prefix"</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Global>, <Anonymous>, <Directory> .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.6rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9702" ></A ><H2 >Description</H2 ><P >The StoreUniquePrefix is used to configure a prefix for the generated unique random filenames used for the STOU FTP command. The last six characters of the filename will be random. Slashes are not allowed in the prefix string.</P ><P >All valid filename characters are allowed except '/'</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9706" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9709" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >StoreUniquePrefix "Wibble"</P ></DIV ><H1 ><A NAME="SYSLOGFACILITY" ></A > SyslogFacility</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9720" ></A ><H2 >Name</H2 >SyslogFacility -- Set the facility level used for logging</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9723" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SyslogFacility</B > [ <TT CLASS="OPTION" >SyslogFacility facility-level</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9750" ></A ><H2 >Description</H2 ><P >Proftpd logs its activity via the Unix syslog mechanism, which allows for several different general classifications of logging messages, known as "facilities." Normally, all authentication related messages are logged with the AUTHPRIV (or AUTH) facility [intended to be secure, and never seen by unwanted eyes], while normal operational messages are logged with the DAEMON facility. The SyslogFacility directive allows ALL logging messages to be directed to a different facility than the default. When this directive is used, ALL logging is done with the specified facility, both authentication (secure) and otherwise. The facility-level argument must be one of the following: AUTH (or AUTHPRIV), CRON, DAEMON, KERN, LPR, MAIL, NEWS, USER, UUCP, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6 or LOCAL7. See Also: SystemLog</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9753" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9756" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SYSLOGLEVEL" ></A > SyslogLevel</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9767" ></A ><H2 >Name</H2 >SyslogLevel -- Set the verbosity level of system logging</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9770" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SyslogLevel</B > [ <TT CLASS="OPTION" >SyslogLevel emerg|alert|crit|error|warn|notice|info|debug</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0rc2+cvs and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9797" ></A ><H2 >Description</H2 ><P >SyslogLevel adjusts the verbosity of the messages recorded in the error logs. The following levels are available, in order of decreasing significance: Level Description emerg Emergencies - system is unusable. alert Action must be taken immediately. crit Critical Conditions. error Error conditions. warn Warning conditions. notice Normal but significant condition. info Informational. debug Debug-level messages When a particular level is specified, messages from all other levels of higher significance will be reported as well. E.g., when SyslogLevel info is specified, then messages with log levels of notice and warn will also be posted. Using a level of at least crit is recommended.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9800" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9803" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="SYSTEMLOG" ></A > SystemLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9814" ></A ><H2 >Name</H2 >SystemLog -- Redirect syslogging to a file</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9817" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >SystemLog</B > [ <TT CLASS="OPTION" >SystemLog filename|NONE</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_log</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6pl1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9844" ></A ><H2 >Description</H2 ><P >The SystemLog directive disables proftpd's use of the syslog mechanism and instead redirects all logging output to the specified filename. The filename argument should contain an absolute path, and should not be to a file in a nonexistent directory, in a world-writeable directory, or be a symbolic link (unless AllowLogSymlinks is set to on). Use of this directive overrides any facility set by the SyslogFacility directive. Additionally, the special keyword NONE can be used which disables all syslog style logging for the entire configuration.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9847" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWLOGSYMLINKS" >AllowLogSymlinks</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9851" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPACCESSFILES" ></A > TCPAccessFiles</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9862" ></A ><H2 >Name</H2 >TCPAccessFiles -- Sets the access files to use</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9865" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TCPAccessFiles</B > [ <TT CLASS="OPTION" >allow-filename deny-filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_wrap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9892" ></A ><H2 >Description</H2 ><P >TCPAccessFiles specifies two files, an allow and a deny file, each of which contain the IP addresses, networks or name-based masks to be allowed or denied connections to the server. The files have the same format as the standard tcpwrappers hosts.allow/deny files.</P ><P >Both file names are required. Also, the paths to both files must be the full path, with two exceptions: if the path starts with ~/, the check of that path will be delayed until a user requests a connection, at which time the path will be resolved to that user's home directory; or if the path starts with ~user/, where user is some system user. In this latter case, mod_wrap will attempt to resolve and verify the given user's home directory on start-up.</P ><P >The service name for which mod_wrap will look in the indicated access files is proftpd by default; this can be configured via the TCPServiceName directive. There is a built-in precedence to the TCPAccessFiles, TCPGroupAccessFiles, and TCPUserAccessFiles directives, if all are used. mod_wrap will look for applicable TCPUserAccessFiles for the connecting user first. If no applicable TCPUserAccessFiles is found, mod_wrap will search for TCPGroupAccessFiles which pertain to the connecting user. If not found, mod_wrap will then look for the server-wide TCPAccessFiles directive. This allows for access control to be set on a per-server basis, and allow for per-user or per-group access control to be handled without interfering with the server access rules.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9897" ></A ><H2 >See also</H2 ><P ><A HREF="#TCPGROUPACCESSFILES" >TCPGroupAccessFiles</A >, <A HREF="#TCPSERVICENAME" >TCPServiceName</A >, <A HREF="#TCPUSERACCESSFILES" >TCPUserAccessFiles</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9903" ></A ><H2 >Examples</H2 ><P ># server-wide access files TCPAccessFiles /etc/ftpd.allow /etc/ftpd.deny # per-user access files, which are to be found in the user's home directory TCPAccessFiles ~/my.allow ~/my.deny</P ></DIV ><H1 ><A NAME="TCPACCESSSYSLOGLEVELS" ></A > TCPAccessSyslogLevels</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9914" ></A ><H2 >Name</H2 >TCPAccessSyslogLevels -- Sets the logging levels for mod_wrap</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9917" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TCPAccessSyslogLevels</B > [ <TT CLASS="OPTION" >allow-level deny-level</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TCPAccessSyslogLevels info warn</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_wrap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9944" ></A ><H2 >Description</H2 ><P >ProFTPD can log when a connection is allowed, or denied, as the result of rules in the files specified in TCPAccessFiles, to the Unix syslog mechanism. A discussion on the syslog levels which can be used is given in the SyslogLevel directive.</P ><P >The allow-level parameter sets the syslog level at which allowed connections are logged; the deny-level parameter sets the syslog level for denied connections. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9948" ></A ><H2 >See also</H2 ><P ><A HREF="#SYSLOGLEVEL" >SyslogLevel</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9952" ></A ><H2 >Examples</H2 ><P >TCPAccessSyslogLevels debug warn</P ></DIV ><H1 ><A NAME="TCPGROUPACCESSFILES" ></A > TCPGroupAccessFiles</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN9963" ></A ><H2 >Name</H2 >TCPGroupAccessFiles -- Sets the access files to use</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN9966" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TCPGroupAccessFiles</B > [ <TT CLASS="OPTION" >group-expression allow-filename deny-filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_wrap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9993" ></A ><H2 >Description</H2 ><P >TCPGroupAccessFiles allows for access control files, the same types of files required by TCPAccessFiles, to be applied to select groups. The given group-expression is a logical AND expression, which means that the connecting user must be a member of all the groups listed for this directive to apply. Group names may be negated with a ! prefix.</P ><P >The rules for the filename paths are the same as for TCPAccessFiles settings.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN9997" ></A ><H2 >See also</H2 ><P ><A HREF="#TCPACCESSFILES" >TCPAccessFiles</A >, <A HREF="#TCPUSERACCESSFILES" >TCPUserAccessFiles</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10002" ></A ><H2 >Examples</H2 ><P ># every member of group wheel must connect from restricted locations TCPGroupAccessFiles wheel /etc/ftpd-strict.allow /etc/ftpd-strict.deny # everyone else gets the standard access rules TCPGroupAccessFiles !wheel /etc/hosts.allow /etc/hosts.deny</P ></DIV ><H1 ><A NAME="TCPSERVICENAME" ></A > TCPServiceName</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10013" ></A ><H2 >Name</H2 >TCPServiceName -- Configures the name proftpd will use with mod_wrap</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10016" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TCPServiceName</B > [ <TT CLASS="OPTION" >name</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TCPServiceName proftpd</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_wrap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10043" ></A ><H2 >Description</H2 ><P >TCPServiceName is used to configure the name of the service under which mod_wrap will check the allow/deny files. By default, this is the name of the program started, i.e. "proftpd". However, some administrators may want to use a different, more generic service name, such as "ftpd"; use this directive for such needs.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10046" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPUSERACCESSFILES" ></A > TCPUserAccessFiles</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10057" ></A ><H2 >Name</H2 >TCPUserAccessFiles -- Sets the access files to use</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10060" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TCPUserAccessFiles</B > [ <TT CLASS="OPTION" >user-expression allow-filename deny-filename</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >none</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_wrap</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10087" ></A ><H2 >Description</H2 ><P >TCPUserAccessFiles allows for access control files, the same types of files required by TCPAccessFiles, to be applied to select users. The given user-expression is a logical AND expression. Listing multiple users in a user-expression does not make much sense; however, this type of AND evaluation allows for expressions such as "everyone except this user" with the use of the ! negation prefix.</P ><P >The rules for the filename paths are the same as for TCPAccessFiles settings.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10091" ></A ><H2 >See also</H2 ><P ><A HREF="#TCPACCESSFILES" >TCPAccessFiles</A >, <A HREF="#TCPGROUPACCESSFILES" >TCPGroupAccessFiles</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10096" ></A ><H2 >Examples</H2 ><P ># user admin might be allowed to connect from anywhere TCPUserAccessFiles admin /etc/ftpd-anywhere.allow /etc/ftpd-anywhere.deny # while every other user has to connect from LAN addresses TCPUserAccessFiles !admin /etc/ftpd-lan.allow /etc/ftpd-lan.deny</P ></DIV ><H1 ><A NAME="TLSCACERTIFICATEFILE" ></A > TLSCACertificateFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10107" ></A ><H2 >Name</H2 >TLSCACertificateFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10110" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCACertificateFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10137" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10140" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10143" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSCACERTIFICATEPATH" ></A > TLSCACertificatePath</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10154" ></A ><H2 >Name</H2 >TLSCACertificatePath -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10157" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCACertificatePath</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10184" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10187" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10190" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSCAREVOCATIONFILE" ></A > TLSCARevocationFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10201" ></A ><H2 >Name</H2 >TLSCARevocationFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10204" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCARevocationFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10231" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10234" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10237" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSCAREVOCATIONPATH" ></A > TLSCARevocationPath</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10248" ></A ><H2 >Name</H2 >TLSCARevocationPath -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10251" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCARevocationPath</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10278" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10281" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10284" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSCERTIFICATECHAINFILE" ></A > TLSCertificateChainFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10295" ></A ><H2 >Name</H2 >TLSCertificateChainFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10298" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCertificateChainFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10325" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10328" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10331" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSCIPHERSUITE" ></A > TLSCipherSuite</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10342" ></A ><H2 >Name</H2 >TLSCipherSuite -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10345" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSCipherSuite</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10372" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10375" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10378" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSDHPARAMFILE" ></A > TLSDHParamFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10389" ></A ><H2 >Name</H2 >TLSDHParamFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10392" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSDHParamFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10419" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10422" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10425" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSDSACERTIFICATEFILE" ></A > TLSDSACertificateFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10436" ></A ><H2 >Name</H2 >TLSDSACertificateFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10439" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSDSACertificateFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10466" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10469" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10472" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSDSACERTIFICATEKEYFILE" ></A > TLSDSACertificateKeyFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10483" ></A ><H2 >Name</H2 >TLSDSACertificateKeyFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10486" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSDSACertificateKeyFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10513" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10516" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10519" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSENGINE" ></A > TLSEngine</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10530" ></A ><H2 >Name</H2 >TLSEngine -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10533" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSEngine</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10560" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10563" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10566" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSLOG" ></A > TLSLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10577" ></A ><H2 >Name</H2 >TLSLog -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10580" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSLog</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10607" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10610" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10613" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSOPTIONS" ></A > TLSOptions</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10624" ></A ><H2 >Name</H2 >TLSOptions -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10627" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSOptions</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10654" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10657" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10660" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSPROTOCOL" ></A > TLSProtocol</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10671" ></A ><H2 >Name</H2 >TLSProtocol -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10674" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSProtocol</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10701" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10704" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10707" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSRSACERTIFICATEFILE" ></A > TLSRSACertificateFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10718" ></A ><H2 >Name</H2 >TLSRSACertificateFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10721" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSRSACertificateFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10748" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10751" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10754" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSRSACERTIFICATEKEYFILE" ></A > TLSRSACertificateKeyFile</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10765" ></A ><H2 >Name</H2 >TLSRSACertificateKeyFile -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10768" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSRSACertificateKeyFile</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10795" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10798" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10801" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSRANDOMSEED" ></A > TLSRandomSeed</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10812" ></A ><H2 >Name</H2 >TLSRandomSeed -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10815" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSRandomSeed</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10842" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10845" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10848" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSRENEGOTIATE" ></A > TLSRenegotiate</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10859" ></A ><H2 >Name</H2 >TLSRenegotiate -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10862" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSRenegotiate</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10889" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10892" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10895" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSREQUIRED" ></A > TLSRequired</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10906" ></A ><H2 >Name</H2 >TLSRequired -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10909" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSRequired</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10936" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10939" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10942" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSVERIFYCLIENT" ></A > TLSVerifyClient</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN10953" ></A ><H2 >Name</H2 >TLSVerifyClient -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN10956" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSVerifyClient</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10983" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10986" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN10989" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TLSVERIFYDEPTH" ></A > TLSVerifyDepth</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11000" ></A ><H2 >Name</H2 >TLSVerifyDepth -- (docs incomplete)</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11003" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TLSVerifyDepth</B > [ <TT CLASS="OPTION" >"name" limit|regex|ip value</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(docs incomplete)</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Global>, <VirtualHost>, <Anonymous>, <Limit>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_tls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11030" ></A ><H2 >Description</H2 ><P >(docs incomplete)</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11033" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11036" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" >(docs incomplete)</P ></DIV ><H1 ><A NAME="TIMEOUTIDLE" ></A > TimeoutIdle</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11047" ></A ><H2 >Name</H2 >TimeoutIdle -- Sets the idle connection timeout</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11050" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimeoutIdle</B > [ <TT CLASS="OPTION" >TimeoutIdle seconds</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TimeoutIdle 600</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11077" ></A ><H2 >Description</H2 ><P >The TimeoutIdle directive configures the maximum number of seconds that proftpd will allow clients to stay connected without receiving any data on either the control or data connection. If data is received on either connection, the idle timer is reset. Setting TimeoutIdle to 0 disables the idle timer completely (clients can stay connected for ever, without sending data). This is generally a bad idea as a "hung" tcp connection which is never properly disconnected (the remote network may have become disconnected from the Internet, etc) will cause a child server to never exit (at least not for a considerable period of time) until manually killed See Also: TimeoutLogin, TimeoutNoTransfer</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11080" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11083" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TIMEOUTLOGIN" ></A > TimeoutLogin</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11094" ></A ><H2 >Name</H2 >TimeoutLogin -- Sets the login timeout</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11097" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimeoutLogin</B > [ <TT CLASS="OPTION" >TimeoutLogin seconds</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TimeoutLogin 300</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11124" ></A ><H2 >Description</H2 ><P >The TimeoutLogin directive configures the maximum number of seconds a client is allowed to spend authenticating. The login timer is not reset when a client transmits data, and is only removed once a client has transmitted an acceptable USER/PASS command combination. See Also: TimeoutIdle, TimeoutNoTransfer</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11127" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11130" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TIMEOUTNOTRANSFER" ></A > TimeoutNoTransfer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11141" ></A ><H2 >Name</H2 >TimeoutNoTransfer -- Sets the connection without transfer timeout</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11144" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimeoutNoTransfer</B > [ <TT CLASS="OPTION" >TimeoutNoTransfer seconds</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TimeoutNoTransfer 300</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11171" ></A ><H2 >Description</H2 ><P >The TimeoutNoTransfer directive configures the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (i.e. sending/receiving a file, or receiving a directory listing). See Also: TimeoutIdle, TimeoutLogin</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11174" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11177" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TIMEOUTSESSION" ></A > TimeoutSession</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11188" ></A ><H2 >Name</H2 >TimeoutSession -- Sets a timeout for an entire session</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11191" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimeoutSession</B > [ <TT CLASS="OPTION" >seconds ["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.6rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11218" ></A ><H2 >Description</H2 ><P >The TimeoutSession directive sets the maximum number of seconds a control connection between the proftpd server and an FTP client can exist after the client has successfully authenticated. If the seconds argument is set to 0, sessions are allowed to last indefinitely (the default).</P ><P >The optional parameters are used to restrict the session time limit only to specific users. If "user" restriction is given, then expression is a user-expression specifying to which users the time limit applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the time limit will apply. Note that use of the "user" or "group" classifiers within an <Anonymous> context will not make much sense.</P ><P >Example: # set a draconian session time limit TimeoutSession 60 # set session time limits for everyone except a few privileged users TimeoutSession 300 user !bob,!dave,!jenni</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11223" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11226" ></A ><H2 >Examples</H2 ><P CLASS="LITERALLAYOUT" ># Kick the user off after 60 minutes<br> TimeoutSession 3600</P ></DIV ><H1 ><A NAME="TIMEOUTSTALLED" ></A > TimeoutStalled</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11237" ></A ><H2 >Name</H2 >TimeoutStalled -- Sets the timeout on stalled downloads</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11240" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimeoutStalled</B > [ <TT CLASS="OPTION" >TimeoutStalled seconds</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TimeoutStalled 3600</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.6 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11267" ></A ><H2 >Description</H2 ><P >The TimeoutStalled directive sets the maximum number of seconds a data connection between the proftpd server and an FTP client can exist but have no actual data transferred (i.e. "stalled"). If the seconds argument is set to 0, data transfers are allowed to stall indefinitely.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11270" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11273" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TIMESGMT" ></A > TimesGMT</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11284" ></A ><H2 >Name</H2 >TimesGMT -- Toggle time display between GMT and local</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11287" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TimesGMT</B > [ <TT CLASS="OPTION" >TimesGMT on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >(versions 1.2.0pre9 and beyond) on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P ></P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11314" ></A ><H2 >Description</H2 ><P >Compatibility: 1.2.0pre9 and later The TimesGMT option causes the server to report all ls and MDTM times in GMT and not local time.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11317" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11320" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TRANSFERLOG" ></A > TransferLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11331" ></A ><H2 >Name</H2 >TransferLog -- Specify the path to the transfer log</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11334" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TransferLog</B > [ <TT CLASS="OPTION" >TransferLog filename|NONE</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >TransferLog /var/log/xferlog</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.4 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11361" ></A ><H2 >Description</H2 ><P >The TransferLog directive configures the full path to the "wu-ftpd style" file transfer log. Separate log files can be created for each Anonymous and/or VirtualHost. Additionally, the special keyword NONE can be used, which disables wu-ftpd style transfer logging for the context in which the directive is used (only applicable to version 1.1.7 and later). See Also: ExtendedLog, LogFormat</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11364" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11367" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TRANSFERRATE" ></A > TransferRate</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11378" ></A ><H2 >Name</H2 >TransferRate -- Configure upload, download transfer rates</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11381" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >TransferRate</B > [ <TT CLASS="OPTION" >cmds</TT >] [ <TT CLASS="OPTION" >kilobytes-per-sec[:free-bytes]</TT >] [ <TT CLASS="OPTION" >["user"|"group"|"class" expression]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous>, <Directory>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_xfer</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.8rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11412" ></A ><H2 >Description</H2 ><P >The TransferRate directive is used to set transfer rates limits on the transfer of data. This directive allows for transfer rates to be set in a wide variety of contexts, on a per-command basis, and for certain subsets of users.</P ><P >The cmds parameter may be an comma-separated list of any of the following commands: APPE, RETR, STOR, and STOU.</P ><P >The kilobytes-per-sec parameter is the actual transfer rate to be applied.</P ><P >The free-bytes parameter, if configured, allows that many bytes to be transferred before the rate controls are applied. This allows for clients transferring small files to be unthrottled, but for larger files, such as MP3s and ISO images, to be throttled.</P ><P >The optional parameters are used to restrict the application of the rate controls only to specific users. If the "user" restriction is given, then expression is a user-expression specifying to which users the rate applies. Similarly for the "group" restriction. For the "class" restriction, the expression is simply the name of connection class for whom the rate will apply.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11419" ></A ><H2 >Examples</H2 ><P > # Limit downloads for everyone except the special group of users TransferRate RETR 1.5 group !special-users</P ><P > # Limit uploads (and appends!) to the prolific users in the # lotsofuploadfiles.net domain. This presumes that a Class has been defined # for that domain, and that that Class has been named "uploaders". Let them # upload small files without throttling, though. TransferRate APPE,STOR 8.0:1024 class uploaders</P ></DIV ><H1 ><A NAME="UMASK" ></A > Umask</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11431" ></A ><H2 >Name</H2 >Umask -- Set the default Umask</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11434" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Umask</B > [ <TT CLASS="OPTION" >Umask file octal-mask [directory octal-mask]</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Directory>, <Global>, .ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11461" ></A ><H2 >Description</H2 ><P >Umask sets the mask applied to newly created file and directory permissions within a given context. By default, the Umask in the server configuration, <VirtualHost> or <Anonymous> block is used, unless overridden by a "per-directory" Umask setting. Any arguments supplied must be an octal number, in the format 0xxx. An optional second argument can specify a Umask to be used when creating directories. If a second argument isn't specified, directories are created using the default Umask in the first argument. For more information on umasks, consult your operating system documentation/man pages.</P ><P >Proftpd will not create files that have the execution bit turned on, this is a security driven design decision. The permissions of the uploaded file can be changed by issuing a SITE CHMOD command can be used to change the mode of the uploaded file. Syntax of the command is: SITE CHMOD <mode> <file>.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11465" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11468" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USEFTPUSERS" ></A > UseFtpUsers</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11479" ></A ><H2 >Name</H2 >UseFtpUsers -- Block based on /etc/ftpusers</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11482" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UseFtpUsers</B > [ <TT CLASS="OPTION" >UseFtpUsers on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >UseFtpUsers on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <Anonymous>, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11509" ></A ><H2 >Description</H2 ><P >Legacy FTP servers generally check a special authorization file (typically /etc/ftpusers) when a client attempts to authenticate. If the user's name is found in this file, FTP access is denied. For compatibility sake, proftpd defaults to checking this file during authentication. This behavior can be suppressed using the UseFtpUsers configuration directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11512" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11515" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USEGLOBBING" ></A > UseGlobbing</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11526" ></A ><H2 >Name</H2 >UseGlobbing -- Toggles use of glob() functionality</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11529" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UseGlobbing</B > [ <TT CLASS="OPTION" >on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >UseGlobbing on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global>, <Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ls</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.5rc1 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11556" ></A ><H2 >Description</H2 ><P >The UseGlobbing directive controls use of glob() functionality, which is needed for supporting wildcard characters such as *.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11559" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="USEREVERSEDNS" ></A > UseReverseDNS</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11570" ></A ><H2 >Name</H2 >UseReverseDNS -- Toggle rDNS lookups</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11573" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UseReverseDNS</B > [ <TT CLASS="OPTION" >UseReverseDNS on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >UseReverseDNS on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11600" ></A ><H2 >Description</H2 ><P >Normally, incoming active mode data connections and outgoing passive mode data connections have a reverse DNS lookup performed on the remote host's IP address. In a chroot environment (such as <Anonymous> or DefaultRoot), the /etc/hosts file cannot be checked and the only possible resolution is via DNS. If for some reason, DNS is not available or improperly configured this can result in proftpd blocking ("stalling") until the libc resolver code times out. Disabling this directive prevents proftpd from attempting to reverse-lookup data connection IP addresses. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11603" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11606" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USER" ></A > User</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11617" ></A ><H2 >Name</H2 >User -- Set the user the daemon will run as</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11620" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >User</B > [ <TT CLASS="OPTION" >User userid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11647" ></A ><H2 >Description</H2 ><P >The User directive configures which user the proftpd daemon will normally run as. By default, proftpd runs as root which is considered undesirable in all but the most trustful network configurations. The User directive used in conjunction with the Group directive instructs the daemon to switch to the specified user and group as quickly as possible after startup. On some unix variants, the daemon will occasionally switch back to root in order to accomplish a task which requires super-user access. Once the task is completed, root privileges are relinquished and the server continues to run as the specified user and group. When applied to a <VirtualServer> block, proftpd will run as the specified user/group on connections destined for the virtual server's address or port. If either User or Group is applied to an <Anonymous> block, proftpd will establish an anonymous login when a user attempts to login with the specified userid, as well as permanently switching to the corresponding uid/gid (matching the User/Group parameters found in the anonymous block) after login. Note: When an authorized unix user is authenticated and logs in, all former privileges are released, the daemon switches permanently to the logged in user's uid/gid, and is never again capable of switching back to root or any other user/group.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11650" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11653" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USERALIAS" ></A > UserAlias</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11664" ></A ><H2 >Name</H2 >UserAlias -- Alias a username to a system user</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11667" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UserAlias</B > [ <TT CLASS="OPTION" >UserAlias login-user userid</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11694" ></A ><H2 >Description</H2 ><P >ProFTPD requires a real username/uid when authenticating users as provided by PAM, AuthUserFile or another authentication mechanism. There are however times when additional aliases are required but it is undesirable to provide additional login accounts.</P ><P >UserAlias provides a mechanism to do this, a typical and common example is within Anonymous configuration blocks. It is normal for the server to use 'ftp' as the primary authentication user, however it is common practice for users to login using "anonymous". This is achieved by adding the following to the config file.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11698" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11701" ></A ><H2 >Examples</H2 ><P > <P CLASS="LITERALLAYOUT" >UserAlias anonymous ftp</P > </P ></DIV ><H1 ><A NAME="USERDIRROOT" ></A > UserDirRoot</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11713" ></A ><H2 >Name</H2 >UserDirRoot -- Set the chroot directory to a subdirectory of the anonymous server</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11716" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UserDirRoot</B > [ <TT CLASS="OPTION" >UserDirRoot on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >off</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre2 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11743" ></A ><H2 >Description</H2 ><P >When set to true, the chroot base directory becomes a subdirectory of the anonymous ftp directory, based on the username of the current user. For example, assuming user "foo" is aliased to "ftp", logging in as "foo" causes proftpd to run as real user ftp, but to chroot into ~ftp/foo instead of just ~ftp.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11746" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11749" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USEROWNER" ></A > UserOwner</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11760" ></A ><H2 >Name</H2 >UserOwner -- Set the user ownership of new files / directories</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11763" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UserOwner</B > [ <TT CLASS="OPTION" >UserOwner username</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Anonymous>, <Directory></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2pre11 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11790" ></A ><H2 >Description</H2 ><P >The UserOwner directive configures which user all newly created directories and files will be owned by, within the context that UserOwner is applied to. The user ID of username cannot be 0 (root). Where it is used, the GroupOwner directive is not restricted to groups that the current user is a member of.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11793" ></A ><H2 >See also</H2 ><P ><A HREF="#GROUPOWNER" >GroupOwner</A ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11797" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USERPASSWORD" ></A > UserPassword</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11808" ></A ><H2 >Name</H2 >UserPassword -- Creates a hardcoded username/password pair</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11811" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UserPassword</B > [ <TT CLASS="OPTION" >UserPassword userid hashed-password</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_auth</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0pl5 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11838" ></A ><H2 >Description</H2 ><P >The UserPassword directive creates a password for a particular user which overrides the user's normal password in /etc/passwd (or /etc/shadow). The override is only effective inside the context to which UserPassword is applied. The hashed-password argument is a cleartext string which has been passed through the standard unix crypt() function. Do NOT use a cleartext password. This can be useful when combined with UserAlias to provide multiple logins to an Anonymous FTP site. See Also: GroupPassword</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11841" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11844" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="USERRATIO" ></A > UserRatio</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11855" ></A ><H2 >Name</H2 >UserRatio -- Ratio directive</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11858" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >UserRatio</B > [ <TT CLASS="OPTION" >UserRatio foo1 foo2 foo3</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None known</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P ><Directory>, <Anonymous>, <Limit>,.ftpaccess</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_ratio</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >at least 1.2.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11885" ></A ><H2 >Description</H2 ><P >The UserRatio directive .... Example: UserRatio</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11888" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11891" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="VIRTUALHOST" ></A > VirtualHost</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11902" ></A ><H2 >Name</H2 >VirtualHost -- Define a virtual ftp server</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11905" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >VirtualHost</B > [ <TT CLASS="OPTION" ><VirtualHost address></TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >None</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11932" ></A ><H2 >Description</H2 ><P >The VirtualHost configuration block is used to create an independent set of configuration directives that apply to a particular hostname or IP address. It is often used in conjunction with system level IP aliasing or dummy network interfaces in order to establish one or more "virtual" servers which all run on the same physical machine. The block is terminated with a </VirtualHost> directive. By utilizing the Port directive inside a VirtualHost block, it is possible to create a virtual server which uses the same address as the master server, but listens on a separate tcp port (incompatible with ServerType inetd). When proftpd starts, virtual server connections are handled in one of two ways, depending on the ServerType setting: inetd The daemon examines the destination address and port of the incoming connection handed off from inetd. If the connection matches one of the configured virtual hosts, the connection is serviced based on the appropriate configuration. If no virtual host matches, and the main server does not match, the client is informed that no server is available to service their requests and disconnected. standalone After parsing the configuration file, the daemon begins listening for connections on all configured ports, spawning child processes as necessary to handle connections for either the main server or any virtual servers. Because of the method that the daemon uses to listen for connections when in standalone mode, it is possible to support an exceedingly large number of virtual servers, potentially exceeding the number of per-process file descriptors. This is due to the fact that a single file descriptor is used to listen to each configured port, regardless of the number of addresses being monitored. Note that it may be necessary to increase the tcpBackLog value on heavily loaded servers in order to avoid kernel rejected client connections ("Connection refused").</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11935" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11938" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="WTMPLOG" ></A > WtmpLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11949" ></A ><H2 >Name</H2 >WtmpLog -- Toggle logging to wtmp</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11952" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >WtmpLog</B > [ <TT CLASS="OPTION" >WtmpLog on|off|NONE</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >WtmpLog on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Anonymous>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.1.7 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11979" ></A ><H2 >Description</H2 ><P >The WtmpLog directive controls proftpd's logging of ftp connections to the host system's wtmp file (used by such commands as `last'). By default, all connections are logged via wtmp. Please report any corrections or additions via http://bugs.proftpd.net/ </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11982" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN11985" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPBACKLOG" ></A > tcpBackLog</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN11996" ></A ><H2 >Name</H2 >tcpBackLog -- Control the tcp backlog in standalone mode</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN11999" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >tcpBackLog</B > [ <TT CLASS="OPTION" >tcpBackLog backlog-size</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >tcpBackLog 5</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12026" ></A ><H2 >Description</H2 ><P >The tcpBackLog directive controls the tcp "backlog queue" when listening for connections in standalone mode (see ServerType). It has no affect upon servers in inetd mode. When a tcp connection is established by the tcp/ip stack inside the kernel, there is a short period of time between the actual establishment of the connection and the acceptance of the connection by a user-space program. The duration of this latency period is widely variable, and can depend upon several factors (hardware, system load, etc). During this period tcp connections cannot be accepted, as the port that was previously "listening" has become filled with the new connection. Under heavy connection load this can result in occasional (or even frequent!) "connection refused" messages returned to the incoming client, even when there is a service available to handle requests. To eliminate this problem, most modern tcp/ip stacks implement a "backlog queue" which is simply a pre-allocation of resources necessary to handle backlog-size connections during the latency period. The larger the backlog queue, the more connections can be established in a very short time period. The trade-off, of course, is kernel memory and/or other kernel resources. Generally it is not necessary to use a tcpBackLog directive, unless you intend to service a large number of virtual hosts (see <VirtualHost>), or have a consistently heavy system load. If you begin to notice or hear of "connection refused" messages from remote clients, try setting a slightly higher value to this directive.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12029" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12032" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPNODELAY" ></A > tcpNoDelay</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12043" ></A ><H2 >Name</H2 >tcpNoDelay -- Control the use of TCP_NODELAY</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12046" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >tcpNoDelay</B > [ <TT CLASS="OPTION" >tcpNoDelay on|off</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >tcpNoDelay on</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost>, <Global></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >1.2.0pre3a and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12073" ></A ><H2 >Description</H2 ><P >The tcpNoDelay directive controls the use of the TCP_NODELAY socket option (which disables the Nagle algorithm). ProFTPd uses TCP_NODELAY by default, which usually is a benefit but this can occasionally lead to problems with some clients, so tcpNoDelay is provided as a way to disable this option. You will not normally need to use this directive but if you have clients reporting unusually slow connections, try setting this to off. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12076" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12079" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPRECEIVEWINDOW" ></A > tcpReceiveWindow</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12090" ></A ><H2 >Name</H2 >tcpReceiveWindow -- Set the size of the tcp receive window</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12093" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >tcpReceiveWindow</B > [ <TT CLASS="OPTION" >tcpReceiveWindow window-size</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >tcpReceiveWindow 8192</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12120" ></A ><H2 >Description</H2 ><P >The tcpReceiveWindow directive configures the size (in octets) of all data connections' tcp receive windows. It is only used when receiving a file from a client over the data connection. Typically, a given tcp/ip implementation will use a relatively small receive window size (the number of octets that can be received at the tcp layer before a "turnaround" acknowledgement is required). When transferring a large amount of data over fast digital transmission lines which have a relatively high latency, a small receive window can dramatically affect perceived throughput because of the necessity to completely stop the transfer occasionally in order to wait for the remote endpoint to receive the acknowledgement and continue transmission. For example, on a T1 line (assuming full 1.544Mbps endpoint-to-endpoint throughput) with 100 ms latency, a 4k receive buffer will very dramatically reduce the perceived throughput. The default value of 8192 octets (8k) should be reasonable in common network configurations. Additionally, proftpd allocates its internal buffers to match the receive/send window sizes; in order to maximize the reception/transmission performance (reducing the number of times data must be transfered from proftpd to the kernel tcp/ip stack). The tradeoff, of course, is memory; both kernel- and user-space. If running proftpd on a memory tight host (and on a low-bandwidth connection), it might be advisable to decrease both the tcpReceiveWindow and tcpSendWindow sizes.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12123" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12126" ></A ><H2 >Examples</H2 ><P ></P ></DIV ><H1 ><A NAME="TCPSENDWINDOW" ></A > tcpSendWindow</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12137" ></A ><H2 >Name</H2 >tcpSendWindow -- Set the size of the tcp send window</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12140" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >tcpSendWindow</B > [ <TT CLASS="OPTION" >tcpSendWindow window-size</TT >]</P ><P ></P ><DIV CLASS="VARIABLELIST" ><P ><B ></B ></P ><DL ><DT ><PRE CLASS="SYNOPSIS" >Default</PRE ></DT ><DD ><P >tcpSendWindow 8192</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Context</PRE ></DT ><DD ><P >server config, <VirtualHost></P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Module</PRE ></DT ><DD ><P >mod_core</P ></DD ><DT ><PRE CLASS="SYNOPSIS" >Compatibility</PRE ></DT ><DD ><P >0.99.0 and later</P ></DD ></DL ></DIV ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12167" ></A ><H2 >Description</H2 ><P >The tcpSendWindow directive configures the size (in octets) of all data connections' tcp send windows. It is only used when sending a file from the server to a client on the data connection. For a detailed description of receive/send window sizes see tcpReceiveWindow.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12170" ></A ><H2 >See also</H2 ><P ></P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12173" ></A ><H2 >Examples</H2 ><P ></P ></DIV ></DIV ><DIV CLASS="CHAPTER" ><HR><H1 ><A NAME="AEN12176" ></A >Chapter 2. List of modules</H1 ><H1 ><A NAME="MOD-AUTH" ></A > mod_auth</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12183" ></A ><H2 >Name</H2 >mod_auth -- Authentication module</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12186" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_auth</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12189" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12192" ></A ><H2 >See also</H2 ><P ><A HREF="#ACCESSDENYMSG" >AccessDenyMsg</A > <A HREF="#ACCESSGRANTMSG" >AccessGrantMsg</A > <A HREF="#ANONREJECTPASSWORDS" >AnonRejectPasswords</A > <A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A > <A HREF="#AUTHALIASONLY" >AuthAliasOnly</A > <A HREF="#AUTHGROUPFILE" >AuthGroupFile</A > <A HREF="#AUTHPAM" >AuthPAM</A > <A HREF="#AUTHPAMAUTHORITATIVE" >AuthPAMAuthoritative</A > <A HREF="#AUTHPAMCONFIG" >AuthPAMConfig</A > <A HREF="#AUTHUSERFILE" >AuthUserFile</A > <A HREF="#AUTHUSINGALIAS" >AuthUsingAlias</A > <A HREF="#CREATEHOME" >CreateHome</A > <A HREF="#DEFAULTCHDIR" >DefaultChdir</A > <A HREF="#DEFAULTROOT" >DefaultRoot</A > <A HREF="#GROUPPASSWORD" >GroupPassword</A > <A HREF="#LOGINPASSWORDPROMPT" >LoginPasswordPrompt</A > <A HREF="#MAXCLIENTS" >MaxClients</A > <A HREF="#MAXCLIENTSPERHOST" >MaxClientsPerHost</A > <A HREF="#MAXCLIENTSPERUSER" >MaxClientsPerUser</A > <A HREF="#MAXHOSTSPERUSER" >MaxHostsPerUser</A > <A HREF="#MAXLOGINATTEMPTS" >MaxLoginAttempts</A > <A HREF="#PERSISTENTPASSWD" >PersistentPasswd</A > <A HREF="#REQUIREVALIDSHELL" >RequireValidShell</A > <A HREF="#ROOTLOGIN" >RootLogin</A > <A HREF="#ROOTREVOKE" >RootRevoke</A > <A HREF="#TIMEOUTLOGIN" >TimeoutLogin</A > <A HREF="#TIMEOUTSESSION" >TimeoutSession</A > <A HREF="#USEFTPUSERS" >UseFtpUsers</A > <A HREF="#USERALIAS" >UserAlias</A > <A HREF="#USERDIRROOT" >UserDirRoot</A > <A HREF="#USERPASSWORD" >UserPassword</A > </P ></DIV ><H1 ><A NAME="MOD-CAP" ></A > mod_cap</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12231" ></A ><H2 >Name</H2 >mod_cap -- Capabilities module</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12234" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_cap</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12237" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12240" ></A ><H2 >See also</H2 ><P ><A HREF="#CAPABILITIESENGINE" >CapabilitiesEngine</A > <A HREF="#CAPABILITIESSET" >CapabilitiesSet</A > </P ></DIV ><H1 ><A NAME="MOD-CORE" ></A > mod_core</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12250" ></A ><H2 >Name</H2 >mod_core -- Core module</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12253" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_core</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12256" ></A ><H2 >Description</H2 ><P >This module provides all the core functionality ProFTPD needs to function, this module must be compiled in.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12259" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOW" >Allow</A > <A HREF="#ALLOWALL" >AllowAll</A > <A HREF="#ALLOWFILTER" >AllowFilter</A > <A HREF="#ALLOWFOREIGNADDRESS" >AllowForeignAddress</A > <A HREF="#ALLOWGROUP" >AllowGroup</A > <A HREF="#ALLOWOVERRIDE" >AllowOverride</A > <A HREF="#ALLOWRETRIEVERESTART" >AllowRetrieveRestart</A > <A HREF="#ALLOWSTORERESTART" >AllowStoreRestart</A > <A HREF="#ALLOWUSER" >AllowUser</A > <A HREF="#ANONYMOUS" >Anonymous</A > <A HREF="#ANONYMOUSGROUP" >AnonymousGroup</A > <A HREF="#AUTHORDER" >AuthOrder</A > <A HREF="#BIND" >Bind</A > <A HREF="#CDPATH" >CDPath</A > <A HREF="#CLASS" >Class</A > <A HREF="#CLASSES" >Classes</A > <A HREF="#COMMANDBUFFERSIZE" >CommandBufferSize</A > <A HREF="#DEBUGLEVEL" >DebugLevel</A > <A HREF="#DEFAULTADDRESS" >DefaultAddress</A > <A HREF="#DEFAULTSERVER" >DefaultServer</A > <A HREF="#DEFAULTTRANSFERMODE" >DefaultTransferMode</A > <A HREF="#DEFERWELCOME" >DeferWelcome</A > <A HREF="#DEFINE" >Define</A > <A HREF="#DENY" >Deny</A > <A HREF="#DENYALL" >DenyAll</A > <A HREF="#DENYFILTER" >DenyFilter</A > <A HREF="#DENYGROUP" >DenyGroup</A > <A HREF="#DENYUSER" >DenyUser</A > <A HREF="#DIRECTORY" >Directory</A > <A HREF="#DISPLAYCONNECT" >DisplayConnect</A > <A HREF="#DISPLAYFIRSTCHDIR" >DisplayFirstChdir</A > <A HREF="#DISPLAYGOAWAY" >DisplayGoAway</A > <A HREF="#DISPLAYLOGIN" >DisplayLogin</A > <A HREF="#DISPLAYQUIT" >DisplayQuit</A > <A HREF="#GLOBAL" >Global</A > <A HREF="#GROUP" >Group</A > <A HREF="#GROUPOWNER" >GroupOwner</A > <A HREF="#HIDEFILES" >HideFiles</A > <A HREF="#HIDEGROUP" >HideGroup</A > <A HREF="#HIDENOACCESS" >HideNoAccess</A > <A HREF="#HIDEUSER" >HideUser</A > <A HREF="#IDENTLOOKUPS" >IdentLookups</A > <A HREF="#IFDEFINE" >IfDefine</A > <A HREF="#IFMODULE" >IfModule</A > <A HREF="#IGNOREHIDDEN" >IgnoreHidden</A > <A HREF="#INCLUDE" >Include</A > <A HREF="#LIMIT" >Limit</A > <A HREF="#MASQUERADEADDRESS" >MasqueradeAddress</A > <A HREF="#MAXCONNECTIONRATE" >MaxConnectionRate</A > <A HREF="#MAXINSTANCES" >MaxInstances</A > <A HREF="#MULTILINERFC2228" >MultilineRFC2228</A > <A HREF="#ORDER" >Order</A > <A HREF="#PASSIVEPORTS" >PassivePorts</A > <A HREF="#PATHALLOWFILTER" >PathAllowFilter</A > <A HREF="#PATHDENYFILTER" >PathDenyFilter</A > <A HREF="#PIDFILE" >PidFile</A > <A HREF="#PORT" >Port</A > <A HREF="#RLIMITCPU" >RLimitCPU</A > <A HREF="#RLIMITMEMORY" >RLimitMemory</A > <A HREF="#RLIMITOPENFILES" >RLimitOpenFiles</A > <A HREF="#SCOREBOARDFILE" >ScoreboardFile</A > <A HREF="#SERVERADMIN" >ServerAdmin</A > <A HREF="#SERVERIDENT" >ServerIdent</A > <A HREF="#SERVERNAME" >ServerName</A > <A HREF="#SERVERTYPE" >ServerType</A > <A HREF="#SOCKETBINDTIGHT" >SocketBindTight</A > <A HREF="#SOCKETOPTIONS" >SocketOptions</A > <A HREF="#SYSLOGFACILITY" >SyslogFacility</A > <A HREF="#SYSLOGLEVEL" >SyslogLevel</A > <A HREF="#TCPBACKLOG" >tcpBackLog</A > <A HREF="#TCPNODELAY" >tcpNoDelay</A > <A HREF="#TCPRECEIVEWINDOW" >tcpReceiveWindow</A > <A HREF="#TCPSENDWINDOW" >tcpSendWindow</A > <A HREF="#TIMEOUTIDLE" >TimeoutIdle</A > <A HREF="#TIMESGMT" >TimesGMT</A > <A HREF="#TRANSFERLOG" >TransferLog</A > <A HREF="#UMASK" >Umask</A > <A HREF="#USER" >User</A > <A HREF="#USEREVERSEDNS" >UseReverseDNS</A > <A HREF="#USEROWNER" >UserOwner</A > <A HREF="#VIRTUALHOST" >VirtualHost</A > <A HREF="#WTMPLOG" >WtmpLog</A > </P ></DIV ><H1 ><A NAME="MOD-LDAP" ></A > mod_ldap</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12349" ></A ><H2 >Name</H2 >mod_ldap -- LDAP authentication support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12352" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_ldap</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12355" ></A ><H2 >Description</H2 ><P > mod_ldap provides LDAP authentication support for ProFTPD. It supports many features useful in "toaster" environments such as default UID/GID and autocreation/autogeneration of home directories. </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12358" ></A ><H2 >See also</H2 ><P ><A HREF="#LDAPAUTHBINDS" >LDAPAuthBinds</A > <A HREF="#LDAPDEFAULTAUTHSCHEME" >LDAPDefaultAuthScheme</A > <A HREF="#LDAPDEFAULTGID" >LDAPDefaultGID</A > <A HREF="#LDAPDEFAULTUID" >LDAPDefaultUID</A > <A HREF="#LDAPDNINFO" >LDAPDNInfo</A > <A HREF="#LDAPDOAUTH" >LDAPDoAuth</A > <A HREF="#LDAPDOGIDLOOKUPS" >LDAPDoGIDLookups</A > <A HREF="#LDAPDOQUOTALOOKUPS" >LDAPDoQuotaLookups</A > <A HREF="#LDAPDOUIDLOOKUPS" >LDAPDoUIDLookups</A > <A HREF="#LDAPFORCEDEFAULTGID" >LDAPForceDefaultGID</A > <A HREF="#LDAPFORCEDEFAULTUID" >LDAPForceDefaultUID</A > <A HREF="#LDAPFORCEHOMEDIRONDEMAND" >LDAPForceHomedirOnDemand</A > <A HREF="#LDAPHOMEDIRONDEMAND" >LDAPHomedirOnDemand</A > <A HREF="#LDAPHOMEDIRONDEMANDPREFIX" >LDAPHomedirOnDemandPrefix</A > <A HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" >LDAPHomedirOnDemandPrefixNoUsername</A > <A HREF="#LDAPHOMEDIRONDEMANDSUFFIX" >LDAPHomedirOnDemandSuffix</A > <A HREF="#LDAPNEGATIVECACHE" >LDAPNegativeCache</A > <A HREF="#LDAPQUERYTIMEOUT" >LDAPQueryTimeout</A > <A HREF="#LDAPSEARCHSCOPE" >LDAPSearchScope</A > <A HREF="#LDAPSERVER" >LDAPServer</A > <A HREF="#LDAPUSETLS" >LDAPUseTLS</A > </P ></DIV ><H1 ><A NAME="MOD-LOG" ></A > mod_log</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12387" ></A ><H2 >Name</H2 >mod_log -- Logging support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12390" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_log</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12393" ></A ><H2 >Description</H2 ><P >Logging support, including enhanced formatting options.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12396" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWLOGSYMLINKS" >AllowLogSymlinks</A > <A HREF="#EXTENDEDLOG" >ExtendedLog</A > <A HREF="#LOGFORMAT" >LogFormat</A > <A HREF="#SERVERLOG" >ServerLog</A > <A HREF="#SYSTEMLOG" >SystemLog</A > </P ></DIV ><H1 ><A NAME="MOD-LS" ></A > mod_ls</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12409" ></A ><H2 >Name</H2 >mod_ls -- file listing functionality</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12412" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_ls</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12415" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12418" ></A ><H2 >See also</H2 ><P ><A HREF="#DIRFAKEGROUP" >DirFakeGroup</A > <A HREF="#DIRFAKEMODE" >DirFakeMode</A > <A HREF="#DIRFAKEUSER" >DirFakeUser</A > <A HREF="#LISTOPTIONS" >ListOptions</A > <A HREF="#SHOWSYMLINKS" >ShowSymlinks</A > <A HREF="#USEGLOBBING" >UseGlobbing</A > </P ></DIV ><H1 ><A NAME="MOD-RADIUS" ></A > mod_radius</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12432" ></A ><H2 >Name</H2 >mod_radius -- RADIUS based authentication support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12435" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_radius</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12438" ></A ><H2 >Description</H2 ><P >This module provides RADIUS authentication and accounting support.</P ><P >Strong authentication is in demand for Internet services. For many, this means using the RADIUS (Remote Authentication Dial-In User Service) protocol.</P ><P >However, there are caveats to using RADIUS for authentication. RADIUS packets are sent in the clear, which means that they can easily be sniffed. First, do not have your authenticating RADIUS servers exposed to the Internet; keep them protected within your LAN. Second, it is highly recommended to use separate RADIUS servers for each of your services.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12443" ></A ><H2 >RADIUS Authentication</H2 ><P >The RADIUS protocol can be used for answering the question "Should this user be allowed to login?" However, the "yes/no" answer is not everything that proftpd needs to log a user in; the server also requires the UID and GID to use for the authenticated user, home directory, and shell. This information is usually not available from the RADIUS servers, which means that using RADIUS to provide all the necessary login information can be problematic. The RadiusUserInfo directive is meant to be used to address this issue, to provide the missing information.</P ><P >In those cases where the RADIUS servers can provide that additional login information, via custom attributes, the RadiusUserInfo directive can also be used obtain that information as well.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12447" ></A ><H2 >RADIUS Accounting</H2 ><P >While RADIUS is primarily used for authentication, the protocol also allows for accounting of user activities. The mod_radius module makes use of this ability, using RADIUS accounting packets to transmit the following data:</P ><P > * Acct-Authentic: How the user was authenticated (e.g. locally, or via RADIUS) * Acct-Session-Id: The process ID of the FTP session * Acct-Session-Time: The duration of the FTP session, in seconds * Acct-Input-Octets: The number of bytes uploaded (includes appending to files) * Acct-Output-Octets: The number of bytes downloaded Merely configuring a RadiusAcctServer enables the module's accounting capabilities. Common Attributes The following RADIUS attributes are sent with every RADIUS packet generated by mod_radius: * User-Name: The name of the logging-in user * NAS-Identifier: Always "ftp" * NAS-IP-Address: IP address of FTP server * NAS-Port: Port of FTP server * NAS-Port-Type: Always Virtual. * Calling-Station-Id: IP address of connecting FTP client</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12451" ></A ><H2 >See also</H2 ><P ><A HREF="#RADIUSACCTSERVER" >RadiusAcctServer</A > <A HREF="#RADIUSAUTHSERVER" >RadiusAuthServer</A > <A HREF="#RADIUSENGINE" >RadiusEngine</A > <A HREF="#RADIUSLOG" >RadiusLog</A > <A HREF="#RADIUSREALM" >RadiusRealm</A > <A HREF="#RADIUSUSERINFO" >RadiusUserInfo</A > </P ></DIV ><H1 ><A NAME="MOD-RATIO" ></A > mod_ratio</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12465" ></A ><H2 >Name</H2 >mod_ratio -- FIX ME FIX ME</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12468" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_ratio</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12471" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12474" ></A ><H2 >See also</H2 ><P ><A HREF="#ANONRATIO" >AnonRatio</A > <A HREF="#BYTERATIOERRMSG" >ByteRatioErrMsg</A > <A HREF="#CWDRATIOMSG" >CwdRatioMsg</A > <A HREF="#FILERATIOERRMSG" >FileRatioErrMsg</A > <A HREF="#GROUPRATIO" >GroupRatio</A > <A HREF="#HOSTRATIO" >HostRatio</A > <A HREF="#LEECHRATIOMSG" >LeechRatioMsg</A > <A HREF="#RATIOFILE" >RatioFile</A > <A HREF="#RATIOS" >Ratios</A > <A HREF="#RATIOTEMPFILE" >RatioTempFile</A > <A HREF="#SAVERATIOS" >SaveRatios</A > <A HREF="#USERRATIO" >UserRatio</A > </P ></DIV ><H1 ><A NAME="MOD-README" ></A > mod_readme</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12494" ></A ><H2 >Name</H2 >mod_readme -- "README" file support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12497" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_readme</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12500" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12503" ></A ><H2 >See also</H2 ><P ><A HREF="#DISPLAYREADME" >DisplayReadme</A > </P ></DIV ><H1 ><A NAME="MOD-REWRITE" ></A > mod_rewrite</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12512" ></A ><H2 >Name</H2 >mod_rewrite -- Rewriting support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12515" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_rewrite</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12518" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12521" ></A ><H2 >See also</H2 ><P ><A HREF="#REWRITECONDITION" >RewriteCondition</A > <A HREF="#REWRITEENGINE" >RewriteEngine</A > <A HREF="#REWRITELOCK" >RewriteLock</A > <A HREF="#REWRITELOG" >RewriteLog</A > <A HREF="#REWRITEMAP" >RewriteMap</A > <A HREF="#REWRITERULE" >RewriteRule</A > </P ></DIV ><H1 ><A NAME="MOD-SQL" ></A > mod_sql</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12535" ></A ><H2 >Name</H2 >mod_sql -- SQL support module</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12538" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_sql</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12541" ></A ><H2 >Description</H2 ><P >This module provides the necessary support for SQL based authentication, logging and other features as required. It replaces the SQL modules which were shipped with 1.2.0rc2 and earlier.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12544" ></A ><H2 >See also</H2 ><P ><A HREF="#SQLAUTHENTICATE" >SQLAuthenticate</A > <A HREF="#SQLAUTHORITATIVE" >SQLAuthoritative</A > <A HREF="#SQLAUTHTYPES" >SQLAuthTypes</A > <A HREF="#SQLCONNECTINFO" >SQLConnectInfo</A > <A HREF="#SQLDEFAULTGID" >SQLDefaultGID</A > <A HREF="#SQLDEFAULTHOMEDIR" >SQLDefaultHomedir</A > <A HREF="#SQLDEFAULTUID" >SQLDefaultUID</A > <A HREF="#SQLDOAUTH" >SQLDoAuth</A > <A HREF="#SQLDOGROUPAUTH" >SQLDoGroupAuth</A > <A HREF="#SQLEMPTYPASSWORDS" >SQLEmptyPasswords</A > <A HREF="#SQLENCRYPTEDPASSWORDS" >SQLEncryptedPasswords</A > <A HREF="#SQLGIDFIELD" >SQLGidField</A > <A HREF="#SQLGROUPGIDFIELD" >SQLGroupGIDField</A > <A HREF="#SQLGROUPINFO" >SQLGroupInfo</A > <A HREF="#SQLGROUPMEMBERSFIELD" >SQLGroupMembersField</A > <A HREF="#SQLGROUPNAMEFIELD" >SQLGroupnameField</A > <A HREF="#SQLGROUPTABLE" >SQLGroupTable</A > <A HREF="#SQLGROUPWHERECLAUSE" >SQLGroupWhereClause</A > <A HREF="#SQLHOMEDIR" >SQLHomedir</A > <A HREF="#SQLHOMEDIRFIELD" >SQLHomedirField</A > <A HREF="#SQLHOMEDIRONDEMAND" >SQLHomedirOnDemand</A > <A HREF="#SQLLOG" >SQLLog</A > <A HREF="#SQLLOGDIRS" >SQLLogDirs</A > <A HREF="#SQLLOGFILE" >SQLLogFile</A > <A HREF="#SQLLOGHITS" >SQLLogHits</A > <A HREF="#SQLLOGHOSTS" >SQLLogHosts</A > <A HREF="#SQLLOGINCOUNTFIELD" >SQLLoginCountField</A > <A HREF="#SQLLOGSTATS" >SQLLogStats</A > <A HREF="#SQLMINID" >SQLMinID</A > <A HREF="#SQLMINUSERGID" >SQLMinUserGID</A > <A HREF="#SQLMINUSERUID" >SQLMinUserUID</A > <A HREF="#SQLNAMEDQUERY" >SQLNamedQuery</A > <A HREF="#SQLNEGATIVECACHE" >SQLNegativeCache</A > <A HREF="#SQLPASSWORDFIELD" >SQLPasswordField</A > <A HREF="#SQLPROCESSGRENT" >SQLProcessGrEnt</A > <A HREF="#SQLPROCESSPWENT" >SQLProcessPwEnt</A > <A HREF="#SQLRATIOS" >SQLRatios</A > <A HREF="#SQLRATIOSTATS" >SQLRatioStats</A > <A HREF="#SQLSCRAMBLEDPASSWORDS" >SQLScrambledPasswords</A > <A HREF="#SQLSHELLFIELD" >SQLShellField</A > <A HREF="#SQLSHOWINFO" >SQLShowInfo</A > <A HREF="#SQLSSLHASHEDPASSWORDS" >SQLSSLHashedPasswords</A > <A HREF="#SQLUIDFIELD" >SQLUidField</A > <A HREF="#SQLUSERINFO" >SQLUserInfo</A > <A HREF="#SQLUSERNAMEFIELD" >SQLUsernameField</A > <A HREF="#SQLUSERTABLE" >SQLUserTable</A > <A HREF="#SQLUSERWHERECLAUSE" >SQLUserWhereClause</A > <A HREF="#SQLWHERECLAUSE" >SQLWhereClause</A > </P ></DIV ><H1 ><A NAME="MOD-TLS" ></A > mod_tls</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12600" ></A ><H2 >Name</H2 >mod_tls -- TLS support</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12603" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_tls</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12606" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12609" ></A ><H2 >See also</H2 ><P ><A HREF="#TLSCACERTIFICATEFILE" >TLSCACertificateFile</A > <A HREF="#TLSCACERTIFICATEPATH" >TLSCACertificatePath</A > <A HREF="#TLSCAREVOCATIONFILE" >TLSCARevocationFile</A > <A HREF="#TLSCAREVOCATIONPATH" >TLSCARevocationPath</A > <A HREF="#TLSCERTIFICATECHAINFILE" >TLSCertificateChainFile</A > <A HREF="#TLSCIPHERSUITE" >TLSCipherSuite</A > <A HREF="#TLSDHPARAMFILE" >TLSDHParamFile</A > <A HREF="#TLSDSACERTIFICATEFILE" >TLSDSACertificateFile</A > <A HREF="#TLSDSACERTIFICATEKEYFILE" >TLSDSACertificateKeyFile</A > <A HREF="#TLSENGINE" >TLSEngine</A > <A HREF="#TLSLOG" >TLSLog</A > <A HREF="#TLSOPTIONS" >TLSOptions</A > <A HREF="#TLSPROTOCOL" >TLSProtocol</A > <A HREF="#TLSRANDOMSEED" >TLSRandomSeed</A > <A HREF="#TLSRENEGOTIATE" >TLSRenegotiate</A > <A HREF="#TLSREQUIRED" >TLSRequired</A > <A HREF="#TLSRSACERTIFICATEFILE" >TLSRSACertificateFile</A > <A HREF="#TLSRSACERTIFICATEKEYFILE" >TLSRSACertificateKeyFile</A > <A HREF="#TLSVERIFYCLIENT" >TLSVerifyClient</A > <A HREF="#TLSVERIFYDEPTH" >TLSVerifyDepth</A > </P ></DIV ><H1 ><A NAME="MOD-WRAP" ></A > mod_wrap</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12637" ></A ><H2 >Name</H2 >mod_wrap -- Interface to libwrap</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12640" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_wrap</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12643" ></A ><H2 >Description</H2 ><P > It enables the daemon to use the common tcpwrappers access control library while in standalone mode, and in a very configurable manner. It is not compiled by default. </P ><P >If not installed on your system, the TCP wrappers library, required by this module, can be found here, on Wietse Venema's site. Once installed, it highly recommended that the hosts_access(3) and hosts_access(5) man pages be read and understood.</P ><P >Many programs will automatically add entries in the common allow/deny files, and use of this module will allow a ProFTPD daemon running in standalone mode to adapt as these entries are added. The portsentry program does this, for example: when illegal access is attempted, it will add hosts to the /etc/hosts.deny file.</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12648" ></A ><H2 >See also</H2 ><P ><A HREF="#TCPACCESSFILES" >TCPAccessFiles</A > <A HREF="#TCPACCESSSYSLOGLEVELS" >TCPAccessSyslogLevels</A > <A HREF="#TCPGROUPACCESSFILES" >TCPGroupAccessFiles</A > <A HREF="#TCPSERVICENAME" >TCPServiceName</A > <A HREF="#TCPUSERACCESSFILES" >TCPUserAccessFiles</A > </P ></DIV ><H1 ><A NAME="MOD-XFER" ></A > mod_xfer</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12661" ></A ><H2 >Name</H2 >mod_xfer -- FIX ME FIX ME</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12664" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >mod_xfer</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12667" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12670" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWOVERWRITE" >AllowOverwrite</A > <A HREF="#DELETEABORTEDSTORES" >DeleteAbortedStores</A > <A HREF="#HIDDENSTOR" >HiddenStor</A > <A HREF="#HIDDENSTORES" >HiddenStores</A > <A HREF="#MAXRETRIEVEFILESIZE" >MaxRetrieveFileSize</A > <A HREF="#MAXSTOREFILESIZE" >MaxStoreFileSize</A > <A HREF="#STOREUNIQUEPREFIX" >StoreUniquePrefix</A > <A HREF="#TIMEOUTNOTRANSFER" >TimeoutNoTransfer</A > <A HREF="#TIMEOUTSTALLED" >TimeoutStalled</A > <A HREF="#TRANSFERRATE" >TransferRate</A > </P ></DIV ></DIV ><DIV CLASS="CHAPTER" ><HR><H1 ><A NAME="AEN12683" ></A >Chapter 3. List of configuration contexts</H1 ><H1 ><A NAME="CONTEXT-SERVERCONFIG" ></A > server config</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12690" ></A ><H2 >Name</H2 >server config -- server config</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12693" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >server config</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12696" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12699" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="CONTEXT-GLOBAL" ></A > Global</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12707" ></A ><H2 >Name</H2 >Global -- Global</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12710" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Global</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12713" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12716" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="CONTEXT-VIRTUALHOST" ></A > VirtualHost</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12724" ></A ><H2 >Name</H2 >VirtualHost -- VirtualHost</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12727" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >VirtualHost</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12730" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12733" ></A ><H2 >See also</H2 ><P ></P ></DIV ><H1 ><A NAME="CONTEXT-ANONYMOUS" ></A > Anonymous</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12741" ></A ><H2 >Name</H2 >Anonymous -- Anonymous</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12744" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Anonymous</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12747" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12750" ></A ><H2 >See also</H2 ><P ><A HREF="#ACCESSDENYMSG" >AccessDenyMsg</A > <A HREF="#ACCESSGRANTMSG" >AccessGrantMsg</A > <A HREF="#ALLOWALL" >AllowAll</A > <A HREF="#ALLOWFILTER" >AllowFilter</A > <A HREF="#ALLOWFOREIGNADDRESS" >AllowForeignAddress</A > <A HREF="#ALLOWOVERRIDE" >AllowOverride</A > <A HREF="#ALLOWOVERWRITE" >AllowOverwrite</A > <A HREF="#ALLOWRETRIEVERESTART" >AllowRetrieveRestart</A > <A HREF="#ALLOWSTORERESTART" >AllowStoreRestart</A > <A HREF="#ANONRATIO" >AnonRatio</A > <A HREF="#ANONREJECTPASSWORDS" >AnonRejectPasswords</A > <A HREF="#ANONREQUIREPASSWORD" >AnonRequirePassword</A > <A HREF="#AUTHALIASONLY" >AuthAliasOnly</A > <A HREF="#AUTHUSINGALIAS" >AuthUsingAlias</A > <A HREF="#BYTERATIOERRMSG" >ByteRatioErrMsg</A > <A HREF="#CDPATH" >CDPath</A > <A HREF="#CLASSES" >Classes</A > <A HREF="#CWDRATIOMSG" >CwdRatioMsg</A > <A HREF="#DEFAULTCHDIR" >DefaultChdir</A > <A HREF="#DELETEABORTEDSTORES" >DeleteAbortedStores</A > <A HREF="#DENYALL" >DenyAll</A > <A HREF="#DENYFILTER" >DenyFilter</A > <A HREF="#DIRFAKEGROUP" >DirFakeGroup</A > <A HREF="#DIRFAKEMODE" >DirFakeMode</A > <A HREF="#DIRFAKEUSER" >DirFakeUser</A > <A HREF="#DIRECTORY" >Directory</A > <A HREF="#DISPLAYFIRSTCHDIR" >DisplayFirstChdir</A > <A HREF="#DISPLAYGOAWAY" >DisplayGoAway</A > <A HREF="#DISPLAYLOGIN" >DisplayLogin</A > <A HREF="#DISPLAYQUIT" >DisplayQuit</A > <A HREF="#DISPLAYREADME" >DisplayReadme</A > <A HREF="#EXTENDEDLOG" >ExtendedLog</A > <A HREF="#FILERATIOERRMSG" >FileRatioErrMsg</A > <A HREF="#GROUP" >Group</A > <A HREF="#GROUPOWNER" >GroupOwner</A > <A HREF="#GROUPPASSWORD" >GroupPassword</A > <A HREF="#GROUPRATIO" >GroupRatio</A > <A HREF="#HIDDENSTOR" >HiddenStor</A > <A HREF="#HIDDENSTORES" >HiddenStores</A > <A HREF="#HIDEGROUP" >HideGroup</A > <A HREF="#HIDENOACCESS" >HideNoAccess</A > <A HREF="#HIDEUSER" >HideUser</A > <A HREF="#HOSTRATIO" >HostRatio</A > <A HREF="#INCLUDE" >Include</A > <A HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" >LDAPHomedirOnDemandPrefixNoUsername</A > <A HREF="#LEECHRATIOMSG" >LeechRatioMsg</A > <A HREF="#LIMIT" >Limit</A > <A HREF="#LISTOPTIONS" >ListOptions</A > <A HREF="#LOGINPASSWORDPROMPT" >LoginPasswordPrompt</A > <A HREF="#MAXCLIENTS" >MaxClients</A > <A HREF="#MAXCLIENTSPERHOST" >MaxClientsPerHost</A > <A HREF="#MAXCLIENTSPERUSER" >MaxClientsPerUser</A > <A HREF="#MAXHOSTSPERUSER" >MaxHostsPerUser</A > <A HREF="#MAXRETRIEVEFILESIZE" >MaxRetrieveFileSize</A > <A HREF="#MAXSTOREFILESIZE" >MaxStoreFileSize</A > <A HREF="#PATHALLOWFILTER" >PathAllowFilter</A > <A HREF="#PATHDENYFILTER" >PathDenyFilter</A > <A HREF="#RATIOFILE" >RatioFile</A > <A HREF="#RATIOTEMPFILE" >RatioTempFile</A > <A HREF="#RATIOS" >Ratios</A > <A HREF="#REQUIREVALIDSHELL" >RequireValidShell</A > <A HREF="#REWRITECONDITION" >RewriteCondition</A > <A HREF="#REWRITEENGINE" >RewriteEngine</A > <A HREF="#REWRITELOCK" >RewriteLock</A > <A HREF="#REWRITELOG" >RewriteLog</A > <A HREF="#REWRITEMAP" >RewriteMap</A > <A HREF="#REWRITERULE" >RewriteRule</A > <A HREF="#ROOTLOGIN" >RootLogin</A > <A HREF="#ROOTREVOKE" >RootRevoke</A > <A HREF="#SQLAUTHENTICATE" >SQLAuthenticate</A > <A HREF="#SQLAUTHORITATIVE" >SQLAuthoritative</A > <A HREF="#SQLDEFAULTHOMEDIR" >SQLDefaultHomedir</A > <A HREF="#SQLGIDFIELD" >SQLGidField</A > <A HREF="#SQLGROUPGIDFIELD" >SQLGroupGIDField</A > <A HREF="#SQLGROUPINFO" >SQLGroupInfo</A > <A HREF="#SQLGROUPWHERECLAUSE" >SQLGroupWhereClause</A > <A HREF="#SQLHOMEDIR" >SQLHomedir</A > <A HREF="#SQLHOMEDIRFIELD" >SQLHomedirField</A > <A HREF="#SQLLOG" >SQLLog</A > <A HREF="#SQLLOGDIRS" >SQLLogDirs</A > <A HREF="#SQLLOGFILE" >SQLLogFile</A > <A HREF="#SQLLOGHITS" >SQLLogHits</A > <A HREF="#SQLLOGHOSTS" >SQLLogHosts</A > <A HREF="#SQLLOGSTATS" >SQLLogStats</A > <A HREF="#SQLLOGINCOUNTFIELD" >SQLLoginCountField</A > <A HREF="#SQLMINUSERGID" >SQLMinUserGID</A > <A HREF="#SQLMINUSERUID" >SQLMinUserUID</A > <A HREF="#SQLNAMEDQUERY" >SQLNamedQuery</A > <A HREF="#SQLPASSWORDFIELD" >SQLPasswordField</A > <A HREF="#SQLPROCESSGRENT" >SQLProcessGrEnt</A > <A HREF="#SQLPROCESSPWENT" >SQLProcessPwEnt</A > <A HREF="#SQLSHOWINFO" >SQLShowInfo</A > <A HREF="#SQLUIDFIELD" >SQLUidField</A > <A HREF="#SQLUSERINFO" >SQLUserInfo</A > <A HREF="#SQLUSERTABLE" >SQLUserTable</A > <A HREF="#SQLUSERWHERECLAUSE" >SQLUserWhereClause</A > <A HREF="#SQLUSERNAMEFIELD" >SQLUsernameField</A > <A HREF="#SAVERATIOS" >SaveRatios</A > <A HREF="#SHOWSYMLINKS" >ShowSymlinks</A > <A HREF="#STOREUNIQUEPREFIX" >StoreUniquePrefix</A > <A HREF="#TCPACCESSFILES" >TCPAccessFiles</A > <A HREF="#TCPACCESSSYSLOGLEVELS" >TCPAccessSyslogLevels</A > <A HREF="#TLSCACERTIFICATEFILE" >TLSCACertificateFile</A > <A HREF="#TLSCACERTIFICATEPATH" >TLSCACertificatePath</A > <A HREF="#TLSCAREVOCATIONFILE" >TLSCARevocationFile</A > <A HREF="#TLSCAREVOCATIONPATH" >TLSCARevocationPath</A > <A HREF="#TLSCERTIFICATECHAINFILE" >TLSCertificateChainFile</A > <A HREF="#TLSCIPHERSUITE" >TLSCipherSuite</A > <A HREF="#TLSDHPARAMFILE" >TLSDHParamFile</A > <A HREF="#TLSDSACERTIFICATEFILE" >TLSDSACertificateFile</A > <A HREF="#TLSDSACERTIFICATEKEYFILE" >TLSDSACertificateKeyFile</A > <A HREF="#TLSENGINE" >TLSEngine</A > <A HREF="#TLSLOG" >TLSLog</A > <A HREF="#TLSOPTIONS" >TLSOptions</A > <A HREF="#TLSPROTOCOL" >TLSProtocol</A > <A HREF="#TLSRSACERTIFICATEFILE" >TLSRSACertificateFile</A > <A HREF="#TLSRSACERTIFICATEKEYFILE" >TLSRSACertificateKeyFile</A > <A HREF="#TLSRANDOMSEED" >TLSRandomSeed</A > <A HREF="#TLSRENEGOTIATE" >TLSRenegotiate</A > <A HREF="#TLSREQUIRED" >TLSRequired</A > <A HREF="#TLSVERIFYCLIENT" >TLSVerifyClient</A > <A HREF="#TLSVERIFYDEPTH" >TLSVerifyDepth</A > <A HREF="#TIMEOUTSESSION" >TimeoutSession</A > <A HREF="#TIMESGMT" >TimesGMT</A > <A HREF="#TRANSFERLOG" >TransferLog</A > <A HREF="#TRANSFERRATE" >TransferRate</A > <A HREF="#UMASK" >Umask</A > <A HREF="#USEFTPUSERS" >UseFtpUsers</A > <A HREF="#USEGLOBBING" >UseGlobbing</A > <A HREF="#USER" >User</A > <A HREF="#USERALIAS" >UserAlias</A > <A HREF="#USERDIRROOT" >UserDirRoot</A > <A HREF="#USEROWNER" >UserOwner</A > <A HREF="#USERPASSWORD" >UserPassword</A > <A HREF="#USERRATIO" >UserRatio</A > <A HREF="#WTMPLOG" >WtmpLog</A > </P ></DIV ><H1 ><A NAME="CONTEXT-LIMIT" ></A > Limit</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12894" ></A ><H2 >Name</H2 >Limit -- Limit</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12897" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >Limit</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12900" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12903" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOW" >Allow</A > <A HREF="#ALLOWALL" >AllowAll</A > <A HREF="#ALLOWGROUP" >AllowGroup</A > <A HREF="#ALLOWUSER" >AllowUser</A > <A HREF="#ANONRATIO" >AnonRatio</A > <A HREF="#BYTERATIOERRMSG" >ByteRatioErrMsg</A > <A HREF="#CWDRATIOMSG" >CwdRatioMsg</A > <A HREF="#DENY" >Deny</A > <A HREF="#DENYALL" >DenyAll</A > <A HREF="#DENYGROUP" >DenyGroup</A > <A HREF="#DENYUSER" >DenyUser</A > <A HREF="#FILERATIOERRMSG" >FileRatioErrMsg</A > <A HREF="#GROUPRATIO" >GroupRatio</A > <A HREF="#HIDDENSTORES" >HiddenStores</A > <A HREF="#HOSTRATIO" >HostRatio</A > <A HREF="#IGNOREHIDDEN" >IgnoreHidden</A > <A HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" >LDAPHomedirOnDemandPrefixNoUsername</A > <A HREF="#LEECHRATIOMSG" >LeechRatioMsg</A > <A HREF="#ORDER" >Order</A > <A HREF="#RATIOFILE" >RatioFile</A > <A HREF="#RATIOTEMPFILE" >RatioTempFile</A > <A HREF="#RATIOS" >Ratios</A > <A HREF="#REWRITECONDITION" >RewriteCondition</A > <A HREF="#REWRITEENGINE" >RewriteEngine</A > <A HREF="#REWRITELOCK" >RewriteLock</A > <A HREF="#REWRITELOG" >RewriteLog</A > <A HREF="#REWRITEMAP" >RewriteMap</A > <A HREF="#REWRITERULE" >RewriteRule</A > <A HREF="#SQLAUTHENTICATE" >SQLAuthenticate</A > <A HREF="#SQLAUTHORITATIVE" >SQLAuthoritative</A > <A HREF="#SQLDEFAULTHOMEDIR" >SQLDefaultHomedir</A > <A HREF="#SQLGIDFIELD" >SQLGidField</A > <A HREF="#SQLGROUPGIDFIELD" >SQLGroupGIDField</A > <A HREF="#SQLGROUPINFO" >SQLGroupInfo</A > <A HREF="#SQLGROUPWHERECLAUSE" >SQLGroupWhereClause</A > <A HREF="#SQLHOMEDIR" >SQLHomedir</A > <A HREF="#SQLHOMEDIRFIELD" >SQLHomedirField</A > <A HREF="#SQLLOG" >SQLLog</A > <A HREF="#SQLLOGDIRS" >SQLLogDirs</A > <A HREF="#SQLLOGFILE" >SQLLogFile</A > <A HREF="#SQLLOGHITS" >SQLLogHits</A > <A HREF="#SQLLOGHOSTS" >SQLLogHosts</A > <A HREF="#SQLLOGSTATS" >SQLLogStats</A > <A HREF="#SQLLOGINCOUNTFIELD" >SQLLoginCountField</A > <A HREF="#SQLMINUSERGID" >SQLMinUserGID</A > <A HREF="#SQLMINUSERUID" >SQLMinUserUID</A > <A HREF="#SQLNAMEDQUERY" >SQLNamedQuery</A > <A HREF="#SQLPASSWORDFIELD" >SQLPasswordField</A > <A HREF="#SQLPROCESSGRENT" >SQLProcessGrEnt</A > <A HREF="#SQLPROCESSPWENT" >SQLProcessPwEnt</A > <A HREF="#SQLSHOWINFO" >SQLShowInfo</A > <A HREF="#SQLUIDFIELD" >SQLUidField</A > <A HREF="#SQLUSERINFO" >SQLUserInfo</A > <A HREF="#SQLUSERTABLE" >SQLUserTable</A > <A HREF="#SQLUSERWHERECLAUSE" >SQLUserWhereClause</A > <A HREF="#SQLUSERNAMEFIELD" >SQLUsernameField</A > <A HREF="#SAVERATIOS" >SaveRatios</A > <A HREF="#TLSCACERTIFICATEFILE" >TLSCACertificateFile</A > <A HREF="#TLSCACERTIFICATEPATH" >TLSCACertificatePath</A > <A HREF="#TLSCAREVOCATIONFILE" >TLSCARevocationFile</A > <A HREF="#TLSCAREVOCATIONPATH" >TLSCARevocationPath</A > <A HREF="#TLSCERTIFICATECHAINFILE" >TLSCertificateChainFile</A > <A HREF="#TLSCIPHERSUITE" >TLSCipherSuite</A > <A HREF="#TLSDHPARAMFILE" >TLSDHParamFile</A > <A HREF="#TLSDSACERTIFICATEFILE" >TLSDSACertificateFile</A > <A HREF="#TLSDSACERTIFICATEKEYFILE" >TLSDSACertificateKeyFile</A > <A HREF="#TLSENGINE" >TLSEngine</A > <A HREF="#TLSLOG" >TLSLog</A > <A HREF="#TLSOPTIONS" >TLSOptions</A > <A HREF="#TLSPROTOCOL" >TLSProtocol</A > <A HREF="#TLSRSACERTIFICATEFILE" >TLSRSACertificateFile</A > <A HREF="#TLSRSACERTIFICATEKEYFILE" >TLSRSACertificateKeyFile</A > <A HREF="#TLSRANDOMSEED" >TLSRandomSeed</A > <A HREF="#TLSRENEGOTIATE" >TLSRenegotiate</A > <A HREF="#TLSREQUIRED" >TLSRequired</A > <A HREF="#TLSVERIFYCLIENT" >TLSVerifyClient</A > <A HREF="#TLSVERIFYDEPTH" >TLSVerifyDepth</A > <A HREF="#USERRATIO" >UserRatio</A > </P ></DIV ><H1 ><A NAME="CONTEXT-FTPACCESS" ></A > .ftpaccess</H1 ><DIV CLASS="REFNAMEDIV" ><A NAME="AEN12989" ></A ><H2 >Name</H2 >.ftpaccess -- .ftpaccess</DIV ><DIV CLASS="REFSYNOPSISDIV" ><A NAME="AEN12992" ></A ><H2 >Synopsis</H2 ><P ><B CLASS="COMMAND" >.ftpaccess</B > </P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12995" ></A ><H2 >Description</H2 ><P >FIXME FIXME FIXME</P ></DIV ><DIV CLASS="REFSECT1" ><A NAME="AEN12998" ></A ><H2 >See also</H2 ><P ><A HREF="#ALLOWALL" >AllowAll</A > <A HREF="#ALLOWFILTER" >AllowFilter</A > <A HREF="#ALLOWOVERWRITE" >AllowOverwrite</A > <A HREF="#ALLOWRETRIEVERESTART" >AllowRetrieveRestart</A > <A HREF="#ALLOWSTORERESTART" >AllowStoreRestart</A > <A HREF="#ANONRATIO" >AnonRatio</A > <A HREF="#BYTERATIOERRMSG" >ByteRatioErrMsg</A > <A HREF="#CWDRATIOMSG" >CwdRatioMsg</A > <A HREF="#DELETEABORTEDSTORES" >DeleteAbortedStores</A > <A HREF="#DENYALL" >DenyAll</A > <A HREF="#DENYFILTER" >DenyFilter</A > <A HREF="#DIRFAKEGROUP" >DirFakeGroup</A > <A HREF="#DIRFAKEUSER" >DirFakeUser</A > <A HREF="#FILERATIOERRMSG" >FileRatioErrMsg</A > <A HREF="#GROUPOWNER" >GroupOwner</A > <A HREF="#GROUPRATIO" >GroupRatio</A > <A HREF="#HIDDENSTORES" >HiddenStores</A > <A HREF="#HIDEFILES" >HideFiles</A > <A HREF="#HOSTRATIO" >HostRatio</A > <A HREF="#LDAPHOMEDIRONDEMANDPREFIXNOUSERNAME" >LDAPHomedirOnDemandPrefixNoUsername</A > <A HREF="#LEECHRATIOMSG" >LeechRatioMsg</A > <A HREF="#LIMIT" >Limit</A > <A HREF="#LISTOPTIONS" >ListOptions</A > <A HREF="#MAXRETRIEVEFILESIZE" >MaxRetrieveFileSize</A > <A HREF="#MAXSTOREFILESIZE" >MaxStoreFileSize</A > <A HREF="#RATIOFILE" >RatioFile</A > <A HREF="#RATIOTEMPFILE" >RatioTempFile</A > <A HREF="#RATIOS" >Ratios</A > <A HREF="#REWRITECONDITION" >RewriteCondition</A > <A HREF="#REWRITEENGINE" >RewriteEngine</A > <A HREF="#REWRITELOCK" >RewriteLock</A > <A HREF="#REWRITELOG" >RewriteLog</A > <A HREF="#REWRITEMAP" >RewriteMap</A > <A HREF="#REWRITERULE" >RewriteRule</A > <A HREF="#SQLAUTHENTICATE" >SQLAuthenticate</A > <A HREF="#SQLAUTHORITATIVE" >SQLAuthoritative</A > <A HREF="#SQLDEFAULTHOMEDIR" >SQLDefaultHomedir</A > <A HREF="#SQLGIDFIELD" >SQLGidField</A > <A HREF="#SQLGROUPGIDFIELD" >SQLGroupGIDField</A > <A HREF="#SQLGROUPINFO" >SQLGroupInfo</A > <A HREF="#SQLGROUPWHERECLAUSE" >SQLGroupWhereClause</A > <A HREF="#SQLHOMEDIR" >SQLHomedir</A > <A HREF="#SQLHOMEDIRFIELD" >SQLHomedirField</A > <A HREF="#SQLLOG" >SQLLog</A > <A HREF="#SQLLOGDIRS" >SQLLogDirs</A > <A HREF="#SQLLOGFILE" >SQLLogFile</A > <A HREF="#SQLLOGHITS" >SQLLogHits</A > <A HREF="#SQLLOGHOSTS" >SQLLogHosts</A > <A HREF="#SQLLOGSTATS" >SQLLogStats</A > <A HREF="#SQLLOGINCOUNTFIELD" >SQLLoginCountField</A > <A HREF="#SQLMINUSERGID" >SQLMinUserGID</A > <A HREF="#SQLMINUSERUID" >SQLMinUserUID</A > <A HREF="#SQLNAMEDQUERY" >SQLNamedQuery</A > <A HREF="#SQLPASSWORDFIELD" >SQLPasswordField</A > <A HREF="#SQLPROCESSGRENT" >SQLProcessGrEnt</A > <A HREF="#SQLPROCESSPWENT" >SQLProcessPwEnt</A > <A HREF="#SQLSHOWINFO" >SQLShowInfo</A > <A HREF="#SQLUIDFIELD" >SQLUidField</A > <A HREF="#SQLUSERINFO" >SQLUserInfo</A > <A HREF="#SQLUSERTABLE" >SQLUserTable</A > <A HREF="#SQLUSERWHERECLAUSE" >SQLUserWhereClause</A > <A HREF="#SQLUSERNAMEFIELD" >SQLUsernameField</A > <A HREF="#SAVERATIOS" >SaveRatios</A > <A HREF="#STOREUNIQUEPREFIX" >StoreUniquePrefix</A > <A HREF="#TLSCACERTIFICATEFILE" >TLSCACertificateFile</A > <A HREF="#TLSCACERTIFICATEPATH" >TLSCACertificatePath</A > <A HREF="#TLSCAREVOCATIONFILE" >TLSCARevocationFile</A > <A HREF="#TLSCAREVOCATIONPATH" >TLSCARevocationPath</A > <A HREF="#TLSCERTIFICATECHAINFILE" >TLSCertificateChainFile</A > <A HREF="#TLSCIPHERSUITE" >TLSCipherSuite</A > <A HREF="#TLSDHPARAMFILE" >TLSDHParamFile</A > <A HREF="#TLSDSACERTIFICATEFILE" >TLSDSACertificateFile</A > <A HREF="#TLSDSACERTIFICATEKEYFILE" >TLSDSACertificateKeyFile</A > <A HREF="#TLSENGINE" >TLSEngine</A > <A HREF="#TLSLOG" >TLSLog</A > <A HREF="#TLSOPTIONS" >TLSOptions</A > <A HREF="#TLSPROTOCOL" >TLSProtocol</A > <A HREF="#TLSRSACERTIFICATEFILE" >TLSRSACertificateFile</A > <A HREF="#TLSRSACERTIFICATEKEYFILE" >TLSRSACertificateKeyFile</A > <A HREF="#TLSRANDOMSEED" >TLSRandomSeed</A > <A HREF="#TLSRENEGOTIATE" >TLSRenegotiate</A > <A HREF="#TLSREQUIRED" >TLSRequired</A > <A HREF="#TLSVERIFYCLIENT" >TLSVerifyClient</A > <A HREF="#TLSVERIFYDEPTH" >TLSVerifyDepth</A > <A HREF="#TRANSFERRATE" >TransferRate</A > <A HREF="#UMASK" >Umask</A > <A HREF="#USERRATIO" >UserRatio</A > </P ></DIV ></DIV ></DIV ></BODY ></HTML >