KOLAB_META_START TARGET=/etc/proftpd.conf PERMISSIONS=0640 OWNERSHIP=root:root KOLAB_META_END # (c) 2003 Tassilo Erlewein <tassilo.erlewein@erfrakon.de> # (c) 2003 Martin Konold <martin.konold@erfrakon.de> # (c) 2003 Achim Frank <achim.frank@erfrakon.de> # This program is Free Software under the GNU General Public License (>=v2). # Read the file COPYING that comes with this packages for details. # this file is automatically written by the Kolab config backend # manual additions are lost unless made to the template in the Kolab config directory # Includes DSO modules Include /etc/proftpd.d/*.conf # This is the directory where DSO modules resides ModulePath /usr/lib64/proftpd # Allow only user root to load and unload modules, but allow everyone # to see which modules have been loaded ModuleControlsACLs insmod,rmmod allow user root ModuleControlsACLs lsmod allow user * ServerName "ProFTPD Default Installation" ServerType standalone DeferWelcome off UseReverseDNS off MultilineRFC2228 on DefaultServer on ShowSymlinks on TimeoutLogin 60 TimeoutNoTransfer 60 TimeoutStalled 600 TimeoutIdle 60 DisplayLogin welcome.msg DisplayChdir .message ListOptions "-l" DenyFilter \*.*/ UseIPv6 Off AllowOverwrite on RequireValidShell no # need to switch over to kolab-n !! ScoreBoardFile /var/run/proftpd/proftpd.scoreboard # Allow FTP resuming. # Remember to set to off if you have an incoming ftp for upload. AllowStoreRestart on # Port 21 is the standard FTP port. Port 21 # In some cases you have to specify passive ports range to by-pass # firewall limitations. Ephemeral ports can be used for that, but # feel free to use a more narrow range. #PassivePorts 49152 65534 # To prevent DoS attacks, set the maximum number of child processes # to 30. If you need to allow more than 30 concurrent connections # at once, simply increase this value. Note that this ONLY works # in standalone mode, in inetd mode you should use an inetd server # that allows you to limit maximum number of processes per service # (such as xinetd) MaxInstances 40 # Set the user and group under which the server will run. User nobody Group nogroup # Umask 022 is a good standard umask to prevent new files and dirs # (second parm) from being group and world writable. Umask 022 022 # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ # Normally, we want files to be overwriteable. AllowOverwrite on # Uncomment this if you are using NIS or LDAP to retrieve passwords: PersistentPasswd off # Be warned: use of this directive impacts CPU average load! # # Uncomment this if you like to see progress and transfer rate with ftpwho # in downloads. That is not needed for uploads rates. #UseSendFile off LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" SystemLog /var/log/proftpd/proftpd.log TransferLog /var/log/proftpd/proftpd.log <IfModule mod_tls.c> TLSEngine off </IfModule> <IfModule mod_quota.c> QuotaEngine on </IfModule> <IfModule mod_ratio.c> Ratios on </IfModule> # Delay engine reduces impact of the so-called Timing Attack described in # http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 # It is on by default. <IfModule mod_delay.c> DelayEngine on </IfModule> <IfModule mod_ctrls.c> ControlsEngine on ControlsMaxClients 2 ControlsLog /var/log/proftpd/controls.log ControlsInterval 5 ControlsSocket /var/run/proftpd/proftpd.sock </IfModule> <IfModule mod_ctrls_admin.c> AdminControlsEngine on </IfModule> # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> #AuthUserFile /etc/proftpd.passwd #AuthGroupFile /etc/proftpd.group LDAPServer @@@ldap_ip@@@ LDAPDNinfo "@@@php_dn@@@" "@@@php_pw@@@" LDAPDoAuth on "@@@base_dn@@@" "(uid=freebusy)" LDAPDefaultUID 65534 LDAPForceDefaultUID on LDAPDefaultGID 65534 LDAPForceDefaultGID on LDAPGenerateHomedir on LDAPGenerateHomedirPrefix /tmp DefaultRoot /var/lib/kolab/freebusy/cache <Global> IdentLookups off DeferWelcome off WTmpLog off </Global> <Directory /*> AllowOverwrite on <Limit STOR> AllowAll </Limit> <Limit WRITE READ DIRS> IgnoreHidden on DenyAll </Limit> </Directory>