--- templates/proftpd.conf.template.in 2006-12-07 12:59:11.000000000 +0100 +++ templates/proftpd.conf.template.in.oden 2007-05-31 23:13:52.000000000 +0200 @@ -13,51 +13,144 @@ # this file is automatically written by the Kolab config backend # manual additions are lost unless made to the template in the Kolab config directory -ServerType standalone -DefaultServer on -Port 21 +# Includes DSO modules +Include /etc/proftpd.d/*.conf -PersistentPasswd off +# This is the directory where DSO modules resides -#AuthUserFile @ftpserver_confdir@/proftpd.passwd -#AuthGroupFile @ftpserver_confdir@/proftpd.group -LDAPServer @@@ldap_ip@@@ -LDAPDNinfo "@@@php_dn@@@" "@@@php_pw@@@" -LDAPDoAuth on "@@@base_dn@@@" "(uid=freebusy)" +ModulePath @libdir@/proftpd + +# Allow only user root to load and unload modules, but allow everyone +# to see which modules have been loaded + +ModuleControlsACLs insmod,rmmod allow user root +ModuleControlsACLs lsmod allow user * + +ServerName "ProFTPD Default Installation" +ServerType standalone +DeferWelcome off + +UseReverseDNS off +MultilineRFC2228 on +DefaultServer on +ShowSymlinks on + +TimeoutLogin 60 +TimeoutNoTransfer 60 +TimeoutStalled 600 +TimeoutIdle 60 + +DisplayLogin welcome.msg +DisplayChdir .message +ListOptions "-l" +DenyFilter \*.*/ +UseIPv6 Off +AllowOverwrite on +RequireValidShell no # need to switch over to kolab-n !! ScoreBoardFile @ftpserver_scoreboardfile@ -LDAPDefaultUID @ftpserver_uid@ -LDAPForceDefaultUID on -LDAPDefaultGID @ftpserver_gid@ -LDAPForceDefaultGID on -LDAPGenerateHomedir on -LDAPGenerateHomedirPrefix /tmp +# Allow FTP resuming. +# Remember to set to off if you have an incoming ftp for upload. +AllowStoreRestart on + +# Port 21 is the standard FTP port. +Port 21 + +# In some cases you have to specify passive ports range to by-pass +# firewall limitations. Ephemeral ports can be used for that, but +# feel free to use a more narrow range. +#PassivePorts 49152 65534 + +# To prevent DoS attacks, set the maximum number of child processes +# to 30. If you need to allow more than 30 concurrent connections +# at once, simply increase this value. Note that this ONLY works +# in standalone mode, in inetd mode you should use an inetd server +# that allows you to limit maximum number of processes per service +# (such as xinetd) +MaxInstances 40 -MaxInstances 40 +# Set the user and group under which the server will run. User @ftpserver_usr@ Group @ftpserver_grp@ -Umask 022 -UseReverseDNS off -MultilineRFC2228 on -ShowSymlinks on -AllowOverwrite on -RequireValidShell no -ListOptions "-l" - -TimeoutLogin 60 -TimeoutNoTransfer 60 -TimeoutStalled 60 -TimeoutIdle 60 +# Umask 022 is a good standard umask to prevent new files and dirs +# (second parm) from being group and world writable. +Umask 022 022 + +# To cause every FTP user to be "jailed" (chrooted) into their home +# directory, uncomment this line. +#DefaultRoot ~ + +# Normally, we want files to be overwriteable. +AllowOverwrite on + +# Uncomment this if you are using NIS or LDAP to retrieve passwords: +PersistentPasswd off + +# Be warned: use of this directive impacts CPU average load! +# +# Uncomment this if you like to see progress and transfer rate with ftpwho +# in downloads. That is not needed for uploads rates. +#UseSendFile off LogFormat default "%h %l %u %t \"%r\" %s %b" LogFormat auth "%v [%P] %h %t \"%r\" %s" LogFormat write "%h %l %u %t \"%r\" %s %b" SystemLog @ftpserver_logfile@ +TransferLog @ftpserver_logfile@ + +<IfModule mod_tls.c> + TLSEngine off +</IfModule> + +<IfModule mod_quota.c> + QuotaEngine on +</IfModule> + +<IfModule mod_ratio.c> + Ratios on +</IfModule> + +# Delay engine reduces impact of the so-called Timing Attack described in +# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02 +# It is on by default. +<IfModule mod_delay.c> + DelayEngine on +</IfModule> + +<IfModule mod_ctrls.c> + ControlsEngine on + ControlsMaxClients 2 + ControlsLog /var/log/proftpd/controls.log + ControlsInterval 5 + ControlsSocket /var/run/proftpd/proftpd.sock +</IfModule> + +<IfModule mod_ctrls_admin.c> + AdminControlsEngine on +</IfModule> + +# Bar use of SITE CHMOD by default +<Limit SITE_CHMOD> + DenyAll +</Limit> + +#AuthUserFile @ftpserver_confdir@/proftpd.passwd +#AuthGroupFile @ftpserver_confdir@/proftpd.group +LDAPServer @@@ldap_ip@@@ +LDAPDNinfo "@@@php_dn@@@" "@@@php_pw@@@" +LDAPDoAuth on "@@@base_dn@@@" "(uid=freebusy)" + +LDAPDefaultUID @ftpserver_uid@ +LDAPForceDefaultUID on +LDAPDefaultGID @ftpserver_gid@ +LDAPForceDefaultGID on +LDAPGenerateHomedir on +LDAPGenerateHomedirPrefix /tmp -DefaultRoot @webserver_document_root@/freebusy/cache +DefaultRoot @localstatedir@/kolab/freebusy/cache <Global> IdentLookups off