pure-ftpd.conf

1.  
2. ############################################################
3. # #
4. # Configuration file for pure-ftpd wrappers #
5. # #
6. ############################################################
7.  
8. # If you want to run Pure-FTPd with this configuration
9. # instead of command-line options, please run the
10. # following command :
11. #
12. # /usr/sbin/pure-config.pl /etc/pure-ftpd/pure-ftpd.conf
13. #
14. # Please don't forget to have a look at documentation at
15. # http://www.pureftpd.org/documentation.shtml for a complete list of
16. # options.
17.  
18. # Cage in every user in his home directory
19.  
20. ChrootEveryone yes
21.  
22.  
23.  
24. # If the previous option is set to "no", members of the following group
25. # won't be caged. Others will be. If you don't want chroot()ing anyone,
26. # just comment out ChrootEveryone and TrustedGID.
27.  
28. # TrustedGID 100
29.  
30.  
31.  
32. # Turn on compatibility hacks for broken clients
33.  
34. BrokenClientsCompatibility no
35.  
36.  
37.  
38. # Maximum number of simultaneous users
39.  
40. MaxClientsNumber 50
41.  
42.  
43.  
44. # Fork in background
45.  
46. Daemonize yes
47.  
48.  
49.  
50. # Maximum number of sim clients with the same IP address
51.  
52. MaxClientsPerIP 8
53.  
54.  
55.  
56. # If you want to log all client commands, set this to "yes".
57. # This directive can be duplicated to also log server responses.
58.  
59. VerboseLog yes
60.  
61.  
62.  
63. # List dot-files even when the client doesn't send "-a".
64.  
65. DisplayDotFiles no
66.  
67.  
68.  
69. # Don't allow authenticated users - have a public anonymous FTP only.
70.  
71. AnonymousOnly no
72.  
73.  
74.  
75. # Disallow anonymous connections. Only allow authenticated users.
76.  
77. NoAnonymous yes
78.  
79.  
80.  
81. # Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
82. # The default facility is "ftp". "none" disables logging.
83.  
84. SyslogFacility ftp
85.  
86.  
87.  
88. # Display fortune cookies
89.  
90. # FortunesFile /usr/share/fortune/zippy
91.  
92.  
93.  
94. # Don't resolve host names in log files. Logs are less verbose, but
95. # it uses less bandwidth. Set this to "yes" on very busy servers or
96. # if you don't have a working DNS.
97.  
98. DontResolve yes
99.  
100.  
101.  
102. # Maximum idle time in minutes (default = 15 minutes)
103.  
104. MaxIdleTime 15
105.  
106.  
107.  
108. # LDAP configuration file (see README.LDAP)
109.  
110. # LDAPConfigFile /etc/pure-ftpd/pureftpd-ldap.conf
111.  
112.  
113.  
114. # MySQL configuration file (see README.MySQL)
115.  
116. # MySQLConfigFile /etc/pure-ftpd/pureftpd-mysql.conf
117.  
118.  
119. # Postgres configuration file (see README.PGSQL)
120.  
121. # PGSQLConfigFile /etc/pure-ftpd/pureftpd-pgsql.conf
122.  
123.  
124. # PureDB user database (see README.Virtual-Users)
125.  
126. PureDB /etc/pure-ftpd/pureftpd.pdb
127.  
128.  
129. # Path to pure-authd socket (see README.Authentication-Modules)
130.  
131. # ExtAuth /var/run/ftpd.sock
132.  
133.  
134.  
135. # If you want to enable PAM authentication, uncomment the following line
136.  
137. # PAMAuthentication yes
138.  
139.  
140.  
141. # If you want simple Unix (/etc/passwd) authentication, uncomment this
142.  
143. # UnixAuthentication yes
144.  
145.  
146.  
147. # Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
148. # UnixAuthentication can be used only once, but they can be combined
149. # together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
150. # the SQL server will be asked. If the SQL authentication fails because the
151. # user wasn't found, another try # will be done with /etc/passwd and
152. # /etc/shadow. If the SQL authentication fails because the password was wrong,
153. # the authentication chain stops here. Authentication methods are chained in
154. # the order they are given.
155.  
156.  
157.  
158. # 'ls' recursion limits. The first argument is the maximum number of
159. # files to be displayed. The second one is the max subdirectories depth
160.  
161. LimitRecursion 10000 8
162.  
163.  
164.  
165. # Are anonymous users allowed to create new directories ?
166.  
167. AnonymousCanCreateDirs no
168.  
169.  
170.  
171. # If the system is more loaded than the following value,
172. # anonymous users aren't allowed to download.
173.  
174. MaxLoad 4
175.  
176.  
177.  
178. # Port range for passive connections replies. - for firewalling.
179.  
180. PassivePortRange 30000 50000
181.  
182.  
183.  
184. # Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
185. # Symbolic host names are also accepted for gateways with dynamic IP
186. # addresses.
187.  
188. # ForcePassiveIP 192.168.0.1
189.  
190.  
191.  
192. # Upload/download ratio for anonymous users.
193.  
194. # AnonymousRatio 1 10
195.  
196.  
197.  
198. # Upload/download ratio for all users.
199. # This directive superscedes the previous one.
200.  
201. # UserRatio 1 10
202.  
203.  
204.  
205. # Disallow downloading of files owned by "ftp", ie.
206. # files that were uploaded but not validated by a local admin.
207.  
208. # AntiWarez yes
209.  
210.  
211.  
212. # IP address/port to listen to (default=all IP and port 21).
213.  
214. # Bind 127.0.0.1,21
215.  
216.  
217.  
218. # Maximum bandwidth for anonymous users in KB/s
219.  
220. # AnonymousBandwidth 8
221.  
222.  
223.  
224. # Maximum bandwidth for *all* users (including anonymous) in KB/s
225. # Use AnonymousBandwidth *or* UserBandwidth, both makes no sense.
226.  
227. # UserBandwidth 8
228.  
229.  
230.  
231. # File creation mask. <umask for files>:<umask for dirs> .
232. # 177:077 if you feel paranoid.
233.  
234. Umask 133:022
235.  
236.  
237.  
238. # Minimum UID for an authenticated user to log in.
239.  
240. MinUID 100
241.  
242.  
243.  
244. # Allow FXP transfers for authenticated users.
245.  
246. AllowUserFXP no
247.  
248.  
249.  
250. # Allow anonymous FXP for anonymous and non-anonymous users.
251.  
252. AllowAnonymousFXP no
253.  
254.  
255.  
256. # Users can't delete/write files beginning with a dot ('.')
257. # even if they own them. If TrustedGID is enabled, this group
258. # will have access to dot-files, though.
259.  
260. ProhibitDotFilesWrite no
261.  
262.  
263.  
264. # Prohibit *reading* of files beginning with a dot (.history, .ssh...)
265.  
266. ProhibitDotFilesRead no
267.  
268.  
269.  
270. # Never overwrite files. When a file whose name already exist is uploaded,
271. # it get automatically renamed to file.1, file.2, file.3, ...
272.  
273. AutoRename no
274.  
275.  
276.  
277. # Disallow anonymous users to upload new files (no = upload is allowed)
278.  
279. AnonymousCantUpload no
280.  
281.  
282.  
283. # Only connections to this specific IP address are allowed to be
284. # non-anonymous. You can use this directive to open several public IPs for
285. # anonymous FTP, and keep a private firewalled IP for remote administration.
286. # You can also only allow a non-routable local IP (like 10.x.x.x) to
287. # authenticate, and keep a public anon-only FTP server on another IP.
288.  
289. #TrustedIP 10.1.1.1
290.  
291.  
292.  
293. # If you want to add the PID to every logged line, uncomment the following
294. # line.
295.  
296. #LogPID yes
297.  
298.  
299.  
300. # Create an additional log file with transfers logged in a Apache-like format :
301. # fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
302. # This log file can then be processed by www traffic analyzers.
303.  
304. # AltLog clf:/var/log/pureftpd.log
305.  
306.  
307.  
308. # Create an additional log file with transfers logged in a format optimized
309. # for statistic reports.
310.  
311. # AltLog stats:/var/log/pureftpd.log
312.  
313.  
314.  
315. # Create an additional log file with transfers logged in the standard W3C
316. # format (compatible with most commercial log analyzers)
317.  
318. # AltLog w3c:/var/log/pureftpd.log
319.  
320.  
321.  
322. # Disallow the CHMOD command. Users can't change perms of their files.
323.  
324. #NoChmod yes
325.  
326.  
327.  
328. # Allow users to resume and upload files, but *NOT* to delete them.
329.  
330. #KeepAllFiles yes
331.  
332.  
333.  
334. # Automatically create home directories if they are missing
335.  
336. CreateHomeDir yes
337.  
338.  
339.  
340. # Enable virtual quotas. The first number is the max number of files.
341. # The second number is the max size of megabytes.
342. # So 1000:10 limits every user to 1000 files and 10 Mb.
343.  
344. #Quota 1000:10
345.  
346.  
347.  
348. # If your pure-ftpd has been compiled with standalone support, you can change
349. # the location of the pid file. The default is /var/run/pure-ftpd.pid
350.  
351. PIDFile /var/run/pure-ftpd.pid
352.  
353.  
354.  
355. # If your pure-ftpd has been compiled with pure-uploadscript support,
356. # this will make pure-ftpd write info about new uploads to
357. # /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
358. # spawn a script to handle the upload.
359. # Don't enable this option if you don't actually use pure-uploadscript.
360.  
361. #CallUploadScript yes
362.  
363.  
364.  
365. # This option is useful with servers where anonymous upload is
366. # allowed. As /var/ftp is in /var, it save some space and protect
367. # the log files. When the partition is more that X percent full,
368. # new uploads are disallowed.
369.  
370. #MaxDiskUsage 99
371.  
372.  
373.  
374. # Set to 'yes' if you don't want your users to rename files.
375.  
376. #NoRename yes
377.  
378.  
379.  
380. # Be 'customer proof' : workaround against common customer mistakes like
381. # 'chmod 0 public_html', that are valid, but that could cause ignorant
382. # customers to lock their files, and then keep your technical support busy
383. # with silly issues. If you're sure all your users have some basic Unix
384. # knowledge, this feature is useless. If you're a hosting service, enable it.
385.  
386. CustomerProof yes
387.  
388.  
389.  
390. # Per-user concurrency limits. It will only work if the FTP server has
391. # been compiled with --with-peruserlimits (and this is the case on
392. # most binary distributions) .
393. # The format is : <max sessions per user>:<max anonymous sessions>
394. # For instance, 3:20 means that the same authenticated user can have 3 active
395. # sessions max. And there are 20 anonymous sessions max.
396.  
397. # PerUserLimits 3:20
398.  
399.  
400.  
401. # When a file is uploaded and there is already a previous version of the file
402. # with the same name, the old file will neither get removed nor truncated.
403. # Upload will take place in a temporary file and once the upload is complete,
404. # the switch to the new version will be atomic. For instance, when a large PHP
405. # script is being uploaded, the web server will still serve the old version and
406. # immediatly switch to the new one as soon as the full file will have been
407. # transfered. This option is incompatible with virtual quotas.
408.  
409. # NoTruncate yes
410.  
411.  
412.  
413. # This option can accept three values :
414. # 0 : disable SSL/TLS encryption layer (default).
415. # 1 : accept both traditional and encrypted sessions.
416. # 2 : refuse connections that don't use SSL/TLS security mechanisms,
417. # including anonymous sessions.
418. # Do _not_ uncomment this blindly. Be sure that :
419. # 1) Your server has been compiled with SSL/TLS support (--with-tls),
420. # 2) A valid certificate is in place,
421. # 3) Only compatible clients will log in.
422.  
423. # TLS 1
424.  
425.  
426. # OpenSSL ciphers suite for TLS sessions.
427. # Prefix with -C: in order to require valid client certificates.
428. # If -C: is used, make sure that clients' public keys are installed
429. # on the server.
430. # SSL is disabled by default. TLS 1.0, 1.1 and 1.2 are availale by
431. # default.
432.  
433. # TLSCipherSuite HIGH
434.  
435.  
436.  
437. # Certificate file, for TLS
438.  
439. # CertFile /etc/ssl/private/pure-ftpd.pem
440.  
441.  
442.  
443. # Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
444. # By default, both IPv4 and IPv6 are enabled.
445.  
446. IPV4Only yes
447.  
448.  
449.  
450. # Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
451. # By default, both IPv4 and IPv6 are enabled.
452.  
453. # IPV6Only yes
454.  
455. # UTF-8 support for file names (RFC 2640)
456. # Define charset of the server filesystem and optionnally the default charset
457. # for remote clients if they don't use UTF-8.
458. # Works only if pure-ftpd has been compiled with --with-rfc2640
459.  
460. # FileSystemCharset big5
461. # ClientCharset big5