• Jérome Perrin's avatar
    proftpd: create all files in instance · afac6e04
    Jérome Perrin authored
    Some files and sockets where created in their default location, which
    was in the software.
    As a result, this software was working only on webrunner or testnodes,
    which uses same unix user for software and instance.
    afac6e04
proftpd-config-file.cfg.in 1.59 KB
ServerName "ProFTPD SlapOS"
ServerType standalone
MaxInstances  30
DefaultAddress {{ proftpd['ipv6'] }} {{ proftpd['ipv4']}}
SocketBindTight on
DefaultServer off
Port {{ proftpd['sftp-port'] }}

User {{ proftpd['user'] }}
Group {{ proftpd['group'] }}

ScoreboardFile {{ proftpd['scoreboard-file'] }}
PidFile {{ proftpd['pid-file'] }}

Umask 022
AllowOverwrite on

# SFTP
SFTPEngine on
SFTPHostKey {{ proftpd['ssh-host-rsa-key'] }}
SFTPHostKey {{ proftpd['ssh-host-dsa-key'] }}
SFTPHostKey {{ proftpd['ssh-host-ecdsa-key'] }}
#SFTPAuthorizedUserKeys file:{{ proftpd['ssh-authorized-keys-dir'] }}%u


# Logging
TransferLog {{ proftpd['xfer-log'] }}
SFTPLog {{ proftpd['sftp-log'] }}
BanLog {{ proftpd['ban-log'] }}


# Virtual users
RequireValidShell off
AuthUserFile {{ proftpd['auth-user-file'] }}


# Prevent partially uploaded files to be visible
HiddenStores on
DeleteAbortedStores on
AllowStoreRestart off


# Limitations of running as non-root user
WtmpLog off
# ( we cannot use DefaultRoot ~ )

# Prevent user for escaping their home
<Directory />
  <Limit ALL>
    DenyAll
  </Limit>
</Directory>

<Directory {{ proftpd['data-dir'] }}>
  <Limit ALL>
    AllowAll
  </Limit>
</Directory>



# Ban failed logins
MaxLoginAttempts 1
BanEngine on
BanTable {{ proftpd['ban-table'] }}
# 5 failed login attemps in 5 minutes -> ban for 20 minutes
BanOnEvent MaxLoginAttempts 5/00:05:00 00:20:00 "Too many Failed Login Attempts"
BanControlsACLs all allow user {{ proftpd['user'] }}
# This depends on a control socket
ControlsSocket {{ proftpd['control-socket'] }}
ControlsSocketOwner {{ proftpd['user'] }} {{ proftpd['group'] }}