# This is a basic ProFTPD configuration file (rename it to 
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName		"ProFTPD"
ServerType		standalone
DefaultServer		on

# Port 21 is the standard FTP port.
Port			21

# FireWall PortRange for PASV
PassivePorts		40000 40999

# Set DebugLevel to values between 0 and 9
# default is 0
DebugLevel		0

# SystemLog -- Redirect syslogging to a file
SystemLog		/var/log/proftpd/proftpd.log

# Don't use IPv6 support by default.
UseIPv6			off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask			022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
MaxInstances		30

# Set the user and group under which the server will run.
User			ftp
Group			ftp

# Some logging formats
LogFormat default	"%h %l %u %t \"%r\" %s %b"
LogFormat auth		"%v [%P] %h %t \"%r\" %s"
LogFormat write		"%h %l %u %t \"%r\" %s %b"

# ------------------------------
# Global Settings
# ------------------------------
<Global>

  # ------------------------------
  # Login
  # ------------------------------

	ServerIdent		on "FTP server ready"
	DeferWelcome		on
	#DisplayConnect		/etc/proftpd/msg

	<IfModule mod_ident.c>
	  IdentLookups		off
	</IfModule>
	UseFtpUsers		off
	RequireValidShell	off

	TimeoutLogin		60
	MaxLoginAttempts	3
	#MaxClientsPerHost	none
	#MaxClientsPerUser	1 "Only one connection at a time."

  # ------------------------------
  # Authentication
  # ------------------------------

	### PAM Authentication
	# AuthPAM: default: on
	AuthPAM			off

	# changed AuthPAMConfig file
	AuthPAMConfig		proftpd
	### PAM Authentication

	AuthUserFile		/etc/proftpd/auth/passwd
	AuthGroupFile		/etc/group

	### order of auth modules
	#AuthOrder		mod_auth_unix.c mod_auth_file.c
	AuthOrder		mod_auth_file.c

  # ------------------------------
  # Post-Login
  # ------------------------------

	DisplayLogin		welcome.msg
	DisplayChdir		.message
	AllowOverride		off

	TimeoutIdle		 600
	TimeoutNoTransfer	 900
	TimeoutStalled		 300
	TimeoutSession		3600

  # ------------------------------
  # Session
  # ------------------------------

	# To cause every FTP user to be "jailed" (chrooted) into their home
	# directory, uncomment this line.
	DefaultRoot		~ web,!users

	DenyFilter              \*.*/
	ListOptions             "-A +R" strict
	UseGlobbing             off

	ShowSymlinks            on
	TimesGMT                on

  # ------------------------------
  # Up- & Download
  # ------------------------------

	# having to delete before uploading is a pain ;)
	AllowOverwrite		on
	AllowRetrieveRestart	on
	HiddenStores		on
	DeleteAbortedStores	on
	#AllowStoreRestart	off	# is contrary to "DeleteAbortedStores"

  # ------------------------------
  # Logging
  # ------------------------------

	WtmpLog			off
	TransferLog		/var/log/proftpd/xferlog

	# Record all logins
	ExtendedLog		/var/log/proftpd/auth.log AUTH auth

	# Logging file/dir access
	ExtendedLog		/var/log/proftpd/access.log WRITE,READ write

	# Paranoia logging level....
	ExtendedLog		/var/log/proftpd/paranoid.log ALL default

	# SQLLogFile
	#SQLLogFile		/var/log/proftpd/SQL.log
</Global>

# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
  DenyAll
</Limit>

#####
# Include other confs, e.g. tls.conf
#Include			/etc/proftpd/conf.d/*.conf

#####

# ------------------------------
# Anonymous Settings
# ------------------------------
# A basic anonymous configuration, no upload directories.  If you do not
# want anonymous users, simply delete this entire <Anonymous> section.
<Anonymous ~ftp>
	# Limit LOGIN
	#<Limit LOGIN>
	#	Order Allow,Deny
	#	Allow from .examples.net,113.141.114.1
	#	Deny from All
	#</Limit>

	## or 'Include' a limit file with rules
	## include one file and use more than once ;)
	#<Limit LOGIN>
	#	Order Allow,Deny
	#	Include /etc/proftpd/includes/limit.conf
	#	Deny from All
	#</Limit>

	# Limit WRITE everywhere in the anonymous chroot
	<Limit WRITE>
		DenyAll
	</Limit>

	# DirFakeMode -- Hide real file/directory permissions
	DirFakeMode 0640

	# DirFakeUser -- Hide real file/directory owner
	DirFakeUser On

	# DirFakeGroup -- Hide real file/directory group
	DirFakeGroup On

  	# We want clients to be able to login with "anonymous" as well as "ftp"
	UserAlias		anonymous ftp

	# Limit the maximum number of anonymous logins
	MaxClients		10
	#MaxRetrieveFileSize	512 Mb

	# Limit Up/Downloads to 255 K/sec
	#TransferRate APPE,RETR,STOR,STOU	255

	# We want 'welcome.msg' displayed at login, and '.message' displayed
	# in each newly chdired directory.
	DisplayLogin		welcome.msg
	DisplayChdir		.message

	#<Directory pub>
	#  <Limit ALL>
	#	Order Allow,Deny
	#	Allow from .examples.net,113.141.114.1
	#	Deny from All
	#  </Limit>
	#</Directory>

	## or 'Include' a limit file with rules
	## include one file and use more than once ;)
	#<Directory pub>
	#  <Limit ALL>
	#	Order Allow,Deny
	#	Include /etc/proftpd/includes/limit.conf
	#	Deny from All
	#  </Limit>
	#</Directory>

	# An upload directory that allows storing files but not retrieving
	# or creating directories.
	#<Directory uploads/*>
	#  <Limit READ>
	#	DenyAll
	#  </Limit>
	#  <Limit STOR>
	#	AllowAll
	#  </Limit>
	#</Directory>
</Anonymous>