1. Introduction

2. Useful resources

3. Getting the package

4. Configuration

5. Running from xinetd

1. Introduction

I'm using ProFTP as a local ftp-server. This means that it's only accessible by hosts that reside on my LAN. I have no intention nor any use to make it public. As a consequence, it's not really such a topic to secure it all the way down. Keep in mind that the setup I use is absolutely NOT suitable for a open-wide-public ftp-server.

Maybe one word about the use as a local ftp-server. I use this ftp-server to upload the backup-files I make on every host. One could say that this can also be done with either Samba or NFS but ftp has the advantage that it's easily accessible from almost every host, no mather what OS it's running. To upload the files, I use ncftpput with this syntax (take a look at the man-page for more details) :
ncftpput -u myuploaduser -p verysecret -V -DD . /var/backup/home.tar.gz

2. Useful resources

The homepage of ProFTP

3. Getting the packages / Install

Allthough there are some RPM's available, I prefer to install it from source. You can easily download it from the ProFTP homepage (there's a link in the upper-left corner to the most recent version). Copy the file to the place where you normally install your packages.

First unpack it with :
tar -zxvf proftp.tar.gz
This will result in a directory proftp. Change to this directory and run the configure script with --enable-shadow to make sure ProFTP can make use of the shadow-password facility. Afterwards, run the usual make and make install options.
cd proftp
./configure --enable-shadow
make install

4. Configuration

By default, ProFTP will place it's configuration file in /usr/local/etc. I really hate this. You can either start ProFTP with a configurationfile-directive
proftpd -c <my-config-file>
or you just place a link to /etc (where normally all config-files should be placed). I prefer the 'link'-way, this way you can start ProFTP either as standalone or from inetd/xinetd. Linking is easy
ln -s /usr/local/etc/proftpd.conf /etc/proftpd.conf
Open up the proftpd.conf with your favorite editor. Below is my config-file.
Example of proftpd.conf

ServerName "Cudeso FTP"
ServerType inetd
DefaultServer on

SystemLog /var/log/proftp
Port 21
Umask 006
MaxInstances 30

User nobody
Group nobody

RequireValidShell off

# Normally, we want files to be overwriteable.
<Directory /*>
   AllowOverwrite on
ServerName is quite obvious..not?

With ServerType you can specify wether ProFTP runs as standalone or from inetd/xinetd. When you're running a small site with little connections, I suggest inetd. This way ProFTP doesn't take up CPU-cycles when nobody's connected to your site. On the other hand, when there's high traffic, it could be best to use standalone-mode. One major disadvantage from inetd/xinetd is that everytime there's a new connection, the inetd daemon needs to start another process. This is not the case with standalone. Possible settings for this are standalone or inetd

SystemLog instructs ProFTP to log to the file /var/log/proftp. By default, ProFTP will output his logs to the syslogger.

DefaultServer takes care of all connections not directly for a specified ftp-server

Port, Umask and MaxInstances are obvious. One word maybe about MaxInstances. Don't make this figure to high otherwise you could find yourself a victim to DOS-attack.

User and Group are the user and group as which ProFTP needs to run (doesn't this make

With RequireValidShell you can allow users to connect without them having a valid shell on the local machine.

5. Running from xinetd

I had quite some problems starting ProFTP from xinetd. Finally I got it to work with putting stuff from tftp, wu-ftp and my inspiration together. This is what came up (and works on my LAN).
example of ProFTP startup file in /etc/xinetd.d

service ftp
   flags = REUSE
   socket_type = stream
   instances = 50
   wait = no
   user = root
   server = /usr/local/sbin/proftpd
   bind =
   log_on_success = HOST PID
   log_on_failure = HOST RECORD
Just place this file in the directory /etc/xinetd.d and it should start with the restart of xinetd. >