############################################################
Configuration file for pure-ftpd wrappers
############################################################
If you want to run Pure-FTPd with this configuration
instead of command-line options, please run the
following command :
#
/www/server/pure-ftpd/sbin/pure-config.pl /www/server/pure-ftpd/etc/pure-ftpd.conf
#
Please don't forget to have a look at documentation at
options.
Cage in every user in his home directory
ChrootEveryone yes
If the previous option is set to "no", members of the following group
won't be caged. Others will be. If you don't want chroot()ing anyone,
just comment out ChrootEveryone and TrustedGID.
TrustedGID 100
Turn on compatibility hacks for broken clients
BrokenClientsCompatibility no
Maximum number of simultaneous users
MaxClientsNumber 50
Fork in background
Daemonize yes
Maximum number of sim clients with the same IP address
MaxClientsPerIP 10
If you want to log all client commands, set this to "yes".
This directive can be duplicated to also log server responses.
VerboseLog yes
List dot-files even when the client doesn't send "-a".
DisplayDotFiles yes
Don't allow authenticated users - have a public anonymous FTP only.
AnonymousOnly no
Disallow anonymous connections. Only allow authenticated users.
NoAnonymous yes
Syslog facility (auth, authpriv, daemon, ftp, security, user, local*)
The default facility is "ftp". "none" disables logging.
SyslogFacility ftp
Display fortune cookies
FortunesFile /usr/share/fortune/zippy
Don't resolve host names in log files. Logs are less verbose, but
it uses less bandwidth. Set this to "yes" on very busy servers or
if you don't have a working DNS.
DontResolve yes
Maximum idle time in minutes (default = 15 minutes)
MaxIdleTime 15
LDAP configuration file (see README.LDAP)
LDAPConfigFile /etc/pureftpd-ldap.conf
MySQL configuration file (see README.MySQL)
#MySQLConfigFile /www/server/pure-ftpd/etc/pureftpd-mysql.conf
Postgres configuration file (see README.PGSQL)
PGSQLConfigFile /etc/pureftpd-pgsql.conf
PureDB user database (see README.Virtual-Users)
PureDB /www/server/pure-ftpd/etc/pureftpd.pdb
Path to pure-authd socket (see README.Authentication-Modules)
ExtAuth /var/run/ftpd.sock
If you want to enable PAM authentication, uncomment the following line
PAMAuthentication yes
If you want simple Unix (/etc/passwd) authentication, uncomment this
UnixAuthentication no
Please note that LDAPConfigFile, MySQLConfigFile, PAMAuthentication and
UnixAuthentication can be used only once, but they can be combined
together. For instance, if you use MySQLConfigFile, then UnixAuthentication,
the SQL server will be asked. If the SQL authentication fails because the
user wasn't found, another try # will be done with /etc/passwd and
/etc/shadow. If the SQL authentication fails because the password was wrong,
the authentication chain stops here. Authentication methods are chained in
the order they are given.
'ls' recursion limits. The first argument is the maximum number of
files to be displayed. The second one is the max subdirectories depth
LimitRecursion 20000 8
Are anonymous users allowed to create new directories ?
AnonymousCanCreateDirs no
If the system is more loaded than the following value,
anonymous users aren't allowed to download.
MaxLoad 4
Port range for passive connections replies. - for firewalling.
PassivePortRange 39000 40000
Force an IP address in PASV/EPSV/SPSV replies. - for NAT.
Symbolic host names are also accepted for gateways with dynamic IP
addresses.
ForcePassiveIP 192.168.0.1
Upload/download ratio for anonymous users.
AnonymousRatio 1 10
Upload/download ratio for all users.
This directive superscedes the previous one.
UserRatio 1 10
Disallow downloading of files owned by "ftp", ie.
files that were uploaded but not validated by a local admin.
AntiWarez yes
IP address/port to listen to (default=all IP and port 21).
Bind 0.0.0.0,21
Maximum bandwidth for anonymous users in KB/s
AnonymousBandwidth 8
Maximum bandwidth for all users (including anonymous) in KB/s
Use AnonymousBandwidth or UserBandwidth, both makes no sense.
UserBandwidth 8
File creation mask. <umask for files>:<umask for dirs> .
177:077 if you feel paranoid.
Umask 133:022
Minimum UID for an authenticated user to log in.
MinUID 100
Allow FXP transfers for authenticated users.
AllowUserFXP no
Allow anonymous FXP for anonymous and non-anonymous users.
AllowAnonymousFXP no
Users can't delete/write files beginning with a dot ('.')
even if they own them. If TrustedGID is enabled, this group
will have access to dot-files, though.
ProhibitDotFilesWrite no
Prohibit reading of files beginning with a dot (.history, .ssh...)
ProhibitDotFilesRead no
Never overwrite files. When a file whoose name already exist is uploaded,
it get automatically renamed to file.1, file.2, file.3, ...
AutoRename no
Disallow anonymous users to upload new files (no = upload is allowed)
AnonymousCantUpload no
Only connections to this specific IP address are allowed to be
non-anonymous. You can use this directive to open several public IPs for
anonymous FTP, and keep a private firewalled IP for remote administration.
You can also only allow a non-routable local IP (like 10.x.x.x) to
authenticate, and keep a public anon-only FTP server on another IP.
#TrustedIP 10.1.1.1
If you want to add the PID to every logged line, uncomment the following
line.
#LogPID yes
Create an additional log file with transfers logged in a Apache-like format :
fw.c9x.org - jedi [13/Dec/1975:19:36:39] "GET /ftp/linux.tar.bz2" 200 21809338
This log file can then be processed by www traffic analyzers.
AltLog clf:/var/log/pureftpd.log
Create an additional log file with transfers logged in a format optimized
for statistic reports.
AltLog stats:/var/log/pureftpd.log
Create an additional log file with transfers logged in the standard W3C
format (compatible with most commercial log analyzers)
AltLog w3c:/var/log/pureftpd.log
Disallow the CHMOD command. Users can't change perms of their files.
#NoChmod yes
Allow users to resume and upload files, but NOT to delete them.
#KeepAllFiles yes
Automatically create home directories if they are missing
CreateHomeDir no
Enable virtual quotas. The first number is the max number of files.
The second number is the max size of megabytes.
So 1000:10 limits every user to 1000 files and 10 Mb.
#Quota 1000:10
If your pure-ftpd has been compiled with standalone support, you can change
the location of the pid file. The default is /var/run/pure-ftpd.pid
PIDFile /var/run/pure-ftpd.pid
If your pure-ftpd has been compiled with pure-uploadscript support,
this will make pure-ftpd write info about new uploads to
/var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
spawn a script to handle the upload.
#CallUploadScript yes
This option is useful with servers where anonymous upload is
allowed. As /var/ftp is in /var, it save some space and protect
the log files. When the partition is more that X percent full,
new uploads are disallowed.
MaxDiskUsage 99
Set to 'yes' if you don't want your users to rename files.
#NoRename yes
Be 'customer proof' : workaround against common customer mistakes like
'chmod 0 public_html', that are valid, but that could cause ignorant
customers to lock their files, and then keep your technical support busy
with silly issues. If you're sure all your users have some basic Unix
knowledge, this feature is useless. If you're a hosting service, enable it.
CustomerProof yes
Per-user concurrency limits. It will only work if the FTP server has
been compiled with --with-peruserlimits (and this is the case on
most binary distributions) .
The format is : <max sessions per user>:<max anonymous sessions>
For instance, 3:20 means that the same authenticated user can have 3 active
sessions max. And there are 20 anonymous sessions max.
PerUserLimits 3:20
When a file is uploaded and there is already a previous version of the file
with the same name, the old file will neither get removed nor truncated.
Upload will take place in a temporary file and once the upload is complete,
the switch to the new version will be atomic. For instance, when a large PHP
script is being uploaded, the web server will still serve the old version and
immediatly switch to the new one as soon as the full file will have been
transfered. This option is incompatible with virtual quotas.
NoTruncate yes
This option can accept three values :
0 : disable SSL/TLS encryption layer (default).
1 : accept both traditional and encrypted sessions.
2 : refuse connections that don't use SSL/TLS security mechanisms,
including anonymous sessions.
Do not uncomment this blindly. Be sure that :
1) Your server has been compiled with SSL/TLS support (--with-tls),
2) A valid certificate is in place,
3) Only compatible clients will log in.
TLS 1
Listen only to IPv4 addresses in standalone mode (ie. disable IPv6)
By default, both IPv4 and IPv6 are enabled.
IPV4Only yes
Listen only to IPv6 addresses in standalone mode (ie. disable IPv4)
By default, both IPv4 and IPv6 are enabled.
IPV6Only yes
UTF-8 support for file names (RFC 2640)
Define charset of the server filesystem and optionnally the default charset
for remote clients if they don't use UTF-8.
Works only if pure-ftpd has been compiled with --with-rfc2640
FileSystemCharset big5
ClientCharset big5
AllowOverwrite on
AllowStoreRestart on