**uFTP - FTP Server configuration**
uFTP server can be configured with the "uftpd.cfg" configuration file, the location of the file can be either on the same path of the binary application or under "/etc/uftpd.cfg".
Here below a sample "uftpd.cfg" configuration file.
#FTP CONFIGURATION SAMPLE "/etc/uftpd.cfg"
#######################################################
# UFTP SERVER SETTINGS #
#######################################################
#MAXIMUM ALLOWED CONNECTIONS ON THE SERVER
MAXIMUM_ALLOWED_FTP_CONNECTION = 30
#TCP/IP PORT SETTINGS (DEFAULT 21)
FTP_PORT = 21
#Allow only one server instance (true or false)
SINGLE_INSTANCE = true
#Run in background, daemon mode ok
DAEMON_MODE = true
# Folder where to save the logs, use the same format below, the folder must terminate with /
LOG_FOLDER = /var/log/
# Maximum number of logs to keep, if 0 log functionality is disabled
MAXIMUM_LOG_FILES = 0
# Idle timeout in seconds, client are disconnected for inactivity after the
# specified amount of time in seconds, set to 0 to disable
IDLE_MAX_TIMEOUT = 3600
#MAX CONNECTIONS PER IP
#LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS
# 0 TO DISABLE
MAX_CONNECTION_NUMBER_PER_IP = 10
#MAX LOGIN TRY PER IP
#THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD
#0 TO DISABLE
MAX_CONNECTION_TRY_PER_IP = 10
#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
#USE , instad of . eg: 192,168,1,1
#SERVER_IP = 192,168,1,1
#TLS CERTIFICATE FILE PATH
CERTIFICATE_PATH=/etc/uFTP/cert.pem
PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
#Enable system authentication based on /etc/passwd
#and /etc/shadow
ENABLE_PAM_AUTH = false
# Force usage of the TLS
# If enabled, only TLS connections will be allowed
FORCE_TLS = false
#
# Random port for passive FTP connections range
#
RANDOM_PORT_START = 10000
RANDOM_PORT_END = 50000
#USERS
#START FROM USER 0 TO XXX
USER_0 = username
PASSWORD_0 = password
HOME_0 = /
GROUP_NAME_OWNER_0 = usergroup
USER_NAME_OWNER_0 = user
USER_1 = apache
PASSWORD_1 = apachePassword
HOME_1 = /var/www/html/
GROUP_NAME_OWNER_1 = www-data
USER_NAME_OWNER_1 = www-data
USER_2 = anotherUsername
PASSWORD_2 = anotherPassowrd
HOME_2 = /
#blocked user that are not allowed to login
BLOCK_USER_0 = user1
BLOCK_USER_1 = user2
BLOCK_USER_2 = user3
**Parameters explained.**
MAXIMUM_ALLOWED_FTP_CONNECTION = 30
Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
FTP_PORT = 21
FTP server TCP/IP port, 21 is the standard FTP service port.
SINGLE_INSTANCE = true
If the single instance check is enabled, only one server instance can be executed.
DAEMON_MODE = true
When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
IDLE_MAX_TIMEOUT = 3600
Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
MAX_CONNECTION_NUMBER_PER_IP = 2
FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
MAX_CONNECTION_TRY_PER_IP = 3
To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
CERTIFICATE_PATH=/etc/uFTP/cert.pem
The path of the public certificate (needed only if TLS/SSL support is enabled).
# Force usage of the TLS
# If enabled, only TLS connections will be allowed
FORCE_TLS = true
To enforce security, you can set FORCE_TLS = true, clients will need to use SSL.
ENABLE_PAM_AUTH = true
Enables/Disables the standard /etc/passwd, /etc/shadow authentication.
PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
The path of the private certificate (needed only if TLS/SSL support is enabled).
RANDOM_PORT_START = 10000
RANDOM_PORT_END = 50000
The range of random port will be used for data exchange between data and server for pasv mode.
#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
#USE , instad of . eg: 192,168,1,1
SERVER_IP = 192,168,1,1
You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set.
USER_0 = username
PASSWORD_0 = password
HOME_0 = /
GROUP_NAME_OWNER_0 = usergroup
USER_NAME_OWNER_0 = user
USER_1 = apache
PASSWORD_1 = apachePassword
HOME_1 = /var/www/html/
GROUP_NAME_OWNER_1 = www-data
USER_NAME_OWNER_1 = www-data
USER_2 = anotherUsername
PASSWORD_2 = anotherPassowrd
HOME_2 = /
#blocked user that are not allowed to login
BLOCK_USER_0 = user1
BLOCK_USER_1 = user2
BLOCK_USER_2 = user3
Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).
Mandatory user list parameters:
**USER_**(N) is the FTP username parameter.
**PASSWORD_**(N) is the FTP password parameter written in plain text.
**HOME_**(N) is the user home path, every user can be limited inside a directory.
Option parameters:
**GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter.
**USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter.
If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.
#blocked user that are not allowed to login
BLOCK_USER_0 = user1
BLOCK_USER_1 = user2
BLOCK_USER_2 = user3
You can list in the format above the user you want to block the access, they will be rejected if they attempt to login.