uFTP - FTP Server

uftp server, open source ftp server, linux ftp server, linux ftp server for embedded, easy to configure ftp server, ftp server for initramfs

User Tools

Site Tools

Trace:
uftp-server-configuration

Differences

This shows you the differences between two versions of the page.


uftp-server-configuration [2025/08/17 16:12] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +**uFTP - FTP Server configuration**
  
 +uFTP server can be configured with the "uftpd.cfg" configuration file, the location of the file can be either on the same path of the binary application or under "/etc/uftpd.cfg".
 +
 +
 +Here below a sample "uftpd.cfg" configuration file.
 +
 +<code>
 +#FTP CONFIGURATION SAMPLE "/etc/uftpd.cfg"
 +
 +#######################################################
 +#                 UFTP SERVER SETTINGS                #
 +#######################################################
 +
 +#MAXIMUM ALLOWED CONNECTIONS ON THE SERVER
 +MAXIMUM_ALLOWED_FTP_CONNECTION = 30
 +
 +#TCP/IP PORT SETTINGS (DEFAULT 21)
 +FTP_PORT = 21
 +
 +#Allow only one server instance (true or false)
 +SINGLE_INSTANCE = true
 +
 +#Run in background, daemon mode ok
 +DAEMON_MODE = true
 +
 +# Folder where to save the logs, use the same format below, the folder must terminate with /
 +LOG_FOLDER = /var/log/
 +
 +# Maximum number of logs to keep, if 0 log functionality is disabled
 +MAXIMUM_LOG_FILES = 0
 +
 +# Idle timeout in seconds, client are disconnected for inactivity after the
 +# specified amount of time in seconds, set to 0 to disable
 +IDLE_MAX_TIMEOUT = 3600
 +
 +#MAX CONNECTIONS PER IP
 +#LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS
 +# 0 TO DISABLE
 +MAX_CONNECTION_NUMBER_PER_IP = 10
 +
 +#MAX LOGIN TRY PER IP
 +#THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD
 +#0 TO DISABLE
 +MAX_CONNECTION_TRY_PER_IP = 10
 +
 +#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
 +#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
 +#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
 +#USE , instad of . eg: 192,168,1,1
 +#SERVER_IP = 192,168,1,1
 +
 +#TLS CERTIFICATE FILE PATH
 +CERTIFICATE_PATH=/etc/uFTP/cert.pem
 +PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
 +
 +#Enable system authentication based on /etc/passwd
 +#and /etc/shadow
 +ENABLE_PAM_AUTH = false
 +
 +# Force usage of the TLS
 +# If enabled, only TLS connections will be allowed
 +FORCE_TLS = false
 +
 +#
 +# Random port for passive FTP connections range
 +#
 +RANDOM_PORT_START = 10000
 +RANDOM_PORT_END   = 50000
 +
 +#USERS
 +#START FROM USER 0 TO XXX
 +USER_0 = username
 +PASSWORD_0 = password
 +HOME_0 = /
 +GROUP_NAME_OWNER_0 = usergroup
 +USER_NAME_OWNER_0 = user
 +
 +USER_1 = apache
 +PASSWORD_1 = apachePassword
 +HOME_1 = /var/www/html/
 +GROUP_NAME_OWNER_1 = www-data
 +USER_NAME_OWNER_1 = www-data
 +
 +USER_2 = anotherUsername
 +PASSWORD_2 = anotherPassowrd
 +HOME_2 = /
 +
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +
 +</code>
 +
 +**Parameters explained.**
 +
 +Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
 +<code>
 +MAXIMUM_ALLOWED_FTP_CONNECTION = 30
 +</code>
 +
 +If the parameter MAXIMUM_LOG_FILE is set different to zero, uFTP logs are enabled and data retention is the specified number of log files in days. 
 +Logs are useful to debug software issues, possible bugs and brute force attacks.
 +<code>
 +# Folder where to save the logs, use the same format below, the folder must terminate with /
 +LOG_FOLDER = /var/log/
 +
 +# Maximum number of logs to keep, if 0 log functionality is disabled
 +MAXIMUM_LOG_FILES = 0
 +</code>
 +
 +FTP server TCP/IP port, 21 is the standard FTP service port.
 +<code>
 +FTP_PORT = 21
 +</code>
 +
 +If the single instance check is enabled, only one server instance can be executed.
 +<code>
 +SINGLE_INSTANCE = true
 +</code>
 +
 +When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
 +<code>
 +DAEMON_MODE = true
 +</code>
 +
 +Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
 +<code>
 +IDLE_MAX_TIMEOUT = 3600
 +</code>
 +
 +FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
 +<code>
 +MAX_CONNECTION_NUMBER_PER_IP = 2
 +</code>
 +
 +To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
 +<code>
 +MAX_CONNECTION_TRY_PER_IP = 3
 +</code>
 +
 +
 +To enforce security, you can set FORCE_TLS = true, clients will need to use SSL.
 +<code>
 +# Force usage of the TLS
 +# If enabled, only TLS connections will be allowed
 +FORCE_TLS = true
 +</code>
 +
 +Enables/Disables the standard /etc/passwd, /etc/shadow authentication.
 +<code>
 +ENABLE_PAM_AUTH = true
 +</code>
 +
 +The path of the public certificate (needed only if TLS/SSL support is enabled).
 +<code>
 +CERTIFICATE_PATH=/etc/uFTP/cert.pem
 +</code>
 +
 +The path of the private certificate (needed only if TLS/SSL support is enabled).
 +<code>
 +PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
 +</code>
 +
 +The range of random port will be used for data exchange between data and server for pasv mode. 
 +<code>
 +RANDOM_PORT_START = 10000
 +RANDOM_PORT_END   = 50000
 +</code>
 +
 +You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set.
 +<code>
 +#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
 +#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
 +#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
 +#USE , instad of . eg: 192,168,1,1
 +SERVER_IP = 192,168,1,1
 +</code>
 +
 +Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from  "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).
 +Mandatory user list parameters:
 +**USER_**(N) is the FTP username parameter.
 +
 +**PASSWORD_**(N) is the FTP password parameter written in plain text.
 +
 +**HOME_**(N) is the user home path, every user can be limited inside a directory.
 +
 +Option parameters:
 +**GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter.
 +
 +**USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter.
 +
 +If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.
 +<code>
 +USER_0 = username
 +PASSWORD_0 = password
 +HOME_0 = /
 +GROUP_NAME_OWNER_0 = usergroup
 +USER_NAME_OWNER_0 = user
 +
 +USER_1 = apache
 +PASSWORD_1 = apachePassword
 +HOME_1 = /var/www/html/
 +GROUP_NAME_OWNER_1 = www-data
 +USER_NAME_OWNER_1 = www-data
 +
 +USER_2 = anotherUsername
 +PASSWORD_2 = anotherPassowrd
 +HOME_2 = /
 +
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +</code>
 +
 +You can list in the format above the user you want to block the access, they will be rejected if they attempt to login.
 +<code>
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +</code>