uFTP - FTP Server

uftp server, open source ftp server, linux ftp server, linux ftp server for embedded, easy to configure ftp server, ftp server for initramfs

User Tools

Site Tools

Trace:
uftp-server-configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
uftp-server-configuration [2018/06/03 15:41] kingkuftp-server-configuration [2024/05/04 16:58] (current) kingk
Line 1: Line 1:
-**uFTP Server configuration**+**uFTP - FTP Server configuration**
  
 uFTP server can be configured with the "uftpd.cfg" configuration file, the location of the file can be either on the same path of the binary application or under "/etc/uftpd.cfg". uFTP server can be configured with the "uftpd.cfg" configuration file, the location of the file can be either on the same path of the binary application or under "/etc/uftpd.cfg".
Line 13: Line 13:
 ####################################################### #######################################################
  
 +#MAXIMUM ALLOWED CONNECTIONS ON THE SERVER
 MAXIMUM_ALLOWED_FTP_CONNECTION = 30 MAXIMUM_ALLOWED_FTP_CONNECTION = 30
-#MAXIMUM ALLOWED CLIENT CONNECTIONS ON THE SERVER 
  
-FTP_PORT = 21 
 #TCP/IP PORT SETTINGS (DEFAULT 21) #TCP/IP PORT SETTINGS (DEFAULT 21)
 +FTP_PORT = 21
  
-SINGLE_INSTANCE = true 
 #Allow only one server instance (true or false) #Allow only one server instance (true or false)
 +SINGLE_INSTANCE = true
  
 +#Run in background, daemon mode ok
 DAEMON_MODE = true DAEMON_MODE = true
-#Run in background as a daemon 
  
-IDLE_MAX_TIMEOUT 3600+# Folder where to save the logs, use the same format below, the folder must terminate with / 
 +LOG_FOLDER /var/log/ 
 + 
 +# Maximum number of logs to keep, if 0 log functionality is disabled 
 +MAXIMUM_LOG_FILES = 0 
 # Idle timeout in seconds, client are disconnected for inactivity after the # Idle timeout in seconds, client are disconnected for inactivity after the
 # specified amount of time in seconds, set to 0 to disable # specified amount of time in seconds, set to 0 to disable
 +IDLE_MAX_TIMEOUT = 3600
  
- +#MAX CONNECTIONS PER IP
-MAX_CONNECTION_NUMBER_PER_IP = 2+
 #LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS #LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS
 # 0 TO DISABLE # 0 TO DISABLE
 +MAX_CONNECTION_NUMBER_PER_IP = 10
  
- +#MAX LOGIN TRY PER IP 
-MAX_CONNECTION_TRY_PER_IP = 3 +#THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD
-#THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER THE SPECIFIED NUMBER OF WRONG LOGIN ATTEMPTS +
 #0 TO DISABLE #0 TO DISABLE
 +MAX_CONNECTION_TRY_PER_IP = 10
 +
 +#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
 +#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
 +#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
 +#USE , instad of . eg: 192,168,1,1
 +#SERVER_IP = 192,168,1,1
 +
 +#TLS CERTIFICATE FILE PATH
 +CERTIFICATE_PATH=/etc/uFTP/cert.pem
 +PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
 +
 +#Enable system authentication based on /etc/passwd
 +#and /etc/shadow
 +ENABLE_PAM_AUTH = false
 +
 +# Force usage of the TLS
 +# If enabled, only TLS connections will be allowed
 +FORCE_TLS = false
 +
 +#
 +# Random port for passive FTP connections range
 +#
 +RANDOM_PORT_START = 10000
 +RANDOM_PORT_END   = 50000
  
 #USERS #USERS
Line 56: Line 86:
 PASSWORD_2 = anotherPassowrd PASSWORD_2 = anotherPassowrd
 HOME_2 = / HOME_2 = /
 +
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +
 </code> </code>
  
 **Parameters explained.** **Parameters explained.**
  
 +Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
 <code> <code>
 MAXIMUM_ALLOWED_FTP_CONNECTION = 30 MAXIMUM_ALLOWED_FTP_CONNECTION = 30
 </code> </code>
-Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced. 
  
 +If the parameter MAXIMUM_LOG_FILE is set different to zero, uFTP logs are enabled and data retention is the specified number of log files in days. 
 +Logs are useful to debug software issues, possible bugs and brute force attacks.
 <code> <code>
-FTP_PORT 21+# Folder where to save the logs, use the same format below, the folder must terminate with / 
 +LOG_FOLDER /var/log/ 
 + 
 +# Maximum number of logs to keep, if 0 log functionality is disabled 
 +MAXIMUM_LOG_FILES = 0
 </code> </code>
 +
 FTP server TCP/IP port, 21 is the standard FTP service port. FTP server TCP/IP port, 21 is the standard FTP service port.
 +<code>
 +FTP_PORT = 21
 +</code>
  
 +If the single instance check is enabled, only one server instance can be executed.
 <code> <code>
 SINGLE_INSTANCE = true SINGLE_INSTANCE = true
 </code> </code>
-If the single instance check is enabled, only one server instance can be executed. 
  
 +When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
 <code> <code>
 DAEMON_MODE = true DAEMON_MODE = true
 </code> </code>
-When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose. 
  
 +Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
 <code> <code>
 IDLE_MAX_TIMEOUT = 3600 IDLE_MAX_TIMEOUT = 3600
 </code> </code>
-Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP. 
  
 +FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
 <code> <code>
 MAX_CONNECTION_NUMBER_PER_IP = 2 MAX_CONNECTION_NUMBER_PER_IP = 2
 </code> </code>
-FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP. 
  
 +To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
 <code> <code>
 MAX_CONNECTION_TRY_PER_IP = 3 MAX_CONNECTION_TRY_PER_IP = 3
 </code> </code>
-To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts. 
  
 +
 +To enforce security, you can set FORCE_TLS = true, clients will need to use SSL.
 <code> <code>
-USER_0 = username +# Force usage of the TLS 
-PASSWORD_0 password +# If enabled, only TLS connections will be allowed 
-HOME_0 = / +FORCE_TLS true 
-GROUP_NAME_OWNER_0 = usergroup +</code>
-USER_NAME_OWNER_0 = user+
  
-USER_1 = apache +Enables/Disables the standard /etc/passwd, /etc/shadow authentication. 
-PASSWORD_1 = apachePassword +<code> 
-HOME_1 = /var/www/html+ENABLE_PAM_AUTH true 
-GROUP_NAME_OWNER_1 www-data +</code>
-USER_NAME_OWNER_1 = www-data+
  
-USER_2 = anotherUsername +The path of the public certificate (needed only if TLS/SSL support is enabled). 
-PASSWORD_2 = anotherPassowrd +<code> 
-HOME_2 = /+CERTIFICATE_PATH=/etc/uFTP/cert.pem
 </code> </code>
  
-Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from  "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).+The path of the private certificate (needed only if TLS/SSL support is enabled). 
 +<code> 
 +PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem 
 +</code>
  
 +The range of random port will be used for data exchange between data and server for pasv mode. 
 +<code>
 +RANDOM_PORT_START = 10000
 +RANDOM_PORT_END   = 50000
 +</code>
 +
 +You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set.
 +<code>
 +#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
 +#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
 +#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
 +#USE , instad of . eg: 192,168,1,1
 +SERVER_IP = 192,168,1,1
 +</code>
 +
 +Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from  "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).
 Mandatory user list parameters: Mandatory user list parameters:
 **USER_**(N) is the FTP username parameter. **USER_**(N) is the FTP username parameter.
Line 128: Line 193:
  
 If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root. If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.
 +<code>
 +USER_0 = username
 +PASSWORD_0 = password
 +HOME_0 = /
 +GROUP_NAME_OWNER_0 = usergroup
 +USER_NAME_OWNER_0 = user
 +
 +USER_1 = apache
 +PASSWORD_1 = apachePassword
 +HOME_1 = /var/www/html/
 +GROUP_NAME_OWNER_1 = www-data
 +USER_NAME_OWNER_1 = www-data
 +
 +USER_2 = anotherUsername
 +PASSWORD_2 = anotherPassowrd
 +HOME_2 = /
 +
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +</code>
 +
 +You can list in the format above the user you want to block the access, they will be rejected if they attempt to login.
 +<code>
 +#blocked user that are not allowed to login
 +BLOCK_USER_0 = user1
 +BLOCK_USER_1 = user2
 +BLOCK_USER_2 = user3
 +</code>
uftp-server-configuration.1528033301.txt.gz · Last modified: 2019/03/26 12:32 (external edit)