Differences

This shows you the differences between two versions of the page.

--- uftp-server-configuration [2022/11/27 18:31] – kingk
+++ uftp-server-configuration [2024/05/04 16:58] (current) – kingk
@@ Line 1: / Line 1: @@
-**uFTP Server configuration**
+**uFTP - FTP Server configuration**
 uFTP server can be configured with the "uftpd.cfg" configuration file, the location of the file can be either on the same path of the binary application or under "/etc/uftpd.cfg".
@@ Line 13: / Line 13: @@
 #######################################################
-MAXIMUM_ALLOWED_FTP_CONNECTION = 30
 #MAXIMUM ALLOWED CONNECTIONS ON THE SERVER
+MAXIMUM_ALLOWED_FTP_CONNECTION = 30
-FTP_PORT = 21
 #TCP/IP PORT SETTINGS (DEFAULT 21)
+FTP_PORT = 21
-SINGLE_INSTANCE = true
 #Allow only one server instance (true or false)
+SINGLE_INSTANCE = true
-DAEMON_MODE = true
 #Run in background, daemon mode ok
+DAEMON_MODE = true
+# Folder where to save the logs, use the same format below, the folder must terminate with /
+LOG_FOLDER = /var/log/
+# Maximum number of logs to keep, if 0 log functionality is disabled
+MAXIMUM_LOG_FILES = 0
-IDLE_MAX_TIMEOUT = 3600
 # Idle timeout in seconds, client are disconnected for inactivity after the
 # specified amount of time in seconds, set to 0 to disable
+IDLE_MAX_TIMEOUT = 3600
-MAX_CONNECTION_NUMBER_PER_IP = 10
 #MAX CONNECTIONS PER IP
 #LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS
 # 0 TO DISABLE
+MAX_CONNECTION_NUMBER_PER_IP = 10
-MAX_CONNECTION_TRY_PER_IP = 10
 #MAX LOGIN TRY PER IP
 #THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD
 #0 TO DISABLE
+MAX_CONNECTION_TRY_PER_IP = 10
+#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
+#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
+#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
+#USE , instad of . eg: 192,168,1,1
+#SERVER_IP = 192,168,1,1
 #TLS CERTIFICATE FILE PATH
@@ Line 45: / Line 57: @@
 #Enable system authentication based on /etc/passwd
 #and /etc/shadow
-ENABLE_PAM_AUTH = true
+ENABLE_PAM_AUTH = false
+# Force usage of the TLS
+# If enabled, only TLS connections will be allowed
+FORCE_TLS = false
+#
+# Random port for passive FTP connections range
+#
+RANDOM_PORT_START = 10000
+RANDOM_PORT_END   = 50000
 #USERS
@@ Line 64: / Line 86: @@
 PASSWORD_2 = anotherPassowrd
 HOME_2 = /
+#blocked user that are not allowed to login
+BLOCK_USER_0 = user1
+BLOCK_USER_1 = user2
+BLOCK_USER_2 = user3
 </code>
@@ Line 69: / Line 96: @@
 **Parameters explained.**
+Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
 <code>
 MAXIMUM_ALLOWED_FTP_CONNECTION = 30
 </code>
-Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
+If the parameter MAXIMUM_LOG_FILE is set different to zero, uFTP logs are enabled and data retention is the specified number of log files in days.
+Logs are useful to debug software issues, possible bugs and brute force attacks.
 <code>
-FTP_PORT = 21
+# Folder where to save the logs, use the same format below, the folder must terminate with /
+LOG_FOLDER = /var/log/
+# Maximum number of logs to keep, if 0 log functionality is disabled
+MAXIMUM_LOG_FILES = 0
 </code>
 FTP server TCP/IP port, 21 is the standard FTP service port.
+<code>
+FTP_PORT = 21
+</code>
+If the single instance check is enabled, only one server instance can be executed.
 <code>
 SINGLE_INSTANCE = true
 </code>
-If the single instance check is enabled, only one server instance can be executed.
+When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
 <code>
 DAEMON_MODE = true
 </code>
-When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
+Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
 <code>
 IDLE_MAX_TIMEOUT = 3600
 </code>
-Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
+FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
 <code>
 MAX_CONNECTION_NUMBER_PER_IP = 2
 </code>
-FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
+To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
 <code>
 MAX_CONNECTION_TRY_PER_IP = 3
 </code>
-To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
+To enforce security, you can set FORCE_TLS = true, clients will need to use SSL.
 <code>
-CERTIFICATE_PATH=/etc/uFTP/cert.pem
+# Force usage of the TLS
+# If enabled, only TLS connections will be allowed
+FORCE_TLS = true
 </code>
-The path of the public certificate (needed only if TLS/SSL support is enabled).
+Enables/Disables the standard /etc/passwd, /etc/shadow authentication.
 <code>
 ENABLE_PAM_AUTH = true
 </code>
-Enables/Disables the standard /etc/passwd, /etc/shadow authentication.
+The path of the public certificate (needed only if TLS/SSL support is enabled).
 <code>
-PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
+CERTIFICATE_PATH=/etc/uFTP/cert.pem
 </code>
 The path of the private certificate (needed only if TLS/SSL support is enabled).
+<code>
+PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
+</code>
+The range of random port will be used for data exchange between data and server for pasv mode.
 <code>
 RANDOM_PORT_START = 10000
 RANDOM_PORT_END   = 50000
 </code>
-The range of random port will be used for data exchange between data and server for pasv mode.
+You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set.
+<code>
+#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT
+#SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE
+#IF NOT IN USE LEAVE IT COMMENTED OR BLANK
+#USE , instad of . eg: 192,168,1,1
+SERVER_IP = 192,168,1,1
+</code>
+Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from  "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).
+Mandatory user list parameters:
+**USER_**(N) is the FTP username parameter.
+**PASSWORD_**(N) is the FTP password parameter written in plain text.
+**HOME_**(N) is the user home path, every user can be limited inside a directory.
+Option parameters:
+**GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter.
+**USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter.
+If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.
 <code>
 USER_0 = username
@@ Line 141: / Line 209: @@
 PASSWORD_2 = anotherPassowrd
 HOME_2 = /
+#blocked user that are not allowed to login
+BLOCK_USER_0 = user1
+BLOCK_USER_1 = user2
+BLOCK_USER_2 = user3
 </code>
-Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from  "_0" to "(N)" for instance USER_0, USER_1, USER_2 ... USER_(N).
+You can list in the format above the user you want to block the access, they will be rejected if they attempt to login.
+<code>
-Mandatory user list parameters:
+#blocked user that are not allowed to login
-**USER_**(N) is the FTP username parameter.
+BLOCK_USER_0 = user1
+BLOCK_USER_1 = user2
-**PASSWORD_**(N) is the FTP password parameter written in plain text.
+BLOCK_USER_2 = user3
+</code>
-**HOME_**(N) is the user home path, every user can be limited inside a directory.
-Option parameters:
-**GROUP_NAME_OWNER_**(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter.
-**USER_NAME_OWNER_**(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter.
-If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.