This is an old revision of the document!
uFTP - FTP Server configuration
uFTP server can be configured with the “uftpd.cfg” configuration file, the location of the file can be either on the same path of the binary application or under “/etc/uftpd.cfg”.
Here below a sample “uftpd.cfg” configuration file.
#FTP CONFIGURATION SAMPLE "/etc/uftpd.cfg" ####################################################### # UFTP SERVER SETTINGS # ####################################################### #MAXIMUM ALLOWED CONNECTIONS ON THE SERVER MAXIMUM_ALLOWED_FTP_CONNECTION = 30 #TCP/IP PORT SETTINGS (DEFAULT 21) FTP_PORT = 21 #Allow only one server instance (true or false) SINGLE_INSTANCE = true #Run in background, daemon mode ok DAEMON_MODE = true # Idle timeout in seconds, client are disconnected for inactivity after the # specified amount of time in seconds, set to 0 to disable IDLE_MAX_TIMEOUT = 3600 #MAX CONNECTIONS PER IP #LIMIT THE MAXIMUM NUMBER OF CONNECTION FOR EACH IP ADDRESS # 0 TO DISABLE MAX_CONNECTION_NUMBER_PER_IP = 10 #MAX LOGIN TRY PER IP #THE IP ADDRESS WILL BE BLOCKED FOR 5 MINUTES AFTER WRONG LOGIN USERNAME AND PASSWORD #0 TO DISABLE MAX_CONNECTION_TRY_PER_IP = 10 #USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT #SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE #IF NOT IN USE LEAVE IT COMMENTED OR BLANK #USE , instad of . eg: 192,168,1,1 #SERVER_IP = 192,168,1,1 #TLS CERTIFICATE FILE PATH CERTIFICATE_PATH=/etc/uFTP/cert.pem PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem #Enable system authentication based on /etc/passwd #and /etc/shadow ENABLE_PAM_AUTH = false # Force usage of the TLS # If enabled, only TLS connections will be allowed FORCE_TLS = false # # Random port for passive FTP connections range # RANDOM_PORT_START = 10000 RANDOM_PORT_END = 50000 #USERS #START FROM USER 0 TO XXX USER_0 = username PASSWORD_0 = password HOME_0 = / GROUP_NAME_OWNER_0 = usergroup USER_NAME_OWNER_0 = user USER_1 = apache PASSWORD_1 = apachePassword HOME_1 = /var/www/html/ GROUP_NAME_OWNER_1 = www-data USER_NAME_OWNER_1 = www-data USER_2 = anotherUsername PASSWORD_2 = anotherPassowrd HOME_2 = / #blocked user that are not allowed to login BLOCK_USER_0 = user1 BLOCK_USER_1 = user2 BLOCK_USER_2 = user3
Parameters explained.
MAXIMUM_ALLOWED_FTP_CONNECTION = 30
Define the number of maximum client allowed connections on the FTP server, to reduce server memory usage this number can be reduced.
FTP_PORT = 21
FTP server TCP/IP port, 21 is the standard FTP service port.
SINGLE_INSTANCE = true
If the single instance check is enabled, only one server instance can be executed.
DAEMON_MODE = true
When the daemon mode is activated uFTP server runs as a service in background, this option can be deactivated to run the server from the console for debug purpose.
IDLE_MAX_TIMEOUT = 3600
Ftp clients are automatically closed if there is no activity for more than the specified number of seconds, every FTP commands reset the counter inside uFTP.
MAX_CONNECTION_NUMBER_PER_IP = 2
FTP resource can be limited for each IP address by setting a maximum number of connections limit per IP.
MAX_CONNECTION_TRY_PER_IP = 3
To prevent brute force attacks IP address are banned from the server for 5 minutes after the specified number of wrong login attempts.
CERTIFICATE_PATH=/etc/uFTP/cert.pem
The path of the public certificate (needed only if TLS/SSL support is enabled).
# Force usage of the TLS # If enabled, only TLS connections will be allowed FORCE_TLS = true
To enforce security, you can set FORCE_TLS = true, clients will need to use SSL.
ENABLE_PAM_AUTH = true
Enables/Disables the standard /etc/passwd, /etc/shadow authentication.
PRIVATE_CERTIFICATE_PATH=/etc/uFTP/key.pem
The path of the private certificate (needed only if TLS/SSL support is enabled).
RANDOM_PORT_START = 10000 RANDOM_PORT_END = 50000
The range of random port will be used for data exchange between data and server for pasv mode.
#USE THE SERVER IP PARAMETER IF THE FTP SERVER IS UNDER NAT #SERVER IP SHOULD BE SET TO ROUTER IP IN THIS CASE #IF NOT IN USE LEAVE IT COMMENTED OR BLANK #USE , instad of . eg: 192,168,1,1 SERVER_IP = 192,168,1,1
You can set SERVER_IP if you are under NAT, uFTP will respond to PASV commands with the address in the parameter if set.
USER_0 = username PASSWORD_0 = password HOME_0 = / GROUP_NAME_OWNER_0 = usergroup USER_NAME_OWNER_0 = user USER_1 = apache PASSWORD_1 = apachePassword HOME_1 = /var/www/html/ GROUP_NAME_OWNER_1 = www-data USER_NAME_OWNER_1 = www-data USER_2 = anotherUsername PASSWORD_2 = anotherPassowrd HOME_2 = / #blocked user that are not allowed to login BLOCK_USER_0 = user1 BLOCK_USER_1 = user2 BLOCK_USER_2 = user3
Ftp users can be configured by using the user list pattern, the ids suffix must be added to each user list parameter the pattern is from “_0” to “(N)” for instance USER_0, USER_1, USER_2 … USER_(N).
Mandatory user list parameters: USER_(N) is the FTP username parameter.
PASSWORD_(N) is the FTP password parameter written in plain text.
HOME_(N) is the user home path, every user can be limited inside a directory.
Option parameters: GROUP_NAME_OWNER_(N) if set to match an existing user group in the OS, every new file created by the FTP client associated with the N username and password will be created with the group ownership of the parameter.
USER_NAME_OWNER_(N) if specified an existing user in the OS, every new file created by the FTP client associated with the N username and password will be created with the user ownership of the parameter.
If one of the 2 optional parameter GROUP_NAME_OWNER_(N), USER_NAME_OWNER_(N) are not specified, the default uFTP user and group ownership are used for new file creations, typically root:root.
#blocked user that are not allowed to login BLOCK_USER_0 = user1 BLOCK_USER_1 = user2 BLOCK_USER_2 = user3
You can list in the format above the user you want to block the access, they will be rejected if they attempt to login.