This is a user contributed tutorial.

ProFTPD is an enhanced, secure and highly configurable FTP server. Its configuration syntax is very similar to apache web server. It offers several functionalities such as:
+ multiple virtual server
+ anonymous
+ authenticated access
+ chroot jail support
+ SSL/TLS encryption
+ RADIUS, LDAP and SQL support etc

Install ProFTPD server

Type the following command as root user:
# yum install proftpd
Start ProFTPD when the system reboot:
# chkconfig --level 3 proftpd on
To start proftpd ftp service, enter:
# service proftpd start
To Stop proftpd ftp server, enter:
# service proftpd stop
To restart proftpd ftp service, enter:
# service proftpd restart
To reload the configuration file, enter:
# service proftpd reload

/etc/proftpd.conf – Proftpd configuration file

The default configuration file is located at /etc/proftpd.conf. To edit the configuration file, enter:
# vim /etc/proftpd.conf
Checking the syntax of the configuration file
# proftpd -t6

Virtual users authentication configuration

When you install ProFTPD, it is almost ready to use by anonymous users, you only have to uncomment anonymous section in /etc/proftpd.conf but if you want authenticated access then you must configure extra directives, keep in mind these to virtual users authentication.

  • AuthUserFile : Specify the users file, has the same format as /etc/passwd
  • AuthGroupFile : Specify the groups file, has the same format as /etc/group

Open /etc/proftpd.conf file:
# vi /etc/proftpd.conf
These files can be created with ftpasswd tool, here is an example:
# ftpasswd --passwd --name {username} --file /etc/ftpd.passwd --uid {5000} --gid {5000} --home /var/ftp/username-home/ --shell /bin/false
# ftpasswd --group --name group1 –file /etc/ --gid 5000 --member username

For example, add a ftp user called tom for domain (ftpcbz group):
# ftpasswd --passwd --name tom --file /etc/ftpd.passwd --uid 5001 --gid 5001 --home /var/ftp/tom/ --shell /bin/false
# ftpasswd --group --name ftpcbz –file /etc/ --gid 5000 --member tom

Then the above directives must be set in this way :

AuthUserFile	/etc/ftpd.passwd
AuthGroupFile	/etc/

Warnings! The created user must have UNIX permission under his home directory.

The value of –shell option must be set to /bin/false if you want to improve the security of the FTP server.

Sometimes ProFTPD throws many errors when you try to authenticated trough virtual users then you must look these directives and theris recommend values.

Don’t check against /etc/shells
RequireValidShell off
Don’t check against /etc/passwd, use only AuthUserFile
AuthOrder mod_auth_file.c.
Disable PAM authentication
PersistentPasswd off
AuthPAM off

To jail users to theirs respective home directories, add following to config file:
DefaulRoot ~

Playing with files access permission

The general syntax is as follows:

Sets the mask of the newly created files and directories. FILEMODE and DIRMODE must be an octal mode, in the format 0xxx. If DIRMODE is omitted then DIRMODE = FILEMODE.

Some examples:

Umask 022

  • The owner has rw permissions over the files and full access over directories.
  • The group has r permission over the files and rx over directories.
  • The world has r permission over the files and rx over directories.

More restrictive:
Umask 026 027

  • The owner has rw permissions over the files and full access over directories.
  • The group has r permission over the files and rx over directories.
  • The world doesn’t have any permission over the files neither over directories.

To Deny every one except admin changes files permission via ftp put this in your context: AllowUser admin

Firewall Configuration – Open FTP port

See FAQ section for further details on iptables configuration.

Further readings:

  1. Proftpd project
  2. ProFTPD unofficial documentation

This article / faq is contributed by Yoander Valdés Rodríguez (yoander). nixCraft welcomes readers’ tips / howtos.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 14 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
14 comments… add one
  • Sebas Jun 23, 2009 @ 19:33

    proftpd is not in yum for CentOS

  • Harold Naparst Jul 26, 2009 @ 6:20

    proftpd is in the Dag repository, which you can add thus:

  • Vishwanath Feb 10, 2011 @ 3:18

    Is there any way to monitor clients connected to proftpd

    • yoander Jul 29, 2011 @ 15:50

      Put in /etc/proftpd.conf the following directives:
      # Define log file and log level
      SystemLog /var/log/proftpd/ftpd.log
      DebugLevel 6
      If not exists /var/log/proftpd/ftpd.log then you must create it then tail -f /var/log/proftpd/ftpd.log

  • Humza Bobat Feb 20, 2011 @ 15:59

    The ftpasswd command is not availible to the default yum version, any way to install it manually, or do I have to comile the whole proftpd?

  • jalal hajigholamali Jul 22, 2011 @ 7:51
  • xzeth Jul 25, 2011 @ 17:13

    Hi I run ftpasswd against /var/www I tried to create a file their but I got a permission denied how would I allow my virtual user to write there

  • yoander Jul 29, 2011 @ 15:46

    You virtual user must have UNIX write permission. so you can reach this with following commands: (as root). I suppose you virtual user gid is 5000
    # chown -Rc :5000 /var/ftp/virt-user-home && chmod -c g+w /var/ftp/virt-user-home

  • miguel Feb 9, 2012 @ 10:03

    Thank. Please note that

    “To jail users to theirs respective home directories, add following to config file:
    DefaulRoot ~

    must be :
    DefaultRoot ~

    As always, proftpd -t6 will help checking syntax.. 😉

  • Petyuska Dec 15, 2012 @ 17:19

    there is an error in the tutorial.
    AuthOrder mod_auth_file.c.

    there is no dot at the end of the line!!!

  • Humroben Jul 15, 2013 @ 11:37

    hi, using fedora 17

    I’m unable to use AuthUserFile or AuthGroupFile
    but they’re part of Proftpd as stated in many pieces of documentation

  • Andreu Dec 5, 2013 @ 9:44

    thanks for this amazing tutorial. I Debian, you must set the directive:

    RequireValidShell no

    instead of

    RequireValidShell off

    for that work correctly.

  • egi Jun 9, 2014 @ 7:25

    i’ve following your tutorial, but i can’t login from user that i’ve created from the command ftpasswd
    it’s answer
    530 Login incorrect.
    Login failed.
    it’s something wrong?

  • Adam Jul 14, 2016 @ 10:46

    fixet it
    # Use pam to authenticate (default) and be authoritative
    #AuthPAMConfig proftpd
    #AuthOrder mod_auth_pam.c* mod_auth_unix.c

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum