FTP
Introduction
The FTP (File Transfer Protocol) service allows filesystem access from FTP clients.
Anonymous logins are not allowed, users must authenticate with whichever name
service is configured in Services.
Properties
FTP Properties
General Settings
|
|
Port (for incoming connections) |
The port FTP listens on.
Default is 21 |
Maximum # of connections ("0" for unlimited) |
This is the
maximum number of concurrent FTP connections. Set this to cover the
anticipated number of concurrent users. By default this is 30, since
each connection creates a system process and allowing too many (thousands) could
constitute a DoS attack |
Turn on delay engine to prevent timing attacks |
This inserts
small delays during authentication to fool attempts at user name guessing via
timing measurements. Turning this on will improve security |
Default login root |
The FTP login location. The default is "/" and points to
the top of the shares hierarchy. All users will be logged
into this location after successfully authenticating with the FTP service |
Logging level |
The verbosity
of the proftpd log. |
Permissions to mask from newly created files
and dirs |
File permissions to remove when files are created. Group and
world write are masked by default, to prevent recent uploads from being
writeable by everyone |
|
Security Settings
|
|
Enable SSL/TLS |
Allow SSL/TLS encrypted FTP connections. This will ensure
that the FTP transaction is encrypted. Default is disabled. |
Port for incoming
SSL/TLS connections |
The port that the SSL/TLS encrypted FTP service listens on.
Default is 21. |
Permit root login |
Allow FTP logins for the root user.
This is off by default, since FTP authentication is plain text which
poses a security risk from network sniffing attacks |
Maximum # of allowable login
attempts |
The number of failed login attempts before an FTP connection is disconnected,
and the user must reconnect to try again. By default this
is 3 |
|
Changing services properties is documented in the BUI and CLI sections of
Services. The CLI property names are shorter versions of those listed
above.
Logs
|
|
proftpd |
Logs FTP events, including successful logins and unsuccessful login attempts |
proftpd_xfer |
File transfer log |
proftpd_tls |
Logs
FTP events related to SSL/TLS encryption |
|
To view service logs, refer to the Logs section from Services.
Tasks
FTP Tasks
Allowing FTP access to a share
- Go to Configuration->Services
- Check that the FTP service is enabled and online. If not,
enable the service.
- Select or add a share in the Shares screen.
- Go to the "Protocols" section, and check that FTP access is
enabled. This is also where the mode of access (read/read+write) can
be set.