1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. FTP Configuration
  5. FTP Properties

FTP Properties

The following tables describes the FTP general properties.

Table 3-7 FTP General Properties

Property Description

Port for incoming connections

The port on which FTP listens. The default is 21.

Maximum # of connections ("0" for unlimited)

This is the maximum number of concurrent FTP connections. Set this to cover the anticipated number of concurrent users. By default this is 30, since each connection creates a system process and allowing too many (thousands) could constitute a DoS attack.

Turn on delay engine to prevent timing attacks

This inserts small delays during authentication to fool attempts at user name guessing via timing measurements. Turning this on will improve security.

Default login root

The default FTP login location that can be set so that all FTP users have a default FTP directory.

  • If this value is /, FTP users see all shares.

  • If this value is set to anything else (/export or /export/ftp), FTP users only see FTP shares that are under that directory.

  • If a valid path is provided in the User home directories field, all FTP users who have a directory under user_home have their default login directory set to /export upon login.

User home directories

The location of FTP user home directories, relative to the default login root.

  • On login, if a user has a directory in this location, the user will be logged into that directory after successfully authenticating with the FTP service.

  • If the user has no home directory, the user will be logged in to the default location.

Leave this property empty to disable FTP user home directories and have all users log in to the default login location.

Logging level

The verbosity of the proftpd log.

Permissions to mask from newly created files and directories

File permissions to remove when files are created. Group and world write are masked by default, to prevent recent uploads from being writable by everyone.

The following tables describes the FTP security properties.

Table 3-8 FTP Security Properties

Property Description

Enable SSL/TLS

Allow SSL/TLS encrypted FTP connections. This will ensure that the FTP transaction is encrypted. The default is disabled.

SSL/TLS versions and ciphers

SSL/TLS protocol versions and ciphers for FTP connections. The defaults are TLSv1.1, TLSv1.2 and their associated ciphers. TLSv1.0 is not enabled by default due to security concerns, but it can be enabled for backward compatibility. The list of available ciphers changes based on the selected versions. Some selected SSL/TLS protocol versions and/or ciphers are removed after a software upgrade if they are no longer supported. To avoid service unavailability, keep the default settings unless otherwise needed or as instructed by Oracle Support.

Port for incoming SSL/TLS connections

The port that the SSL/TLS encrypted FTP service listens on. The default is 21.

Permit root login

Allow FTP logins for the root user. This is off by default, since FTP authentication is plain text which poses a security risk from network sniffing attack.

Maximum # of allowable login attempts

The number of failed login attempts before an FTP connection is disconnected, and the user must reconnect to try again. The default is 3.

Permit foreign data connection addresses

Permits foreign FTP connections to enable direct transfer of files between FTP servers. This property is off by default.

Related Topics