Chapter 19. Cleaned sections

Table of Contents
Cleaned - part A
proftpd.filter

Cleaned - part A

Filtering upload/download paths

There are occasions when it is desirable or essential that access to certain files or paths is limited, or that steps are taken to prevent uploading of certain kinds of material. The most common method of achieving these ends is to use the PathAllowFilter and PathDenyFilter directives.

Example 19-1. Filter example

#
# Block alteration of .ftpaccess
# Prevent uploading of mp3 files.
#
PathDenyFilter "(^\.ftpaccess$)|(\.mp3$)"
	    

File overwriting

The default configuration of the daemon prevents the overwriting of files on the server. To disable this behaviour set "AllowOverwrite 1"

Logs report 'signal 11'

If 'ProFTPD terminating (signal 11) appears in your logs it's an indication that there is a serious problem with your insallation. A signal 11 (or SEGV) is a segmentation fault, usually caused by either incompatible libraries or a bug in the daemon. If recompiling from a clean source distribution doesn't resolve the problem it's probably worth reporting it as a bug.

Unknown group errors

A very simple problem, with an equally simple solution. Proftpd requires that a user and group are specified for it to run the daemon as after a sucessful login. These names are resolved to their numeric values by the appropriate system calls when the configuration is loaded or tested (using the -t option). Failure of these to resolve is a non-recoverable solution and is almost always caused by the group not existing in the appropriate user directory (ie /etc/passwd or /etc/shadow).

The solution is to either create the user/group account or to reconfigure Proftpd to use another user/group account. Which of these is the best solution will depend on your local conditions. The user Proftpd runs as does not require a valid password or a usable shell (/bin/true will suffice).