Last modified: Feb. 20, 2010
Contents
1 - Summary
2 - Dependencies
3 - ProFTPD installation
4 - Service configuration
5 - Service check
1 - Summary
This guide will show how to install proftpd in FreeBSD. ProFTPD is FTP server
software. In this guide, the FreeBSD computer is already joined to a Windows
2003 Active Directory domain so it will be able to use authentication and
security permissions using Active Directory. This has been tested in FreeBSD
8.0.
2 - Dependencies
In this example we will be using Test.local for the Active Directory domain.
This assumes that the computer already has samba configured to use Active
Directory. The partition where the ftp site is stored needs to have ACL's
enabled on it. Here is what it looks like by default.
# mount | grep /data
/dev/ad0s1h on /data (ufs, local, soft-updates)
Modify /etc/fstab to have acls on the /data partition.
/dev/ad0s1h /data ufs rw,acls 2 2
# sudo cp /etc/fstab /etc/fstab.original
Password:
# sudo vi /etc/fstab
Password:
# sudo shutdown -r now
Password:
# mount | grep /data
/dev/ad0s1h on /data (ufs, local, soft-updates, acls)
3 - ProFTPD installation
# sudo pkg_add -r proftpd
Password:
4 - Service configuration
Find where the proftpd daemon was installed to.
# pkg_info -L proftpd-* | grep sbin
/usr/local/sbin/ftpshut
/usr/local/sbin/in.proftpd
/usr/local/sbin/proftpd
Edit /etc/rc.conf.local so that the proftpd service will start when the system
starts up. Somewhere in the file add the following.
proftpd_enable="YES"
# sudo vi /etc/rc.conf.local
Password:
Find where the configuration file should be put.
# pkg_info -L proftpd-* | grep rc.d
/usr/local/etc/rc.d/proftpd
# grep proftpd.conf /usr/local/etc/rc.d/proftpd
required_files=/usr/local/etc/proftpd.conf
# strings /usr/local/sbin/proftpd | grep proftpd.conf
/usr/local/etc/proftpd.conf
/usr/local/etc/proftpd.conf
You can create your own configuration file. Here is a simple example.
Afterwards, check the syntax.
AllowOverwrite on
AllowStoreRestart on
DefaultAddress server
DefaultRoot /data/shares/backups/
DefaultServer on
DelayEngine off
DisplayLogin /etc/motd
DisplayConnect /etc/issue
ExtendedLog /var/log/proftpd_extended.log
Group nogroup
IdentLookups off
MaxClients 20
MaxInstances 30
Port 21
RequireValidShell off
ServerIdent on "FTP server ready"
ServerName server
ScoreboardFile /var/run/proftpd.scoreboard
SyslogFacility AUTH
SyslogLevel INFO
Umask 077 022
UseIPv6 off
User nobody
UseReverseDNS off
<Limit LOGIN>
AllowUser backups
DenyALL
</Limit>
# pkg_info -L proftpd-* | grep proftpd.conf
/usr/local/etc/proftpd.conf.sample
/usr/local/include/proftpd/conf.h
/usr/local/include/proftpd/config.h
# sudo cp /usr/local/etc/proftpd.conf.sample /usr/local/etc/proftpd.conf
Password:
# sudo cp /usr/local/etc/proftpd.conf /usr/local/etc/proftpd.conf.example
Password:
# sudo vi /usr/local/etc/proftpd.conf
Password:
# sudo /usr/local/sbin/proftpd -t -c /usr/local/etc/proftpd.conf
Password:
Checking syntax of configuration file
- setting default address to 192.168.1.50
Syntax check complete.
Set the permissions for the directory.
# sudo mkdir -p /data/shares/backups/server.test.local/
Password:
# sudo chown -R "Administrator":"Domain Users" /data/shares/backups/
Password:
# ls -l /data/shares/
total 2
drwxr-xr-x 2 administrator domain users 512 Feb 12 11:30 backups
# cd /data/shares/
# ls -l
total 2
drwxr-xr-x 15 administrator domain users 512 Feb 12 12:28 backups
# cd backups/
# ls -l
total 26
drwxr-xr-x 2 administrator domain users 512 Feb 12 12:28 server.test.local
# sudo setfacl -m u:backups:rwx server.test.local/
Password:
# getfacl server.test.local/
# file: server.test.local/
# owner: administrator
# group: domain users
user::rwx
user:backups:rwx
group::r-x
mask::rwx
other::r-x
Modify the pam file for ftp to allow it to use Active Directory accounts.
auth sufficient /usr/local/lib/pam_winbind.so
# pkg_info -L samba* | grep pam_winbind.so
/usr/local/lib/pam_winbind.so
# sudo cp /etc/pam.d/ftp /etc/pam.d/ftp.original
Password:
# sudo vi /etc/pam.d/ftp
Password:
Start the proftpd service.
# sudo /usr/local/etc/rc.d/proftpd start
Password:
Starting proftpd.
- setting default address to 192.168.1.50
# sudo cat /var/run/proftpd.pid
Password:
1450
5 - Service check
Reboot your computer. Log in like normal and check to see that the proftpd
service is running. That's it, now you have proftpd with Active Directory
running in FreeBSD.
# sudo shutdown -r now
Password:
# sudo /usr/local/etc/rc.d/proftpd status
Password:
proftpd is running as pid 598.
|