Ftpd Configuration

# Debian default wu-ftpd `ftpaccess' configuration file, derived from
# the `ftpaccess.heavy' example in wu-ftpd sources.
# For more options/commands see ftpaccess(5) and /usr/share/doc/wu-ftpd/*.

# E-mail address of the FTP admin, can be accessed via the %E in messages.
#email ftpadmin@misconfigured.host

# == Loggings & Messages

# Which UIDs and GIDs may, and which may not use the FTP service.
#deny-uid %-99
#deny-gid %-99
#allow-uid ftp ftpadmin
#allow-gid ftp ftpadmin

# Password verification for the anonymous FTP user.
#               <none|trivial|rfc822>  [<enforce|warn>]
passwd-check    rfc822  enforce

# Maximum number of retries after login failures, before disconnecting.
#loginfails 5

# Can users see anything else but their home directory
#restricted-uid lamer
#unrestricted-gid ftpadmin

# Allow use of private file for SITE GROUP and SITE GPASS?
#private        no

# What kind of greeting to give. Default: full
#greeting <full|brief|terse|text somemessage>

# The file wu-ftpd will check to see if the server is going to be shut down.
# If shutmsg exists, don't allow logins
# (use ftpshut to generate it)
shutdown /etc/wu-ftpd/shutmsg

# Maximum connection time in minutes
#limit-time anonymous 30

# Banner to show immediately on connect.
#banner /etc/wu-ftpd/welcome.msg

# Deny access to specified hosts, with message.
#deny   *.microsoft.com                 /etc/wu-ftpd/msg.deny
#deny   /etc/wu-ftpd/denied.hosts       /etc/wu-ftpd/msg.deny
# !nameserved means hosts that can't be resolved.
#deny   !nameserved     /etc/wu-ftpd/msg.nodns

# Various DNS related options.
#dns refuse_mismatch <filename> [override]
#dns refuse_no_reverse <filename> [override]
#dns resolveroptions [options]

# == Account setup

# Class name    typelist                addresses
#class  local   real,guest,anonymous    *.my.domain 192.168.0.0
#class  remote  real,guest,anonymous    *
#class   all    real,guest,anonymous    *

# Only allow anonymous users -- no other classes defined
class   anonftp anonymous               *

# Limit who     how many        date/time       message file
#limit  local   20      Any                     /etc/wu-ftpd/msg.toomany
#limit  remote  100     SaSu|Any1800-0600       /etc/wu-ftpd/msg.toomany
#limit   all    10      Any                     /etc/wu-ftpd/msg.toomany

limit   anonftp 2       Any                     /etc/wu-ftpd/msg.toomany
#file-limit      total   8

# The files that wu-ftpd will recognize as must-be-read, and display them.
message /welcome.msg            login
message .message                cwd=*

# The files that wu-ftpd will recognize as should-be-read, and warn about them.
readme  README*    login
readme  README*    cwd=*

# == Download control

# Whether to use compression.
compress        yes             local remote all
tar             yes             local remote all

# Logging of actions.
#log commands  anonymous,guest,real
#log security
#log syslog
log transfers anonymous,guest,real inbound,outbound

# These files are marked unretrievable
noretrieve relative /etc
noretrieve core

# The directory to which anonymous FTP user will chroot to.
# Note: if you change this {add,rm}ftpuser may stop functioning.
#anonymous-root /home/ftp

# Some permissions for the anonymous FTP user.
# All the following default to "yes" for everybody
rename          no      anonymous               # rename permission?
delete          no      anonymous               # delete permission?
overwrite       no      anonymous               # overwrite permission?
chmod           no      anonymous               # chmod permission?
umask           no      anonymous               # umask permission?

# What can a filename contain (this /etc is under the anonymous-FTP root)
path-filter     anonymous       /etc/pathmsg  ^[-+A-Za-z0-9_.]*$  ^\.  ^-

# Shortcuts for anonymous FTP incoming (note: the ':' isn't obligatory)
alias   drop:           /dropbox
cdpath  /pub

# == Upload control

# Anonymous uploading is only meant for users from the 'crew' group
#
# - use nonstandard upload directory name and location to curb ftp spams.
# - each 'crew' member have their own directories already created under dropbox
# - ftp client can only create directories under the above designated areas.
# - all uploaded files can only be accessible to the 'crew' group
# - uploaded files/directories can not be ftp-downloaded
# - the 'crew' members should move out the uploaded files after they log in

# Anonymous FTP directories upload settings
#       anon-ftp-root   path            allow?  owner   group   mode    dirs?   <d_mode>
upload  /home/ftp        *              no
upload  /home/ftp       /dropbox        yes     ftp     crew    0660    nodirs
upload  /home/ftp       /dropbox/*      yes     ftp     crew    0660    dirs    0770
upload  /home/ftp       /dropbox/*/*    yes     ftp     crew    0660    dirs    0770
upload  /home/ftp       /dropbox/*/*/*  yes     ftp     crew    0660    dirs    0770
noretrieve relative     /dropbox
noretrieve .notar

defumask        0660    anonftp