Hello community,
here is the log from the commit of package proftpd.3821 for openSUSE:13.1:Update checked in at 2015-06-11 13:39:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.1:Update/proftpd.3821 (Old)
and /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "proftpd.3821"
Changes:
--------
New Changes file:
--- /dev/null 2015-05-15 19:41:08.266053825 +0200
+++ /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new/proftpd.changes 2015-06-11 13:39:02.000000000 +0200
@@ -0,0 +1,439 @@
+-------------------------------------------------------------------
+Mon Jun 1 21:33:40 UTC 2015 - chris@computersalat.de
+
+- fix for boo#927290 (CVE-2015-3306)
+- update to 1.3.5a:
+ See http://www.proftpd.org/docs/NEWS-1.3.5a
+- rebase patches
+ * proftpd-ftpasswd.patch
+ * proftpd-no_BuildDate.patch
+- remove gpg-offline dependency
+- fix permissions on passwd file
+ * unable to use world-readable AuthUserFile '.../passwd' (perms 0644):
+ * 0644 -> 0440
+
+-------------------------------------------------------------------
+Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger@gmx.de
+
+- ProFTPD 1.3.5
+ * Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
+ * New Modules
+ mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
+ * mod_sftp now supports ECC, ECDSA, ECDH
+ * Improved FIPS support in mod_sftp.
+ * mod_sftp module now honors the MaxStoreFileSize directive.
+ * Many new and changed configuration directives
+- update proftpd-no_BuildDate.patch
+
+-------------------------------------------------------------------
+Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger@gmx.de
+
+- proftpd 1.3.4e:
+ Multiple other backported fix from the 1.3.5 branch.
+ See http://www.proftpd.org/docs/NEWS-1.3.4e
+- The fix for the mod_sftp/mod_sftp_pam memory allocation
+ (CVE-2013-4359) contained in this release was previously patched
+ into the package.
+- adjust proftpd-no_BuildDate.patch for context changes
+- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
+
+-------------------------------------------------------------------
+Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org
+
+- Remove tcpd-devel from buildRequires and mod_wrap.
+ support for tcp_wrappers style /etc/hosts.* is provided
+ by mod_wrap2_file instead, the latter does not require tcpd.
+
+-------------------------------------------------------------------
+Mon Mar 17 18:38:53 UTC 2014 - chris@computersalat.de
+
+- fix for bnc#844183
+ * proftpd fails to start due to missing /run/proftpd
+- add own tmpfiles.d file
+ * proftpd.tmpfile
+
+-------------------------------------------------------------------
+Thu Oct 3 20:48:44 UTC 2013 - chris@computersalat.de
+
+- update to 1.3.4d
+ * Fixed broken build when using --disable-ipv6 configure option
+ * Fixed mod_sql "SQLAuthType Backend" MySQL issues
+- fix for bnc#843444 (CVE-2013-4359)
+ * http://bugs.proftpd.org/show_bug.cgi?id=3973
+ * add proftpd-sftp-kbdint-max-responses-bug3973.patch
+
+-------------------------------------------------------------------
+Mon Jul 29 01:12:53 UTC 2013 - crrodriguez@opensuse.org
+
+- Improve systemd service file
+- use upstream tmpfiles.d file. related to [bnc#811793]
+- Use /run instead of /var/run
+
+-------------------------------------------------------------------
+Wed May 1 20:35:19 UTC 2013 - chris@computersalat.de
+
+- update to 1.3.4c
+ * Added Spanish translation.
+ * Fixed several mod_sftp issues, including SFTPPassPhraseProvider,
+ handling of symlinks for REALPATH requests, and response code logging.
+ * Fixed symlink race for creating directories when UserOwner is in effect.
+ * Increased performance of FTP directory listings.
+- rebase and rename patches (remove version string)
+ * proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
+ * proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
+ * proftpd-1.3.4a-strip.patch -> proftpd-strip.patch
+
+-------------------------------------------------------------------
+Fri Feb 8 00:19:19 UTC 2013 - chris@computersalat.de
+
+- fix proftpd.conf (rebase basic.conf patch)
+ * IdentLookups is now a seperate module
+ <IfModule mod_ident.c> IdentLookups on/off </IfModule>
+ is needed and module is not built cause crrodriguez disabled it.
+
+-------------------------------------------------------------------
+Thu Nov 29 19:03:00 CET 2012 - sbrabec@suse.cz
+
+- Verify GPG signature.
+
+-------------------------------------------------------------------
+Fri Nov 2 15:15:25 UTC 2012 - chris@computersalat.de
+
+- fix for bnc#787884
+ (https://bugzilla.novell.com/show_bug.cgi?id=787884)
+ * added extra Source proftpd.conf.tmpfile
+
+-------------------------------------------------------------------
+Thu Aug 30 17:33:30 UTC 2012 - crrodriguez@opensuse.org
+
+- Disable ident lookups, this protocol is totally obsolete
+ and dangerous. (add --disable-ident)
+- Fix debug info generation ( add --disable-strip)
+
+-------------------------------------------------------------------
+Wed Aug 29 21:51:49 UTC 2012 - crrodriguez@opensuse.org
+
+- Add systemd unit
+
+-------------------------------------------------------------------
+Tue Aug 14 11:11:28 UTC 2012 - chris@computersalat.de
+
+- update to 1.3.4b
+ + Fixed mod_ldap segfault on login when LDAPUsers with no filters used.
+ + Fixed sporadic SFTP upload issues for large files.
+ + Fixed SSH2 handling for some clients (e.g. OpenVMS).
+ + New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions
+ + Fixed build errors on Tru64, AIX, Cygwin.
+- add Source Signatuire (.asc) file
+- add noBuildDate patch
+- add lang pkg
+ * --enable-nls
+- add configure option
+ * --enable-openssl, --with-lastlog
+
+-------------------------------------------------------------------
+Mon Dec 12 15:00:18 UTC 2011 - chris@computersalat.de
+
+- update to 1.3.4a
+ + Fixed mod_load/mod_wrap2 build issues.
+- 1.3.4
+ + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
+ for details.
+ + Improved configure script for cross-compiling.
+ + Reworked the proftpd.spec RPM file
+ + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
+ + New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions
+ documentation for details.
+ + Fixed response pool use-after-free issue.
+- for more info please see the RELEASE_NOTES file
+- reworked patches
+ * now p0 patches
+
+-------------------------------------------------------------------
+Fri Nov 18 14:56:41 UTC 2011 - chris@computersalat.de
+
+- fix for bnc#731347
+ * no (hostname -s) in post section
+ * reworked basic conf patch
+
+-------------------------------------------------------------------
+Fri Nov 11 13:13:57 UTC 2011 - chris@computersalat.de
+
+- fix changelog
+ * RELEASE_NOTES-1.3.3g is lacking of important info
+- fix for CVE-2011-4130 (bnc#729830)
+ * https://bugzilla.novell.com/show_bug.cgi?id=729830
+ (upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711
+ => fixed with version 1.3.3g
+
+-------------------------------------------------------------------
+Thu Nov 10 09:39:36 UTC 2011 - chris@computersalat.de
+
+- update to 1.3.3g
+ (http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g)
+ + New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
+ for details.
+ + Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
+ (http://www.proftpd.org/docs/NEWS-1.3.3g)
+ - Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
+ - Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
+ To disable this countermeasure, which may cause interoperability issues
+ with some clients, use the NoEmptyFragments TLSOption.
+ - Bug 3711 - Response pool use-after-free memory corruption error.
+
+-------------------------------------------------------------------
+Tue Oct 4 22:03:10 UTC 2011 - chris@computersalat.de
+
+- update to 1.3.3f
+ + Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
+ configuration used.
+ + Fixes mod_wrap syslog level (regression from Bug#3317).
+ + Fixes mod_ifsession segfault if regular expression patterns used in
+ a <VirtualHost> section.
+
+-------------------------------------------------------------------
+Fri Apr 29 11:18:55 UTC 2011 - chris@computersalat.de
+
+- push to Factory
++++ 242 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:13.1:Update/.proftpd.3821.new/proftpd.changes
New:
----
proftpd-1.3.5a.tar.gz
proftpd-1.3.5a.tar.gz.asc
proftpd-basic.conf.patch
proftpd-dist.patch
proftpd-ftpasswd.patch
proftpd-no_BuildDate.patch
proftpd-sftp-kbdint-max-responses-bug3973.patch
proftpd-strip.patch
proftpd.changes
proftpd.init
proftpd.keyring
proftpd.passwd
proftpd.service
proftpd.spec
proftpd.tmpfile
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ proftpd.spec ++++++
#
# spec file for package proftpd
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: proftpd
Summary: Highly configurable GPL-licensed FTP server software
License: GPL-2.0+
Group: Productivity/Networking/Ftp/Servers
# Please save your time and do not update to "rc" versions.
# We only accept updates for "STABLE" Versions
Version: 1.3.5a
Release: 0
Url: http://www.proftpd.org/
Source0: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz
Source1: ftp://ftp.proftpd.org/distrib/source/%{name}-%{version}.tar.gz.asc
Source11: %{name}.init
Source12: %{name}.passwd
Source13: %{name}.service
Source14: %{name}.tmpfile
Source15: %{name}.keyring
#PATCH-FIX-openSUSE: pam, logrotate, xinet
Patch100: %{name}-dist.patch
#PATCH-FIX-openSUSE: provide a useful default config
Patch101: %{name}-basic.conf.patch
#PATCH-FIX: provide more info on usage ;)
Patch102: %{name}-ftpasswd.patch
#PATCH-FIX: fix strip
Patch103: %{name}-strip.patch
#PATCH-FIX-openSUSE: file-contains-date-and-time
Patch104: %{name}-no_BuildDate.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
#BuildRequires: gpg-offline
BuildRequires: krb5-devel
BuildRequires: libacl-devel
BuildRequires: libattr-devel
#BuildRequires: libmemcached-devel
BuildRequires: libGeoIP-devel
BuildRequires: mysql-devel
BuildRequires: ncurses-devel
BuildRequires: openldap2-devel
BuildRequires: openssl-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: postgresql-devel
BuildRequires: sqlite3-devel
BuildRequires: unixODBC-devel
Requires: logrotate
%if 0%{?lang_package:1} > 0
Recommends: %{name}-lang
%endif
%if 0%{?suse_version} >= 1210
BuildRequires: systemd
%{?systemd_requires}
%define has_systemd 1
%endif
%description
ProFTPD is a highly configurable FTP daemon for Unix and Unix-like
operating systems. See the README.ports file for more details about
the platforms on which ProFTPD in known or thought to build and run.
%{?lang_package}
%package devel
Summary: Development files for ProFTPD
Group: Development/Libraries/C and C++
Requires: %{name} = %{version}
%description devel
This package contains Development files for ProFTPD
%package ldap
Summary: LDAP Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description ldap
This is the LDAP Module for ProFTPD
%package mysql
Summary: MySQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description mysql
This is the MySQL Module for ProFTPD
%package pgsql
Summary: PostgreSQL Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description pgsql
This is the PostgreSQL Module for ProFTPD
%package radius
Summary: Radius Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description radius
This is the Radius Module for ProFTPD
%package sqlite
Summary: SQLite Module for ProFTPD
Group: Productivity/Networking/Ftp/Servers
Requires: %{name} = %{version}
%description sqlite
This is the SQLite Module for ProFTPD
%package doc
Summary: Documentation for ProFTPD
Group: Documentation/HTML
Requires: %{name} = %{version}
%description doc
Here are Documentation for ProFTPD
%prep
#gpg_verify %{S:1}
%setup -q
%{__rm} README.AIX
%patch100
%patch101
%patch102
%patch103
%patch104
%build
rm contrib/mod_wrap.c
PROFTPD_SHARED_MODS="$(for spec_mod in $(find contrib -name mod_\*.c); do echo "$(basename ${spec_mod%%.c})"; done | tr '\n' ':' | sed -e 's|:$||')"
export CFLAGS="$RPM_OPT_FLAGS -D_GNU_SOURCE -DLDAP_DEPRECATED"
export CXXFLAGS="$CFLAGS"
%configure --disable-static --with-pic \
--bindir=%{_sbindir} \
--libexecdir=%{_libdir}/%{name} \
--sysconfdir=%{_sysconfdir}/%{name} \
%if 0%{?has_systemd}
--localstatedir=/run/%{name} \
%else
--localstatedir=%{_localstatedir}/run/%{name} \
%endif
--enable-sendfile \
--enable-ctrls \
--enable-dso \
--enable-facl \
--enable-ipv6 \
--enable-nls \
--enable-openssl \
--with-lastlog \
--with-includes="%{_includedir}/mysql:%{_includedir}/pgsql" \
--with-shared="${PROFTPD_SHARED_MODS}" \
--disable-ident \
--disable-strip
# --enable-memcache \
%{__make} %{?_smp_mflags}
%install
%makeinstall INSTALL_USER=`id -un` INSTALL_GROUP=`id -gn`
%{__install} -D -m 0644 contrib/dist/rpm/ftp.pamd $RPM_BUILD_ROOT%{_sysconfdir}/pam.d/%{name}
%{__install} -D -m 0644 contrib/dist/rpm/xinetd $RPM_BUILD_ROOT%{_sysconfdir}/xinetd.d/%{name}
%{__install} -D -m 0644 contrib/dist/rpm/%{name}.logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/%{name}
%{__install} -D -m 0755 %{S:11} $RPM_BUILD_ROOT%{_sysconfdir}/init.d/%{name}
%{__ln_s} -f %{_sysconfdir}/init.d/%{name} $RPM_BUILD_ROOT%{_sbindir}/rc%{name}
#
%{__rm} -fv $RPM_BUILD_ROOT%{_libdir}/%{name}/*.{a,la}
# install ftpasswd
%{__install} -D -m 0755 contrib/ftpasswd $RPM_BUILD_ROOT%{_sbindir}/
# some needed dirs
%{__install} -d $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/{conf.d,auth}
%{__install} -m 0440 %{S:12} $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/auth/passwd
%{__install} -d -m 0750 $RPM_BUILD_ROOT/var/log/%{name}
%if 0%{?has_systemd}
%{__install} -D -m 0644 %{S:13} %{buildroot}%{_unitdir}/%{name}.service
# systemd need to create a tmp dir: /run/proftpd
%{__install} -D -m 0644 %{S:14} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf
%endif
%find_lang %{name}
%pre
# on `rpm -ivh` PARAM is 1
# on `rpm -Uvh` PARAM is 2
#if [ "$1" = "1" ]; then
%if 0%{?has_systemd}
%service_add_pre %{name}.service
%endif
%preun
# on `rpm -e` PARAM is 0
%stop_on_removal proftpd
%if 0%{?has_systemd}
%service_del_preun %{name}.service
%endif
%post
# on `rpm -ivh` PARAM is 1
# on `rpm -Uvh` PARAM is 2
%if 0%{?has_systemd}
%service_add_post %{name}.service
%{__install} -d /run/%{name}
%else
%{fillup_and_insserv -f proftpd}
%{__install} -d %{_localstatedir}/run/%{name}
%endif
%postun
# on `rpm -e` PARAM is 0
if [ "$1" = "0" ]; then
%{insserv_cleanup}
fi
%restart_on_update proftpd
%if 0%{?has_systemd}
%service_del_postun %{name}.service
%endif
%clean
%{__rm} -rf %{buildroot}
%if 0%{?lang_package:1} > 0
%files lang -f %{name}.lang
%if 0%{?sles_version} == 11
%defattr(-,root,root,-)
%dir %{_datadir}/locale/bg_BG
%dir %{_datadir}/locale/bg_BG/LC_MESSAGES
%dir %{_datadir}/locale/ja_JP
%dir %{_datadir}/locale/ja_JP/LC_MESSAGES
%dir %{_datadir}/locale/ko_KR
%dir %{_datadir}/locale/ko_KR/LC_MESSAGES
%endif
%files
%else
%files -f %{name}.lang
%endif
%defattr(-,root,root,-)
%doc COPYING CREDITS ChangeLog NEWS README* RELEASE_NOTES
%doc contrib/README.*
#%doc contrib/xferstats.holger-preiss*
#%doc contrib/ftpasswd contrib/ftpquota
%doc sample-configurations/*.conf
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/
%dir %attr(0750,ftp,ftp) %{_sysconfdir}/%{name}/auth/
%config(noreplace) %attr(0440,root,ftp) %{_sysconfdir}/%{name}/auth/passwd
%dir %attr(0755,root,root) %{_sysconfdir}/%{name}/conf.d
%config(noreplace) %attr(0640,root,root) %{_sysconfdir}/%{name}/%{name}.conf
%{_sysconfdir}/%{name}/PROFTPD-MIB.txt
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%config(noreplace) %{_sysconfdir}/pam.d/%{name}
%config(noreplace) %{_sysconfdir}/xinetd.d/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/blacklist.dat
%config(noreplace) %{_sysconfdir}/%{name}/dhparams.pem
%{_sysconfdir}/init.d/%{name}
%dir %attr(0750,ftp,ftp) %{_localstatedir}/log/%{name}
%{_sbindir}/*
%{_mandir}/man?/*
%dir %attr(0755,root,root) %{_libdir}/%{name}/
%{_libdir}/%{name}/*.so
%exclude %{_libdir}/%{name}/mod_ldap.so
%exclude %{_libdir}/%{name}/mod_sql_mysql.so
%exclude %{_libdir}/%{name}/mod_sql_postgres.so
%exclude %{_libdir}/%{name}/mod_radius.so
%exclude %{_libdir}/%{name}/mod_sql_sqlite.so
%if 0%{?has_systemd}
%{_unitdir}/%{name}.service
%{_prefix}/lib/tmpfiles.d/%{name}.conf
%ghost %dir /run/%{name}
%endif
%files devel
%defattr(-,root,root,-)
%{_includedir}/%{name}
%{_libdir}/pkgconfig/%{name}.pc
%files ldap
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_ldap.so
%files mysql
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_mysql.so
%files pgsql
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_postgres.so
%files radius
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_radius.so
%files sqlite
%defattr(-,root,root,-)
%{_libdir}/%{name}/mod_sql_sqlite.so
%files doc
%defattr(-,root,root,-)
%doc doc/*.html doc/contrib doc/howto doc/modules
%changelog
++++++ proftpd-basic.conf.patch ++++++
Index: sample-configurations/basic.conf
===================================================================
--- sample-configurations/basic.conf.orig
+++ sample-configurations/basic.conf
@@ -3,19 +3,29 @@
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
-ServerName "ProFTPD Default Installation"
-ServerType standalone
-DefaultServer on
+ServerName "ProFTPD"
+ServerType standalone
+DefaultServer on
# Port 21 is the standard FTP port.
-Port 21
+Port 21
+
+# FireWall PortRange for PASV
+PassivePorts 40000 40999
+
+# Set DebugLevel to values between 0 and 9
+# default is 0
+DebugLevel 0
+
+# SystemLog -- Redirect syslogging to a file
+SystemLog /var/log/proftpd/proftpd.log
# Don't use IPv6 support by default.
-UseIPv6 off
+UseIPv6 off
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
-Umask 022
+Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
@@ -23,43 +33,192 @@ Umask 022
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd).
-MaxInstances 30
+MaxInstances 30
# Set the user and group under which the server will run.
-User nobody
-Group nogroup
-
-# To cause every FTP user to be "jailed" (chrooted) into their home
-# directory, uncomment this line.
-#DefaultRoot ~
+User ftp
+Group ftp
-# Normally, we want files to be overwriteable.
-AllowOverwrite on
+# Some logging formats
+LogFormat default "%h %l %u %t \"%r\" %s %b"
+LogFormat auth "%v [%P] %h %t \"%r\" %s"
+LogFormat write "%h %l %u %t \"%r\" %s %b"
+
+# ------------------------------
+# Global Settings
+# ------------------------------
+<Global>
+
+ # ------------------------------
+ # Login
+ # ------------------------------
+
+ ServerIdent on "FTP server ready"
+ DeferWelcome on
+ #DisplayConnect /etc/proftpd/msg
+
+ <IfModule mod_ident.c>
+ IdentLookups off
+ </IfModule>
+ UseFtpUsers off
+ RequireValidShell off
+
+ TimeoutLogin 60
+ MaxLoginAttempts 3
+ #MaxClientsPerHost none
+ #MaxClientsPerUser 1 "Only one connection at a time."
+
+ # ------------------------------
+ # Authentication
+ # ------------------------------
+
+ ### PAM Authentication
+ # AuthPAM: default: on
+ AuthPAM off
+
+ # changed AuthPAMConfig file
+ AuthPAMConfig proftpd
+ ### PAM Authentication
+
+ AuthUserFile /etc/proftpd/auth/passwd
+ AuthGroupFile /etc/group
+
+ ### order of auth modules
+ #AuthOrder mod_auth_unix.c mod_auth_file.c
+ AuthOrder mod_auth_file.c
+
+ # ------------------------------
+ # Post-Login
+ # ------------------------------
+
+ DisplayLogin welcome.msg
+ DisplayChdir .message
+ AllowOverride off
+
+ TimeoutIdle 600
+ TimeoutNoTransfer 900
+ TimeoutStalled 300
+ TimeoutSession 3600
+
+ # ------------------------------
+ # Session
+ # ------------------------------
+
+ # To cause every FTP user to be "jailed" (chrooted) into their home
+ # directory, uncomment this line.
+ DefaultRoot ~ web,!users
+
+ DenyFilter \*.*/
+ ListOptions "-A +R" strict
+ UseGlobbing off
+
+ ShowSymlinks on
+ TimesGMT on
+
+ # ------------------------------
+ # Up- & Download
+ # ------------------------------
+
+ # having to delete before uploading is a pain ;)
+ AllowOverwrite on
+ AllowRetrieveRestart on
+ HiddenStores on
+ DeleteAbortedStores on
+ #AllowStoreRestart off # is contrary to "DeleteAbortedStores"
+
+ # ------------------------------
+ # Logging
+ # ------------------------------
+
+ WtmpLog off
+ TransferLog /var/log/proftpd/xferlog
+
+ # Record all logins
+ ExtendedLog /var/log/proftpd/auth.log AUTH auth
+
+ # Logging file/dir access
+ ExtendedLog /var/log/proftpd/access.log WRITE,READ write
+
+ # Paranoia logging level....
+ ExtendedLog /var/log/proftpd/paranoid.log ALL default
+
+ # SQLLogFile
+ #SQLLogFile /var/log/proftpd/SQL.log
+</Global>
# Bar use of SITE CHMOD by default
<Limit SITE_CHMOD>
DenyAll
</Limit>
+#####
+# Include other confs
+#Include /etc/proftpd/conf.d/*.conf
+
+#####
+
+# ------------------------------
+# Anonymous Settings
+# ------------------------------
# A basic anonymous configuration, no upload directories. If you do not
# want anonymous users, simply delete this entire <Anonymous> section.