To provide an FTP service, Panel uses the ProFTPD FTP server. Panel includes the following two packages:
psa-proftpdwhich contains the main component.
psa-proftpd-xinetdwhich contains patches and configurations to work with
The ProFTPD is started by the
xinetd every time the server receives an FTP request. In the case of authorized access, the FTP service is started on behalf of the user whose request is to be processed. For anonymous users, the service is started with the UID of the
The FTP server allows for document access of authenticated users that are listed in the /etc/passwd and /etc/shadow files. The first one defines the user name, group membership, home directory, and active access method. The second one stores password hash values. Let us look at FTP users created during the virtual hosting setup procedure. The following are some /etc/passwd lines defining FTP user parameters.
# grep ftp /etc/passwd
psaftp:x:2524:2522:anonftp psa user:/:/bin/false
The first two lines are default FTP users. The
psaftp is the user on behalf of whom the FTP service is started when the Panel server receives an anonymous FTP request.
The last two lines define typical FTP users. The group ID
10001 refers to the psacln group that contains FTP users. The psacln is added to the /etc/ftpchroot file. For every FTP user logged into the Panel, a "chroot" procedure is executed, which ensures the user cannot see files owned by other users.
Panel stores all FTP user accounts in a single database; therefore, FTP users cannot have the same names even if they are created for different virtual hosts. Besides, since the FTP service cannot be name based, only one virtual host on each IP address can provide anonymous FTP access.
The FTP server configuration parameters are stored in the /etc/proftpd.conf file. Here are some of the parameters. A sample of the
proftpd.conf file is displayed below:
DefaultRoot ~ psacln
SetEnv TZ :/etc/localtime
# Port 21 is the standard FTP port.
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
#Following part of this config file were generate by PSA automatically
#Any changes in this part will be overwritten by next manipulation
#with Anonymous FTP feature in PSA control panel.
#Include directive should point to place where FTP Virtual Hosts configurations
# Primary log file mest be outside of system logrotate province
#Change default group for new files and directories in vhosts dir to psacln
# Enable PAM authentication
Each virtual host FTP configuration is stored in the
/etc/proftpd.include file. The configurations consist of two sections:
Below is a sample of the general section:
Order allow, deny
Deny from all
anon_ftpas the home directory that is inside the domain directory opened for the authorized domain user.
Below is a sample of this section:
UserAlias anonymous psaftp
TransferRate RETR 0.000
Umask 022 002
<Limit MKD XMKD>
For more information on the ProFTPD configuration, please refer to the www.proftpd.org.
FTP Logs and Statistics
For each domain, the ProFTPD service writes statistics for both anonymous and authorized access to log files located in the /var/www/vhosts/<domain_name>/statistics/logs/ directory. Once a day, Panel processes the logs with the
statistics utility and separates the statistical data into two parts:
In addition, the
statistics utility writes the statistical data to the psa database and calls the log rotation utility
logrotate. For more information on statistics processing and log rotation, refer to the chapter Statistics and Logs.
Please send us your feedback on this help page.