Chapter 10. Anonymous Servers

Table of Contents
How do I create individual anonymous FTP sites for my users?
I want to support normal login and Anonymous under a particular user
I only want to allow anonymous access to a virtual server.
Why doesn't Anonymous ftp work
Additional anonymous accounts
Secure upload facilities

ProFTPD is a ftp server primarily written for the various unix variants though it will now compile under win32. It has been designed to be much like Apache in concept, taking many of the ideas (configuration format, modular design, etc.) from it.

How do I create individual anonymous FTP sites for my users?

There are two methods of accomplishing this (possibly more). First, you can create a directory structure inside your anonymous FTP root directory, creating a single directory for each user and setting ownership/permissions as appropriate. Then, either create a symlink from each user's home directory into the FTP site, or instruct your users on how to access their directory.

The alternate method (and more versatile) of accomplishing per-user anonymous FTP is to use AnonymousGroup in combination with the DefaultRoot directory. You'll probably want to do this inside a <VirtualHost>, otherwise none of your users will be able to access your system without being stuck inside their per-user FTP site. Additionally, you'll want to use a deferred <Directory> block to carefully limit outside access to each user's site.

Create a new unix group on your system named `anonftp'. Please each user who will have per-user anonymous FTP in this group. Create an `anon-ftp' and `anon-ftp/incoming' directory in each user's home directory. Modify your /etc/proftpd.conf file to look something like this (you'll probably want to customize this to your needs):

 # the next line limits all logins to this virtual host, so that only
 anonftp users can connect
 <Limit LOGIN>
 DenyGroup !anonftp
 # limit access to each user's anon-ftp directory, we want read-only
 except on incoming
 <Directory ~/anon-ftp>
 <Limit WRITE>
 # permit stor access to each user's anon-ftp/incoming directory,
 but deny everything else
 <Directory ~/anon-ftp/incoming>
 <Limit STOR>
 # provide a default root for all logins to this virtual host.
 DefaultRoot ~/anon-ftp
 # Finally, force all logins to be anonymous for the anonftp group
 AnonymousGroup anonftp