1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
|
#----------------------------------------------------------
# This is the main server configuration
[section] main
# allow connections from port 21
ftpport 21
# set maximum users to 200
maxusers 200
# log everything execpt debugging logs
logstrength 63
# set logfile
logfile /var/log/muddleftpd.log
# set default timeout to 300 seconds
timeout 300
# set the file displayed on login
logindump /etc/issue.ftp
# allow anyhost to connect
ipacl A:*
# set admin email address
email user@hostname
# set scratchfile for inetd operation
scratchfile /var/lock/muddleftpd.scratch
# set the list of vserver muddleftpd is to use
vserver external
vserver internal
# set the server to use smartbind, which can significantly reduce
# the number of file descriptors needed by the server
smartbind 1
#----------------------------------------------------------
# This configures vserver external. This handles users from
# outside.
[section] external
# accept users from anywhere
ipacl A:*
# this vserver will bind to port 21. It can be told to bind to
# a specific device using ftpport 21/<ip of device>
# eg ftpport 21/10.1.1.1
ftpport 21
# set the groups this vserver will run through. Since the external
# vserver is only for connections from outside, only allow anonymous
# logins
group anonymous
# Set an approprate login
greeting Anonymous FTPD ready. Enter 'anonymous' as username.
# Set maxusers to 50 to pervent external users flooding server
maxusers 50
# set the hostname to what we want
hostname external.somewhere.net
#----------------------------------------------------------
# This configures vserver internal. This handles users from
# the internal network
[section] external
# allow users from local network only
ipacl A:10.1.1.0/255.255.255.0
ipacl A:127.0.0.1/255.255.255.255
# this vserver will bind to port 2100. It can be told to bind to
# a specific device using ftpport 2100/<ip of device>
# eg ftpport 2100/10.1.1.1
ftpport 2100
# set the groups this vserver will run through.
group badusers
group anonymous
group localusers
# set the hostname to what we want
hostname internal.somewhere.net
#----------------------------------------------------------
# This configures badusers. It catches any bad usernames that
# should not be logged into
[section] badusers
# tell it to accept the usernames root, uucp and news
nameacl A:root
nameacl A:uucp
nameacl A:news
# accept these usernames from any host.
ipacl A:*
# tell the server these usernames are disabled
authmethod disabled
# set the maxuser count of this group to 0 so it isn't
# added to the stats
maxusers 0
#----------------------------------------------------------
# This configures the anonymous user.
# Note: if the following doesn't work, then your computer
# needs the ftp user to be set.
[section] anonymous
# tell the group that is can accept any host
ipacl A:*
# tell the server to accept anonymous or ftp for this group
nameacl A:anonymous
nameacl A:ftp
# tell the server to use chroot to the anonymous rootdir
chroot 1
# tell the server to use the ftp user as the anonymous rootdir
# and uid/gid
authparams ftp
# tell the server to use the anonymous authenticator, and
# accept any password.
authmethod anonymous
# disallow any changes to file permissions or upload umask
chmoding 0
# print out this file when the user logs in. It is not relative
# to anonymous's rootdir
welcome /home/ftp/welcome.msg
# display this file when a user changes into a new directory
cddump .message
# display this file when too many users are logged on
busydump /etc/msgs/msg.toomany
# set the umask files are uploaded with
umask 077
# give anonymous user read/list access everywhere and add/list access
# to the incoming folder. The / on the end of the second directive
# tells muddleftpd to apply ACL to a directory rather than a file.
access /:RLC
access /incoming/:ALC
# limit the size of this group so localusers can log in too
maxusers 100
# set the niceness of anonymous users to 10
nice 10
#----------------------------------------------------------
# This configures the normal users.
[section] localusers
# tell the group that it can accept any host that the last group
# didn't get
ipacl A:*
# tell the server to accept any username for this group
nameacl A:*
# tell the server to use chroot to the user's rootdir
chroot 1
# set the users rootdir to their homedir, to lock them in there
rootdir %h
# set the users homedir to /, so he ends up in his own homedir
homedir /
# tell the server to use the unix authenticator, useful against
# normal password files
authmethod unix
# give normal users full access to their userspace
access /:ALL
# allow server-server transfers with localusers
fxpallow 1
|
