ProFTPD is an FTP server which provides extensive configuration settings. Since FTP passwords are sent in clear unencrypted format they may be visible to network sniffers. In order to secure an account in the server ( to avoid the account password being transmitted via FTP), we can set up a Virtual FTP user via the AuthUserFiles option provided by Proftpd.
ProFTPD provides the ftpasswd tool for setting up Virtual users via AuthUserFiles. Proftpd can be installed on the Centos server from the rpmforge repo (Add rpmforge repo as described in http://wiki.centos.org/AdditionalResources/Repositories/RPMForge and install ProFTPD using the following command:
#yum install proftpd
Once the installation is complete edit the ProFTPD configuration file /etc/proftpd.conf and comment the option
AuthOrder mod_auth_pam.c* mod_auth_unix.c ( add a # to be beginning)
Also, add the options as below to the file after the creation of the /etc/proftpd directory ( mkdir /etc/proftpd )
AuthOrder mod_auth_file.c
AuthUserFile /etc/proftpd/proftpd.pass
AuthGroupFile /etc/proftpd/proftpd.group
RequireValidShell off
Create the files /etc/proftpd/proftpd.pass and /etc/proftpd/proftpd.group and change the permission and ownership of the files and the proftpd folder as below :
chown nobody.nobody /etc/proftpd/
touch /etc/proftpd/proftpd.pass
touch /etc/proftpd/proftpd.group
chown nobody.nobody /etc/proftpd/proftpd.pass
chown nobody.nobody /etc/proftpd/proftpd.group
chmod 400 /etc/proftpd/proftpd.pass
chmod 400 /etc/proftpd/proftpd.group
Proftpd runs as user nobody in the server by default. The User option from the proftpd.conf can be used to change the user under which proftpd is being run. Please make sure to change the ownership of the files and proftpd directory accordingly in case, the user has been modified.
After making these changes, restart proftpd using the command :
#service proftpd restart
Check for the UID and GID of the user under which the Virtual users are created
grep <username> /etc/passwd
grep <groupname> /etc/group
Once the UID and GID has been identified, use the ftpasswd command to add the Virtual user
ftpasswd –uid <UID> –gid <GID> –name <Virtual Username> –shell /bin/false –home /<ftp home directory> –passwd
Add members to the group
ftpasswd –group –name <Groupname> –gid <GID> –member <membername>
Check the files /etc/proftpd/proftpd.pass /etc/proftpd/proftpd.group make and sure that details of the user and group have been added
Restart proftpd using the command :
#service proftpd restart
If you require help, contact SupportPRO Server Admin
