Menu
▾
▴
proftp-user — User support list for ProFTPD
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(356) |
Nov
(380) |
Dec
(318) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(439) |
Feb
(396) |
Mar
(326) |
Apr
(364) |
May
(331) |
Jun
(300) |
Jul
(345) |
Aug
(367) |
Sep
(567) |
Oct
(690) |
Nov
(454) |
Dec
(328) |
| 2003 |
Jan
(507) |
Feb
(507) |
Mar
(556) |
Apr
(482) |
May
(529) |
Jun
(528) |
Jul
(534) |
Aug
(271) |
Sep
(333) |
Oct
(348) |
Nov
(340) |
Dec
(241) |
| 2004 |
Jan
(319) |
Feb
(331) |
Mar
(283) |
Apr
(259) |
May
(172) |
Jun
(212) |
Jul
(186) |
Aug
(264) |
Sep
(201) |
Oct
(138) |
Nov
(136) |
Dec
(107) |
| 2005 |
Jan
(130) |
Feb
(154) |
Mar
(116) |
Apr
(79) |
May
(123) |
Jun
(151) |
Jul
(65) |
Aug
(121) |
Sep
(113) |
Oct
(109) |
Nov
(134) |
Dec
(78) |
| 2006 |
Jan
(26) |
Feb
(83) |
Mar
(150) |
Apr
(83) |
May
(145) |
Jun
(80) |
Jul
(102) |
Aug
(99) |
Sep
(93) |
Oct
(26) |
Nov
(39) |
Dec
(46) |
| 2007 |
Jan
(78) |
Feb
(65) |
Mar
(77) |
Apr
(39) |
May
(63) |
Jun
(59) |
Jul
(53) |
Aug
(50) |
Sep
(93) |
Oct
(85) |
Nov
(35) |
Dec
(22) |
| 2008 |
Jan
(56) |
Feb
(26) |
Mar
(58) |
Apr
(45) |
May
(52) |
Jun
(52) |
Jul
(41) |
Aug
(34) |
Sep
(27) |
Oct
(75) |
Nov
(31) |
Dec
(69) |
| 2009 |
Jan
(54) |
Feb
(55) |
Mar
(57) |
Apr
(39) |
May
(40) |
Jun
(79) |
Jul
(49) |
Aug
(30) |
Sep
(46) |
Oct
(72) |
Nov
(89) |
Dec
(71) |
| 2010 |
Jan
(48) |
Feb
(73) |
Mar
(52) |
Apr
(28) |
May
(32) |
Jun
(48) |
Jul
(29) |
Aug
(38) |
Sep
(14) |
Oct
(32) |
Nov
(70) |
Dec
(46) |
| 2011 |
Jan
(33) |
Feb
(30) |
Mar
(79) |
Apr
(24) |
May
(29) |
Jun
(63) |
Jul
(22) |
Aug
(38) |
Sep
(27) |
Oct
(49) |
Nov
(41) |
Dec
(69) |
| 2012 |
Jan
(28) |
Feb
(21) |
Mar
(18) |
Apr
(50) |
May
(30) |
Jun
(16) |
Jul
(22) |
Aug
(15) |
Sep
(35) |
Oct
(37) |
Nov
(23) |
Dec
(19) |
| 2013 |
Jan
(40) |
Feb
(76) |
Mar
(18) |
Apr
(17) |
May
(27) |
Jun
(17) |
Jul
(67) |
Aug
(30) |
Sep
(27) |
Oct
(43) |
Nov
(13) |
Dec
(13) |
| 2014 |
Jan
(37) |
Feb
(36) |
Mar
(31) |
Apr
(3) |
May
(40) |
Jun
(20) |
Jul
(18) |
Aug
(23) |
Sep
(15) |
Oct
(28) |
Nov
(26) |
Dec
(20) |
| 2015 |
Jan
(10) |
Feb
(16) |
Mar
(8) |
Apr
(11) |
May
(6) |
Jun
(8) |
Jul
(6) |
Aug
(12) |
Sep
(4) |
Oct
(26) |
Nov
(13) |
Dec
(6) |
| 2016 |
Jan
(30) |
Feb
(19) |
Mar
(12) |
Apr
(15) |
May
(3) |
Jun
(20) |
Jul
|
Aug
(19) |
Sep
(17) |
Oct
(7) |
Nov
(15) |
Dec
(33) |
| 2017 |
Jan
(19) |
Feb
(18) |
Mar
(25) |
Apr
(25) |
May
(10) |
Jun
(2) |
Jul
(5) |
Aug
(9) |
Sep
|
Oct
(5) |
Nov
(18) |
Dec
(4) |
| 2018 |
Jan
(17) |
Feb
(14) |
Mar
(4) |
Apr
(8) |
May
(9) |
Jun
(9) |
Jul
(12) |
Aug
(26) |
Sep
(10) |
Oct
(2) |
Nov
(6) |
Dec
(2) |
| 2019 |
Jan
(4) |
Feb
(2) |
Mar
(4) |
Apr
(2) |
May
(16) |
Jun
(2) |
Jul
(5) |
Aug
(16) |
Sep
(13) |
Oct
(16) |
Nov
(7) |
Dec
(18) |
| 2020 |
Jan
(4) |
Feb
(6) |
Mar
(9) |
Apr
(21) |
May
(33) |
Jun
(15) |
Jul
(12) |
Aug
(2) |
Sep
(9) |
Oct
(2) |
Nov
(17) |
Dec
(9) |
| 2021 |
Jan
(16) |
Feb
(21) |
Mar
(8) |
Apr
(5) |
May
(4) |
Jun
(10) |
Jul
(13) |
Aug
(12) |
Sep
|
Oct
|
Nov
(5) |
Dec
(6) |
| 2022 |
Jan
(9) |
Feb
(3) |
Mar
(18) |
Apr
(7) |
May
(4) |
Jun
(5) |
Jul
(10) |
Aug
(4) |
Sep
(4) |
Oct
(2) |
Nov
(6) |
Dec
(8) |
| 2023 |
Jan
(3) |
Feb
(4) |
Mar
(24) |
Apr
(13) |
May
(1) |
Jun
|
Jul
(21) |
Aug
(1) |
Sep
(10) |
Oct
(5) |
Nov
|
Dec
(2) |
| 2024 |
Jan
(9) |
Feb
|
Mar
(1) |
Apr
|
May
(5) |
Jun
|
Jul
(1) |
Aug
(13) |
Sep
(5) |
Oct
(2) |
Nov
(9) |
Dec
(1) |
| 2025 |
Jan
(3) |
Feb
(12) |
Mar
(1) |
Apr
|
May
|
Jun
(5) |
Jul
(13) |
Aug
(8) |
Sep
|
Oct
(3) |
Nov
(4) |
Dec
(4) |
| 2026 |
Jan
|
Feb
|
Mar
(10) |
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <m...@ma...> - 2026-04-07 19:04:14
|
Hi TJ and core team, I have reached out 2 times on the GitHub Issue tracker and once a couple months ago via mail, to offer my help to the project and update that very project infrastructure to modern standards. If moving things to GitHub makes it better/easier, then I guess why not. Though sometimes there is actually useful information on the forums of old software projects such as ProFTPd, especially for legacy setups that get updated only now or later in time. I would recommend to keep the forums and an archive-version of the website running, on an updated software stack. I understand this requires infrastructure, which I believe some companies are happy to provide to open source projects pro bono. If this is not wanted, at least I would somehow archive the data (maybe involving archiveteam.org?) for historical reference. It appears to me that FTP/FTPS/SFTP is far from dead and we will have to deal with it on an enterprise scale for at least 20 more years (who knows...). Glad to see some movement here. Let me know what I can do, I would like to support the project. From the other mails I see there are people wanting to step in. Would be great to organize a little! Best regards -----Ursprüngliche Nachricht----- Von: William David Edwards via Proftp-user <pro...@li...> Gesendet: Dienstag, 7. April 2026 19:40 An: pro...@li...; tj...@ca... Cc: William David Edwards <wed...@cy...>; ProFTPD Developers <pro...@li...> Betreff: Re: [Proftpd-user] Aging state of ProFTPD Project infrastructure Hi TJ, TJ Saunders schreef op 2026-04-07 19:25: > As many of you are aware, the state of the ProFTPD Project's > infrastructure is in desperate need of maintenance/upgrading. The VMs > which host the project's website, Bugzilla instance, forums, FTP > downloads, etc are all quite old -- this is why, for example, the > website, Bugzilla, forums currently do not have great HTTPS support. > (The underlying VM image has an OpenSSL package which predates > TLSv1.2, among other things.) > > These VMs are currently running in a provider's network, which has > been quite generous in allowing these to run. However, that provider > has gone through different company acquisitions; the fact that the VMs > are still running is, honestly, more by luck than by intention. Now, > the current company has indicated that these VMs _will_ be shut down > by September of this year, if not sooner. > > I know that maintaining infrastructure, in my spare time, is not very > appealing -- I have to do it too much already for my day job. No > excuses, just commenting on why nothing really has been done on this > front. But now we have a forcing function. > > The project core team has discussed this situation. Right now, we are > leaning toward shutting down the website, Bugzilla, and forums, and > relying on the existing GitHub repo for most needs. Most bug > reports/issues are already filed there, and there have been no > significant forums postings for more than a year now. Most modern > browsers are unhappy about the plain HTTP website, and update the lack > of TLSv1.2 certificates for the forums. > > This all demonstrates that GitHub meets most of the project needs with > regard to infrastructure. It also means fewer moving parts for future > maintainers of the project to maintain, going forward. > > With this in mind, I'd like to solicit your thoughts/feedback on what > sort of things you'd want to see in the GitHub repo (if anything), > knowing that these changes are coming. Feel free to respond to me > personally if you prefer. > > I don't have any particular dates/times when we'll shut those VMs down > (other than before September), but it'll be happening this year, one > way or another. > I think it makes perfect sense to move downloads & bug tracker to GitHub. I do however believe that having a website is still very useful for a mature project. The same case could be made for forums, having multiple potential communication channels for interaction with other users. People may not want to sign up to GitHub. If you need a VM to that purpose, feel free to give us - a hosting company from Europe - a shout off-list. > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html Met vriendelijke groeten, William David Edwards _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? http://www.proftpd.org/list-unsub.html |
|
From: William D. E. <wed...@cy...> - 2026-04-07 18:05:15
|
Hi TJ, TJ Saunders schreef op 2026-04-07 19:25: > As many of you are aware, the state of the ProFTPD Project's > infrastructure is in desperate need of maintenance/upgrading. The VMs > which host the project's website, Bugzilla instance, forums, FTP > downloads, etc are all quite old -- this is why, for example, the > website, Bugzilla, forums currently do not have great HTTPS support. > (The underlying VM image has an OpenSSL package which predates TLSv1.2, > among other things.) > > These VMs are currently running in a provider's network, which has been > quite generous in allowing these to run. However, that provider has > gone through different company acquisitions; the fact that the VMs are > still running is, honestly, more by luck than by intention. Now, the > current company has indicated that these VMs _will_ be shut down by > September of this year, if not sooner. > > I know that maintaining infrastructure, in my spare time, is not very > appealing -- I have to do it too much already for my day job. No > excuses, just commenting on why nothing really has been done on this > front. But now we have a forcing function. > > The project core team has discussed this situation. Right now, we are > leaning toward shutting down the website, Bugzilla, and forums, and > relying on the existing GitHub repo for most needs. Most bug > reports/issues are already filed there, and there have been no > significant forums postings for more than a year now. Most modern > browsers are unhappy about the plain HTTP website, and update the lack > of TLSv1.2 certificates for the forums. > > This all demonstrates that GitHub meets most of the project needs with > regard to infrastructure. It also means fewer moving parts for future > maintainers of the project to maintain, going forward. > > With this in mind, I'd like to solicit your thoughts/feedback on what > sort of things you'd want to see in the GitHub repo (if anything), > knowing that these changes are coming. Feel free to respond to me > personally if you prefer. > > I don't have any particular dates/times when we'll shut those VMs down > (other than before September), but it'll be happening this year, one > way or another. > I think it makes perfect sense to move downloads & bug tracker to GitHub. I do however believe that having a website is still very useful for a mature project. The same case could be made for forums, having multiple potential communication channels for interaction with other users. People may not want to sign up to GitHub. If you need a VM to that purpose, feel free to give us - a hosting company from Europe - a shout off-list. > Cheers, > TJ > > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html Met vriendelijke groeten, William David Edwards |
|
From: TJ S. <tj...@ca...> - 2026-04-07 17:26:27
|
As many of you are aware, the state of the ProFTPD Project's infrastructure is in desperate need of maintenance/upgrading. The VMs which host the project's website, Bugzilla instance, forums, FTP downloads, etc are all quite old -- this is why, for example, the website, Bugzilla, forums currently do not have great HTTPS support. (The underlying VM image has an OpenSSL package which predates TLSv1.2, among other things.) These VMs are currently running in a provider's network, which has been quite generous in allowing these to run. However, that provider has gone through different company acquisitions; the fact that the VMs are still running is, honestly, more by luck than by intention. Now, the current company has indicated that these VMs _will_ be shut down by September of this year, if not sooner. I know that maintaining infrastructure, in my spare time, is not very appealing -- I have to do it too much already for my day job. No excuses, just commenting on why nothing really has been done on this front. But now we have a forcing function. The project core team has discussed this situation. Right now, we are leaning toward shutting down the website, Bugzilla, and forums, and relying on the existing GitHub repo for most needs. Most bug reports/issues are already filed there, and there have been no significant forums postings for more than a year now. Most modern browsers are unhappy about the plain HTTP website, and update the lack of TLSv1.2 certificates for the forums. This all demonstrates that GitHub meets most of the project needs with regard to infrastructure. It also means fewer moving parts for future maintainers of the project to maintain, going forward. With this in mind, I'd like to solicit your thoughts/feedback on what sort of things you'd want to see in the GitHub repo (if anything), knowing that these changes are coming. Feel free to respond to me personally if you prefer. I don't have any particular dates/times when we'll shut those VMs down (other than before September), but it'll be happening this year, one way or another. Cheers, TJ |
|
From: Matus U. - f. <uh...@fa...> - 2026-03-21 17:56:24
|
>> So, it has to be owned by the running user, or at readable it we relax the >> permission check: >> >> SFTPOptions InsecureHostKeyPerms >> SFTPHostKey /etc/proftpd/ssh_host_rsa_key >> >> It works although complains in log as well: >> >> Mar 20 15:54:37 server proftpd[175306]: Checking syntax of >> configuration file >> Mar 20 15:54:37 server proftpd[175306]: 2026-03-20 15:54:37,411 server >> proftpd[175306]: mod_sftp/1.1.1: unable to use >> '/etc/proftpd/ssh_host_rsa_key' as host key, as it is group- or >> world-accessible On 21.03.26 10:30, TJ Saunders wrote: > Even with "SFTPOptions InsecureHostKeyPerms", I wanted to log something, at > config parse time, so that admins would be aware of the insecure > permissions on those files. Perhaps that is overkill? At the very least, > I will change the log level from NOTICE to INFO (perhaps DEBUG?), and > change the wording to be more accurate, as "unable to use" when, in fact, > the key _is_ used is wrong. That makes sense, thanks for explanation. -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Remember half the people you know are below average. |
|
From: TJ S. <tj...@ca...> - 2026-03-21 17:31:18
|
> So, it has to be owned by the running user, or at readable it we relax the > permission check: > > SFTPOptions InsecureHostKeyPerms > SFTPHostKey /etc/proftpd/ssh_host_rsa_key > > It works although complains in log as well: > > Mar 20 15:54:37 server proftpd[175306]: Checking syntax of > configuration file > Mar 20 15:54:37 server proftpd[175306]: 2026-03-20 15:54:37,411 server > proftpd[175306]: mod_sftp/1.1.1: unable to use > '/etc/proftpd/ssh_host_rsa_key' as host key, as it is group- or > world-accessible Even with "SFTPOptions InsecureHostKeyPerms", I wanted to log something, at config parse time, so that admins would be aware of the insecure permissions on those files. Perhaps that is overkill? At the very least, I will change the log level from NOTICE to INFO (perhaps DEBUG?), and change the wording to be more accurate, as "unable to use" when, in fact, the key _is_ used is wrong. Cheers, TJ |
|
From: Matus U. - f. <uh...@fa...> - 2026-03-20 16:05:42
|
Of course I forgot: - SFTPHostKey must be readable by unauthorized user as well. So, it has to be owned by the running user, or at readable it we relax the permission check: SFTPOptions InsecureHostKeyPerms SFTPHostKey /etc/proftpd/ssh_host_rsa_key It works although complains in log as well: Mar 20 15:54:37 server proftpd[175306]: Checking syntax of configuration file Mar 20 15:54:37 server proftpd[175306]: 2026-03-20 15:54:37,411 server proftpd[175306]: mod_sftp/1.1.1: unable to use '/etc/proftpd/ssh_host_rsa_key' as host key, as it is group- or world-accessible Mar 20 15:54:37 server proftpd[175308]: 2026-03-20 15:54:37,433 server proftpd[175308]: mod_sftp/1.1.1: unable to use '/etc/proftpd/ssh_host_rsa_key' as host key, as it is group- or world-accessible Mar 20 15:54:37 server systemd[1]: Started proftpd.service - ProFTPD FTP Server. Perhaps we could have "RelaxedHostKeyPerms" option? On 20.03.26 16:33, Matus UHLAR - fantomas wrote: >It did help, I'd like to add a few points: > >- mod_vroot can be used to simulate chroot when not running proftpd as root > You can enable is using: > > LoadModule mod_vroot.c > VRootEngine on > and by using DefaultRoot directive. > >Link: http://www.castaglia.org/proftpd/modules/mod_vroot.html >(btw: why can't I find this module in proftpd.org?) > > >- init/rc script or systemd unit can be modified to execute proftpd >under given user instead of (or in affition to) using User and Group >directives > (works here) > >- having log directory (e.g. /var/log/proftpd) and run directory (e.g. >/run/proftpd) writable by proftpd makes it easier to fullfill writable >requirements for: > > PidFile > ScoreboardFile > DelayTable TransferLog SystemLog > ServerLog > SFTPLog > > and others. >- logrotate script should be changed to create log file(s) as configured user > ...or not create the file and let proftpd do that > >- systemd unit must be configured to use pid file configured above > >- use: > > AuthOrder mod_auth_file.c* > > to skip system authentication > (not sure if the * is required, but shouldn't hurt) > > >- In case of using virtual hosts, many of directives should be either >repeated in <VirtualHost> or placed into <Global> secion, because > of how Proftpd's virtual hosts work. > > This applies to directives mentioned above or in referenced document > http://www.proftpd.org/docs/howto/Nonroot.html > > SystemLog > WtmpLog > TransferLog > AuthUserFile > AuthGroupFile > AuthPAM > AuthOrder > VRootEngine > DefaultRoot > ...and all other directives applicable in <VirtualHost> anf ><Global> context. -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Atheism is a non-prophet organization. |
|
From: Matus U. - f. <uh...@fa...> - 2026-03-20 15:33:29
|
>> Did anyone try to run ProFTPD completely under pon-privileged user? >> >> I guess It would need: >> >> - changing init script/systemd unit >> (directive User doesn't prevent from being able to setuid() etc) >> - using mod_vroot >> >> - listen on port>1024 >> - non-system user database (I guess even for single anonymous user) >> - setting paths/permissions for log, lock, pid files >> >> Does it need any changes more than that? >> Does it work? On 13.03.26 09:24, TJ Saunders wrote: >It can be done, yes -- depending on the desired configuration, of course. > This might help: > > http://www.proftpd.org/docs/howto/Nonroot.html It did help, I'd like to add a few points: - mod_vroot can be used to simulate chroot when not running proftpd as root You can enable is using: LoadModule mod_vroot.c VRootEngine on and by using DefaultRoot directive. Link: http://www.castaglia.org/proftpd/modules/mod_vroot.html (btw: why can't I find this module in proftpd.org?) - init/rc script or systemd unit can be modified to execute proftpd under given user instead of (or in affition to) using User and Group directives (works here) - having log directory (e.g. /var/log/proftpd) and run directory (e.g. /run/proftpd) writable by proftpd makes it easier to fullfill writable requirements for: PidFile ScoreboardFile DelayTable TransferLog SystemLog ServerLog SFTPLog and others. - logrotate script should be changed to create log file(s) as configured user ...or not create the file and let proftpd do that - systemd unit must be configured to use pid file configured above - use: AuthOrder mod_auth_file.c* to skip system authentication (not sure if the * is required, but shouldn't hurt) - In case of using virtual hosts, many of directives should be either repeated in <VirtualHost> or placed into <Global> secion, because of how Proftpd's virtual hosts work. This applies to directives mentioned above or in referenced document http://www.proftpd.org/docs/howto/Nonroot.html SystemLog WtmpLog TransferLog AuthUserFile AuthGroupFile AuthPAM AuthOrder VRootEngine DefaultRoot ...and all other directives applicable in <VirtualHost> anf <Global> context. -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I drive way too fast to worry about cholesterol. |
|
From: Dieter B. <pr...@bl...> - 2026-03-16 17:05:53
|
Hello TJ, On Mon, Mar 16, TJ Saunders wrote: > > I would like to disable DSA Key support so that no user can use > > this key type anymore. > > Is it possible to disable this via the configuration? > > I'm assuming this is referring to SSH public key authentication? If so, you should be able to use the SFTPPublicKeys directive to configure the list of algorithms you'd like, omitting the DSA algorithm, i.e. "ssh-dss"; see: > > http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPAuthPublicKeys > > Hope this helps, Yes, this will help. Thank you for the hind! -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. |
|
From: TJ S. <tj...@ca...> - 2026-03-16 16:12:20
|
> I would like to disable DSA Key support so that no user can use > this key type anymore. > Is it possible to disable this via the configuration? I'm assuming this is referring to SSH public key authentication? If so, you should be able to use the SFTPPublicKeys directive to configure the list of algorithms you'd like, omitting the DSA algorithm, i.e. "ssh-dss"; see: http://www.proftpd.org/docs/contrib/mod_sftp.html#SFTPAuthPublicKeys Hope this helps, TJ |
|
From: Dieter B. <pr...@bl...> - 2026-03-16 11:54:52
|
Hello, I would like to disable DSA Key support so that no user can use this key type anymore. Is it possible to disable this via the configuration? -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. |
|
From: Matus U. - f. <uh...@fa...> - 2026-03-13 16:53:48
|
>> Did anyone try to run ProFTPD completely under pon-privileged user? >> >> I guess It would need: >> >> - changing init script/systemd unit >> (directive User doesn't prevent from being able to setuid() etc) >> - using mod_vroot >> >> - listen on port>1024 >> - non-system user database (I guess even for single anonymous user) >> - setting paths/permissions for log, lock, pid files >> >> Does it need any changes more than that? >> Does it work? On 13.03.26 09:24, TJ Saunders wrote: >It can be done, yes -- depending on the desired configuration, of course. This might help: > > http://www.proftpd.org/docs/howto/Nonroot.html Oh my... I completely missed that. Thanks! -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Chernobyl was an Windows 95 beta test site. |
|
From: TJ S. <tj...@ca...> - 2026-03-13 16:41:51
|
> Did anyone try to run ProFTPD completely under pon-privileged user? > > I guess It would need: > > - changing init script/systemd unit > (directive User doesn't prevent from being able to setuid() etc) > - using mod_vroot > > - listen on port>1024 > - non-system user database (I guess even for single anonymous user) > - setting paths/permissions for log, lock, pid files > > Does it need any changes more than that? > Does it work? It can be done, yes -- depending on the desired configuration, of course. This might help: http://www.proftpd.org/docs/howto/Nonroot.html Cheers, TJ |
|
From: Matus U. - f. <uh...@fa...> - 2026-03-13 13:32:43
|
Hello, Did anyone try to run ProFTPD completely under pon-privileged user? I guess It would need: - changing init script/systemd unit (directive User doesn't prevent from being able to setuid() etc) - using mod_vroot - listen on port>1024 - non-system user database (I guess even for single anonymous user) - setting paths/permissions for log, lock, pid files Does it need any changes more than that? Does it work? -- Matus UHLAR - fantomas, uh...@fa... ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete |
|
From: John S. <jo...@st...> - 2025-12-03 19:56:32
|
>>>>> "Brad" == Brad Knorr <br...@kn...> writes:
> Trying to understand,
Trying to help! :-) Hopefully this isn't totally off the wall or
redundant. But it would also help if you post your configuration
settings so we can look them over as well.
> So the basic functionality of this module is to receive two parameters
> Username and password. If the endpoint returns a 200, we are good, if it returns
> 403 we are not good. Pretty simple.
Yup. I admit I don't use this, so I'm curious how you configure
this. I assume following the examples in the docs?
> Where I am struggling, is about how to direct proftp to allow the
> permitted user to only access their files.
So are these real system users or virtual users? If they're virtual
users, you should just have them isolated to their own directory tree
using the option:
DefaultRoot ~
which will lock them into their home directory. So you might need to
add this info into your mod_auth_web setup, so that the lookup returns
a 200 code with the directory to use for that user. I personally just use
local group and passwd files in a seperate proftpd only area, setup in
the <global> block:
<global>
# That '*' makes that module authoritative and prevents proftpd from
# falling through to system logins, etc
RequireValidShell off
AuthOrder mod_auth_file.c*
AuthUserFile /ftp/etc/passwd
AuthGroupFile /ftp/etc/group
<Directory /ftp/customers>
HideNoAccess on
</Directory>
</global>
But I also have to configure a per-user cfg file that gives the
various access permissions. All the files are owned by a single
account, but proftpd does all the work of keeping stuff seperate from
each other.
So my main proftpd.conf file I have:
# Per-user configuration files, not server setup configs, must be generated for each user.
Include /ftp/etc/customers/*.cfg
And an exmaple file looks like this:
$ cat /ftp/etc/customers/customer.cfg
<Directory /ftp/customers/customer>
HideNoAccess on
<Limit ALL>
DenyAll
</Limit>
<Limit INFO REALPATH LSTAT CWD PWD LIST MLST STAT READ OPENDIR READDIR>
AllowUser customer
AllowGroup customer
</Limit>
</Directory>
Does this help?
> The files are in a dir structure as follows:
>
> /userdata/jimmy
> /bob
>
> Jimmy and bobs files have a uid and gid of 1000,1001 respectively.
>
> How does proftp know which dir to authorized the user to?
>
> If this mod doesn’t support this, I have a mongo db auth db. If I were to write
> A mod that will auth to mongo, can I send proftpd, this relevant information?
|
|
From: Brad K. <br...@kn...> - 2025-12-03 18:41:02
|
Trying to understand,
So the basic functionality of this module is to receive two parameters
Username and password. If the endpoint returns a 200, we are good, if it
returns
403 we are not good. Pretty simple.
Where I am struggling, is about how to direct proftp to allow the permitted
user to only access their files.
The files are in a dir structure as follows:
/userdata/jimmy
/bob
Jimmy and bobs files have a uid and gid of 1000,1001 respectively.
How does proftp know which dir to authorized the user to?
If this mod doesn’t support this, I have a mongo db auth db. If I were to
write
A mod that will auth to mongo, can I send proftpd, this relevant
information?
Thanks
Brad
|
|
From: John S. <jo...@st...> - 2025-12-02 23:11:49
|
>>>>> "Brad" == Brad Knorr <br...@kn...> writes: > OK, thanks for the reply, after doing some googling and AI, I found > some tunable kernel parameters. Great! > # RECOMMENDED TUNING FOR HIGH-BANDWIDTH SERVERS (Optimized for SFTP) > # > # Increased to 16MB max buffers for high-latency/high-speed links. > net.core.rmem_max = 16777216 > net.core.wmem_max = 16777216 > # Set TCP read/write memory (min, default, max) > net.ipv4.tcp_rmem = 4096 87380 16777216 > net.ipv4.tcp_wmem = 4096 65536 16777216 > # Enable Google's BBR Congestion Control > net.core.default_qdisc = fq > net.ipv4.tcp_congestion_control = bbr > After a few queries to people, this seems to have helped. However as you > mentioned, it is really hard to know as we are at the mercy of the internet. > I think I have done everything I can. Again thank you for the reply. I strongly suspect you might be better off testing by spinning up some VMs in AWS around the world and testing out how it works. But you also don't give any information about your server's hardware and network configuration. So again, it's hard to help. Anyway, glad you've made progress. John > -----Original Message----- > From: John Stoffel <jo...@st...> > Sent: November 30, 2025 1:11 PM > To: pro...@li... > Subject: Re: [Proftpd-user] Performance Help - Take 2 >>>>> "Brad" == Brad Knorr <br...@kn...> writes: >> I realise my first post asking for help, wasn’t really helping myself, >> I didn’t really provide much context. So after some testing, here are >> the results I am getting. > Brad, > You still don't provide enough details to help. What type of server are you > running proftpd on? What OS? What does the system load look like when the > problem(s) are reported? > Have you spun up a new host in a new datacenter (or even another host in the > same datacenter) and tried having those users connect to your new test > instance? > Can they download from other places at a high speed? > Honestly, from the sound of it, your customers might have bad local > networks, but you nee to get them to run some tests to other known good > sites to see what their performance is as a comparison. >> Many of my customers are complaining about the download speed from >> proftpd. Here Is the testing I have done. This user is in Tampa Bay, >> Florida. > No, they're complaining about slow download speeds from your site. > And there's a multitude of possible bottlenecks here. Why have your > turned off SFTP compression? Does that help? > When you're downloading from other sites, how is the performance of your > sftp server? Is the system load high? Can you see the traffic flows and > measure your WAN/LAN performance? > What OS are you running proftpd on? > This is a tough problem to solve, because you don't have any control outside > of your system, so problems could be anywhere. Especially if your customer > is on a residential network. Who knows what they have and what they're > trying to do? > Also, speedtest isn't really a good test, I would suggest you have these > people try to download a smallish ISO file from ubuntu.com as a comparision. > Or maybe spin up a test linode instance in the cloude running a stripped > down copy of your setup, and have the users try that new system as a test. > If they're paying, then it's worth spending some money on trying to figure > out what's going wrong. But otherwise... it's a horrible rat hole to dive > down. > John >> iperf3 from >> 1. from France: 141 Mbits/sec >> 2. from nyc 249 Mbits/sec >> 3. from sfo 598 Mbits/sec >> 4. From Tampa (users come computer) 52.4 Mbits/sec 5. From inside my >> infrastructure, out to the gateway ip and back: 9.18 Gbits/sec >> >> The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a >> 10 GB file. >> >> When he does a speed check to the city where my data center is via >> speedtest.org he gets 200Mbits/ s >> >> When I do a scp from France on a 1GB file I get around 250 Mbits/s >> >> What am I running into here? Is this a limitation of Filezilla? I >> have done disk speed tests on the file server and get 3.2 GB/s on a 1G >> file read. >> >> Any thoughts on where to look next? >> >> Thanks for the awesome product btw. >> >> Proftpd version: >> root@nfs1:/home/truenorth# proftpd --version >> ProFTPD Version 1.3.9rc3 >> >> Config file: >> ServerName "File Transfer Server" >> ServerType standalone >> DefaultServer on >> Port 2222 >> UseIPv6 off >> Umask 003 >> MaxInstances 30 >> User nobody >> Group nogroup >> DefaultRoot ~ >> AllowOverwrite on >> MaxLoginAttempts 3 >> AllowRetrieveRestart on >> DeferWelcome on >> HiddenStores on >> DeleteAbortedStores on >> >> #sFTP config >> SFTPEngine on >> SFTPAuthMethods password >> SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms >> IgnoreSFTPSetOwners IgnoreSFTPSetExtendedAttributes >> IgnoreSFTPUploadExtendedAttributes >> SFTPCompression off >> SFTPMaxChannels 10 >> RequireValidShell off >> SFTPHostKey /etc/ssh/ssh_host_rsa_key >> SFTPHostKey /etc/ssh/ssh_host_ecdsa_key >> >> # logging >> SyslogLevel warn >> SystemLog /var/log/proftpd/system.log >> TransferLog none >> >> # Bar use of SITE CHMOD by default >> <Limit SITE_CHMOD> >> DenyAll >> </Limit> >> >> _______________________________________________ >> ProFTPD Users List <pro...@pr...> >> Unsubscribe problems? >> http://www.proftpd.org/list-unsub.html > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
|
From: Brad K. <br...@kn...> - 2025-12-02 17:56:31
|
OK, thanks for the reply, after doing some googling and AI, I found some tunable kernel parameters. # RECOMMENDED TUNING FOR HIGH-BANDWIDTH SERVERS (Optimized for SFTP) # # Increased to 16MB max buffers for high-latency/high-speed links. net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 # Set TCP read/write memory (min, default, max) net.ipv4.tcp_rmem = 4096 87380 16777216 net.ipv4.tcp_wmem = 4096 65536 16777216 # Enable Google's BBR Congestion Control net.core.default_qdisc = fq net.ipv4.tcp_congestion_control = bbr After a few queries to people, this seems to have helped. However as you mentioned, it is really hard to know as we are at the mercy of the internet. I think I have done everything I can. Again thank you for the reply. Brad -----Original Message----- From: John Stoffel <jo...@st...> Sent: November 30, 2025 1:11 PM To: pro...@li... Subject: Re: [Proftpd-user] Performance Help - Take 2 >>>>> "Brad" == Brad Knorr <br...@kn...> writes: > I realise my first post asking for help, wasn’t really helping myself, > I didn’t really provide much context. So after some testing, here are > the results I am getting. Brad, You still don't provide enough details to help. What type of server are you running proftpd on? What OS? What does the system load look like when the problem(s) are reported? Have you spun up a new host in a new datacenter (or even another host in the same datacenter) and tried having those users connect to your new test instance? Can they download from other places at a high speed? Honestly, from the sound of it, your customers might have bad local networks, but you nee to get them to run some tests to other known good sites to see what their performance is as a comparison. > Many of my customers are complaining about the download speed from > proftpd. Here Is the testing I have done. This user is in Tampa Bay, > Florida. No, they're complaining about slow download speeds from your site. And there's a multitude of possible bottlenecks here. Why have your turned off SFTP compression? Does that help? When you're downloading from other sites, how is the performance of your sftp server? Is the system load high? Can you see the traffic flows and measure your WAN/LAN performance? What OS are you running proftpd on? This is a tough problem to solve, because you don't have any control outside of your system, so problems could be anywhere. Especially if your customer is on a residential network. Who knows what they have and what they're trying to do? Also, speedtest isn't really a good test, I would suggest you have these people try to download a smallish ISO file from ubuntu.com as a comparision. Or maybe spin up a test linode instance in the cloude running a stripped down copy of your setup, and have the users try that new system as a test. If they're paying, then it's worth spending some money on trying to figure out what's going wrong. But otherwise... it's a horrible rat hole to dive down. John > iperf3 from > 1. from France: 141 Mbits/sec > 2. from nyc 249 Mbits/sec > 3. from sfo 598 Mbits/sec > 4. From Tampa (users come computer) 52.4 Mbits/sec 5. From inside my > infrastructure, out to the gateway ip and back: 9.18 Gbits/sec > > The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a > 10 GB file. > > When he does a speed check to the city where my data center is via > speedtest.org he gets 200Mbits/ s > > When I do a scp from France on a 1GB file I get around 250 Mbits/s > > What am I running into here? Is this a limitation of Filezilla? I > have done disk speed tests on the file server and get 3.2 GB/s on a 1G > file read. > > Any thoughts on where to look next? > > Thanks for the awesome product btw. > > Proftpd version: > root@nfs1:/home/truenorth# proftpd --version > ProFTPD Version 1.3.9rc3 > > Config file: > ServerName "File Transfer Server" > ServerType standalone > DefaultServer on > Port 2222 > UseIPv6 off > Umask 003 > MaxInstances 30 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > MaxLoginAttempts 3 > AllowRetrieveRestart on > DeferWelcome on > HiddenStores on > DeleteAbortedStores on > > #sFTP config > SFTPEngine on > SFTPAuthMethods password > SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms > IgnoreSFTPSetOwners IgnoreSFTPSetExtendedAttributes > IgnoreSFTPUploadExtendedAttributes > SFTPCompression off > SFTPMaxChannels 10 > RequireValidShell off > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_ecdsa_key > > # logging > SyslogLevel warn > SystemLog /var/log/proftpd/system.log > TransferLog none > > # Bar use of SITE CHMOD by default > <Limit SITE_CHMOD> > DenyAll > </Limit> > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html _______________________________________________ ProFTPD Users List <pro...@pr...> Unsubscribe problems? http://www.proftpd.org/list-unsub.html |
|
From: John S. <jo...@st...> - 2025-11-30 23:04:19
|
>>>>> "Brad" == Brad Knorr <br...@kn...> writes: > I realise my first post asking for help, wasn’t really helping > myself, I didn’t really provide much context. So after some > testing, here are the results I am getting. Brad, You still don't provide enough details to help. What type of server are you running proftpd on? What OS? What does the system load look like when the problem(s) are reported? Have you spun up a new host in a new datacenter (or even another host in the same datacenter) and tried having those users connect to your new test instance? Can they download from other places at a high speed? Honestly, from the sound of it, your customers might have bad local networks, but you nee to get them to run some tests to other known good sites to see what their performance is as a comparison. > Many of my customers are complaining about the download speed from > proftpd. Here Is the testing I have done. This user is in Tampa > Bay, Florida. No, they're complaining about slow download speeds from your site. And there's a multitude of possible bottlenecks here. Why have your turned off SFTP compression? Does that help? When you're downloading from other sites, how is the performance of your sftp server? Is the system load high? Can you see the traffic flows and measure your WAN/LAN performance? What OS are you running proftpd on? This is a tough problem to solve, because you don't have any control outside of your system, so problems could be anywhere. Especially if your customer is on a residential network. Who knows what they have and what they're trying to do? Also, speedtest isn't really a good test, I would suggest you have these people try to download a smallish ISO file from ubuntu.com as a comparision. Or maybe spin up a test linode instance in the cloude running a stripped down copy of your setup, and have the users try that new system as a test. If they're paying, then it's worth spending some money on trying to figure out what's going wrong. But otherwise... it's a horrible rat hole to dive down. John > iperf3 from > 1. from France: 141 Mbits/sec > 2. from nyc 249 Mbits/sec > 3. from sfo 598 Mbits/sec > 4. From Tampa (users come computer) 52.4 Mbits/sec > 5. From inside my infrastructure, out to the gateway ip and back: 9.18 Gbits/sec > > The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a 10 GB file. > > When he does a speed check to the city where my data center is via speedtest.org he gets 200Mbits/ > s > > When I do a scp from France on a 1GB file I get around 250 Mbits/s > > What am I running into here? Is this a limitation of Filezilla? I have done disk speed tests on > the file server and get 3.2 GB/s on a 1G file read. > > Any thoughts on where to look next? > > Thanks for the awesome product btw. > > Proftpd version: > root@nfs1:/home/truenorth# proftpd --version > ProFTPD Version 1.3.9rc3 > > Config file: > ServerName "File Transfer Server" > ServerType standalone > DefaultServer on > Port 2222 > UseIPv6 off > Umask 003 > MaxInstances 30 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > MaxLoginAttempts 3 > AllowRetrieveRestart on > DeferWelcome on > HiddenStores on > DeleteAbortedStores on > > #sFTP config > SFTPEngine on > SFTPAuthMethods password > SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms IgnoreSFTPSetOwners > IgnoreSFTPSetExtendedAttributes IgnoreSFTPUploadExtendedAttributes > SFTPCompression off > SFTPMaxChannels 10 > RequireValidShell off > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_ecdsa_key > > # logging > SyslogLevel warn > SystemLog /var/log/proftpd/system.log > TransferLog none > > # Bar use of SITE CHMOD by default > <Limit SITE_CHMOD> > DenyAll > </Limit> > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
|
From: John S. <jo...@st...> - 2025-11-30 23:01:41
|
>>>>> "Brad" == Brad Knorr <br...@kn...> writes: > I realise my first post asking for help, wasn’t really helping > myself, I didn’t really provide much context. So after some > testing, here are the results I am getting. Brad, You still don't provide enough details to help. What type of server are you running proftpd on? What OS? What does the system load look like when the problem(s) are reported? Have you spun up a new host in a new datacenter (or even another host in the same datacenter) and tried having those users connect to your new test instance? Can they download from other places at a high speed? Honestly, from the sound of it, your customers might have bad local networks, but you nee to get them to run some tests to other known good sites to see what their performance is as a comparison. > Many of my customers are complaining about the download speed from > proftpd. Here Is the testing I have done. This user is in Tampa > Bay, Florida. No, they're complaining about slow download speeds from your site. And there's a multitude of possible bottlenecks here. Why have your turned off SFTP compression? Does that help? When you're downloading from other sites, how is the performance of your sftp server? Is the system load high? Can you see the traffic flows and measure your WAN/LAN performance? What OS are you running proftpd on? This is a tough problem to solve, because you don't have any control outside of your system, so problems could be anywhere. Especially if your customer is on a residential network. Who knows what they have and what they're trying to do? Also, speedtest isn't really a good test, I would suggest you have these people try to download a smallish ISO file from ubuntu.com as a comparision. Or maybe spin up a test linode instance in the cloude running a stripped down copy of your setup, and have the users try that new system as a test. If they're paying, then it's worth spending some money on trying to figure out what's going wrong. But otherwise... it's a horrible rat hole to dive down. John > iperf3 from > 1. from France: 141 Mbits/sec > 2. from nyc 249 Mbits/sec > 3. from sfo 598 Mbits/sec > 4. From Tampa (users come computer) 52.4 Mbits/sec > 5. From inside my infrastructure, out to the gateway ip and back: 9.18 Gbits/sec > > The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a 10 GB file. > > When he does a speed check to the city where my data center is via speedtest.org he gets 200Mbits/ > s > > When I do a scp from France on a 1GB file I get around 250 Mbits/s > > What am I running into here? Is this a limitation of Filezilla? I have done disk speed tests on > the file server and get 3.2 GB/s on a 1G file read. > > Any thoughts on where to look next? > > Thanks for the awesome product btw. > > Proftpd version: > root@nfs1:/home/truenorth# proftpd --version > ProFTPD Version 1.3.9rc3 > > Config file: > ServerName "File Transfer Server" > ServerType standalone > DefaultServer on > Port 2222 > UseIPv6 off > Umask 003 > MaxInstances 30 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > MaxLoginAttempts 3 > AllowRetrieveRestart on > DeferWelcome on > HiddenStores on > DeleteAbortedStores on > > #sFTP config > SFTPEngine on > SFTPAuthMethods password > SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms IgnoreSFTPSetOwners > IgnoreSFTPSetExtendedAttributes IgnoreSFTPUploadExtendedAttributes > SFTPCompression off > SFTPMaxChannels 10 > RequireValidShell off > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_ecdsa_key > > # logging > SyslogLevel warn > SystemLog /var/log/proftpd/system.log > TransferLog none > > # Bar use of SITE CHMOD by default > <Limit SITE_CHMOD> > DenyAll > </Limit> > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
|
From: John S. <jo...@st...> - 2025-11-30 21:11:36
|
>>>>> "Brad" == Brad Knorr <br...@kn...> writes: > I realise my first post asking for help, wasn’t really helping > myself, I didn’t really provide much context. So after some > testing, here are the results I am getting. Brad, You still don't provide enough details to help. What type of server are you running proftpd on? What OS? What does the system load look like when the problem(s) are reported? Have you spun up a new host in a new datacenter (or even another host in the same datacenter) and tried having those users connect to your new test instance? Can they download from other places at a high speed? Honestly, from the sound of it, your customers might have bad local networks, but you nee to get them to run some tests to other known good sites to see what their performance is as a comparison. > Many of my customers are complaining about the download speed from > proftpd. Here Is the testing I have done. This user is in Tampa > Bay, Florida. No, they're complaining about slow download speeds from your site. And there's a multitude of possible bottlenecks here. Why have your turned off SFTP compression? Does that help? When you're downloading from other sites, how is the performance of your sftp server? Is the system load high? Can you see the traffic flows and measure your WAN/LAN performance? What OS are you running proftpd on? This is a tough problem to solve, because you don't have any control outside of your system, so problems could be anywhere. Especially if your customer is on a residential network. Who knows what they have and what they're trying to do? Also, speedtest isn't really a good test, I would suggest you have these people try to download a smallish ISO file from ubuntu.com as a comparision. Or maybe spin up a test linode instance in the cloude running a stripped down copy of your setup, and have the users try that new system as a test. If they're paying, then it's worth spending some money on trying to figure out what's going wrong. But otherwise... it's a horrible rat hole to dive down. John > iperf3 from > 1. from France: 141 Mbits/sec > 2. from nyc 249 Mbits/sec > 3. from sfo 598 Mbits/sec > 4. From Tampa (users come computer) 52.4 Mbits/sec > 5. From inside my infrastructure, out to the gateway ip and back: 9.18 Gbits/sec > > The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a 10 GB file. > > When he does a speed check to the city where my data center is via speedtest.org he gets 200Mbits/ > s > > When I do a scp from France on a 1GB file I get around 250 Mbits/s > > What am I running into here? Is this a limitation of Filezilla? I have done disk speed tests on > the file server and get 3.2 GB/s on a 1G file read. > > Any thoughts on where to look next? > > Thanks for the awesome product btw. > > Proftpd version: > root@nfs1:/home/truenorth# proftpd --version > ProFTPD Version 1.3.9rc3 > > Config file: > ServerName "File Transfer Server" > ServerType standalone > DefaultServer on > Port 2222 > UseIPv6 off > Umask 003 > MaxInstances 30 > User nobody > Group nogroup > DefaultRoot ~ > AllowOverwrite on > MaxLoginAttempts 3 > AllowRetrieveRestart on > DeferWelcome on > HiddenStores on > DeleteAbortedStores on > > #sFTP config > SFTPEngine on > SFTPAuthMethods password > SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms IgnoreSFTPSetOwners > IgnoreSFTPSetExtendedAttributes IgnoreSFTPUploadExtendedAttributes > SFTPCompression off > SFTPMaxChannels 10 > RequireValidShell off > SFTPHostKey /etc/ssh/ssh_host_rsa_key > SFTPHostKey /etc/ssh/ssh_host_ecdsa_key > > # logging > SyslogLevel warn > SystemLog /var/log/proftpd/system.log > TransferLog none > > # Bar use of SITE CHMOD by default > <Limit SITE_CHMOD> > DenyAll > </Limit> > > _______________________________________________ > ProFTPD Users List <pro...@pr...> > Unsubscribe problems? > http://www.proftpd.org/list-unsub.html |
|
From: Brad K. <br...@kn...> - 2025-11-26 23:39:44
|
I realise my first post asking for help, wasn’t really helping myself, I didn’t really provide much context. So after some testing, here are the results I am getting. Many of my customers are complaining about the download speed from proftpd. Here Is the testing I have done. This user is in Tampa Bay, Florida. iperf3 from 1. from France: 141 Mbits/sec 2. from nyc 249 Mbits/sec 3. from sfo 598 Mbits/sec 4. From Tampa (users come computer) 52.4 Mbits/sec 5. From inside my infrastructure, out to the gateway ip and back: 9.18 Gbits/sec The user is using Filezilla is sftp mode and is getting .5 Mbits/sec on a 10 GB file. When he does a speed check to the city where my data center is via speedtest.org he gets 200Mbits/s When I do a scp from France on a 1GB file I get around 250 Mbits/s What am I running into here? Is this a limitation of Filezilla? I have done disk speed tests on the file server and get 3.2 GB/s on a 1G file read. Any thoughts on where to look next? Thanks for the awesome product btw. Proftpd version: root@nfs1:/home/truenorth# proftpd --version ProFTPD Version 1.3.9rc3 Config file: ServerName "File Transfer Server" ServerType standalone DefaultServer on Port 2222 UseIPv6 off Umask 003 MaxInstances 30 User nobody Group nogroup DefaultRoot ~ AllowOverwrite on MaxLoginAttempts 3 AllowRetrieveRestart on DeferWelcome on HiddenStores on DeleteAbortedStores on #sFTP config SFTPEngine on SFTPAuthMethods password SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetExtendedAttributes IgnoreSFTPUploadExtendedAttributes SFTPCompression off SFTPMaxChannels 10 RequireValidShell off SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_ecdsa_key # logging SyslogLevel warn SystemLog /var/log/proftpd/system.log TransferLog none # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> |
|
From: Brad K. <br...@kn...> - 2025-10-27 23:20:00
|
Hello, I am getting customer complaints about the transfer speeds. I need some help to try to diagnose what is going on. Proftp has a public ip address, so there are no NATs and is firewalled on the host with ufw. The host is a nfs server with user home dir. Proftpd allows pam users to access the files in their home dir. I am not sure how to diagnose this. The internet feed is a 1Gb/s. I get an upload speed of 34.9 MiB/s. on a 620 M file. I realize there are a lot of factors that can play a role in this transfer. For now I want to focus on proftpd and see if it is performing like it should. Thoughts on how to go about this? TY Brad Build Config: ./configure \ --sysconfdir=/etc/proftpd \ --disable-ident \ --enable-dso \ --with-modules=mod_tls:mod_sftp Config: ServerName "File Transfer Server" ServerType standalone DefaultServer on # Port 21 is the standard FTP port. Port 2222 # Don't use IPv6 support by default. UseIPv6 off Umask 003 MaxInstances 30 # Set the user and group under which the server will run. User nobody Group nogroup # To cause every FTP user to be "jailed" (chrooted) into their home directory DefaultRoot ~ # Normally, we want files to be over writeable. AllowOverwrite on MaxLoginAttempts 3 AllowRetrieveRestart on DeferWelcome on HiddenStores on DeleteAbortedStores on #sFTP config SFTPEngine on SFTPAuthMethods password SFTPOptions IgnoreSFTPUploadPerms IgnoreSCPUploadPerms IgnoreSFTPSetOwners IgnoreSFTPSetExtendedAttributes IgnoreSFTPUploadExtendedAttributes SFTPCompression off SFTPMaxChannels 10 RequireValidShell off SFTPHostKey /etc/ssh/ssh_host_rsa_key SFTPHostKey /etc/ssh/ssh_host_ecdsa_key # logging SyslogLevel warn SystemLog /var/log/proftpd/system.log TransferLog none # Bar use of SITE CHMOD by default <Limit SITE_CHMOD> DenyAll </Limit> |
|
From: TJ S. <tj...@ca...> - 2025-10-27 20:53:35
|
> We have a proftpd setup with mod_sql + unixodbc that authenticates users > against a oracle database with a named query. This works great and users > can login no problem. > > Recently I noticed that if a directory contains files created from > windows, getting the 1000254 or something uid, proftpd or mod_sql does a > "default" query which fail since we don't have any "users" table in the > database. This makes mod_sql error out and the user is disconnected. > > The users in question have access to the files through the gid anyway > but gets disconnected so. I'm assuming that your mod_sql configuration looks something like this: SQLNamedQuery get-user-by-name SELECT "... WHERE userid = '%U'" SQLUserInfo custom:/get-user-by-name specifically, that you're using only one custom query, that looks up user info by name. If so, then you are encountering the situation mentioned in the SQLUserInfo docs: http://www.proftpd.org/docs/contrib/mod_sql.html#SQLUserInfo under the "Custom Queries" section, where it mentions also needing a custom query for retrieving user info by UID, lest you encounter a "Table not found" error (which sounds like the case). > Any idea why this happends? And what to do about it? We have users > accessing the filearea from both Windows and Linux so it's hard to keep > those pesky uid's away. Any way to disable this or work around it? This happens because most directory listings want to see the file ownership by name (user and group), rather than showing the ownership by IDs. In order to look up the given user/group names for file ownership IDs (which are all that are stored in the filesystem), ProFTPD needs to query the database for the names, given the IDs. There's no easy way to disable this ID-to-name lookup, no. There are a couple of workarounds. First, you can use the AuthOrder directive, to tell ProFTPD to use both mod_sql and mod_auth_unix (the /etc/passwd, /etc/group files) for such name/ID resolution: AuthOrder mod_sql.c mod_auth_unix.c Second, you can supply another custom query, and hardcode its values (thus not needing an "ftpusers" table): SQLNamedQuery get-user-by-name SELECT "... WHERE userid = '%U'" # We return a hardcoded user name of "unknown", an empty password, and a hardcoded # group name of "unknown", and hardcoded numeric UID/GID values. SQLNamedQuery get-user-by-id SELECT "'unknown', '', 1001, 1001, '', ''" SQLUserInfo custom:/get-user-by-name/get-user-by-id You may need to tweak the ID-specific custom query, but hopefully this gives you some ideas of how you might address the situation. Hope this helps, TJ |
|
From: Mattias L. <spa...@gm...> - 2025-10-27 13:11:56
|
Hello. We have a proftpd setup with mod_sql + unixodbc that authenticates users against a oracle database with a named query. This works great and users can login no problem. The users gets their own root and a static (and same) uid and gid from the query. The only useful parts are username, password and rootdir basicly. Recently I noticed that if a directory contains files created from windows, getting the 1000254 or something uid, proftpd or mod_sql does a "default" query which fail since we don't have any "users" table in the database. This makes mod_sql error out and the user is disconnected. The users in question have access to the files through the gid anyway but gets disconnected so. I have never noticed this before, maybe because it rarely happends and the user doesn't report it, or maybe because of something new. Any idea why this happends? And what to do about it? We have users accessing the filearea from both Windows and Linux so it's hard to keep those pesky uid's away. Any way to disable this or work around it? // Mattias |
|
From: Lists <li...@se...> - 2025-08-21 18:52:46
|
So I’m seeing lots of idle processes in ps output for proftpd. Most are only a few minutes old. Seems a concern. Thoughts? Sent from my iPhone |
107 messages has been excluded from this view by a project administrator.
