BabyFTPd's configuration file

  

Babyftpd's conf file. nicely coloured.


# $Id: babyftpd.conf,v 1.19 2005/08/23 19:05:40 klas Exp $
# General section, for... general stuff
general
{
  # port 21 - standard ftp port.
  port 21

  # port 20, standard port for outgoing data
  data_port 20

  # admin email
  admin_email you@your.host

  # maximum number of control connections.
  connection_limit 100

  # run the lifebeat() every this timeunit (supported are second,
  # minute, hour and day)
  # Note: with large number of connections you want a low value here.
  lifebeat_tick 5 minutes

  # what user and group to run under? (user:group)
  user ftp:daemon

  # pidfile, where do we write down our pid?
  pid_file /var/run/babyftpd.pid

  # readonly, make the server readonly, disables commands that write files
  # completely.
  readonly false

  # anonymous, enable, disable or only. the anonymous user is equal to the
  # user the server is running as. except password is asked to be an
  # email adress.
  anonymous disable

  # private key for the server
  tls_key /etc/babyftpd/tls_key.pem

  # the servers cert
  tls_cert /etc/babyftpd/tls_cert.pem

  # CA file. This should contain your certificate chain. Also any ca
  # certificates that may authenticate clients.
  tls_ca /etc/babyftpd/tls_ca.pem

  # valid crl list, or don't use at all if your site doesn't make use of
  # crls.
  tls_crl /etc/babyftpd/tls_crl.pem

  # how often to regenerate diffie-hellman parameters (in timeunits)
  # Note: this is run inside lifebeat().
  dh_regenerate 1 hour

  # this is the path to an external program that is used to check if a
  # clients cert is allowed to login as that user. is given 4 arguments:
  # username, host/ip ca subject, client subject. return 0 if the login
  # is allowed.
  # Note that the ca certificate in question must be present in the
  # tls_ca file.
  verify_client /etc/babyftpd/verify_client.pl
}

# user section, for... user stuff
user
{
  # and a user general section, for... user general stuff
  # all options for single users can be used in this section as well, they
  # will then affect all users. options on specific users override general
  # options.
  general
  {
    # number of control connections/user
    user_limit 5

    # number of simultaneously open data connections/control connection
    # (list & nlst excluded)
    sim_data 3

    # idle time. after no action on the control connection for this time
    # the user is booted. (provided there are no active data transfers either)
    idle 15 minutes

    # encryption (allow/deny/force/force_cert):
    encryption allow
  }

  # a per user section for... per user stuff.
  root
  {
    # this useer is not allowed to login
    noftp true
  }

  ftp
  {
    # this is the user the server is running under, thus, the anonymous user.
    # some flags on this user below.

    # this user sees his home directory as the root. we should probably
    # make this more flexible.. but this is what we've got for now.
    only_home true

    # this user can only use passive data transfers
    only_passive true

    user_limit 5

    # encryption can have several values..
    encryption deny

    # how long can this user be idle? (in timeunits)
    idle 5 minutes
  }
}

log
{
  # a default loglevel of 3 is neat
  log_level 3

  # by default we want xferlogging
  xferlog true

  # xferlogging go to /var/log/xferlog
  xferlog_file /var/log/xferlog

  # authlog by way of syslog
  authlog syslog

  # info also by way of syslog
  infolog syslog

  # and debug as well
  debuglog syslog

  # thread id on all logging..
  thread_id 1

  # when logging to a file of our own, what time format should be used?
  # this example is same as syslog, see strftime(3) for variables.
  time_format %b %e %H:%M:%S
}
This page was generated on Thu Aug 31 00:03:00 2006.