Quick “how to”: ProFTPd chroot, speed up connections and enable passive connections
This post is a really quick “how to” – working with ProFTPd on Debian Linux and will explain how to chroot your FTP users, speed up connections and enable passive connections which can be very handy for those behind firewalls.
You’ll first need to locate your main ProFTPd config file which on my system is in /etc/proftpd/proftpd.conf then you can simply add/amend (or un-comment if the line(s) already exist) the following lines:
chroot users to their home direcory:
DefaultRoot ~
This simply chroots the user to their home directory. ProFTPd by default uses Unix system users so this will be the system users home directory as you specified when you created the user using e.g. useradd -d /home/ftp_user my_ftp_user. You will need to ensure that the unix user has the necessary permissions on their home directory otherwise the connection will fail.
Speed up initial connections to the ProFTPd server:
IdentLookups off
This disables ProFTPd’s default behaviour of looking up information about the machine which is connecting to it and thus markedly improves the initial connection speed to the ProFTPd server.
Enable passive FTP connections:
PassivePorts 49152 65534
This allows ProFTPd to use a range of ports which are most often used for passive connections. You can change the port range if you need to, the first number is the lower limit, the second is the upper limit.
That’s it! I hope that’ll help someone out…