FTP Server Configuration

Valid for versions 94 through the latest version

Version:

82

86

92

94


Overview

The FTP Server Configuration interface allows you to customize your chosen FTP server’s behavior.

Note:
  • This interface is only available when you enable FTP services on your server. For more information, read our Service Manager documentation.

  • We support Transport Layer Security (TLS) protocol version 1.2.

    • We strongly recommend that you enable TLSv1.2 on your server.
    • You can use RFC4346 or TLSv1.2 to manage your Pure-FTPd server.

How to configure your ProFTPD server

To configure your ProFTPD server, perform the following steps:

  1. From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:

    • Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.

    • Required — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.

  2. In the TLS Options text box, enter NoSessionReuseRequired. This is the default setting. This setting softens the requirement to reuse the SSL session for data connections from the control connection.

  3. In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers that you wish your FTP server to use.

    • This setting defaults to HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3.

    • Typically, you should only adjust this setting for PCI Compliance.

    • For more information about TLS ciphers, read OpenSSL’s Cipher documentation.

  4. In the TLS Protocol text box, enter the TLSProtocol directive that ProFTPD will use when it establishes SSL/TLS sessions.

    • This setting defaults to SSLv23. This setting allows the SSLv3 and TLSv1 protocols.

    • You should only adjust this setting for PCI Compliance.

  5. From the Allow Anonymous Logins menu, select whether users can log in to your FTP server anonymously.

    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  6. In the Maximum Idle Time (seconds) text box, enter the number of seconds that an FTP connection may remain idle before the server disconnects it.

  7. In the Maximum Number of FTP Processes text box, enter the maximum number of active processes the FTP server may create. Because each connection creates a process, this setting limits the total number of FTP connections.

    Note:
    To disable limits on the number of FTP processes, enter none.
  8. From the Show Symlinks menu, select whether you want ProFTPD to display symbolic links (symlinks) as such, and not as files or directories. The default for this setting is Yes. For more information about symlinks, visit Wikipedia’s Symbolic link entry.

  9. From the Symlink Compatibility menu, select whether you want to allow some FTP clients to display the correct symlinks to directories. The default for this setting is No. If you choose Yes, you must also enable the Show Symlinks setting.

  10. From the TCP Wrappers menu, select whether you would like ProFTPD to use the TCP Wrappers package. With this package, you can configure the /etc/hosts.allow and /etc/hosts.deny files. For more information on how to edit these files, read our ProFTPD Configuration for Host Access Control documentation. The default for this setting is No.

    Important:

    CentOS 8 removed support for the TCP Wrappers package (tcp_wrappers). This change means that ProFTPD does not use TCP-Wrappers-based access controls on AlmaLinux 8, CentOS 8, and CloudLinux 8 systems. The rest of ProFTPD’s functionality still works in those operating systems. ProFTPD’s functionality in cPanel & WHM version 94 on CentOS 6 and 7, CloudLinux 6 and 7, and Red Hat® Enterprise Linux® 7 systems continues to use TCP-Wrappers-based access controls.

  11. Click Save.

    Note:
    • For more information about ProFTPD, visit the ProFTPD website.

    • To access ProFTPD’s debug mode, run the following commands:

      1
      2
      
      /usr/local/cpanel/scripts/restartsrv_proftpd --stop
      /usr/sbin/proftpd -nd9

Configure your Pure-FTPd server

To configure your Pure-FTPd server, perform the following steps:

  1. From the TLS Encryption Support menu, select a setting for TLS encryption of FTP connections:

    • Disabled — Disables TLS encryption.

    • Optional — FTP users choose whether to use TLS encryption. This setting offers the best compatibility.

    • Required (Command) — Requires TLS encryption on all commands users issue to the FTP server. This setting hides passwords and usernames.

    • Required (Command/Data) — Requires TLS encryption on commands that users issue to the FTP server and on data that comes through the FTP server. This setting protects all traffic from eavesdroppers.

  2. In the TLS Cipher Suite text box, enter the list, in standard format, of the TLS ciphers you wish your FTP server to use.

    • This setting defaults to HIGH.

    • Typically, you should only adjust this setting for PCI compliance.

    • For more information about TLS ciphers, read OpenSSL’s Cipher documentation.

  3. From the Allow Anonymous Logins menu, select whether cPanel users can enable Anonymous FTP logins via cPanel’s Anonymous FTP interface (cPanel >> Home >> Files >> Anonymous FTP).

    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  4. From the Allow Anonymous Uploads menu, select whether anonymous users can upload files to your FTP servers.

    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  5. Enter the maximum load for anonymous downloads in the Maximum Load for Anonymous Downloads text box. If the system’s load average exceeds this setting, your FTP server will prevent downloads by anonymous users.

    Warning:
    We do not recommend that you enable anonymous FTP, because it dangerously compromises the security of your server.
  6. In the Maximum Idle Time (minutes) text box, enter the number of minutes an FTP connection may remain idle before the server disconnects it.

  7. Enter the maximum number of FTP connections in the Maximum Connections text box.

    Note:
    Your FTP server applies this limit server-wide and not on a per-user basis.
  8. In the Maximum Connections Per IP Address text box, enter the maximum number of FTP connections to allow from a single IP address.

  9. From the Allow Logins with Root Password menu, select whether to allow the root password to access all FTP accounts.

  10. From the Broken Clients Compatibility menu, select whether your FTP server will ignore some protocol standards in order to improve compatibility with buggy FTP clients and firewalls.

    Note:

    If you select Yes, your FTP server will perform the following actions:

    • Create symbolic links (symlinks) as actual files and directories. For more information about symlinks, visit Wikipedia’s Symbolic link entry.

    • Prompt for a dummy password for an anonymous user.

    • Disable FTP passive mode.

  11. Click Save.

For more information about Pure-FTPd, visit the Pure-FTPd website.

Note:
  • The system stores your configuration in the /etc/pureftpd.conf file.

  • By default, Pure-FTPd only returns the first 10,000 files in a directory. To increase this number, perform the following steps:

    1. Create the /var/cpanel/conf/pureftpd/local file with the touch command, if one does not exist.

    2. In a text editor, open the local file and add the following line, where 15000 represents the value that you wish to increase to: LimitRecursion: 15000 8

      • The local file should be in the following YAML format:
        ChrootEveryone: 'yes'
        LimitRecursion: 15000 8
    3. Run the /usr/local/cpanel/scripts/setupftpserver pure-ftpd --force command to update the /etc/pure-ftpd.conf file.