Forge Home

proftpd

Puppet module to manage ProFTPD

542,834 downloads

2,523 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.1.0 (latest)
  • 2.0.0
  • 1.4.9
  • 1.4.8
  • 1.4.7
  • 1.4.6
  • 1.4.5
  • 1.4.4
  • 1.4.3
  • 1.4.2
  • 1.4.1
  • 1.4.0
  • 1.3.0
  • 1.2.0
  • 1.1.2
  • 1.1.1 (deleted)
  • 1.1.0
  • 1.0.0
released Sep 29th 2016
This version is compatible with:
  • Puppet Enterprise 3.x
  • Puppet >= 3.0.0 < 5.0.0
  • Ubuntu, Debian, RedHat, CentOS, FreeBSD
This module has been deprecated by its author since Jul 11th 2023.

The reason given was: new maintainer

The author has suggested markt-proftpd as its replacement.

Start using this module

Documentation

fraenki/proftpd — version 1.4.3 Sep 29th 2016

Table of Contents

  1. Overview
  2. Requirements
  3. Usage
  4. Reference
  5. Limitations
  6. Development
  7. Contributors

Overview

fraenki/proftpd is a Puppet module for managing ProFTPD. It allows for very flexible configuration and is hiera-friendly.

Requirements

Usage

Beginning with proftpd

This example will install packages, setup a minimal configuration and activate the service for you:

class { 'proftpd': }

Loading additional modules is easy too:

class { 'proftpd':
  load_modules => {
    ban => {},
    tls => {},
    sql => {},
  }
}

It is simple to add new options or overwrite the defaults in the configuration root or any (sub) section:

class { 'proftpd':
  options => {
    'ROOT'  => {
      'ServerName'   => 'FTP server',
      'MaxInstances' => '10',
    },
    'IfModule mod_vroot.c' => {
      'VRootEngine' => 'on',
    },
  },
}

NOTE: You don't need to take care for section brackets or closing tags. The module will add this automatically.

Enabling anonymous login and customizing it's default options works the same way:

class { 'proftpd':
  anonymous_enable => true,
  options          => {
    'Anonymous ~ftp'        => {
      'Directory uploads/*' => {
        'Limit STOR'        => {
          'AllowAll'        => true,
          'DenyAll'         => false,
        },
      },
    },
  },

You may opt to disable the default configuration and do everything from scratch:

class { 'proftpd':
  default_config => false,
  options => {...}
}

(Here the options hash must contain all options required to run ProFTPD.)

Using Hiera

You're encouraged to define your configuration using Hiera, especially if you plan to disable the default configuration:

proftpd::default_config: false
# load modules in a specific order if necessary
proftpd::load_modules:
  sql:
    order: 1
  sql_mysql:
    order: 2
  quotatab:
    order: 3
  quotatab_sql:
    order: 4
  rewrite:
    order: 5
  ban: {}
  tls: {}

proftpd::options:
  ROOT:
    ServerType: 'standalone'
    DefaultServer: 'on'
    ScoreboardFile: '/var/run/proftpd.scoreboard'
    DelayTable: '/var/run/proftpd.delay'
    ControlsSocket: '/var/run/proftpd.socket'
    User: 'www'
    Group: 'www'
    Umask: '006'
    UseReverseDNS: 'off'
    DefaultRoot: '~ !'
    DefaultChdir: '/var/ftp'
    ServerName: '%{::fqdn}'
    Port: '21'
    PassivePorts: '49152 65534'
    TransferLog: 'NONE'
    LogFormat:
      - 'default "%h %l %u %t \"%r\" %s %b"'
      - 'auth "%t %v [%P] %h \"%r\" %s"'
      - 'access "%h %l %u %t \"%r\" %s %b"'
    ExtendedLog:
      - '/var/log/proftpd/access.log INFO,DIRS,MISC,READ,WRITE access'
      - '/var/log/proftpd/auth.log AUTH auth'
    MaxClients: '20 "Connection limit reached (%m)."'
    MaxInstances: '20'
    MaxClientsPerHost: '15 "Connection limit reached (%m)."'
    MaxClientsPerUser: '10 "Connection limit reached (%m)."'
    TLSEngine: 'on'
    TLSProtocol: 'SSLv23'
    TLSRequired: 'off'
    TLSOptions: 'NoCertRequest'
    TLSCipherSuite: 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'
    TLSVerifyClient: 'off'
    TLSRSACertificateFile: '/etc/ssl/%{::fqdn}.crt'
    TLSRSACertificateKeyFile: '/etc/ssl/%{::fqdn}.key'
    TLSLog: '/var/log/proftpd/tls.log'
  Global:
    RequireValidShell: 'off'
    UseFtpUsers: 'on'
    AllowRetrieveRestart: 'on'
    AllowStoreRestart: 'on'
    AllowOverwrite: 'yes'
    AccessGrantMsg: '"Login OK"'
    IdentLookups: 'off'
    ServerIdent: 'on "FTP Service"'
    AllowForeignAddress: 'on'
    DirFakeUser: 'on www'
    DirFakeGroup: 'on www'
    PathDenyFilter: '"(\.ftpaccess)$"'
    ListOptions: '"-a"'
    MaxLoginAttempts: '2'
    AuthUserFile: '/etc/proftpd/proftpd.passwd'
    AuthGroupFile: '/etc/proftpd/proftpd.group'
    TimeoutLogin: '1800'
    TimeoutIdle: '1800'
    TimeoutStalled: '1800'
    TimeoutNoTransfer: '1800'
  'Directory /':
    AllowOverwrite: 'on'

Reference

Syntax

You may want to use the $options parameter to overwrite default configuration options or build a ProFTPD configuration from scratch. There are few things you need to know:

  • sections: ProFTPD's configuration uses a number of <sections>. You create a new section by specifying a hash, the module's erb template will do the rest for you. This works for special cases like <IfDefine X> too.
  • ROOT: To add items to the root of the ProFTPD configuration, use this namespace.
  • false: Setting a value to 'false' will remove the item from the configuration.
  • multiple values: If you want to specify multiple values for the same configuration item (i.e. LogFormat or ExtendedLog), you need to specify these values as an array.

Parameters

  • anonymous_options: An optional hash containing the default options to configure ProFTPD for anonymous FTP access. Use this to overwrite these defaults.
  • anonymous_enable: Set to 'true' to enable loading of the $anonymous_options hash.
  • load_modules: A hash of optional ProFTPD modules to load. It is possible to load modules in a specific order by using the order attribute.
  • options: Specify a hash containing options to either overwrite the default options or configure ProFTPD from scratch. Will be merged with $default_options hash (as long as $default_config is not set to 'false').
  • default_options: A hash containing a set of working default options for ProFTPD. This should make it easy to get a running service and to overwrite a few settings.
  • config_template: Specify which erb template to use.
  • default_config: Set to 'false' to disable loading of the default configuration. Defaults to 'true'.
  • manage_config_file: Set to 'false' to disable managing of the ProFTPD configuration file(s).
  • packages: An array of packages which should be installed.
  • package_ensure: Overwrite the package 'ensure' parameter.
  • package_manage: Set to 'false' to disable package management. Defaults to 'true'.
  • service_name: The name of the ProFTPD service.
  • service_manage: Set to 'false' to disable service management. Defaults to 'true'.
  • service_enable: Set to 'false' to disable the ProFTPD system service. Defaults to 'true'.
  • service_ensure: Overwrite the service 'ensure' parameter.
  • prefix: Prefix to be added to all paths. Only required on certain operating systems or special installations.
  • prefix_bin: Path to the ProFTPD binary.
  • config: Path to the ProFTPD configuration file.
  • base_dir: Directory for additional configuration files.
  • log_dir: Directory for log files.
  • run_dir: Directory for runtime files (except PIDfile).
  • pidfile: Path and name of the PIDfile for the ProFTPD service.
  • scoreboardfile: Path and name of the ScoreboardFile for the ProFTPD service.
  • user: Set the user under which the server will run.
  • group: Set the group under which the server will run.

Limitations

No Ruby 1.8 support

Some users reported issues when running this module on Ruby 1.8. The config file may change on every puppet run. Please upgrade to Ruby 1.9 to fix this issue. (See PUP-1755 for more details and a description of the root cause.)

OS Compatibility

This module was tested on FreeBSD, CentOS and Debian. Please open a new issue if your operating system is not supported yet, and provide information about problems or missing features.

Template Issues

The proftpd.conf.erb template... sucks. It suffers from code repetition. Furthermore it is limited to only four nested configuration sections (which should still be enough, even for rather complex configurations). If you come up with a better idea please let me know.

Development

Please use the github issues functionality to report any bugs or requests for new features. Feel free to fork and submit pull requests for potential contributions.

Contributors

This module is heavily inspired by and in part based on the following modules:

See the LICENSE file for further information.