# This sample configuration file illustrates configuring two
# anonymous directories, and a guest (same thing as anonymous but
# requires a valid password to login)

ServerName			"ProFTPD Anonymous Server"
ServerType			standalone

# Port 21 is the standard FTP port.
Port				21

# If you don't want normal users logging in at all, uncomment this
# next section
#<Limit LOGIN>
#  DenyAll
#</Limit>

# Set the user and group that the server normally runs at.
User				nobody
Group				nogroup

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the maximum number of seconds a data connection is allowed
# to "stall" before being aborted.
TimeoutStalled			300

# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin			welcome.msg
DisplayFirstChdir		.message

# Our "basic" anonymous configuration, including a single
# upload directory ("uploads")
<Anonymous ~ftp>

  # Allow logins if they are disabled above.
  <Limit LOGIN>
    AllowAll
  </Limit>

  # Maximum clients with message
  MaxClients			5 "Sorry, max %m users -- try again later"

  User				ftp
  Group				ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias			anonymous ftp

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
  <Directory uploads/*>
    <Limit READ>
      DenyAll
    </Limit>

    <Limit STOR>
      AllowAll
    </Limit>
  </Directory>
</Anonymous>

# A second anonymous ftp section.  Users can login as "private".  Here
# we hide files owned by root from being manipulated in any way.

<Anonymous /usr/local/private>
  User				bobf
  Group				users
  UserAlias			private bobf
  UserAlias			engineering bobf

  # Deny access from *.evil.net and *.otherevil.net, but allow
  # all others.
  <Limit LOGIN>
    Order			deny,allow
    Deny 			from .evil.net, .otherevil.net
    Allow			from all
  </Limit>

  # We want all uploaded files to be owned by 'engdept' group and
  # group writable.
  GroupOwner			engdept
  Umask				006

  # Hide all files owned by user 'root'
  HideUser			root

  <Limit WRITE>
    DenyAll
  </Limit>

  # Disallow clients from any access to hidden files.
  <Limit READ DIRS>
    IgnoreHidden			on
  </Limit>

  # Permit uploading and creation of new directories in
  # submissions/public

  <Directory submissions/public>
    <Limit READ>
      DenyAll
      IgnoreHidden			on
    </Limit>

    <Limit STOR MKD RMD XMKD XRMD>
      AllowAll
      IgnoreHidden			on
    </Limit>
  </Directory>
</Anonymous>

# The last anonymous example creates a "guest" account, which clients
# can authenticate to only if they know the user's password.

<Anonymous ~guest>
  User				guest
  Group				nobody
  AnonRequirePassword		on

  <Limit LOGIN>
    AllowAll
  </Limit>

  # Deny write access from all except trusted hosts.
  <Limit WRITE>
    Order			allow, deny
    Allow			from 10.0.0.
    Deny			from all
  </Limit>
</Anonymous>