Improve default proftpd.conf

Christoph Koras chris at koras.de
Sun Jul 23 17:47:37 BST 2023 

Am 23.07.2023 um 15:24 schrieb Francesco Paolo Lovergine <francesco at lovergine.com>:
> 
> On Sat, Jul 22, 2023 at 02:34:26PM +0200, Christoph Koras wrote:
>> Hi,
>> 
>> It would be nice if the line `Port 21` could be commented out in the proftpd.conf file, see
>> https://github.com/proftpd/proftpd/issues/1670 ; overriding does no longer work (never did reliably)?
>> 
> 
> Well, commenting out the Port directive simply does not prevent enabling of the default port along
> with the SFTP port for instance, if a Port directive is used within a VirtualAddr. One could explicitly set a single Port in the global env for SFTP, BUT again that does not prevent the enabling of the ftp standard port
> in any case. And the server would not run if the same port is used in the global and virtualaddr envs, for instance. So a port
> can only be added, not overriden, apparently.
> 
> That's just tried with 1.3.6 for instance, which is simply a server I have under my hands currently. 
> I guess there is simply no way to override the default port and one has to filter out it on the firewall, with or without
> the use of an explicit Port directive in the global env. Therefore skipping the port directive could create more problems
> for admins with existing working existing configurations, without any practical advantage.

I am not sure, if I can follow. The idea would be to leave it away to make an override possible. If nothing else would be specified, the behavior would be the same as it is today with the explicit line? (Because port 21 is the default for the Port configuration option.)
And if you specify a port in a custom conf in the /conf.d/ directory, it will listen on that port..

> 
>> In addition the include line could be improved to include `*.conf` files only?
>> 
> 
> At the time, I verified that the include had to be either a file or a directory, not a glob. Not sure if that changed
> lately in 1.3.8. As annotated in the template I'd vote for a glob which would be much more safe in practice, but the implementation
> differs about that and for back-compatibility probably an additional directive should be introduced, e.g. IncludePath /etc/proftpd/*.conf

Not sure if there was a bug.. The doc says "Compatibility: 1.2.10rc1 and later“: http://www.proftpd.org/docs/modules/mod_core.html#Include

> 
> -- 
> Francesco P. Lovergine

More information about the Pkg-proftpd-maintainers mailing list