FTP File Sharing rev 06
Jump to navigation
Jump to search
Add FileZilla how-to subsection under "How to access" |
Document service lxc@ftpd reload/restart commands (now available) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 38: | Line 38: | ||
== Configuration == | == Configuration == | ||
ProFTPD configuration is | ProFTPD configuration is visible from rootconsole under '''/mnt/host/etc/proftpd/'''. | ||
=== File permissions === | === File permissions === | ||
{| class="wikitable" | {| class="wikitable" | ||
! Path !! Access !! Purpose | ! Path (from rootconsole) !! Access !! Purpose | ||
|- | |- | ||
| '''/etc/proftpd/proftpd.conf''' || read-only || Main config — not user-editable | | '''/mnt/host/etc/proftpd/proftpd.conf''' || read-only || Main config — not user-editable | ||
|- | |- | ||
| '''/etc/proftpd/modules.conf''' || read-only || Module loading — not user-editable | | '''/mnt/host/etc/proftpd/modules.conf''' || read-only || Module loading — not user-editable | ||
|- | |- | ||
| '''/etc/proftpd/conf.d/''' || read-write || User drop-in configs | | '''/mnt/host/etc/proftpd/conf.d/''' || read-write || User drop-in configs | ||
|- | |- | ||
| '''/etc/proftpd/share_*.conf.inc''' || read-only || Future FTPS/SFTP templates | | '''/mnt/host/etc/proftpd/share_*.conf.inc''' || read-only || Future FTPS/SFTP templates | ||
|} | |} | ||
=== Customizing via conf.d/ === | === Customizing via conf.d/ === | ||
Administrators can add or modify '''.conf''' files in ''/etc/proftpd/conf.d/'' to tune connection limits, timeouts, network settings and other ProFTPD directives. | Administrators can add or modify '''.conf''' files in ''/mnt/host/etc/proftpd/conf.d/'' to tune connection limits, timeouts, network settings and other ProFTPD directives. | ||
Included files: | Included files: | ||
| Line 68: | Line 68: | ||
* '''*.conf.inactive''' — disabled template (rename to '''.conf''' to activate) | * '''*.conf.inactive''' — disabled template (rename to '''.conf''' to activate) | ||
After editing, reload or restart the container from rootconsole for changes to take effect: | |||
lxc- | service lxc@ftpd reload # SIGHUP proftpd (fast; no session drop beyond SIGHUP) | ||
service lxc@ftpd restart # full container restart | |||
=== Logs === | |||
ProFTPD logs are persisted so they survive container restarts. From rootconsole they are visible at: | |||
* '''/mnt/host/var/log/xc-ftpd/proftpd/proftpd.log''' — main daemon log | |||
* '''/mnt/host/var/log/xc-ftpd/proftpd/extended.log''' — detailed per-command log | |||
* '''/mnt/host/var/log/xc-ftpd/proftpd/xferlog''' — file transfer log | |||
=== Security restrictions === | === Security restrictions === | ||
| Line 87: | Line 96: | ||
* '''Anonymous access only.''' This revision does not support per-user authentication. Any client that can reach port 21 has full read-write access to every share. | * '''Anonymous access only.''' This revision does not support per-user authentication. Any client that can reach port 21 has full read-write access to every share. | ||
* '''No encryption.''' FTPS (explicit TLS) and SFTP (SSH File Transfer Protocol) are '''not''' enabled in this revision. Configuration templates for both protocols are present in ''/etc/proftpd/'' but are disabled. Support for FTPS and SFTP is planned for a future revision. | * '''No encryption.''' FTPS (explicit TLS) and SFTP (SSH File Transfer Protocol) are '''not''' enabled in this revision. Configuration templates for both protocols are present in ''/mnt/host/etc/proftpd/'' but are disabled. Support for FTPS and SFTP is planned for a future revision. | ||
* '''No per-share FTP toggle.''' All shares are exposed automatically; there is no option in the GUI to exclude a specific share from FTP. To hide a share from FTP, remove its share configuration on the system. | * '''No per-share FTP toggle.''' All shares are exposed automatically; there is no option in the GUI to exclude a specific share from FTP. To hide a share from FTP, remove its share configuration on the system. | ||
* '''Unencrypted traffic.''' File contents and directory listings are transmitted in plain text over the network. Use FTP only on trusted network segments until FTPS/SFTP are available. | * '''Unencrypted traffic.''' File contents and directory listings are transmitted in plain text over the network. Use FTP only on trusted network segments until FTPS/SFTP are available. | ||
| Line 97: | Line 106: | ||
* FTP-only (anonymous, read-write) | * FTP-only (anonymous, read-write) | ||
* Flat share listing by name (previously pool/dataset hierarchy) | * Flat share listing by name (previously pool/dataset hierarchy) | ||
* Config visible | * Config visible from rootconsole at ''/mnt/host/etc/proftpd/''; ''conf.d/'' writable for user tuning | ||
* VRoot directives blocked in ''conf.d/'' (security: prevents path exposure) | * VRoot directives blocked in ''conf.d/'' (security: prevents path exposure) | ||
* Share path validation (only ''/Pools/'' allowed) | * Share path validation (only ''/Pools/'' allowed) | ||
* Share list auto-refresh on pool mount/unmount events | * Share list auto-refresh on pool mount/unmount events | ||
* ''lxc@ftpd'' init script: ''service lxc@ftpd reload/restart'' usable from rootconsole | |||
=== rev 05 === | === rev 05 === | ||
Latest revision as of 12:40, 23 April 2026
FTP file sharing container powered by ProFTPD. Provides anonymous FTP access with full read-write permissions to all configured shares.
Note: FTP File Sharing is delivered as an optional Small Update (the xc-ftpd module). This article describes revision 06. If your system was updated to a newer revision, refer to the matching Extension:FTP_File_Sharing_rev_NN article.
How to access
- Protocol: FTP (plain, unencrypted)
- Port: 21
- Username: anonymous (or ftp)
- Password: none (empty)
- URL:
ftp://<server-ip>/
All shares defined on the system are automatically exposed via FTP (not all datasets — only those configured as shares). There is no per-share FTP toggle in the GUI. Anonymous users have full read-write access to all shares.
Using FileZilla
In the FileZilla Site Manager (or the Quickconnect fields), set:
- Protocol: FTP – File Transfer Protocol
- Host: storage-server-ip-address
- Port: 21
- Encryption: Only use plain FTP (insecure)
- Logon Type: Anonymous
Directory structure
Shares appear as a flat list at the FTP root, identified by their share name:
ftp://server/ +-- share-name-1/ +-- share-name-2/ +-- share-name-3/ +-- ...
This differs from revisions prior to rev 06, where the FTP root was the /Pools directory and users navigated the pool/dataset hierarchy directly (e.g. Pool-0/dataset1/).
Configuration
ProFTPD configuration is visible from rootconsole under /mnt/host/etc/proftpd/.
File permissions
| Path (from rootconsole) | Access | Purpose |
|---|---|---|
| /mnt/host/etc/proftpd/proftpd.conf | read-only | Main config — not user-editable |
| /mnt/host/etc/proftpd/modules.conf | read-only | Module loading — not user-editable |
| /mnt/host/etc/proftpd/conf.d/ | read-write | User drop-in configs |
| /mnt/host/etc/proftpd/share_*.conf.inc | read-only | Future FTPS/SFTP templates |
Customizing via conf.d/
Administrators can add or modify .conf files in /mnt/host/etc/proftpd/conf.d/ to tune connection limits, timeouts, network settings and other ProFTPD directives.
Included files:
- limits.conf — connection limits and timeouts. Sets MaxClients, MaxClientsPerHost, MaxInstances (all unlimited by default), timeouts for idle/stalled/login, MaxLoginAttempts, and AllowForeignAddress (FXP).
- proftpd.conf.inactive — template for binding ProFTPD to a specific IP address. Rename to proftpd.conf to activate. Uncomment and set DefaultAddress to restrict which interface FTP listens on.
Naming convention:
- *.conf — active, loaded by ProFTPD
- *.conf.inactive — disabled template (rename to .conf to activate)
After editing, reload or restart the container from rootconsole for changes to take effect:
service lxc@ftpd reload # SIGHUP proftpd (fast; no session drop beyond SIGHUP) service lxc@ftpd restart # full container restart
Logs
ProFTPD logs are persisted so they survive container restarts. From rootconsole they are visible at:
- /mnt/host/var/log/xc-ftpd/proftpd/proftpd.log — main daemon log
- /mnt/host/var/log/xc-ftpd/proftpd/extended.log — detailed per-command log
- /mnt/host/var/log/xc-ftpd/proftpd/xferlog — file transfer log
Security restrictions
- VRootAlias and VRootEngine directives are not allowed in conf.d/. Any VRoot directives placed there will be silently ignored or rejected. This prevents exposing paths outside the storage pools.
- Share paths are validated. Only shares under /Pools/ are accepted; any others are rejected and the rejection is logged via syslog.
- Share mappings are auto-generated only. They are regenerated on every boot and pool change, and cannot be manually edited to persist.
How it works
- Shares are discovered automatically at container startup.
- Each share is mapped by name (share name → path on pool).
- When storage pools are mounted or unmounted, the share list is refreshed automatically — no manual action needed.
Known issues and limitations
- Anonymous access only. This revision does not support per-user authentication. Any client that can reach port 21 has full read-write access to every share.
- No encryption. FTPS (explicit TLS) and SFTP (SSH File Transfer Protocol) are not enabled in this revision. Configuration templates for both protocols are present in /mnt/host/etc/proftpd/ but are disabled. Support for FTPS and SFTP is planned for a future revision.
- No per-share FTP toggle. All shares are exposed automatically; there is no option in the GUI to exclude a specific share from FTP. To hide a share from FTP, remove its share configuration on the system.
- Unencrypted traffic. File contents and directory listings are transmitted in plain text over the network. Use FTP only on trusted network segments until FTPS/SFTP are available.
Changelog
rev 06
- FTP-only (anonymous, read-write)
- Flat share listing by name (previously pool/dataset hierarchy)
- Config visible from rootconsole at /mnt/host/etc/proftpd/; conf.d/ writable for user tuning
- VRoot directives blocked in conf.d/ (security: prevents path exposure)
- Share path validation (only /Pools/ allowed)
- Share list auto-refresh on pool mount/unmount events
- lxc@ftpd init script: service lxc@ftpd reload/restart usable from rootconsole
rev 05
- Updated base system
rev 04
- Added VRoot support
- Share config auto-generation
rev 03
- Setting MaxClients, MaxClientsPerHost to none (as no limit)
- Setting MaxConnections to none
rev 02
- Option AllowForeignAddress changed to on in order to allow FXP
For further customization or troubleshooting, refer to the upstream ProFTPD documentation or contact Open-E support.