FTP File Sharing rev 06

From Open-E Wiki
Revision as of 12:40, 23 April 2026 by Ai-B (talk | contribs) (Document service lxc@ftpd reload/restart commands (now available))
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

FTP file sharing container powered by ProFTPD. Provides anonymous FTP access with full read-write permissions to all configured shares.

Note: FTP File Sharing is delivered as an optional Small Update (the xc-ftpd module). This article describes revision 06. If your system was updated to a newer revision, refer to the matching Extension:FTP_File_Sharing_rev_NN article.

How to access

  • Protocol: FTP (plain, unencrypted)
  • Port: 21
  • Username: anonymous (or ftp)
  • Password: none (empty)
  • URL: ftp://<server-ip>/

All shares defined on the system are automatically exposed via FTP (not all datasets — only those configured as shares). There is no per-share FTP toggle in the GUI. Anonymous users have full read-write access to all shares.

Using FileZilla

In the FileZilla Site Manager (or the Quickconnect fields), set:

  • Protocol: FTP – File Transfer Protocol
  • Host: storage-server-ip-address
  • Port: 21
  • Encryption: Only use plain FTP (insecure)
  • Logon Type: Anonymous

Directory structure

Shares appear as a flat list at the FTP root, identified by their share name: 

 ftp://server/
 +-- share-name-1/
 +-- share-name-2/
 +-- share-name-3/
 +-- ...

This differs from revisions prior to rev 06, where the FTP root was the /Pools directory and users navigated the pool/dataset hierarchy directly (e.g. Pool-0/dataset1/).

Configuration

ProFTPD configuration is visible from rootconsole under /mnt/host/etc/proftpd/.

File permissions

Path (from rootconsole) Access Purpose
/mnt/host/etc/proftpd/proftpd.conf read-only Main config — not user-editable
/mnt/host/etc/proftpd/modules.conf read-only Module loading — not user-editable
/mnt/host/etc/proftpd/conf.d/ read-write User drop-in configs
/mnt/host/etc/proftpd/share_*.conf.inc read-only Future FTPS/SFTP templates

Customizing via conf.d/

Administrators can add or modify .conf files in /mnt/host/etc/proftpd/conf.d/ to tune connection limits, timeouts, network settings and other ProFTPD directives.

Included files:

  • limits.conf — connection limits and timeouts. Sets MaxClients, MaxClientsPerHost, MaxInstances (all unlimited by default), timeouts for idle/stalled/login, MaxLoginAttempts, and AllowForeignAddress (FXP).
  • proftpd.conf.inactive — template for binding ProFTPD to a specific IP address. Rename to proftpd.conf to activate. Uncomment and set DefaultAddress to restrict which interface FTP listens on.

Naming convention:

  • *.conf — active, loaded by ProFTPD
  • *.conf.inactive — disabled template (rename to .conf to activate)

After editing, reload or restart the container from rootconsole for changes to take effect: 

 service lxc@ftpd reload    # SIGHUP proftpd (fast; no session drop beyond SIGHUP)
 service lxc@ftpd restart   # full container restart

Logs

ProFTPD logs are persisted so they survive container restarts. From rootconsole they are visible at:

  • /mnt/host/var/log/xc-ftpd/proftpd/proftpd.log — main daemon log
  • /mnt/host/var/log/xc-ftpd/proftpd/extended.log — detailed per-command log
  • /mnt/host/var/log/xc-ftpd/proftpd/xferlog — file transfer log

Security restrictions

  • VRootAlias and VRootEngine directives are not allowed in conf.d/. Any VRoot directives placed there will be silently ignored or rejected. This prevents exposing paths outside the storage pools.
  • Share paths are validated. Only shares under /Pools/ are accepted; any others are rejected and the rejection is logged via syslog.
  • Share mappings are auto-generated only. They are regenerated on every boot and pool change, and cannot be manually edited to persist.

How it works

  • Shares are discovered automatically at container startup.
  • Each share is mapped by name (share name → path on pool).
  • When storage pools are mounted or unmounted, the share list is refreshed automatically — no manual action needed.

Known issues and limitations

  • Anonymous access only. This revision does not support per-user authentication. Any client that can reach port 21 has full read-write access to every share.
  • No encryption. FTPS (explicit TLS) and SFTP (SSH File Transfer Protocol) are not enabled in this revision. Configuration templates for both protocols are present in /mnt/host/etc/proftpd/ but are disabled. Support for FTPS and SFTP is planned for a future revision.
  • No per-share FTP toggle. All shares are exposed automatically; there is no option in the GUI to exclude a specific share from FTP. To hide a share from FTP, remove its share configuration on the system.
  • Unencrypted traffic. File contents and directory listings are transmitted in plain text over the network. Use FTP only on trusted network segments until FTPS/SFTP are available.

Changelog

rev 06

  • FTP-only (anonymous, read-write)
  • Flat share listing by name (previously pool/dataset hierarchy)
  • Config visible from rootconsole at /mnt/host/etc/proftpd/; conf.d/ writable for user tuning
  • VRoot directives blocked in conf.d/ (security: prevents path exposure)
  • Share path validation (only /Pools/ allowed)
  • Share list auto-refresh on pool mount/unmount events
  • lxc@ftpd init script: service lxc@ftpd reload/restart usable from rootconsole

rev 05

  • Updated base system

rev 04

  • Added VRoot support
  • Share config auto-generation

rev 03

  • Setting MaxClients, MaxClientsPerHost to none (as no limit)
  • Setting MaxConnections to none

rev 02

  • Option AllowForeignAddress changed to on in order to allow FXP

For further customization or troubleshooting, refer to the upstream ProFTPD documentation or contact Open-E support.

Retrieved from "https://wiki.open-e.com/default/wiki/index.php?title=Extension:FTP_File_Sharing_rev_06&oldid=12412"