Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ProFTPD Plugin for unRAID v6.8.x

Featured Replies

  • Author

@Squazz

Don't mix Samba access rights you define in the unRAID web frontend with ftp access rights. Those need to be set independently. See the link I gave Gee1 above.

  • Replies 845
  • Views 241.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • @MJA Inc. The second install option from the first post should still work, I think.   @all If anyone want's to pick up my work, you're welcome! It is open source, feel free to use

  • soschronotek
    soschronotek

    genius, this worked perfectly on my new install. this is definitely a bug or something

  • @geonerdist Yes, that is the reason.

Posted Images

  • Author

@Gee1

<Directory /mnt/cache/FTP/test>
    <Limit WRITE>
      DenyAll
    </Limit>
</Directory>
<Directory /mnt/cache/FTP/test/movies>
    <Limit WRITE>
      AllowAll
    </Limit>
</Directory>
<Directory /mnt/cache/FTP/test/sf>
    <Limit WRITE>
      AllowAll
    </Limit>
</Directory>

Should give your users readonly access to the test directory and full access to movies and sf. Sadly I found no way to allow access to all subfolders. In theory there is the /* wildcard described in the link I gave you, but it does work too well and allows access in the root folder, too.

 

@Squazz

Using the first directory section only, will give you users readonly access and prevent them from writing.

 

EDIT: Forgot to say, this needs to be put into your /etc/proftpd.conf.

Edited by SlrG
added comment

  • 2 weeks later...

Hello,

 

I am currently having issues getting sftp setup.  I got it working before, but now Proftpd won't load, so I revisisted your steps.  I created an ssh key and followed that guide, and that did not work, I remembered something about having to do it on another linux machine, so I created a new key and followed the steps again.   Unraid Version 6.8.0 and Ubuntu 19.10 for ssh-key gen and Plugin Version: 2020.03.10.1.

 

I am currently getting the following errors - 

 

proftpd -t -c /etc/proftpd.conf
Checking syntax of configuration file
2020-05-22 14:59:08,550 Tower proftpd[5571]: mod_ctrls/0.9.5: error: unable to bind to local socket: Address already in use
2020-05-22 14:59:11,638 Tower proftpd[5571] 127.0.0.1: mod_lang/1.1: unable to scan the localised files in '/usr/local/share/locale': No such file or directory

Wrong passphrase for this key.  Please try again.

Wrong passphrase for this key.  Please try again.

Wrong passphrase for this key.  Please try again.
2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: error reading passphrase for SFTPHostKey '/etc/ssh/sftp_rsa_key': (unknown)
2020-05-22 14:59:11,645 Tower proftpd[5571] 127.0.0.1: mod_sftp/1.0.0: unable to use key in SFTPHostKey '/etc/ssh/sftp_rsa_key', exiting

 

Just in case heres my proftpd.conf 

 

# Server Settings
ServerName              ProFTPd
ServerType              standalone
DefaultServer           on
PidFile                 /var/run/ProFTPd/ProFTPd.pid

# Port 21 is the standard FTP port. You propably should not connect to the
# internet with this port. Make your router forward another port to
# this one instead.
Port                    21

# Set the user and group under which the server will run.
User                    nobody
Group                   users

# Prevent DoS attacks
MaxInstances            30

# Speedup Login
UseReverseDNS           off
IdentLookups            off

# Control Logging - comment and uncomment as needed
# If logging Directory is world writeable the server won't start!
# If no SystemLog is defined proftpd will log to servers syslog.
#SystemLog               NONE
#SystemLog               /boot/config/plugins/ProFTPd/slog
TransferLog             NONE
#TransferLog             /boot/config/plugins/ProFTPd/xferlog
WtmpLog                 NONE

# As a security precaution prevent root and other users in
# /etc/ftpuser from accessing the FTP server.
UseFtpUsers             on
RootLogin               off

# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022

# "Jail" FTP-Users into their home directory. (chroot)
# The root directory has to be set in the description field
# when defining an user:
# ftpuser /mnt/cache/FTP
# See README for more information.
DefaultRoot ~

# Shell has to be set when defining an user. As a security precaution
# it is set to "/bin/false" as FTP-Users should not have shell access.
# This setting makes proftpd accept invalid shells.
RequireValidShell       no

# Normally, we want files to be overwriteable.
AllowOverwrite          on

<IfModule mod_sftp.c>

        SFTPEngine on
        Port 2222
        SFTPLog /var/log/sftp.log

        SFTPHostKey /etc/ssh/sftp_rsa_key
        SFTPAuthorizedUserKeys file:/etc/ssh/sftp_user_keys

        SFTPAuthMethods publickey

        SFTPKeyBlacklist none
        SFTPDHParamFile /usr/local/SlrG-Common/usr/local/etc/dhparams.pem

</IfModule>

Edited by jareth

I have proftpd installed and running locally (i.e. I can access files from Filezilla).  I'd like to setup my webserver to access proftpd using a VPN.  Which VPN is recommended as least hackable?  ;)

 

 

I am trying to add access to a disk outside of the array that is mounted using Unassigned devices. Is that possible?

  • Author

@jareth

I have no answer yet. I don't use sftp or ssl myself and need to setup it again, to test. Sadly my personal life is very busy at the moment.

 

@jeffreywhunter

If I would try at the moment, I would probably go with wireguard. I was using OpenVPN for a while. Other than that, I don't really know other solutions.

 

@kricker

This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access.

On 5/25/2020 at 4:03 PM, SlrG said:

 

@kricker

This should be possible. Either define your user with ftpuser in description only, so it won't get jailed and has access to all unRAID, or use the mountscript to mount your outside disk into an folder your user can access.

I tried setting the users directory to that disk mount point such as ftpuser /mnt/disks/test, but that didn't seem to work. The users account still went to /mnt/usr and saw all the shares as normal. I'll try those two options you mentioned. Thanks!

 

I think I must have something in my config file keeping everyone jailed to /mn/usr, because setting anyone to just ftpuser has the same result. I'll do some diggining.

Edited by kricker

  • Author

@kricker

It won't really help you, if I say it works for me, but maybe I can describe my setup a bit.

 

I have a ssd drive outside my array which is mounted to /mnt/appdrive in my go file. So I'm not using unassigned devices, though I have that installed, too. I have it this way a long time, as it was the only way as the plugin did not exist then - but I don't think it matters in what way the disk is mounted - though the time of the mount could matter. I did not investigate if the go file or the plugin will mount earlier.

 

When I put ftpuser /mnt/appdrive as comment and restart the plugin it works fine and jails that user into the appdrive folder.

 

What I did notice however is, that it takes quite a bit of time for the jail to take effect. So maybe give it a minute after putting the comment and restarting the plugin and give it another minute, before trying to login.

  • 2 weeks later...

I use the Dark skin on Unraid. But when i loadup proftpd it has a white background and cant read anything on it.

 

 

Locally i got it working  i can connect to the ftp and all.

 

But from extern i cant connect to it.

 

The way my setup is and it worked and works currently for other things.

 

i use PFsense and made an alias and have a few ip's in there and only those ips can connect to the ftp.

i want to move from my Qnap FTP to my Unraid proftpd ftp.  everything works except connections from extern.

Edited by KoNeko
new problem

  • Author

@KoNeko

Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too.  Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. :(

 

Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it.

p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect.

Edited by SlrG
added p.s.

1 hour ago, SlrG said:

@KoNeko

Yes, only the white theme is supported currently. As the plugins settings are very much setup and forget and you have it running locally already, there is nothing in the plugins settings, you could change to make external connections work. The restart button is probably the most needed function after initial setup and that should be readable and usable in the black theme, too.  Supporting the themes is still on my TODO list, but sadly I have no time to work on it for the foreseeable future. Sorry for the inconvenience. :(

 

Regarding the external connection, do you have the default proftpd.conf file or have you made changes to use encrypted ftp? If you did not, it is probably solely a firewall problem as it is working locally already. Is the pfSense firewall the only one filtering external access to your home network? Nothing on your cable router (or whatever you are using to connect)? If port 21 is available properly, it might be, that you need to define a passive port range in your proftpd.conf and allow that too, in the firewall. I have no pfSense, so I can't tell you how to do it.

p.s. Don't forget to restart the proftpd service, after changing the proftpd.conf, or the change will have no immediate effect.

it isnt a big problem like you said its only if you want to start/restart the server. and it isnt a very high prio to fix that either :)

 

Yes i figured that out that i had to add the passive port in the config. I ran multiple proftp server but never had to do this So was a bit confused. :)

i wanted to edit my post that i had it fixed but it was already too late here and went to sleep.

Having issues connecting to FTP via filezilla or other apps (like iOS FTP photo transfer).

 

I'm using NoIP on my raid box and have a DDNS setup. I've confirmed that my ddns address is resolving into my router.

 

Also confirmed that port 21 is open on my WAN using a port check tool. Someone mentioned in a previous post about not opening port 21, but rather opening a different port, than re-directing that to port 21 on my raid. If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box?

 

Validated via command line on my local machine that the FTP daemon is running by doing ftp 192.xxx.xx.xxx to check that FTP is running on my raid box. I can login with the specified ftpuser name and password and received a code 230 from command line that I was able to get in.

 

My syslog / diagnostics is attached.

 

Thanks in advance for any help! Reason I use FTP is via an iOS app (mebiaFTP) to transfer all media files from our phones into the unraid media library.

 

 

unraid-diagnostics-20200614-1453.zip

10 hours ago, pixelgraft said:

If I open port xxxx on my router, how do I then specify that I want those requests going to port 21 on my unraid box?

Different for every router, but when you open up port xxxx you hopefully should have some kind of  "from port" and "to port" option.  xxxx would be in "from" and 21 would be in "to".  Then, all traffic coming in on port xxxx would go to your unraid IP on port 21.   Hard to say without seeing the router what the actual settings are (or if it's configured elsewhere in a port forwarding section, or if it supports it in the first place - should do).

Completely understand - thank you for the detailed reply. I used to have this feature, but now my ISP Comcast locked that down in the router and forces me to use their silly web interface in the customer portal. I can only setup the "to" port. No longer a from and to. I'll reach out to them.

I having issues to connect with duplicati to proftpd.

The answer is 451 Transfer aborted. Broken pipe.

 

Filezilla is working fine and als a script made in python is working fine.

Only dupliacti is making trouble.

 

Do you have any idea?

  • Author

@Karatekid

Sadly no. :( You could try to enable debug logging in your /etc/proftpd.conf file, by adding:

DebugLevel 10

Afterwards restart the ProFTPd server in the plugins settings and after trying duplicati again, check your syslog if it contains something more useful info on why it breaks.

  • 1 month later...

I've installed this plugin in the past on another server, but on the server I'm currently setting up I'm getting the following error.

plugin: installing: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg
plugin: downloading https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg
plugin: downloading: https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg ... done
Cleaning up previous install files...
Executing selfremoval commands if present...
...Cleanup complete!
Downloading any missing plugin files...
Latest plugin control files downloading
...Unable to download missing plugin control files. Aborting install
plugin: run failed: /bin/bash retval: 1

I found a previous reply in this thread that seemed like it would be the fix, but the provided links don't seem to work anymore.

Quote

It seems the download of the plugin control files fails from github. Please download them manually from here into /boot/config/plugins/ProFTPd. Manually create the directory if it does not exist. If the dependency download fails too, download the file manually from here. Afterwards the plugin should install I think. If not, please report again.

 

Any insights that could help get me back on the right path?

 

  • Author

Well if the download fails, it is often because of dns or firewall issues. Can you download things from github to the server manually from the command line with wget? Are there any error messages if you try? The current download paths are:

https://github.com/SlrG/unRAID/raw/master/Plugins/ProFTPd.plg

https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Control-1.7.tar.gz

https://github.com/SlrG/unRAID/raw/master/AppSupport/ProFTPd/ProFTPd-SlrG-Dependency-1.7_x64.tar.gz

If you download the last two into /boot/config/plugins/ProFTPd, it should start working, too.

Using wget to download the two additional archives directly to /boot/config/plugins/ProFTPd did the trick, thanks!

Hey Guys, I fount out that when I add a new user, it will get the full access to /

Is that normal?

Hello guys! i have this trouble: 

install the plug in 1.3.6 in unraid 6.8.3 and i cant acces the web server interface. 

i think the problem is a didnt fill th Webserver Path variable, but i dont know what to put there, can you hep me?

thank a lot!!

  • Author

@fabrizzium

Sadly the web editing functionality for the proftpd.conf file is broken. Please leave the webserver usage disabled and edit it manually using the shell. (nano /etc/proftpd.conf)

 

@Pducharme

Technically it is implemented. First it worked using the default unraid webserver, until security measures made the plugin unable to use it. Afterwards it required the apache webserver plugin (docker did not work). Development on that one stopped however and I was not able to find another way to get it working again. So it is implemented but broken.

Edited by SlrG
added comment for @Pducharme

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.