To provide an FTP service, Plesk uses the ProFTPD FTP server. Plesk includes the following two packages:
psa-proftpdwhich contains the main component.
psa-proftpd-xinetdwhich contains patches and configurations to work with
The ProFTPD is started by the
xinetd every time the server receives an FTP request. In the case of authorized access, the FTP service is started on behalf of the user whose request is to be processed. For anonymous users, the service is started with the UID of the
The FTP server allows for document access of authenticated users that are listed in the /etc/passwd and /etc/shadow files. The first one defines the user name, group membership, home directory, and active access method. The second one stores password hash values. Let us look at FTP users created during the virtual hosting setup procedure. The following are some /etc/passwd lines defining FTP user parameters.
The first two lines are default FTP users. The
psaftp is the user on behalf of whom the FTP service is started when the Plesk server receives an anonymous FTP request.
The last two lines define typical FTP users. The group ID
10001 refers to the psacln group that contains FTP users. The psacln is added to the /etc/ftpchroot file. For every FTP user logged into the Plesk, a “chroot” procedure is executed, which ensures the user cannot see files owned by other users.
Plesk stores all FTP user accounts in a single database; therefore, FTP users cannot have the same names even if they are created for different virtual hosts. Besides, since the FTP service cannot be name based, only one virtual host on each IP address can provide anonymous FTP access.
The FTP server configuration parameters are stored in the /etc/proftpd.conf file. Here are some of the parameters. A sample of the
proftpd.conf file is displayed below:
Each virtual host FTP configuration is stored in the
/etc/proftpd.include file. The configurations consist of two sections:
- The general section configures FTP for authorized users. It configures the following:
- Virtual server name to IP address binding.
- Log file path.
- Write permission.
Login access allowed only to the psacln group.
Below is a sample of the general section:
Order allow, deny
Deny from all
- The Anonymous section configures FTP for anonymous users. It configures:
- An alias for the
anon_ftpas the home directory that is inside the domain directory opened for the authorized domain user.
- A log file for anonymous FTP access.
- User and group for anonymous FTP access.
- Login access and read-only rights for everyone
Below is a sample of this section:
UserAlias anonymous psaftp
TransferRate RETR 0.000
Umask 022 002
<Limit MKD XMKD>
- An alias for the
For more information on the ProFTPD configuration, please refer to the www.proftpd.org.
FTP Logs and Statistics
For each domain, the ProFTPD service writes statistics for both anonymous and authorized access to log files located in the /var/www/vhosts/<domain_name>/statistics/logs/ directory. Once a day, Plesk processes the logs with the
statistics utility and separates the statistical data into two parts:
Anonymous access information stored in the statistics/anon_ftpstat subdirectory of the virtual host directory.
Authorized access information stored in the statistics/ftpstat/subdirectory.
In addition, the
statistics utility writes the statistical data to the psa database and calls the log rotation utility
logrotate. For more information on statistics processing and log rotation, refer to the chapter Statistics and Logs.
Switching On Implicit FTPS
By default Plesk FTP server supports explicit FTPS only. To turn on implicit FTPS, follow these instructions:
- Run the following commands in the shell:
- Paste the following into the
- Edit the
/etc/proftpd.conffile to insert the following section after the
- Run the
service xinetd restartcommand.