Chapter 1. List of Directives

Table of Contents
AccessDenyMsg -- Customise the response on failed authentication
AccessGrantMsg -- Customise the response on successful authentication
Allow -- Access control directive
AllowAll -- Allow all clients
AllowClass -- Class based allow rules
AllowFilter -- Regular expression of command arguments to be accepted
AllowForeignAddress -- Control the use of the PORT command
AllowGroup -- Group based allow rules
AllowLogSymlinks -- Permit logging to symlinked files
AllowOverride -- Toggles handling of .ftpaccess files
AllowOverwrite -- Enable files to be overwritten
AllowRetrieveRestart -- Allow clients to resume downloads
AllowStoreRestart -- Allow clients to resume uploads
AllowUser -- User based allow rules
AnonRatio -- Ratio directive
AnonRejectPasswords -- Block certain anonymous user passwords
AnonRequirePassword -- Make anonymous users supply a valid password
Anonymous -- Define an anonymous server
AnonymousGroup -- Treat group members as anonymous users
AuthAliasOnly -- Allow only aliased login names
AuthGroupFile -- Specify alternate group file
AuthOrder -- Configure auth module checking order
AuthPAM -- Enable/Disable PAM authentication
AuthPAMConfig -- Select PAM service name
AuthUserFile -- Specify alternate passwd file
AuthUsingAlias -- Authenticate via Alias-name instead of mapped username
Bind -- Bind the server or Virtualhost to a specific IP address [deprecated]
ByteRatioErrMsg -- Ratio directive
CapabilitiesEngine -- Enable/disable mod_cap
CapabilitiesSet -- Configure the set of Linux capabilities processed
CDPath -- Sets "search paths" for the cd command
Class -- Define a class of client connections
CommandBufferSize -- Limit the maximum command length
CreateHome -- Create and populate users' home directories as needed
CwdRatioMsg -- Ratio directive
DebugLevel -- Set the debugging output level
DefaultAddress -- Set the address for the server to listen on
DefaultChdir -- Set starting directory for FTP sessions
DefaultRoot -- Sets default chroot directory
DefaultServer -- Set the default server
DefaultTransferMode -- Set the default method of data transfer
DeferWelcome -- Don't show welcome message until user has authenticated
Define -- Initialises Defines for IfDefine
DelayEngine -- Control the use of mod_delay
DelayTable -- Sets the name and path of the file used as the timing table
DeleteAbortedStores -- Enable automatic deletion of partially uploaded HiddenStores files
Deny -- Access control directive
DenyAll -- Deny all clients
DenyClass -- Class based deny rules
DenyFilter -- Regular expression of command arguments to be blocked
DenyGroup -- Group based deny rules
DenyUser -- User based deny rules
Directory -- Directory-limited configuration directives
DirFakeGroup -- Hide real file/directory group
DirFakeMode -- Hide real file/directory permissions
DirFakeUser -- Hide real file/directory owner
DisplayChdir -- Set the file to display when entering a directory
DisplayConnect -- Sets connect banner file
DisplayFileTransfer -- FIXFIXFIX
DisplayGoAway -- Set the file to display to a rejected connection
DisplayLogin -- Set the file to display on login
DisplayQuit -- Set the file to display on quit
DisplayReadme -- Enable display of file modification times on a file pattern
ExtendedLog -- Specify custom logfiles
FileRatioErrMsg -- (docs incomplete)
Global -- Set some directives to apply across the entire daemon
Group -- Set the group the server normally runs as
GroupOwner -- Change default group for new files and directories
GroupPassword -- Set a group-wide password
GroupRatio -- Ratio directive
HiddenStores -- Enables more safe file uploads
HideFiles -- Enable hiding of files based on regular expressions
HideGroup -- Enable hiding of files based on group owner
HideNoAccess -- Block the listing of directory entries to which the user has no access permissions
HideUser -- Enable hiding of files based on user owner
HostRatio -- Ratio directive
IdentLookups -- Toggle ident lookups
IfDefine -- To control the use of sections of the configuration
IfModule -- Parse a section of config based on module name
IgnoreHidden -- Treat 'hidden' files as if they don't exist
Include -- Load additional configuration directives from a file
LDAPAliasDereference -- Specify how LDAP alias dereferencing is done
LDAPAttr -- Map LDAP Attributes to something non standard
LDAPAuthBinds -- (docs incomplete)
LDAPDefaultAuthScheme --  Set the authentication scheme/hash that is used when no leading {hashname} is present.
LDAPDefaultGID --  Set the default GID to be assigned to users when no uidNumber attribute is found.
LDAPDefaultUID --  Set the default UID to be assigned to users when no uidNumber attribute is found.
LDAPDNInfo -- Set DN information to be used for initial bind
LDAPDoAuth -- Enable LDAP authentication
LDAPDoGIDLookups --  Enable LDAP lookups for user group membership and GIDs in directory listings
LDAPDoQuotaLookups -- Enable LDAP quota limit support
LDAPDoUIDLookups --  Enable LDAP lookups for UIDs in directory listings
LDAPForceDefaultGID -- Force all LDAP-authenticated users to use the same GID.
LDAPForceDefaultUID -- Force all LDAP-authenticated users to use the same UID.
LDAPForceGeneratedHomedir --  Force all LDAP-authenticated users to use the default HomeDironDemand prefix/suffix.
LDAPForceHomedirOnDemand --  Force all LDAP-authenticated users to use the default HomeDironDemand prefix/suffix. [deprecated]
LDAPGenerateHomedir --  Enable the creation of user home directories on demand
LDAPGenerateHomedirPrefix --  Enable the creation of user home directories on demand
LDAPGenerateHomedirPrefixNoUsername -- (docs incomplete)
LDAPGroups --  Enable LDAP lookups for user group membership and GIDs in directory listings
LDAPHomedirOnDemand --  Enable the creation of user home directories on demand [deprecated]
LDAPHomedirOnDemandPrefix --  Enable the creation of user home directories on demand [deprecated]
LDAPHomedirOnDemandPrefixNoUsername -- (docs incomplete)
LDAPHomedirOnDemandSuffix --  Specify an additional directory to be created inside a user's home directory on demand. [deprecated]
LDAPNegativeCache -- Enable negative caching for LDAP lookups
LDAPProtocolVersion -- Set the LDAP protocol version
LDAPQueryTimeout -- Set a timeout for LDAP queries
LDAPSearchScope -- Specify the search scope used in LDAP queries
LDAPServer -- Specify the LDAP server to use for lookups
LDAPUsers -- Enable LDAP authentication/user lookups
LDAPUseTLS -- Enable TLS/SSL connections to the LDAP server.
LeechRatioMsg -- Sets the 'over ratio' error message
Limit -- Set the commands/actions to be controlled
ListOptions -- Configure options used when listing directories
LogFormat -- Specify a logging format
LoginPasswordPrompt -- Configure to display the passwort prompt or not
MasqueradeAddress -- Configure the server address presented to clients
MaxClients -- Limits the number of users that can connect
MaxClientsPerClass -- Limit the number of connections per class
MaxClientsPerHost -- Limits the connections per client machine
MaxClientsPerUser -- Limit the number of connections per userid
MaxConnectionRate -- Maximum TCP socket connection rate
MaxConnectionsPerHost -- Limits the unauthenticated connections per client machine
MaxHostsPerUser -- Limit the number of connections per userid
MaxInstances -- Sets the maximum number of child processes to be spawned
MaxLoginAttempts -- Sets how many password attempts are allowed before disconnection
MaxRetrieveFileSize -- Restrict size of downloaded files
MaxStoreFileSize -- Restrict size of uploaded files
MultilineRFC2228 -- Enable RFC2228 multiline response mode
Order -- Configures the precedence of the Limit directives
PassivePorts -- Specify the ftp-data port range to be used
PathAllowFilter -- Only allow new files which match a specified pattern
PathDenyFilter -- Disallow new files which match a specified pattern
PersistentPasswd -- Sets handling of unix auth files
PidFile -- Set the filepath to hold the pid of the master server
Port -- Set the port for the control socket
RadiusAcctServer -- Setup RADIUS accounting details
RadiusAuthServer -- Setup RADIUS authenticator details
RadiusEngine -- Enable RADIUS support
RadiusLog -- Specify the logfile for reporting / debugging
RadiusRealm -- Setup the authentication realm
RadiusUserInfo -- Configure login information via RADIUS
RatioFile -- Ratio directive
Ratios -- (docs incomplete)
RatioTempFile -- Ratio directive
RequireValidShell -- Allow connections based on /etc/shells
RewriteCondition -- Define a rule condition
RewriteEngine -- Enable/disable mod_rewrite
RewriteLock -- Set the filename for synchronization lockfile
RewriteLog -- Specify a log file for mod_rewrite reporting
RewriteMap -- Define a rewrite map
RewriteRule -- Define a rewrite rule
RLimitCPU -- Configure the maximum CPU time in seconds used by a process
RLimitMemory -- Configure the maximum memory in bytes used by a process
RLimitOpenFiles -- Configure the maximum number of open files used by a process
RootLogin -- Permit root user logins
RootRevoke -- Drop root privileges completely
SaveRatios -- FIXME FIXME
ScoreboardFile -- Sets the name and path of the scoreboard file
ServerAdmin -- Set the address for the server admin
ServerIdent -- Set the message displayed on connect
ServerLog -- Configure logs on a per-server basis
ServerName -- Configure the name displayed to connecting users
ServerType -- Set the mode proftpd runs in
SetEnv -- (docs incomplete)
ShowSymlinks -- Toggle the display of symlinks
SocketBindTight -- Controls how TCP/IP sockets are created
SocketOptions -- Tune socket-level options
SQLAuthenticate --  Specify authentication methods and what to authenticate
SQLAuthTypes -- Specify the allowed authentication types and their check order
SQLBackend -- Set the SQL backend module
SQLConnectInfo -- Specify connection information for the backend
SQLDefaultGID -- Configure the default GID for users
SQLDefaultHomedir -- Configure the default homedir
SQLDefaultUID -- Configure the default UID for users
SQLEngine -- Configure how mod_sql will operate
SQLGroupInfo -- Configure the group table and fields that hold group information
SQLGroupWhereClause -- Configure a WHERE clause for every group query
SQLLog -- Log information to a database table
SQLLogFile -- Specify a log file for mod_sql reporting and debugging
SQLMinID -- Set SQLMinUserGID and SQLMinUserID in one place
SQLMinUserGID -- Set a minimum GID
SQLMinUserUID -- Set a minimum UID
SQLNamedQuery -- Specify a query and an identifier for SQLShowInfo and SQLLog
SQLNegativeCache -- Enable negative caching for SQL lookups
SQLRatios -- (docs incomplete)
SQLRatioStats -- (docs incomplete)
SQLShowInfo -- Create a message to be sent to the user after any successful command
SQLUserInfo -- Configure the user table and fields that hold user information
SQLUserWhereClause -- Configure a WHERE clause for every user query<
StoreUniquePrefix -- Set the prefix to be added to uniquely generated filenames
SyslogFacility -- Set the facility level used for logging
SyslogLevel -- Set the verbosity level of system logging
SystemLog -- Redirect syslogging to a file
TCPAccessFiles -- Sets the access files to use
TCPAccessSyslogLevels -- Sets the logging levels for mod_wrap
tcpBackLog -- Control the tcp backlog in standalone mode
TCPGroupAccessFiles -- Sets the access files to use
tcpNoDelay -- Control the use of TCP_NODELAY
TCPServiceName -- Configures the name proftpd will use with mod_wrap
TCPUserAccessFiles -- Sets the access files to use
TimeoutIdle -- Sets the idle connection timeout
TimeoutLinger -- Sets the timeout used for lingering closes
TimeoutLogin -- Sets the login timeout
TimeoutNoTransfer -- Sets the connection without transfer timeout
TimeoutSession -- Sets a timeout for an entire session
TimeoutStalled -- Sets the timeout on stalled data transfers
TimesGMT -- Toggle time display between GMT and local
TLSCACertificateFile -- Define a CA certificate used to verify your client certificates
TLSCACertificatePath -- Define a path to the CAs used to verify your client certificates
TLSCARevocationFile -- Define a file with your CA revocation certifcates
TLSCARevocationPath -- Define a path to your CA revocation certificates
TLSCertificateChainFile -- Define an all in one certification file
TLSCipherSuite -- Define a cipher list
TLSDHParamFile -- Define a file used in Diffie-Hellman key exchange
TLSDSACertificateFile -- Point to the file containing the DSA certificate
TLSDSACertificateKeyFile -- Point to the file containing the private DSA key
TLSEngine -- Enable TLS/SSL connections
TLSLog -- Specify a logfile for mod_tls's reporting on a per-server basis
TLSOptions -- Configure optional behaviour of mod_tls
TLSPassPhraseProvider -- FIXFIXFIX
TLSProtocol -- Define the SSL/TLS protocol version mod_tls should use
TLSRandomSeed -- Define a file for PRNG seeding
TLSRenegotiate -- Configure SSL renegotiations
TLSRequired -- Require SSL/TLS on the control and/or data channel
TLSRSACertificateFile -- Point to the file containing the RSA certificate
TLSRSACertificateKeyFile -- Point to the file containing the private RSA key
TLSVerifyClient -- Configure how to candle certificates presented by clients -- 
TLSVerifyDepth -- Define how deeply mod_tls should verify a client certificate
TransferLog -- Specify the path to the transfer log
TransferRate -- Configure upload, download transfer rates
Umask -- Set the default Umask
UnsetEnv -- (docs incomplete)
UseFtpUsers -- Block based on /etc/ftpusers
UseGlobbing -- Toggles use of glob() functionality
UseIPv6 -- Disable IPv6 support
User -- Set the user the daemon will run as
UserAlias -- Alias a username to a system user
UserDirRoot -- Set the chroot directory to a subdirectory of the anonymous server
UseReverseDNS -- Toggle rDNS lookups
UserOwner -- Set the user ownership of new files / directories
UserPassword -- Creates a hardcoded username/password pair
UserRatio -- Ratio directive
UseSendfile -- Toggles use of sendfile() functionality
UseUTF8 -- FIXFIXFIX
VirtualHost -- Define a virtual ftp server
WtmpLog -- Toggle logging to wtmp
%