Bug#823409: proftpd RMemoryLimit large file transfer fails ( possible memory leak )

Daniel Swarbrick daniel.swarbrick at profitbricks.com
Thu Dec 29 11:10:01 UTC 2016


On 18/12/16 22:58, Hilmar Preuße wrote:

> On 01.12.2016 14:09, Daniel Swarbrick wrote:
>
> Hi Daniel,
>
> Upstream asked to provide full configuration of proftp including
> possible include file. Please be so kind.
Apologies for the late response. Here we go, blank lines, comments and
empty conditional blocks stripped for brevity. The main proftpd.conf is
pretty much the vanilla Debian config with a few changes. Most of our
site-specific config is in the conf.d directory.

proftpd.conf:

Include /etc/proftpd/modules.conf
UseIPv6                off
IdentLookups            off
ServerName            "Debian"
ServerType            standalone
DeferWelcome            off
MultilineRFC2228        on
DefaultServer            off
ShowSymlinks            on
TimeoutNoTransfer        600
TimeoutStalled            600
TimeoutIdle            1200
DisplayLogin                    welcome.msg
DisplayChdir                   .message true
ListOptions                    "-l"
DenyFilter            \*.*/
Port                0
MaxInstances            30
User                proftpd
Group                nogroup
Umask                022  022
AllowOverwrite            on
TransferLog /var/log/proftpd/xferlog
SystemLog   /var/log/proftpd/proftpd.log
<IfModule mod_quotatab.c>
QuotaEngine off
</IfModule>
<IfModule mod_ratio.c>
Ratios off
</IfModule>
<IfModule mod_delay.c>
DelayEngine on
</IfModule>
<IfModule mod_ctrls.c>
ControlsEngine        off
ControlsMaxClients    2
ControlsLog           /var/log/proftpd/controls.log
ControlsInterval      5
ControlsSocket        /var/run/proftpd/proftpd.sock
</IfModule>
<IfModule mod_ctrls_admin.c>
AdminControlsEngine off
</IfModule>
Include /etc/proftpd/conf.d/

modules.conf:

ModulePath /usr/lib/proftpd
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_radius.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
LoadModule mod_load.c
LoadModule mod_ban.c
LoadModule mod_wrap2.c
LoadModule mod_wrap2_file.c
LoadModule mod_dynmasq.c
LoadModule mod_exec.c
LoadModule mod_shaper.c
LoadModule mod_ratio.c
LoadModule mod_site_misc.c
LoadModule mod_sftp.c
LoadModule mod_sftp_pam.c
LoadModule mod_facl.c
LoadModule mod_unique_id.c
LoadModule mod_copy.c
LoadModule mod_deflate.c
LoadModule mod_ifversion.c
LoadModule mod_tls_memcache.c
LoadModule mod_ifsession.c

conf.d/global.conf

LoadModule mod_sql.c
LoadModule mod_sql_postgres.c
LoadModule mod_sql_passwd.c
TLSProtocol TLSv1
SocketBindTight on
UseReverseDNS off
LogFormat uploadtrigger "%v %a %u %m %b %{transfer-status}
%{transfer-failure} %f"
<Global>
    TLSRequired off
    TLSOptions NoSessionReuseRequired
    SQLBackend postgres
    SQLConnectInfo (redacted)
    SQLAuthenticate users
    SQLDefaultUID 64890
    SQLDefaultGID 64890
    SQLPasswordEngine on
    SQLAuthTypes sha256
    SQLPasswordEncoding hex
    SQLNamedQuery pb-get-user-by-name SELECT "username, password, null,
null, homedir, null FROM get_proftpd_user('%U', 'pb.domain') LIMIT 1"
    SQLNamedQuery pb-get-user-salt SELECT "salt FROM
get_proftpd_user('%{0}', 'pb.domain') LIMIT 1"
    CreateHome on 775 skel /srv/images/skel uid 64890 gid 64890
    Umask 0002
    DefaultRoot ~
    MaxStoreFileSize 1000 Gb
    RequireValidShell off
    AuthPAM off
    IdentLookups off
    WtmpLog off
    MaxClientsPerUser 3
    PathDenyFilter [[:blank:]]
    PassivePorts 49152 65534
    AllowOverwrite on
    AllowStoreRestart on
    ExtendedLog /var/run/proftpd/xferlog.fifo WRITE uploadtrigger
    ExtendedLog /var/log/proftpd/extendedlog ALL
</Global>

conf.d/vhost1.conf:

<VirtualHost 1.2.3.4>
    ServerIdent on "Foo FTP"
    ServerName "ftp.example.com"
    TransferLog /var/log/proftpd/xferlog-foo
    TLSEngine on
    TLSRSACertificateFile /etc/ssl/certs/foo.crt
    TLSRSACertificateKeyFile /etc/ssl/private/foo.key
    TLSCACertificateFile /etc/ssl/certs/Thawte_SSL_CA_G2_Bundle.pem
    SQLUserInfo custom:/pb-get-user-by-name
    SQLPasswordUserSalt sql:/pb-get-user-salt Prepend
</VirtualHost>



More information about the Pkg-proftpd-maintainers mailing list