ftp.update

Update ftp service configuration.

clients is an integer value which sets the maximum number of simultaneous clients allowed. It defaults to 32.

ipconnections is an integer value which shows the maximum number of connections per IP address. It defaults to 0 which equals to unlimited.

timeout is the maximum number of seconds that proftpd will allow clients to stay connected without receiving any data on either the control or data connection.

timeout_notransfer is the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (i.e. sending/receiving a file, or receiving a directory listing).

onlyanonymous allows anonymous FTP logins with access to the directory specified by anonpath.

banner is a message displayed to local login users after they successfully authenticate. It is not displayed to anonymous login users.

filemask sets the default permissions for newly created files which by default are 077.

dirmask sets the default permissions for newly created directories which by default are 077.

resume if set allows FTP clients to resume interrupted transfers.

fxp if set to true indicates that File eXchange Protocol is enabled. Generally it is discouraged as it makes the server vulnerable to FTP bounce attacks.

defaultroot when set ensures that for local users, home directory access is only granted if the user is a member of group wheel.

ident is a boolean value which when set to true indicates that IDENT authentication is required. If identd is not running on the client, this can result in timeouts.

masqaddress is the public IP address or hostname which is set if FTP clients cannot connect through a NAT device.

localuserbw is a positive integer value which indicates maximum upload bandwidth in KB/s for local user. Default of zero indicates unlimited upload bandwidth ( from the FTP server configuration ).

localuserdlbw is a positive integer value which indicates maximum download bandwidth in KB/s for local user. Default of zero indicates unlimited download bandwidth ( from the FTP server configuration ).

anonuserbw is a positive integer value which indicates maximum upload bandwidth in KB/s for anonymous user. Default of zero indicates unlimited upload bandwidth ( from the FTP server configuration ).

anonuserdlbw is a positive integer value which indicates maximum download bandwidth in KB/s for anonymous user. Default of zero indicates unlimited download bandwidth ( from the FTP server configuration ).

tls is a boolean value which when set indicates that encrypted connections are enabled. This requires a certificate to be configured first with the certificate service and the id of certificate is passed on in ssltls_certificate.

tls_policy defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS.

tls_opt_enable_diags is a boolean value when set, logs verbosely. This is helpful when troubleshooting a connection.

options is a string used to add proftpd(8) parameters not covered by ftp service.

Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: ftp_update

ftp_update

Type: object

FTPUpdateArgs parameters.

 No Additional Properties

Port

Type: integer

TCP port number on which the FTP service listens for incoming connections.

Value must be greater or equal to 1 and lesser or equal to 65535

Clients

Type: integer

Maximum number of simultaneous client connections allowed.

Value must be greater or equal to 1 and lesser or equal to 10000

Ipconnections

Type: integer

Maximum number of connections allowed from a single IP address. 0 means unlimited.

Value must be greater or equal to 0 and lesser or equal to 1000

Loginattempt

Type: integer

Maximum number of failed login attempts before blocking an IP address. 0 disables this limit.

Value must be greater or equal to 0 and lesser or equal to 1000

Timeout

Type: integer

Idle timeout in seconds before disconnecting inactive clients. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Timeout Notransfer

Type: integer

Timeout in seconds for clients that connect but do not transfer data. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Onlyanonymous

Type: boolean

Whether to allow only anonymous FTP access, disabling authenticated user login.

Anonpath


Filesystem path for anonymous FTP users. null to use the default anonymous FTP directory.

Type: string
Type: null

Onlylocal

Type: boolean

Whether to allow only local system users to login, disabling anonymous access.

Banner

Type: string

Welcome message displayed to FTP clients upon connection.

Filemask

Type: string

Default Unix permissions (umask) for files created by FTP users.

Dirmask

Type: string

Default Unix permissions (umask) for directories created by FTP users.

Fxp

Type: boolean

Whether to enable File eXchange Protocol (FXP) for server-to-server transfers.

Resume

Type: boolean

Whether to allow clients to resume interrupted file transfers.

Defaultroot

Type: boolean

Whether to restrict users to their home directories (chroot jail).

Ident

Type: boolean

Whether to perform RFC 1413 ident lookups on connecting clients.

Reversedns

Type: boolean

Whether to perform reverse DNS lookups on client IP addresses for logging.

Masqaddress

Type: string

Public IP address to advertise to clients for passive mode connections when behind NAT.

Passiveportsmin

Type: integer

Minimum port number for passive mode data connections. Must be 0 or between 1024-65535.

Passiveportsmax

Type: integer

Maximum port number for passive mode data connections. Must be 0 or between 1024-65535.

Localuserbw

Type: integer

Maximum upload bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Localuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserbw

Type: integer

Maximum upload bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Tls

Type: boolean

Whether to enable TLS/SSL encryption for FTP connections.

Tls Policy

Type: enum (of string)

TLS policy for connections. Values include: "on" (required), "off" (disabled), "data" (data only), "auth" (authentication only), "ctrl" (control only), or combinations with + and ! modifiers.

Must be one of:
  • ""
  • "on"
  • "off"
  • "data"
  • "!data"
  • "auth"
  • "ctrl"
  • "ctrl+data"
  • "ctrl+!data"
  • "auth+data"
  • "auth+!data"

Tls Opt Allow Client Renegotiations

Type: boolean

Whether to allow TLS clients to initiate renegotiation of the TLS connection.

Tls Opt Allow Dot Login

Type: boolean

Whether to allow .ftpaccess files to override TLS requirements for specific users.

Tls Opt Allow Per User

Type: boolean

Whether to allow per-user TLS configuration overrides.

Tls Opt Common Name Required

Type: boolean

Whether to require client certificates to have a Common Name field.

Tls Opt Enable Diags

Type: boolean

Whether to enable detailed TLS diagnostic logging.

Tls Opt Export Cert Data

Type: boolean

Whether to export client certificate data to environment variables.

Tls Opt No Empty Fragments

Type: boolean

Whether to disable empty TLS record fragments to improve compatibility with some clients. Disabling increases vulnerability to some attack vectors.

Tls Opt No Session Reuse Required

Type: boolean

Whether to disable the requirement for TLS session reuse.

Tls Opt Stdenvvars

Type: boolean

Whether to export standard TLS environment variables for use by external programs.

Tls Opt Dns Name Required

Type: boolean

Whether to require client certificates to contain a DNS name in the Subject Alternative Name extension. The reversedns setting must also be enabled.

Tls Opt Ip Address Required

Type: boolean

Whether to require client certificates to contain an IP address in the Subject Alternative Name extension.

Ssltls Certificate


ID of the certificate to use for TLS/SSL connections. null to use the default system certificate.

Type: integer
Type: null

Options

Type: string

Additional ProFTPD configuration directives to include in the server configuration. Manual directives may render the FTP service non-functional and should be used with caution.

FtpEntry

Type: object
No Additional Properties

Id

Type: integer

Placeholder identifier. Not used as there is only one.

Port

Type: integer

TCP port number on which the FTP service listens for incoming connections.

Value must be greater or equal to 1 and lesser or equal to 65535

Clients

Type: integer

Maximum number of simultaneous client connections allowed.

Value must be greater or equal to 1 and lesser or equal to 10000

Ipconnections

Type: integer

Maximum number of connections allowed from a single IP address. 0 means unlimited.

Value must be greater or equal to 0 and lesser or equal to 1000

Loginattempt

Type: integer

Maximum number of failed login attempts before blocking an IP address. 0 disables this limit.

Value must be greater or equal to 0 and lesser or equal to 1000

Timeout

Type: integer

Idle timeout in seconds before disconnecting inactive clients. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Timeout Notransfer

Type: integer

Timeout in seconds for clients that connect but do not transfer data. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Onlyanonymous

Type: boolean

Whether to allow only anonymous FTP access, disabling authenticated user login.

Anonpath


Filesystem path for anonymous FTP users. null to use the default anonymous FTP directory.

Type: string
Type: null

Onlylocal

Type: boolean

Whether to allow only local system users to login, disabling anonymous access.

Banner

Type: string

Welcome message displayed to FTP clients upon connection.

Filemask

Type: string

Default Unix permissions (umask) for files created by FTP users.

Dirmask

Type: string

Default Unix permissions (umask) for directories created by FTP users.

Fxp

Type: boolean

Whether to enable File eXchange Protocol (FXP) for server-to-server transfers.

Resume

Type: boolean

Whether to allow clients to resume interrupted file transfers.

Defaultroot

Type: boolean

Whether to restrict users to their home directories (chroot jail).

Ident

Type: boolean

Whether to perform RFC 1413 ident lookups on connecting clients.

Reversedns

Type: boolean

Whether to perform reverse DNS lookups on client IP addresses for logging.

Masqaddress

Type: string

Public IP address to advertise to clients for passive mode connections when behind NAT.

Passiveportsmin

Type: integer

Minimum port number for passive mode data connections. Must be 0 or between 1024-65535.

Passiveportsmax

Type: integer

Maximum port number for passive mode data connections. Must be 0 or between 1024-65535.

Localuserbw

Type: integer

Maximum upload bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Localuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserbw

Type: integer

Maximum upload bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Tls

Type: boolean

Whether to enable TLS/SSL encryption for FTP connections.

Tls Policy

Type: enum (of string)

TLS policy for connections. Values include: "on" (required), "off" (disabled), "data" (data only), "auth" (authentication only), "ctrl" (control only), or combinations with + and ! modifiers.

Must be one of:
  • ""
  • "on"
  • "off"
  • "data"
  • "!data"
  • "auth"
  • "ctrl"
  • "ctrl+data"
  • "ctrl+!data"
  • "auth+data"
  • "auth+!data"

Tls Opt Allow Client Renegotiations

Type: boolean

Whether to allow TLS clients to initiate renegotiation of the TLS connection.

Tls Opt Allow Dot Login

Type: boolean

Whether to allow .ftpaccess files to override TLS requirements for specific users.

Tls Opt Allow Per User

Type: boolean

Whether to allow per-user TLS configuration overrides.

Tls Opt Common Name Required

Type: boolean

Whether to require client certificates to have a Common Name field.

Tls Opt Enable Diags

Type: boolean

Whether to enable detailed TLS diagnostic logging.

Tls Opt Export Cert Data

Type: boolean

Whether to export client certificate data to environment variables.

Tls Opt No Empty Fragments

Type: boolean

Whether to disable empty TLS record fragments to improve compatibility with some clients. Disabling increases vulnerability to some attack vectors.

Tls Opt No Session Reuse Required

Type: boolean

Whether to disable the requirement for TLS session reuse.

Tls Opt Stdenvvars

Type: boolean

Whether to export standard TLS environment variables for use by external programs.

Tls Opt Dns Name Required

Type: boolean

Whether to require client certificates to contain a DNS name in the Subject Alternative Name extension. The reversedns setting must also be enabled.

Tls Opt Ip Address Required

Type: boolean

Whether to require client certificates to contain an IP address in the Subject Alternative Name extension.

Ssltls Certificate


ID of the certificate to use for TLS/SSL connections. null to use the default system certificate.

Type: integer
Type: null

Options

Type: string

Additional ProFTPD configuration directives to include in the server configuration. Manual directives may render the FTP service non-functional and should be used with caution.


Required roles: SHARING_FTP_WRITE