ftp.update ========== Update ftp service configuration. `clients` is an integer value which sets the maximum number of simultaneous clients allowed. It defaults to 32. `ipconnections` is an integer value which shows the maximum number of connections per IP address. It defaults to 0 which equals to unlimited. `timeout` is the maximum number of seconds that proftpd will allow clients to stay connected without receiving any data on either the control or data connection. `timeout_notransfer` is the maximum number of seconds a client is allowed to spend connected, after authentication, without issuing a command which results in creating an active or passive data connection (i.e. sending/receiving a file, or receiving a directory listing). `onlyanonymous` allows anonymous FTP logins with access to the directory specified by `anonpath`. `banner` is a message displayed to local login users after they successfully authenticate. It is not displayed to anonymous login users. `filemask` sets the default permissions for newly created files which by default are 077. `dirmask` sets the default permissions for newly created directories which by default are 077. `resume` if set allows FTP clients to resume interrupted transfers. `fxp` if set to true indicates that File eXchange Protocol is enabled. Generally it is discouraged as it makes the server vulnerable to FTP bounce attacks. `defaultroot` when set ensures that for local users, home directory access is only granted if the user is a member of group wheel. `ident` is a boolean value which when set to true indicates that IDENT authentication is required. If identd is not running on the client, this can result in timeouts. `masqaddress` is the public IP address or hostname which is set if FTP clients cannot connect through a NAT device. `localuserbw` is a positive integer value which indicates maximum upload bandwidth in KB/s for local user. Default of zero indicates unlimited upload bandwidth ( from the FTP server configuration ). `localuserdlbw` is a positive integer value which indicates maximum download bandwidth in KB/s for local user. Default of zero indicates unlimited download bandwidth ( from the FTP server configuration ). `anonuserbw` is a positive integer value which indicates maximum upload bandwidth in KB/s for anonymous user. Default of zero indicates unlimited upload bandwidth ( from the FTP server configuration ). `anonuserdlbw` is a positive integer value which indicates maximum download bandwidth in KB/s for anonymous user. Default of zero indicates unlimited download bandwidth ( from the FTP server configuration ). `tls` is a boolean value which when set indicates that encrypted connections are enabled. This requires a certificate to be configured first with the certificate service and the id of certificate is passed on in `ssltls_certificate`. `tls_policy` defines whether the control channel, data channel, both channels, or neither channel of an FTP session must occur over SSL/TLS. `tls_opt_enable_diags` is a boolean value when set, logs verbosely. This is helpful when troubleshooting a connection. `options` is a string used to add proftpd(8) parameters not covered by ftp service. .. raw:: html
Type: object

Type: array
No Additional Items

Tuple Validation

Parameter 1: ftp_update

ftp_update

Type: object

FTPUpdateArgs parameters.

 No Additional Properties

Port

Type: integer

TCP port number on which the FTP service listens for incoming connections.

Value must be greater or equal to 1 and lesser or equal to 65535

Clients

Type: integer

Maximum number of simultaneous client connections allowed.

Value must be greater or equal to 1 and lesser or equal to 10000

Ipconnections

Type: integer

Maximum number of connections allowed from a single IP address. 0 means unlimited.

Value must be greater or equal to 0 and lesser or equal to 1000

Loginattempt

Type: integer

Maximum number of failed login attempts before blocking an IP address. 0 disables this limit.

Value must be greater or equal to 0 and lesser or equal to 1000

Timeout

Type: integer

Idle timeout in seconds before disconnecting inactive clients. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Timeout Notransfer

Type: integer

Timeout in seconds for clients that connect but do not transfer data. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Onlyanonymous

Type: boolean

Whether to allow only anonymous FTP access, disabling authenticated user login.

Anonpath


Filesystem path for anonymous FTP users. null to use the default anonymous FTP directory.

Type: string
Type: null

Onlylocal

Type: boolean

Whether to allow only local system users to login, disabling anonymous access.

Banner

Type: string

Welcome message displayed to FTP clients upon connection.

Filemask

Type: string

Default Unix permissions (umask) for files created by FTP users.

Dirmask

Type: string

Default Unix permissions (umask) for directories created by FTP users.

Fxp

Type: boolean

Whether to enable File eXchange Protocol (FXP) for server-to-server transfers.

Resume

Type: boolean

Whether to allow clients to resume interrupted file transfers.

Defaultroot

Type: boolean

Whether to restrict users to their home directories (chroot jail).

Ident

Type: boolean

Whether to perform RFC 1413 ident lookups on connecting clients.

Reversedns

Type: boolean

Whether to perform reverse DNS lookups on client IP addresses for logging.

Masqaddress

Type: string

Public IP address to advertise to clients for passive mode connections when behind NAT.

Passiveportsmin

Type: integer

Minimum port number for passive mode data connections. Must be 0 or between 1024-65535.

Passiveportsmax

Type: integer

Maximum port number for passive mode data connections. Must be 0 or between 1024-65535.

Localuserbw

Type: integer

Maximum upload bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Localuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserbw

Type: integer

Maximum upload bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Tls

Type: boolean

Whether to enable TLS/SSL encryption for FTP connections.

Tls Policy

Type: enum (of string)

TLS policy for connections. Values include: "on" (required), "off" (disabled), "data" (data only), "auth" (authentication only), "ctrl" (control only), or combinations with + and ! modifiers.

Must be one of:
  • ""
  • "on"
  • "off"
  • "data"
  • "!data"
  • "auth"
  • "ctrl"
  • "ctrl+data"
  • "ctrl+!data"
  • "auth+data"
  • "auth+!data"

Tls Opt Allow Client Renegotiations

Type: boolean

Whether to allow TLS clients to initiate renegotiation of the TLS connection.

Tls Opt Allow Dot Login

Type: boolean

Whether to allow .ftpaccess files to override TLS requirements for specific users.

Tls Opt Allow Per User

Type: boolean

Whether to allow per-user TLS configuration overrides.

Tls Opt Common Name Required

Type: boolean

Whether to require client certificates to have a Common Name field.

Tls Opt Enable Diags

Type: boolean

Whether to enable detailed TLS diagnostic logging.

Tls Opt Export Cert Data

Type: boolean

Whether to export client certificate data to environment variables.

Tls Opt No Empty Fragments

Type: boolean

Whether to disable empty TLS record fragments to improve compatibility with some clients. Disabling increases vulnerability to some attack vectors.

Tls Opt No Session Reuse Required

Type: boolean

Whether to disable the requirement for TLS session reuse.

Tls Opt Stdenvvars

Type: boolean

Whether to export standard TLS environment variables for use by external programs.

Tls Opt Dns Name Required

Type: boolean

Whether to require client certificates to contain a DNS name in the Subject Alternative Name extension. The reversedns setting must also be enabled.

Tls Opt Ip Address Required

Type: boolean

Whether to require client certificates to contain an IP address in the Subject Alternative Name extension.

Ssltls Certificate


ID of the certificate to use for TLS/SSL connections. null to use the default system certificate.

Type: integer
Type: null

Options

Type: string

Additional ProFTPD configuration directives to include in the server configuration. Manual directives may render the FTP service non-functional and should be used with caution.

FtpEntry

Type: object
No Additional Properties

Id

Type: integer

Placeholder identifier. Not used as there is only one.

Port

Type: integer

TCP port number on which the FTP service listens for incoming connections.

Value must be greater or equal to 1 and lesser or equal to 65535

Clients

Type: integer

Maximum number of simultaneous client connections allowed.

Value must be greater or equal to 1 and lesser or equal to 10000

Ipconnections

Type: integer

Maximum number of connections allowed from a single IP address. 0 means unlimited.

Value must be greater or equal to 0 and lesser or equal to 1000

Loginattempt

Type: integer

Maximum number of failed login attempts before blocking an IP address. 0 disables this limit.

Value must be greater or equal to 0 and lesser or equal to 1000

Timeout

Type: integer

Idle timeout in seconds before disconnecting inactive clients. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Timeout Notransfer

Type: integer

Timeout in seconds for clients that connect but do not transfer data. 0 disables timeout.

Value must be greater or equal to 0 and lesser or equal to 10000

Onlyanonymous

Type: boolean

Whether to allow only anonymous FTP access, disabling authenticated user login.

Anonpath


Filesystem path for anonymous FTP users. null to use the default anonymous FTP directory.

Type: string
Type: null

Onlylocal

Type: boolean

Whether to allow only local system users to login, disabling anonymous access.

Banner

Type: string

Welcome message displayed to FTP clients upon connection.

Filemask

Type: string

Default Unix permissions (umask) for files created by FTP users.

Dirmask

Type: string

Default Unix permissions (umask) for directories created by FTP users.

Fxp

Type: boolean

Whether to enable File eXchange Protocol (FXP) for server-to-server transfers.

Resume

Type: boolean

Whether to allow clients to resume interrupted file transfers.

Defaultroot

Type: boolean

Whether to restrict users to their home directories (chroot jail).

Ident

Type: boolean

Whether to perform RFC 1413 ident lookups on connecting clients.

Reversedns

Type: boolean

Whether to perform reverse DNS lookups on client IP addresses for logging.

Masqaddress

Type: string

Public IP address to advertise to clients for passive mode connections when behind NAT.

Passiveportsmin

Type: integer

Minimum port number for passive mode data connections. Must be 0 or between 1024-65535.

Passiveportsmax

Type: integer

Maximum port number for passive mode data connections. Must be 0 or between 1024-65535.

Localuserbw

Type: integer

Maximum upload bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Localuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for local users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserbw

Type: integer

Maximum upload bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Anonuserdlbw

Type: integer

Maximum download bandwidth in KiB/s for anonymous users. 0 means unlimited.

Value must be greater or equal to 0

Tls

Type: boolean

Whether to enable TLS/SSL encryption for FTP connections.

Tls Policy

Type: enum (of string)

TLS policy for connections. Values include: "on" (required), "off" (disabled), "data" (data only), "auth" (authentication only), "ctrl" (control only), or combinations with + and ! modifiers.

Must be one of:
  • ""
  • "on"
  • "off"
  • "data"
  • "!data"
  • "auth"
  • "ctrl"
  • "ctrl+data"
  • "ctrl+!data"
  • "auth+data"
  • "auth+!data"

Tls Opt Allow Client Renegotiations

Type: boolean

Whether to allow TLS clients to initiate renegotiation of the TLS connection.

Tls Opt Allow Dot Login

Type: boolean

Whether to allow .ftpaccess files to override TLS requirements for specific users.

Tls Opt Allow Per User

Type: boolean

Whether to allow per-user TLS configuration overrides.

Tls Opt Common Name Required

Type: boolean

Whether to require client certificates to have a Common Name field.

Tls Opt Enable Diags

Type: boolean

Whether to enable detailed TLS diagnostic logging.

Tls Opt Export Cert Data

Type: boolean

Whether to export client certificate data to environment variables.

Tls Opt No Empty Fragments

Type: boolean

Whether to disable empty TLS record fragments to improve compatibility with some clients. Disabling increases vulnerability to some attack vectors.

Tls Opt No Session Reuse Required

Type: boolean

Whether to disable the requirement for TLS session reuse.

Tls Opt Stdenvvars

Type: boolean

Whether to export standard TLS environment variables for use by external programs.

Tls Opt Dns Name Required

Type: boolean

Whether to require client certificates to contain a DNS name in the Subject Alternative Name extension. The reversedns setting must also be enabled.

Tls Opt Ip Address Required

Type: boolean

Whether to require client certificates to contain an IP address in the Subject Alternative Name extension.

Ssltls Certificate


ID of the certificate to use for TLS/SSL connections. null to use the default system certificate.

Type: integer
Type: null

Options

Type: string

Additional ProFTPD configuration directives to include in the server configuration. Manual directives may render the FTP service non-functional and should be used with caution.


*Required roles:* SHARING_FTP_WRITE