Ai-B: Initial article for xc-ftpd rev 06 (FTP File Sharing extension)

2026-04-23T16:04:59Z

Initial article for xc-ftpd rev 06 (FTP File Sharing extension)

New page

__NOTOC__
FTP file sharing container powered by [http://www.proftpd.org/ ProFTPD]. Provides anonymous FTP access with full read-write permissions to all configured shares.

'''Note:''' FTP File Sharing is delivered as an optional Small Update (the '''xc-ftpd''' module). This article describes revision '''06'''. If your system was updated to a newer revision, refer to the matching ''Extension:FTP_File_Sharing_rev_NN'' article.

== How to access ==

* '''Protocol:''' FTP (plain, unencrypted)
* '''Port:''' 21
* '''Username:''' '''anonymous''' (or '''ftp''')
* '''Password:''' none (empty)
* '''URL:''' <code>ftp://<server-ip>/</code>

All shares defined on the system are automatically exposed via FTP (not all datasets — only those configured as shares). There is no per-share FTP toggle in the GUI. Anonymous users have full read-write access to all shares.

=== Using FileZilla ===

In the FileZilla ''Site Manager'' (or the Quickconnect fields), set:

* '''Protocol:''' ''FTP – File Transfer Protocol''
* '''Host:''' ''storage-server-ip-address''
* '''Port:''' 21
* '''Encryption:''' ''Only use plain FTP (insecure)''
* '''Logon Type:''' ''Anonymous''

=== Directory structure ===

Shares appear as a flat list at the FTP root, identified by their share name:

ftp://server/
+-- share-name-1/
+-- share-name-2/
+-- share-name-3/
+-- ...

This differs from revisions prior to rev 06, where the FTP root was the ''/Pools'' directory and users navigated the pool/dataset hierarchy directly (e.g. ''Pool-0/dataset1/'').

== Configuration ==

ProFTPD configuration is visible from rootconsole under '''/mnt/host/etc/proftpd/'''.

=== File permissions ===

{| class="wikitable"
! Path (from rootconsole) !! Access !! Purpose
|-
| '''/mnt/host/etc/proftpd/proftpd.conf''' || read-only || Main config — not user-editable
|-
| '''/mnt/host/etc/proftpd/modules.conf''' || read-only || Module loading — not user-editable
|-
| '''/mnt/host/etc/proftpd/conf.d/''' || read-write || User drop-in configs
|-
| '''/mnt/host/etc/proftpd/share_*.conf.inc''' || read-only || Future FTPS/SFTP templates
|}

=== Customizing via conf.d/ ===

Administrators can add or modify '''.conf''' files in ''/mnt/host/etc/proftpd/conf.d/'' to tune connection limits, timeouts, network settings and other ProFTPD directives.

Included files:

* '''limits.conf''' — connection limits and timeouts. Sets ''MaxClients'', ''MaxClientsPerHost'', ''MaxInstances'' (all unlimited by default), timeouts for idle/stalled/login, ''MaxLoginAttempts'', and ''AllowForeignAddress'' (FXP).
* '''proftpd.conf.inactive''' — template for binding ProFTPD to a specific IP address. Rename to '''proftpd.conf''' to activate. Uncomment and set '''DefaultAddress''' to restrict which interface FTP listens on.

Naming convention:

* '''*.conf''' — active, loaded by ProFTPD
* '''*.conf.inactive''' — disabled template (rename to '''.conf''' to activate)

After editing, reload or restart the container from rootconsole for changes to take effect:

service lxc@ftpd reload # SIGHUP proftpd (fast; no session drop beyond SIGHUP)
service lxc@ftpd restart # full container restart

=== Logs ===

ProFTPD logs are persisted so they survive container restarts. From rootconsole they are visible at:

* '''/mnt/host/var/log/xc-ftpd/proftpd/proftpd.log''' — main daemon log
* '''/mnt/host/var/log/xc-ftpd/proftpd/extended.log''' — detailed per-command log
* '''/mnt/host/var/log/xc-ftpd/proftpd/xferlog''' — file transfer log

=== Security restrictions ===

* '''VRootAlias and VRootEngine directives are not allowed in conf.d/.''' Any VRoot directives placed there will be silently ignored or rejected. This prevents exposing paths outside the storage pools.
* '''Share paths are validated.''' Only shares under ''/Pools/'' are accepted; any others are rejected and the rejection is logged via syslog.
* '''Share mappings are auto-generated only.''' They are regenerated on every boot and pool change, and cannot be manually edited to persist.

== How it works ==

* Shares are discovered automatically at container startup.
* Each share is mapped by name (share name → path on pool).
* When storage pools are mounted or unmounted, the share list is refreshed automatically — no manual action needed.

== Known issues and limitations ==

* '''Anonymous access only.''' This revision does not support per-user authentication. Any client that can reach port 21 has full read-write access to every share.
* '''No encryption.''' FTPS (explicit TLS) and SFTP (SSH File Transfer Protocol) are '''not''' enabled in this revision. Configuration templates for both protocols are present in ''/mnt/host/etc/proftpd/'' but are disabled. Support for FTPS and SFTP is planned for a future revision.
* '''No per-share FTP toggle.''' All shares are exposed automatically; there is no option in the GUI to exclude a specific share from FTP. To hide a share from FTP, remove its share configuration on the system.
* '''Unencrypted traffic.''' File contents and directory listings are transmitted in plain text over the network. Use FTP only on trusted network segments until FTPS/SFTP are available.

== Changelog ==

=== rev 06 ===

* FTP-only (anonymous, read-write)
* Flat share listing by name (previously pool/dataset hierarchy)
* Config visible from rootconsole at ''/mnt/host/etc/proftpd/''; ''conf.d/'' writable for user tuning
* VRoot directives blocked in ''conf.d/'' (security: prevents path exposure)
* Share path validation (only ''/Pools/'' allowed)
* Share list auto-refresh on pool mount/unmount events
* ''lxc@ftpd'' init script: ''service lxc@ftpd reload/restart'' usable from rootconsole

=== rev 05 ===

* Updated base system

=== rev 04 ===

* Added VRoot support
* Share config auto-generation

=== rev 03 ===

* Setting ''MaxClients'', ''MaxClientsPerHost'' to none (as no limit)
* Setting ''MaxConnections'' to none

=== rev 02 ===

* Option ''AllowForeignAddress'' changed to on in order to allow ''FXP''

----

For further customization or troubleshooting, refer to the [http://www.proftpd.org/docs/ upstream ProFTPD documentation] or contact your support representative.

[[Category:Help topics]]
[[Category:Extensions]]

Extension:FTP File Sharing rev 06 - Revision history

Ai-B: Initial article for xc-ftpd rev 06 (FTP File Sharing extension)