#----------------------------------------------------------
# This is the main server configuration

[section] main

# allow connections from port 21
ftpport 21

# set maximum users to 200
maxusers 200

# log everything execpt debugging logs
logstrength 63

# set logfile
logfile /var/log/muddleftpd.log

# set default timeout to 300 seconds
timeout 300

# set the file displayed on login
logindump /etc/issue.ftp

# allow anyhost to connect
ipacl A:*

# set admin email address
email user@hostname

# set scratchfile for inetd operation
scratchfile /var/lock/muddleftpd.scratch 

# set the list of vserver muddleftpd is to use
vserver external
vserver internal

# set the server to use smartbind, which can significantly reduce
# the number of file descriptors needed by the server
smartbind 1

#----------------------------------------------------------
# This configures vserver external. This handles users from 
# outside.

[section] external

	# accept users from anywhere
	ipacl A:*

	# this vserver will bind to port 21. It can be told to bind to
	# a specific device using ftpport 21/<ip of device> 
	# eg ftpport 21/10.1.1.1
	ftpport 21 
	
	# set the groups this vserver will run through. Since the external
	# vserver is only for connections from outside, only allow anonymous
	# logins
	group anonymous

	# Set an approprate login
	greeting Anonymous FTPD ready. Enter 'anonymous' as username.

	# Set maxusers to 50 to pervent external users flooding server
	maxusers 50

	# set the hostname to what we want
	hostname external.somewhere.net

#----------------------------------------------------------
# This configures vserver internal. This handles users from 
# the internal network

[section] external

	# allow users from local network only
	ipacl A:10.1.1.0/255.255.255.0
	ipacl A:127.0.0.1/255.255.255.255

	# this vserver will bind to port 2100. It can be told to bind to
	# a specific device using ftpport 2100/<ip of device> 
	# eg ftpport 2100/10.1.1.1
	ftpport 2100
	
	# set the groups this vserver will run through.
	group badusers
	group anonymous
	group localusers

	# set the hostname to what we want
	hostname internal.somewhere.net

#----------------------------------------------------------
# This configures badusers. It catches any bad usernames that
# should not be logged into

[section] badusers

	# tell it to accept the usernames root, uucp and news
	nameacl A:root
	nameacl A:uucp
	nameacl A:news
	
	# accept these usernames from any host.
	ipacl A:*

	# tell the server these usernames are disabled
	authmethod disabled

	# set the maxuser count of this group to 0 so it isn't
	# added to the stats
	maxusers 0

#----------------------------------------------------------
# This configures the anonymous user.
# Note: if the following doesn't work, then your computer
#       needs the ftp user to be set.

[section] anonymous

	# tell the group that is can accept any host
	ipacl A:*

	# tell the server to accept anonymous or ftp for this group
	nameacl A:anonymous
	nameacl A:ftp

	# tell the server to use chroot to the anonymous rootdir
	chroot 1

	# tell the server to use the ftp user as the anonymous rootdir
	# and uid/gid
	authparams ftp

	# tell the server to use the anonymous authenticator, and
	# accept any password.
	authmethod anonymous

	# disallow any changes to file permissions or upload umask
	chmoding 0

	# print out this file when the user logs in. It is not relative
	# to anonymous's rootdir
	welcome /home/ftp/welcome.msg

	# display this file when a user changes into a new directory
	cddump .message

	# display this file when too many users are logged on
	busydump /etc/msgs/msg.toomany

	# set the umask files are uploaded with
	umask 077

	# give anonymous user read/list access everywhere and add/list access
	# to the incoming folder. The / on the end of the second directive
	# tells muddleftpd to apply ACL to a directory rather than a file.
	access /:RLC
	access /incoming/:ALC
	
	# limit the size of this group so localusers can log in too
	maxusers 100

	# set the niceness of anonymous users to 10
	nice 10

#----------------------------------------------------------
# This configures the normal users.

[section] localusers

	# tell the group that it can accept any host that the last group
	# didn't get
	ipacl A:*

	# tell the server to accept any username for this group
	nameacl A:*

	# tell the server to use chroot to the user's rootdir
	chroot 1

	# set the users rootdir to their homedir, to lock them in there
	rootdir %h
	
	# set the users homedir to /, so he ends up in his own homedir
	homedir /

	# tell the server to use the unix authenticator, useful against
	# normal password files
	authmethod unix

	# give normal users full access to their userspace
	access /:ALL

	# allow server-server transfers with localusers
	fxpallow 1