ProFTPD for CentOS 6

More of a note to self than anything. As usual, YMMV.

Use RPMforge RepoForge package

rpm -Uvh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
yum install proftpd -y
chkconfig --level 345 proftpd on
/etc/init.d/proftpd restart
netstat -tnlp|grep proftpd

Configure iptables

iptables -A INPUT -p tcp -m tcp --dport 21 -j ACCEPT
etc/init.d/iptables save
etc/init.d/iptables restart

New Linux user; e.g., foo

useradd foo -p /path/to/home/directory
passwd foo

Does it work?

Command: USER foo
Response: 331 Password required for foo
Command: PASS ********
Response: 530 Login incorrect.
Error: Critical error: Could not connect to server

Errors in /var/log/secure

Oct 29 03:41:07 bar proftpd: PAM unable to dlopen(/lib64/security/ /lib64/security/ cannot open shared object file: No such file or directory
Oct 29 03:41:07 bar proftpd: PAM adding faulty module: /lib64/security/
Oct 29 03:41:07 bar proftpd[36319]: ([]) - USER foo (Login failed): Incorrect password.`

Fix PAM config for proftpd-1.3.4a-1.el6.rf.x86_64; e.g.,

# cat /etc/pam.d/proftpd
auth required item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required
auth include system-auth
account include system-auth
session include system-auth
session required

Does it work now?

Command: PWD
Response: 257 "/" is the current directory
Command: TYPE I
Response: 200 Type set to I
Command: PASV
Response: 227 Entering Passive Mode.
Command: MLSD
Error: Connection timed out
Error: Failed to retrieve directory listing`

Configure passive FTP (PASV)

# iptables -A INPUT -p tcp -m multiport --dports 60000:65535 -j ACCEPT
# etc/init.d/iptables save; etc/init.d/iptables restart
# grep passiveport /etc/proftpd.conf
PassivePorts 60000 65535
# /etc/init.d/proftpd restart

Does it work, at long last?

Command: MLSD
Response: 150 Opening ASCII mode data connection for MLSD
Response: 226 Transfer complete
Status: Directory listing successful