0131-0134.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Developer.com - Online Reference Library - 0672311739:RED HAT LINUX 2ND EDITION:FTP</TITLE>
<META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!-- ISBN=0672311739 //-->
<!-- TITLE=RED HAT LINUX 2ND EDITION //-->
<!-- AUTHOR=DAVID PITTS ET AL //-->
<!-- PUBLISHER=MACMILLAN //-->
<!-- IMPRINT=SAMS PUBLISHING //-->
<!-- PUBLICATION DATE=1998 //-->
<!-- CHAPTER=08 //-->
<!-- PAGES=0131-0152 //-->
<!-- UNASSIGNED1 //-->
<!-- UNASSIGNED2 //-->




<P><CENTER>
<a href="../ch07/0128-0130.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0135-0138.html">Next</A>
</CENTER></P>

<A NAME="PAGENUM-131"><P>Page 131</P></A>





<H3><A NAME="ch08_ 1">
CHAPTER 8
</A></H3>




<H2>

FTP

</H2>




<B>by Steve Shah
</B>





<H3><A NAME="ch08_ 2">
IN THIS CHAPTER
</A></H3>




<UL>
<LI>     Getting and Installing the FTP Server 132
<LI>     How the FTP Server Works 133
<LI>     Configuring Your FTP Server 134
<LI>     FTP Administrative Tools 151
</UL>

<A NAME="PAGENUM-132"><P>Page 132</P></A>





<P>Using the File Transfer Protocol (FTP) is a popular way to transfer files from machine to
machine across a network. Clients and servers have been written for all the popular platforms,
thereby often making FTP the most convenient way of performing file transfers.
</P>




<P>You can configure FTP servers in one of two ways. The first is as a private user-only site,
which is the default configuration for the FTP server; I will cover this configuration here. A
private FTP server allows users on the system only to be able to connect via FTP and access their
files. You can place access controls on these users so that certain users can be explicitly denied
or granted access.
</P>




<P>The other kind of FTP server is anonymous. An anonymous FTP server allows anyone on
the network to connect to it and transfer files without having an account. Due to the
potential security risks involved with this setup, you should take precautions to allow access only to
certain directories on the system.
</P>


<P>
<P>
<P>
<P>
<P>
<P>

<CENTER>
<TABLE BGCOLOR="#FFFF99">
<TR><TD><B>
WARNING
</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
Configuring an anonymous FTP server always poses a security risk. Server software
is inherently complex and can therefore have bugs allowing unauthorized users access
to your system. The authors of the FTP server you will configure in this chapter have gone
to great lengths to avoid this possibility; however, no one can ever be 100 percent sure.

<BR>If you decide to establish an anonymous FTP server, be sure to keep a careful eye
on security announcements from CERT (www.cert.org), and update the server
Software whenever security issues arise.
</BLOCKQUOTE></TD></TR>
</TABLE></CENTER>
</P>
<P>Depending on which packages you chose to install during the installation, you might
already have the FTP server software installed. To determine whether you have the server
software installed, check for the
/usr/sbin/in.ftpd file. If it is there, you have the necessary software.
If you don't, read the next section to learn how to install it.
</P>




<H3><A NAME="ch08_ 3">
Getting and Installing the FTP Server
</A></H3>




<P>Red Hat Linux uses the freely available wu-ftpd server. It comes as an
RPM (Red Hat Package Manager) and is offered as an installation option during initial setup. If you decide that
you want to run an FTP server but did not install the RPM, fetch
wu-ftpd-2.4.2b12-6.i386.rpm from the CD-ROM, or check
www.redhat.com for the latest edition.
</P>




<P>To install the RPM, simply log in as root and run the following:
</P>


<!-- CODE SNIP //-->
<PRE>
[root@denon /root]# rpm -i wu-ftpd-2.4.2b12-6.i386.rpm
</PRE>
<!-- END CODE SNIP //-->





<P>If you plan to offer an anonymously accessible site, then be sure to install the
anonftp-2.3-3.i386.rpm from the CD-ROM as well. As always, you can check for the latest version
at www.redhat.com.
</P>

<A NAME="PAGENUM-133"><P>Page 133</P></A>






<P>To install the anonymous FTP file, log in as root and run the following:
</P>


<!-- CODE SNIP //-->
<PRE>
[root@denon /root]# rpm -i anonftp-2.3-3.i386.rpm
</PRE>
<!-- END CODE SNIP //-->





<P>Now you have a working anonymous FTP server!
</P>




<P>To test whether the installation worked, simply use the
FTP client and connect to your machine. For the sample FTP server,
denon, you would respond to the following:
</P>


<!-- CODE //-->
<PRE>
[root@denon /root]# ftp denon
Connected to denon.domain.com.
220 denon.domain.com FTP server (Version wu-2.4.2-academ[BETA-12](1)
&Acirc;Wed Mar 5 12:37:21 EST 1997) ready.
Name (denon:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password: sshah@domain.com             [This is not echoed on the screen]
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp&gt;
</PRE>
<!-- END CODE //-->





<P>To quit the FTP client software, simply enter
bye at the ftp&gt; prompt. If you want to test the private FTP server, rerun the FTP client but use your login instead of the anonymous
login. Here's an example:
</P>


<!-- CODE //-->
<PRE>
[root@denon /root]# ftp denon
Connected to denon.domain.com
220 denon.domain.com FTP server (Version wu-2.4.2-academ[BETA-12](1)
&Acirc;Wed Mar 5 12:37:21 EST 1997) ready.
Name (denon:root): sshah
331 Password required for sshah.
Password: mars1031               [This is not echoed on the screen]
230 User sshah logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp&gt;
</PRE>
<!-- END CODE //-->





<H3><A NAME="ch08_ 4">
How the FTP Server Works
</A></H3>




<P>FTP service is controlled from the
/etc/inetd.conf file and is automatically invoked
whenever someone connects to the FTP port. (Ports are logical associations from a network
connection to a specific service. For example, port 21 associates to FTP, port 23 associates to
Telnet, and so on.) When a connection is detected, the
FTP daemon (/usr/sbin/in.ftpd) is invoked and the session begins. In the
/etc/inetd.conf file, the default Red Hat distribution
contains the necessary line for this step to occur.
</P>




<P>After the server is initiated, the client needs to provide a username and corresponding
password. Two special usernames&#151;anonymous and
ftp&#151;have been set aside for the purpose of allowing access to the public files. Any other access requires that the user have an account on
the server.
</P>

<A NAME="PAGENUM-134"><P>Page 134</P></A>






<P>If a user accesses the server by using his or her account, an additional check is performed
to ensure that the user has a valid shell. If the user doesn't have a valid shell, he or she is
denied access into the system. This check is useful if you want to allow users limited access to a
server (for example, POP mail) but do not want them logging in via Telnet or FTP. For a shell to
be valid, it must be listed in the /etc/shells file. If you decide to install a new shell, be sure to
add it to your /etc/shells listing so that people using that shell can connect to the system via FTP.
</P>




<P>Users accessing the FTP server are placed in their home directories when they first log in.
At that point, they can change into any directories on the system to which they have
permission. Anonymous users, on the other hand, have several restrictions placed on them.
</P>




<P>Anonymous users are placed in the home directory for the FTP users. By default, this
directory is set to /home/ftp by the anonftp RPM package. After the users get there, the FTP server
executes a chroot system call. This call effectively changes the program's root directory to
the FTP users' directory. Access to any other directories in the system, which includes the
/bin,
/etc, and /lib directories, is denied. This change in the root directory has the side effect of
the server not being able to see /etc/passwd,
/etc/group, and other necessary binaries such as
/bin/ls. To make up for this change, the anonftp RPM package creates a
bin, etc, and lib directory under /home/ftp, where necessary libraries and programs are placed (such as
ls) and where the server software can access them even after the
chroot system call has been made.
</P>




<P>For security reasons, files placed under the
/home/ftp directory have their permissions set
such that only the server can see them. (This is done automatically during
anonftp's install.) Any other directories created under
/home/ftp should be set up so that they are world readable.
Most anonymous FTP sites place such files under the
pub subdirectory.
</P>




<H3><A NAME="ch08_ 5">
Configuring Your FTP Server
</A></H3>




<P>Although the default configuration of the FTP server is reasonably secure, you can
fine-tune access rights by editing the following files:
</P>




<UL>
<LI>          /etc/ftpaccess
<LI>          /etc/ftpconversions
<LI>          /etc/ftphosts
<LI>          /var/log/xferlog
</UL>




<P>With all these files, you can have very fine control of who, when, and from where people
can connect to your server as well as an audit trail of what they did after they did connect. The 
/etc/ftpaccess file is the most significant of these because it contains the most
configuration options; however, misconfiguring any of the others can lead to denied service.
</P>

<P><CENTER>
<a href="../ch07/0128-0130.html">Previous</A> | <a href="../ewtoc.html">Table of Contents</A> | <a href="0135-0138.html">Next</A>
</CENTER></P>




</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>