📄 789-791.html
字号:
<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:Setting Up an FTP and Anonymous FTP Site</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>
-->
<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=48//-->
<!--PAGES=789-791//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="787-789.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="791-793.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H3><A NAME="Heading5"></A><FONT COLOR="#000077">Configuring FTP</FONT></H3>
<P>Whether you decide to provide an anonymous FTP site or a user-login FTP system, you need to perform some basic configuration steps to get the FTP daemon active and to set the directory system and file permissions properly in order to prevent users from destroying or accessing files they shouldn’t. The process can start with choosing an FTP site name. You don’t really need a site name, although it can be easier for others to access your machine with one (especially anonymously). The FTP site name is of the format:
</P>
<!-- CODE SNIP //-->
<PRE>
ftp.<I>domain_name.domain_type</I>
</PRE>
<!-- END CODE SNIP //-->
<P>where <I>domain_name</I> is the domain name (or an alias) of the FTP server’s domain, and <I>domain_type</I> is the usual DNS extension. For example, you could have an FTP site name of</P>
<!-- CODE SNIP //-->
<PRE>
ftp.tpci.com
</PRE>
<!-- END CODE SNIP //-->
<P>showing that this is the anonymous FTP access for anyone accessing the <TT>tpci.com</TT> domain. It is usually a bad idea to name your FTP site with a specific machine name, such as:</P>
<!-- CODE SNIP //-->
<PRE>
ftp.merlin.tpci.com
</PRE>
<!-- END CODE SNIP //-->
<P>because this makes it difficult to move the FTP server to another machine in the future. Instead, use an alias to point to the actual machine on which the FTP server sits. This is not a problem if you are a single machine connected to the Internet through a service provider, for example, but it is often necessary with a larger network. The alias is easy to set up if you use DNS. Set the alias in the DNS databases with a line like this:
</P>
<!-- CODE SNIP //-->
<PRE>
ftp IN CNAME merlin.tpci.com
</PRE>
<!-- END CODE SNIP //-->
<P>This line points anyone accessing the machine <TT>ftp.tpci.com</TT> to the real machine <TT>merlin.tpci.com</TT>. If the machine <TT>merlin</TT> has to be taken out of its FTP server role for any reason, a change in the machine name on this line will point the <TT>ftp.tpci.com</TT> access to the new server. (A change in the alias performed over DNS can take a while to become active because the change must be propagated through all the DNS databases.)</P>
<H4 ALIGN="LEFT"><A NAME="Heading6"></A><FONT COLOR="#000077">Setting Up ftpd</FONT></H4>
<P>The FTP daemon, <TT>ftpd</TT>, must be started on the FTP server. The daemon is usually handled by <TT>inetd</TT> instead of the <TT>rc</TT> startup files, so <TT>ftpd</TT> is active only when someone needs it. This is the best approach for all but the most heavily loaded FTP sites. When started using <TT>inetd</TT>, the <TT>inetd</TT> daemon watches the TCP command port (channel 21) for an arriving data packet requesting a connection, and then spawns <TT>ftpd</TT>.</P>
<P>Make sure the <TT>ftpd</TT> daemon can be started by <TT>inetd</TT> by checking the <TT>inetd</TT> configuration file (usually <TT>/etc/inetd.config</TT> or <TT>/etc/inetd.conf</TT>) for a line that looks like this:</P>
<!-- CODE SNIP //-->
<PRE>
ftp stream tcp nowait root /usr/etc/ftpd ftpd -l
</PRE>
<!-- END CODE SNIP //-->
<P>If the line doesn’t exist, add it to the file. With most Linux systems, the line is already in the file, although it may be commented out. Remove the comment symbol if this is the case. The FTP entry essentially specifies to <TT>inetd</TT> that FTP is to use TCP and that it should spawn <TT>ftpd</TT> every time a new connection is made to the FTP port. In the preceding example, the <TT>ftpd</TT> daemon is started with the <TT>-l</TT> option, which enables logging. You can ignore this option if you want. You should replace the pathname <TT>/usr/etc/ftpd</TT> with the location of your FTP daemon.</P>
<P>There are several <TT>ftpd</TT> daemon options that you can add to the <TT>/etc/inetd.config</TT> line to control <TT>ftpd</TT>’s behavior. The following list contains the most commonly used options:</P>
<DL>
<DD><B>•</B> <TT>-d</TT> Adds debugging information to the <TT>syslog</TT>.
<DD><B>•</B> <TT>-l</TT> Activates a logging of sessions (only failed and successful logins, not debug information). If the <TT>-l</TT> option is specified twice, all commands are logged, too. If specified three times, the size of all <TT>get</TT> and <TT>put</TT> file transfers are added, as well.
<DD><B>•</B> <TT>-t</TT> Sets the timeout period before <TT>ftpd</TT> terminates after a session is concluded (default is 15 minutes). The value is specified in seconds after the <TT>-t</TT> option.
<DD><B>•</B> <TT>-T</TT> Sets the maximum timeout period (in seconds) that a client can request. The default is two hours. This lets a client alter the normal default timeout for some reason.
<DD><B>•</B> <TT>-u</TT> Sets the <TT>umask</TT> value for files uploaded to the local system. The default <TT>umask</TT> is <TT>022</TT>. Clients can request a different <TT>umask</TT> value.
</DL>
<H4 ALIGN="LEFT"><A NAME="Heading7"></A><FONT COLOR="#000077">FTP Logins</FONT></H4>
<P>If you are going to set up a user-based FTP service where each person accessing your system has a valid login name and password, then you must create an account for each user in the <TT>/etc/passwd</TT> file. If you are not allowing anonymous FTP access, do not create a generic login that anyone can use.</P>
<P>To set up an anonymous FTP server, you must create a login for the anonymous user ID (if one doesn’t already exist; many versions of Linux have the entry already completed upon installation). This is done in the normal process of adding a user to the <TT>/etc/passwd</TT> file. The login name is whatever you want people to use when they access your system, such as <TT>anonymous</TT> or <TT>ftp</TT>. You need to select a login directory for the anonymous users that can be protected from the rest of the file system. A typical <TT>/etc/passwd</TT> entry looks like this:</P>
<!-- CODE SNIP //-->
<PRE>
ftp:*:400:51:Anonymous FTP access:/usr/ftp:/bin/false
</PRE>
<!-- END CODE SNIP //-->
<P>This sets up the anonymous user with a login of <TT>ftp</TT>. The asterisk password prevents anyone gaining access to the account. The user ID number (400) is, of course, unique to the entire system. For better security, it is a good idea to create a separate group just for the anonymous FTP access (edit the <TT>/etc/group</TT> file to add a new group), then set the <TT>ftp</TT> user to that group. Only the anonymous FTP user should belong to that group because it can be used to set file permissions to restrict access and make your system more secure. The login directory in the preceding example is <TT>/usr/ftp</TT>, although you can choose any directory as long as it belongs to root (for security reasons, again). The startup program shown in the preceding example is <TT>/bin/false</TT>, which helps protect your system from access to accounts and utilities that do not have a strong password protection.</P><P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="787-789.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="791-793.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
</td>
</tr>
</table>
<!-- begin footer information -->
</body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -