Chapter 13 FTP Server Administration
» Table of Contents |  | | » Glossary | | | » Index | | |
| | |
| ||
| ||
Table of Contents
File Transfer Protocol (FTP) is a client/server protocol that allows a user on one computer to transfer files to and from another computer over a TCP/IP network. When you set up an anonymous FTP account on your system, any remote user can access your system by means of the user name ftp or anonymous. Once logged in, the user has access to only a special directory hierarchy containing public files, and can copy these files to another system using FTP. Anonymous FTP is a very useful information vehicle on the Internet, but it poses particular security issues for the host system.
Internet Express includes the Pure-FTP server.
From the Manage Components menu, choose Pure-FTP Server (Section : Administering Pure-FTP Server)
To access Pure-FTP Server Administration, from the Manage Components menu, choose Pure-FTP server. The Pure-FTP Server Administration menu (Figure 13-1) displays.
You can perform the the following Pure-FTP Server administration tasks:
Create or modify an anonymous Pure-FTP user account (Section : Creating or Modifying an Anonymous Pure-FTP User Account)
Enable or disable anonymous Pure-FTP access on your system (Section : Enabling or Disabling Anonymous Pure-FTP Access)
Enable or disable chroot (Section : Enabling or Disabling chroot)
Display the active Pure-FTP users (Section : Displaying Active Pure-FTP Users)
Enable or disable Pure-FTP Server (Section : Enabling or Disabling Pure-FTP server)
To create the anonymous FTP account on your system, follow these steps:
From the Administration utility Main menu, choose Manage Components.
From the Manage Components menu, choose Pure-FTP Server.
From the Pure-FTP Server Administration menu, choose Create/Modify Pure-FTP User Account.
On the Create Pure-FTP User Account form, enter the following information:
Minimum UID – The Administration utility searches for the specified UID and, if it is available, assigns it to the account. If that UID number is not available, the utility assigns the next highest available UID.
FTP Group Name — Name of the group to which you want to assign the anonymous Pure-FTP account. If the group you specify does not exist, the Administration utility creates it.
FTP Home Directory –The home directory is the root of the directory structure that you want to make visible to anonymous FTP users. It contains the pub directory, which is the repository for all publicly available documents. It also contains the bin directory, which is the repository for all programs you want to make available to the public. Make sure that the pub and bin directories have enough space for the files you plan to make available to remote systems, and for the files you expect users to copy there from remote systems. The default home directory of the anonymous FTP account is /data/ftp.
When the form is complete, click on Submit to create the anonymous FTP account. To restore the form's default settings, click on Reset.
To enable or disable the anonymous login for Pure-FTP, follow these steps:
From the Administration utility Main menu, choose Manage Components.
From the Manage Components menu, choose Pure-FTP Server.
From the Pure-FTP Server Administration menu, choose Enable/Disable Anonymous Pure-FTP Access.
The current status of the account is displayed (either enabled or disabled).
If access is enabled, click on Disable to disable access. If access is disabled, click on Enable to enable access.
File upload is disabled by default for anonymous FTP access. If you wish to enable upload for anonymous FTP, you need to edit /usr/local/etc/ftpaccess and add a line similar to the following:
upload /data/ftp /pub yes ftp daemon 0666
In the example, the anonymous FTP user (ftp) with home directory /data/ftp is allowed to upload files into the /data/ftp/pub directory and the resulting files have owner set to ftp, group set to daemon, and permissions set to 0666.
chroot is a technique under UNIX, whereby users are kept in a confined part of the directory tree. Trying to change to a directory outside of this limited area will fail.
For example, assume there is a user with the user name mimi. With chroot disabled, mimi will be able to log in and retrieve any public-readable file in the file system.
Now, with chroot enabled, when mimi next carries out a FTP log in, only mimi's home directory (/usr/users/mimi or /home/mimi) will be reachable, not the whole file system.
To enable or disable the chroot for Pure-FTP, follow these steps:
From the Administration utility Main menu, choose Manage Components.
From the Manage Components menu, choose Pure-FTP Server.
From the Pure-FTP Server Administration menu, choose Enable/Disable chroot.
The current status is displayed (either enabled or disabled).
If chroot is enabled, click on Disable to disable the ability to execute chroot. If chroot is disabled, click on Enable to enable the ability to execute chroot.
You can display the current Pure-FTPd client sessions. To access the Show Active Pure-FTP Users page, follow these steps:
To enable or disable the Pure-FTP server, follow these steps:
From the Administration utility Main menu, choose Manage Components.
From the Manage Components menu, choose Pure-FTP server.
From the Pure-FTP Server Administration menu, choose Enable/Disable menu for Pure-FTP.
To enable the Pure-FTP server, click Enable. To disable the Pure-FTP server, click Disable.