These instructions apply to version 2.8.7 of NcFTPd. Grab the latest version from the FTP site if your copy is outdated.
Unpack the archive. The package comes as a gzipped TAR file, which means to extract the archive you need to first un-gzip it, and then un-tar it. The file will be named "xxxx.tar.gz". First, convert the .tar.gz file into a .tar file, like this:
$ gzip -d ncftpd.tar.gz
Gzip will decompress the file, and rename it into a .tar file. Now un-tar the .tar file, like this:
$ tar xf ncftpd.tar
That will extract the files from the package into a directory named ncftpd-x.y.z, where x.y.z is the version number. Change your current working directory to this directory by doing:
$ cd ncftpd-x.y.z
Become superuser ("root"), if you aren't already. If you are logged in as an unprivileged user, simply run:
$ su -
The installation program, install_ncftpd.pl located in
directory you just changed to, is a Perl 5 script. If you don't have Perl version 5 or later installed on your system, you can
either download and install Perl, or you can proceed to the section below and
install NcFTPd manually.
The script is invoked similarly to a typical "configure" script, in
that you can specify parameters such as "--prefix" to change where
the files are installed. By default, programs are installed in /usr/local/sbin
and the configuration files are installed into /usr/local/etc/ncftpd. If
you want to use a different install prefix, specify --prefix=DIR on the
command line. For example, if you used the parameter
"--prefix=/opt/ncftpd" then the programs would be installed into
/opt/ncftpd/sbin and the configuration files into /opt/ncftpd/etc/ncftpd.
Most installations will use no parameters at all, so you would simply run:
# perl ./install_ncftpd.pl
The installation program will run and do its best to stop your existing FTP service (if present) and install and run NcFTPd for you. After the script completes it will tell you if the installation was successful, as well as locations of the installation log and your NcFTPd configuration files. If it was successful, your next step is to edit the configuration files and customize your FTP service configuration; if it was not successful, you can see below on how to install NcFTPd manually. You can also re-run the installation program if you fix the problems noted by the installation program.
Unpack the archive. The package comes as a gzipped TAR file, which means to extract the archive you need to first un-gzip it, and then un-tar it. The file will be named "xxxx.tar.gz". First, convert the .tar.gz file into a .tar file, like this:
$ gzip -d ncftpd.tar.gz
Gzip will decompress the file, and rename it into a .tar file. Now un-tar the .tar file, like this:
$ tar xf ncftpd.tar
That will extract the files from the package into a directory named ncftpd-x.y.z, where x.y.z is the version number. Change your current working directory to this directory by doing:
$ cd ncftpd-x.y.z
Become superuser ("root"), if you aren't already. If you are logged in as an unprivileged user, simply run:
$ su -
Decide upon the final locations of the NcFTPd program files and configuration files. We recommend that you use the directory /usr/local/sbin for NcFTPd's program files, and the directory /usr/local/etc/ncftpd for everything else. Create the directories /usr/local, /usr/local/sbin, /usr/local/etc, and /usr/local/etc/ncftpd if they are not already present. An easy way to do that is to just do the following while logged in as root:
# mkdir -m 755 -p /usr/local/etc/ncftpd /usr/local/sbin
The machine you intend to run the FTP server on needs to be setup for FTP.
So, the first step is to make sure there is a user in the system user database that can be used for FTP. If you are planning to offer anonymous FTP service, you should add an ftp user. This is not required, since NcFTPd will default to the users "daemon", "web", or "www", and one of those users is usually already present on the system, but is recommended.
Here's an example entry from a system's /etc/passwd file for the ftp user. When adding the user, make sure that the user has an invalid encrypted password (noted in the example below as a single asterisk). This is necessary since human beings should not be logging in as ftp with telnet or ssh! The UID and GID can be any values not already being used, as long as they are not zero. The shell should be set to anything other than a real shell program (the example uses /bin/false).
ftp:*:14:50:FTP User:/home/ftp:/bin/false
The only other important thing in the user's record is the directory field. This should be set to the directory you plan on using for public FTP access. If you don't plan on offering public access, you still need to set this to something. We recommend setting it to "/no_public_ftp", so in case you accidentally enable anonymous FTP, the user will not have access to any valid directory of the filesystem.
Create the anonymous FTP hierarchy if you want to offer anonymous FTP. Most of the time you will just use the home directory for the ftp user, but you do not have to use that directory. No matter what directory you choose, we will denote the anonymous FTP hierarchy as ~ftp.
The ~ftp directory should not be owned by ftp, but by root and have mode 755 (drwxr-xr-x). Any subdirectories you don't want people removing should not be owned by the ftp user.
Copy files and directories you want accessible to the outside world into
the anonymous FTP hierarchy. Avoid using symbolic links because the server
does a chroot
to the ~ftp directory, and if a link
points outside of the anonymous tree the link will be invalid.
Create the /etc/ftpusers file, if it is not already present. This file contains a list of usernames, one username per line, which should never be allowed to login via FTP. Typically, it contains all of the special-purpose system users. At a minimum, it should contain root. You can skip this step if you like, but /etc/ftpusers should be created for maximum security.
Here's an example /etc/ftpusers file:
root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody
Make sure the /etc/shells file exists. This file contains a list of interactive shell programs. The purpose of it is to disallow logins from any user who does not have an interactive shell. This is also optional, but again, for maximum security it is recommended that you create this file.
Here's an example /etc/shells file:
/bin/sh /sbin/sh /bin/ksh /bin/csh /bin/bash /bin/tcsh /usr/bin/ksh /usr/local/bin/bash /usr/local/bin/tcsh
You now need to create configuration files for NcFTPd. The package comes with sample files, named general.cf-dist and domain.cf-dist Make copies of the sample files and move it to a permanent location. If you're using our recommendations, that would be /usr/local/etc/ncftpd/general.cf and /usr/local/etc/ncftpd/domain.cf.
Then edit the files you copied. Directions on how to configure the server are contained in the files, so read through them and make changes. You can also view the configuration reference documentation.
The general.cf file contains settings that apply globally to the server and all of your domains, while the domain.cf file contain the domain-specific settings for one or more virtual domains. Most systems will only have one domain, so you will only have one set of settings in the domain.cf file, but multi-homed hosts or machines with virtual domains will have multiple configuration sets, one for each IP address.
Move the ncftpd executable file to a permanent location. As suggested, that would make the path be /usr/local/sbin/ncftpd. Also copy the programs ncftpd_passwd, ncftpd_spy, ncftpd_edquota, and ncftpd_repquota to the same directory (i.e. /usr/local/sbin).
Make sure the owner of the executables is bin or root, and that no one has write permission on it. An easy way to do that would be:
# chown root:root /usr/local/sbin/ncftpd* # chmod 755 /usr/local/sbin/ncftpd*
Disable the existing FTP service if it is being handled by the inetd process. To do that, edit the /etc/inetd.conf file and comment out the line that starts with "ftp" by inserting a # character at the first position. Here is an example of a properly disabled entry in the inetd.conf. The exact details may vary, but it should resemble the following:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
Force the /etc/inetd to reload its config file. The standard way to do this is to find the process ID for the inetd and send it a "hangup signal" (SIGHUP) by doing a kill -1 pid. To find out the process ID of inetd, try one of the following:
# ps -ef | fgrep inetd
# ps aux | fgrep inetd
Test NcFTPd while logged in as root from your shell command line. Run it just as you normally would, except add the verbose flag, -v, like this:
# /usr/local/sbin/ncftpd -v /usr/local/etc/ncftpd/general.cf /usr/local/etc/ncftpd/domain.cf
If the server does not encounter a fatal error, it will stay running, so now go to another shell, preferably on another system altogether, and try to FTP to your FTP server. Try a sample FTP session and ensure everything is working to your satisfaction.
While you run it with the verbose logging flag turned on it prints a bunch of debugging information which will also appear in the logs. (When you run it in production, you don't use verbose logging, so it doesn't print or log most of that information.) To stop running the server, just hit your interrupt key (usually Ctrl+C or DEL).
At this point you should be comfortable with your NcFTPd configuration and now want to make it run continuously. The final step is to configure your system so that NcFTPd is launched automatically at startup. Prior versions of NcFTPd instructed you to edit /etc/inittab where available and use it to launch NcFTPd. You can still do that if desired, but for new installations we now recommend you use an init script instead, which most sysadmins are accustomed to.
Most variants of the UNIX operating system use "rc" scripts to start system services. The NcFTPd package includes a sample startup script -- it is named "ncftpd.init" and is in the "extra" subdirectory of the package you extracted.
For systems which have a separate script for each service, there will typically be an "init.d" directory located at /etc/init.d, /etc/rc.d/init.d, or /sbin/init.d. For systems using this style, there will also be run-level directories such as rc2.d and rc3.d which correspond to which services should be launched in each run level. Find out which run-level you want to have NcFTPd run on; typically that will be the run-level you're using now. An easy way to find out which run-level you're using is to do "who -r" or inspect the /etc/inittab file and look for an "initdefault" line.
Copy the ncftpd.init script file to your NcFTPd configuration directory (i.e. copy it to /usr/local/etc/ncftpd/ncftpd.init). Then create symbolic links to it in the init.d directory and in the appropriate run-level rcX.d directory. Here's an example:
# cp ncftpd.init /usr/local/etc/ncftpd/ncftpd.init # chmod 755 /usr/local/etc/ncftpd/ncftpd.init # cd /etc/rc.d/init.d # ln -s /usr/local/etc/ncftpd/ncftpd.init ./ncftpd.init # cd /etc/rc.d/rc3.d # ln -s ../init.d/ncftpd.init S75ncftpd
Other systems simply use a small number of script files such as rc, rc.network, rc.local etc. For these systems you will need to edit the appropriate file (try rc.local if possible) and have it run the ncftpd.init script. Be sure to copy the ncftpd.init to a permanent location -- we suggest /usr/local/etc/ncftpd/ncftpd.init.
Don't forget to run the ncftpd.init script manually to launch NcFTPd and have it run continuously in the background. Otherwise, NcFTPd won't run until you next boot the machine.
Q: I have made some modifications to the configuration files. How do I get NcFTPd to re-read them?
A: You need to restart NcFTPd. If you used the installation program, there should have been a /usr/local/sbin/restart_ncftpd script created, which you can run. Otherwise, find out where you've installed the ncftpd.init script. Then run it with a restart argument, such as:
/usr/local/etc/ncftpd/ncftpd.init restart
Note that restarting NcFTPd will abruptly close all current FTP sessions.
Q: Is there any way I can tell how many remote users are actually logged in or what they're doing?
A: Yes, if your system supports shared memory. The distribution may include ncftpd_spy which lets you monitor what is going on. Try running it as root without any arguments to get the usage message on how to use it.
Q: What do "bind failed: Address in use" errors mean when I start the server?
A: There is already a process that is waiting for FTP connections. Most likely that is /etc/inetd, and you can fix that by commenting out the ftp service line in /etc/inetd.conf and restarting /etc/inetd. It could also mean that there is another instance of NcFTPd running already. Kill that one off first.
Q: How do I uninstall NcFTPd?
A: If you used the installation program (install_ncftpd.pl) then you can run uninstall_ncftpd.pl which was created for you in /usr/local/etc/ncftpd (or whatever directory the configuration files were copied to). Otherwise, you can justreverse the steps listed in the manual installation instructions.
Q: Where can I find more documentation?
A: Please see the online documentation. Specifically, the FAQ may be helpful..