Chapter 16
FTP: File Transfer Protocol
|
|
|
|
|
![](gif/black.gif) |
In this chapter: |
|
|
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Using FTP servers
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Setting up wu.ftpd
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Allowing anonymous ftp access
|
|
|
|
![](gif/black.gif) |
|
The FTP service is frequently used to up- and download files to and
from remote machines on the Internet. It allows anonymous downloads,
which are provided by thousands of FTP servers within the Internet,
with the so-called anonymous FTP server.
SuSE ships three different FTP server packages with its distribution:
the standard in.ftpd, the well known
wu.ftpd, and the new package proftpd. By
default, wu.ftpd will be installed and started by the
inetd configuration file.
|
16.1 | Setting up wu.ftpd |
|
The wu.ftpd package is a replacement ftp server for Unix
systems, created and maintained by Washington University. Besides
supporting the ftp protocol defined in RFC 959, it adds the
following features:
|
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Logs transfers
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Logs commands
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Supports on-the-fly compression and archiving
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Allows you to classify users by type and location
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Sets per class limits
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Sets per directory upload permissions
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Supports restricted guest accounts
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Offers system wide and per directory message
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Creates a directory alias
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Provides cdpath
|
![*](gif/bullet.gif) ![](gif/clear.gif) |
Provides filename filter
|
|
|
The server is configured through three files in /etc:
|
16.1.1 | ftpaccess |
|
This is the main configuration file. The SuSE Linux's default setup is
fine for most purposes, and if you don't plan to run a huge FTP
site, you don't have to change anything.
|
![NOTE](gif/icon_note.gif) |
This file is documented in ftpaccess(5), which has a good
explanation of all the bells and whistles that wu.ftpd has and how
to use them.
|
|
|
16.1.2 | ftpusers |
|
In this file you can specify a list of users who are not allowed to
use the FTP server. SuSE lists the following accounts in this file:
root, lp, news,
uucp, games, man,
at, mdom, gnats, and
nobody. These are all system accounts that shouldn't need
to use FTP, anyway. FTP use is not allowed for those users in order
to prohibit abuse of the service by people who try to get into your
system using these accounts.
|
![NOTE](gif/icon_note.gif) |
Regular users may use FTP when the user name is in the password data
base, /etc/passwd, and a password for the user has been
assigned. The user also must have a standard shell listed in
/etc/shells. If both conditions are true, the user can41
connect to the service and log on the server using his or her regular
user name and password.
|
|
|
16.1.3 | ftpconversions |
|
The wu.ftpd package can perform certain on-the-fly
conversions while an up- or download is in progress. This can be the
compression of files or the creation of (compressed) tar archives to
download a whole file tree into one file. How these conversions are
performed is specified in this file. The SuSE Linux setup enables
compression with compress or gzip, and
archive creation using tar. Table 16-1
shows
the mapping of filename extensions to utilities used to do the
conversion.
|
Table 16-1 |
FTP file conversions |
|
Extension |
Command |
.Z |
/bin/compress -c |
.gz |
/usr/bin/gzip -9 -c |
.tar |
/bin/tar -c -f |
.tar.Z |
/bin/tar -c -Z -f |
.tar.gz |
/bin/tar -c -z -f |
|
|
|
![NOTE](gif/icon_note.gif) |
If you want to add more conversion rules, refer to ftpconversions(5)
to look up the syntax used in this file.
|
|
|
16.2 | Anonymous FTP |
|
The so-called Anonymous FTP Server allows everyone to log onto the
server and download whatever the server provides. Without this kind of
service, Linux would never have been possible, because its source code
was available for everyone on anonymous FTP from the very
beginning. This made it possible for whoever was interested to
download the code, use it, or even improve it and send back patches,
which often became part of the next release. Most distributions and
tons of software are available for download on thousands of FTP sites
these days, sponsored by companies, nonprofit organizations, and
federal institutes that pay for the ongoing costs of these
servers.
Anonymous FTP needs special handling to make sure that no one can
abuse the service to break into your system and get data that you
didn't intend to make publicly available. To ensure the security of
the server machine, the open, accessible part of the FTP service is
put in a "Change Root Environment". This means that as soon as you use
the anonymous account, you'll find yourself cordoned off in a very
limited environment, which is completely independent of the rest of
the system. As the name implies, this is done by setting the root
directory for this account in a subdirectory containing all necessary
utilities and nothing else. On SuSE Linux systems, this directory is
located in /usr/local/ftp. It can be a hassle to set this
up by yourself because you have to take precautions that all needed
libraries and essential system files are present. SuSE provides
everything you need, and anonymous FTP works right after the system
installation. All you have to do is to put the files you want to make
accessible in the file system tree, starting with
/usr/local/ftp/pub. This directory will be visible as
/pub for everybody using this service.
|
![](gif/black.gif) |
Summary: |
|
FTP is the standard file transfer protocol of the Internet. SuSE ships
three different FTP servers, with wu.ftpd installed as
the default server. The wu.ftpd package offers several
nonstandard features, which make it the FTP server of choice for many
sites. Anonymous FTP allows anyone who has network access to the
server to access the service under an anonymous account.
|
![](gif/black.gif) |