Monday, June 29, 2009

FTPD Notes

wu-ftpd
FTPD binds to TCP port 21 and is running by default
SMF controls service configuration
svcs -l ftp - returns configuration

pkginfo -x | grep -i ftp - returns SUNWftpu|r packages

SUNWftpu - includes useful user packages
ftpcount - dumps count per class
ftpwwho - returns connected users & process information
ftpconfig - used to setup anonymous/guest FTP

SUNWftpr - includes server-side configuration files
/etc/ftpd
- ftpaccess - primary configuration file for wu-ftpd
- ftphosts - allow|deny access to users from hosts
- ftpservers - allows admin to define virtual hosts
- ftpusers - users listed may NOT access the server via FTP
- ftpconversions - facilitates tar, compress, gzip support

wu-ftpd supports both types of FTP connections:
1. PORT - Active FTP
- Client -> TCP:21(Server-Control-Connection)
- Client executes 'ls' -> results in server initiating a connection back to the client usually on TCP:20(ftp-data)
2. PASV - Passive FTP
- Client -> TCP:21(Server-Control-Connection)
- Client executes 'ls' -> results in server opening a high-port and instructing the client to source(initiate) a connection to the server.
- Client sources data connection to high-port on server

###Anonymous FTP configuration###
use 'ftpconfig' to provision anonymous access
Note: Guest connections are jailed using chroot()

###FTPD Class Support###
Facilitates the grouping of users for the purpose of assigning directives
3 Default Classes:
1. realusers - CAN login using shell(SSH/Telnet) - CAN browse the entire directory tree
2. guestusers - Temporary users - see chrooted envrionment
3. anonusers - General public - primarily for download capability



###Guest User Support###
Jailed/chrooted environment

Steps:
1. useradd -d /home/guests/unixcbt4 -s /bin/true
2. mkdir /export/home/guests/unixcbt4
3. chown unixcbt4 /export/home/guests/unixcbt4
4. ftpconfig -d /export/home/guests/unixcbt4 - sets up chrooted environment
5. updated /etc/ftpd/ftpaccess - config file
guestuser unixcbt4
6. restart ftp using svcadm restart ftp

Note: Guest users are similar to real users except guest users are chrooted/jailed.

###Virtual Hosts###
wu-ftpd - supports 2 forms of virtual hosts:
1. Limited - relies upon primary config files /etc/ftpd{ftpaccess,ftpusers...}
Admin. may define unique attributes including the following:
a. banner
b. logfile
c. hostname
d. email
e. distinct IP address

2. Full - relies upon distinct config files in specified directory
a. offers everything included with limited virtual hosts mode
b. also adds distinct config files
c. Note: Full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file.


###Limited Virtual Hosts Configuration###
/etc/ftpaccess
virtual 192.168.1.51 root /var/ftp2
virtual 192.168.1.51 hostname linuxcbtdb1.linuxcbt.internal
virtual 192.168.1.51 banner /var/ftp2/.welcome_message.msg
virtual 192.168.1.51 logfile /var/log/ftp2/xferlog
virtual 192.168.1.51 allow unixcbt3



Note: Virtual hosts do not allow real & guest users access by default

###Full Virtual Hosts Configuration###
/etc/ftpd/ftpservers
address configuration_direction
192.168.1.51 /etc/ftpd/ftp2
192.168.1.52 /etc/ftpd/ftp3

Readers who read this page, also read:




Bookmark and Share My Zimbio http://www.wikio.com

0 comments: