wu-ftpd
FTPD binds to TCP port 21 and is running by default
SMF controls service configuration
svcs -l ftp - returns configuration
pkginfo -x | grep -i ftp - returns SUNWftpu|r packages
SUNWftpu - includes useful user packages
ftpcount - dumps count per class
ftpwwho - returns connected users & process information
ftpconfig - used to setup anonymous/guest FTP
SUNWftpr - includes server-side configuration files
/etc/ftpd
- ftpaccess - primary configuration file for wu-ftpd
- ftphosts - allow|deny access to users from hosts
- ftpservers - allows admin to define virtual hosts
- ftpusers - users listed may NOT access the server via FTP
- ftpconversions - facilitates tar, compress, gzip support
wu-ftpd supports both types of FTP connections:
1. PORT - Active FTP
- Client -> TCP:21(Server-Control-Connection)
- Client executes 'ls' -> results in server initiating a connection back to the client usually on TCP:20(ftp-data)
2. PASV - Passive FTP
- Client -> TCP:21(Server-Control-Connection)
- Client executes 'ls' -> results in server opening a high-port and instructing the client to source(initiate) a connection to the server.
- Client sources data connection to high-port on server
###Anonymous FTP configuration###
use 'ftpconfig' to provision anonymous access
Note: Guest connections are jailed using chroot()
###FTPD Class Support###
Facilitates the grouping of users for the purpose of assigning directives
3 Default Classes:
1. realusers - CAN login using shell(SSH/Telnet) - CAN browse the entire directory tree
2. guestusers - Temporary users - see chrooted envrionment
3. anonusers - General public - primarily for download capability
###Guest User Support###
Jailed/chrooted environment
Steps:
1. useradd -d /home/guests/unixcbt4 -s /bin/true
2. mkdir /export/home/guests/unixcbt4
3. chown unixcbt4 /export/home/guests/unixcbt4
4. ftpconfig -d /export/home/guests/unixcbt4 - sets up chrooted environment
5. updated /etc/ftpd/ftpaccess - config file
guestuser unixcbt4
6. restart ftp using svcadm restart ftp
Note: Guest users are similar to real users except guest users are chrooted/jailed.
###Virtual Hosts###
wu-ftpd - supports 2 forms of virtual hosts:
1. Limited - relies upon primary config files /etc/ftpd{ftpaccess,ftpusers...}
Admin. may define unique attributes including the following:
a. banner
b. logfile
c. hostname
d. email
e. distinct IP address
2. Full - relies upon distinct config files in specified directory
a. offers everything included with limited virtual hosts mode
b. also adds distinct config files
c. Note: Full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file.
###Limited Virtual Hosts Configuration###
/etc/ftpaccess
virtual 192.168.1.51 root /var/ftp2
virtual 192.168.1.51 hostname linuxcbtdb1.linuxcbt.internal
virtual 192.168.1.51 banner /var/ftp2/.welcome_message.msg
virtual 192.168.1.51 logfile /var/log/ftp2/xferlog
virtual 192.168.1.51 allow unixcbt3
Note: Virtual hosts do not allow real & guest users access by default
###Full Virtual Hosts Configuration###
/etc/ftpd/ftpservers
address configuration_direction
192.168.1.51 /etc/ftpd/ftp2
192.168.1.52 /etc/ftpd/ftp3
Monday, June 29, 2009
FTPD Notes
Labels:
UNIX
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment