FTP still is a protocol of choice when it comes to distributing
larger amounts of data among non-authenticated users. If you're using FTP
foranything involving authentication outside a trusted network,
you're living very dangerously: the whole authorization process is unencrypted,
the client can't know if the server is who it pretends to be and the same
goes for the server.
For this reason I won't go into authenticated FTP at great length in this
article. FTP is simply the wrong tool for that.
Use SSH
for authenticated services instead. FTP clients like the highly popular and
graphical gftp (included in Mandrake
Linux) support SSH transparently. Notice that tunneling FTP via SSH only
encrypts the control connection (i.e. the channel via which the password
is sent), not the data channel. If you need an FTP work-alike which encrypts
both channels, use OpenSSH's own 'sftp' server software and client.
section index top
Mandrake Linux 8.2 now comes with four major FTP server
packages: the traditional FTP server, the well-known WU-FTPd from the University of Washington,
ProFTPd, usually
regarded as the rightful heir to the former, and Pure-FTPd.
While PureFTPd offers more features for home users, ProFTPd is much better
documented and uses a saner, central configuration scheme, similar to that
of Apache. Configuration also doesn't require the creation of any directory
trees. In contrast to PureFTPd, ProFTPd is licensed under the GPL and thus
part of the main distribution tree, whereas the PureFTPd RPM is contributed
by a third party.
Being 'root', type
urpmi proftpd
on a command line. This will install the package from
the CD (no other dependencies on a standard system).
section index top
The configuration file is '/etc/proftpd.conf'. The configuration
is done via directive
- value pairs. These pairs can be applied on a per user basis, on a per
directory basis or a mixture of those.
Save the original '/etc/proftpd.conf' file under a different
name and start from scratch with an empty 'proftpd.conf'. For a server allowing
anonymous clients to download files, it might look like this:
ServerName "My FTP Server" ServerType standalone DefaultServer on Umask 022 Port 21 User nobody Group nobody <Directory /*> AllowOverwrite on </Directory> <Anonymous ~ftp> User ftp Group ftp UserAlias anonymous ftp RequireValidShell off <Limit WRITE> DenyAll </Limit> </Anonymous>
The options in detail:
This basic configuration allows a single anonymous login
(not much, but it's a start ;-))
section index top
Before venturing any further, it's a good idea to test
if this standard setup works. Start the server as 'root' with this command
service proftpd start
Next start an FTP client from your user account and
connect to 'localhost'. Try to execute some commands (list directories, change
directories). Notice that you're so far not allowed to upload files. If everything
works, congratulations! You can skip the next section on troubleshooting
then *grin*.
Security notice: With your next login, the
FTP server will be started automatically on each login. This might
not be preferable. To change this behavior, run this command as 'root':
chkconfig proftpd off
It will prevent the system from starting ProFTPd without
an explicit 'root' command. This only applies if the server is run in 'standalone'
mode.
section index top
If you get this error message:
Starting proftpd: hostname - Fatal:
unable to determine IP address of 'hostname'
there's a problem with your DNS (name resolution). The
most common cause for this problem is a hostname assigned to a machine which
gets its IP via DHCP on a network without a DNS server. A quick fix for this
problem is adding the hostname to the '/etc/hosts' file while using the same
IP used for 'localhost', i.e. '127.0.0.1':
127.0.0.1 localhost.localdomain localhost 127.0.0.1 hostname of machine short name
If you don't know the hostname of your machine, run
the hostnamecommand.
Having made that change, restart the network as 'root' with
service network restart
and try starting the FTP server again.
If you can login into the server, but you can't execute
any commands, you have to dig deeper. First let proftpd check its configuration
file for syntax errors with
proftpd --configtest
If everything looks OK there, stop the FTP server with
service proftpd stop
and start it again with this line
proftpd -d4 -n
This sets the debugging level to '4' and will log all
messages from ProFTPd to the console. Now open a new ftp client session and
try to execute the commands again. Check the terminal window ProFTPd is running
on for error messages. Check the FAQ and the rest of the ProFTPd documentation
if the error message you are getting is mentioned.
Notice that if you run the server in 'standalone' mode,
you will either have to reload the server after every change applied to the
configuration file with
service proftpd reload
or stop and start it 'by hand'.
section index top
Anonymous uploading,
authenticated FTP and more security options
|