Internet Express Version 6.7 for Tru64 UNIX: Internet Express for Tru64 UNIX Administration Guide

Chapter 13 FTP Server Administration

  Table of Contents

  Glossary

  Index

File Transfer Protocol (FTP) is a client/server protocol that allows a user on one computer to transfer files to and from another computer over a TCP/IP network. When you set up an anonymous FTP account on your system, any remote user can access your system by means of the user name ftp or anonymous. Once logged in, the user has access to only a special directory hierarchy containing public files, and can copy these files to another system using FTP. Anonymous FTP is a very useful information vehicle on the Internet, but it poses particular security issues for the host system.

Internet Express includes the Pure-FTP server.

From the Manage Components menu, choose Pure-FTP Server (Section : Administering Pure-FTP Server)

Administering Pure-FTP Server

To access Pure-FTP Server Administration, from the Manage Components menu, choose Pure-FTP server. The Pure-FTP Server Administration menu (Figure 13-1) displays.

Figure 13-1 Pure-FTP Server Administration Menu

Pure-FTP Server Administration Menu

You can perform the the following Pure-FTP Server administration tasks:

Creating or Modifying an Anonymous Pure-FTP User Account

To create the anonymous FTP account on your system, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Pure-FTP Server.

  3. From the Pure-FTP Server Administration menu, choose Create/Modify Pure-FTP User Account.

  4. On the Create Pure-FTP User Account form, enter the following information:

    • Minimum UID – The Administration utility searches for the specified UID and, if it is available, assigns it to the account. If that UID number is not available, the utility assigns the next highest available UID.

    • FTP Group Name — Name of the group to which you want to assign the anonymous Pure-FTP account. If the group you specify does not exist, the Administration utility creates it.

    • FTP Home Directory –The home directory is the root of the directory structure that you want to make visible to anonymous FTP users. It contains the pub directory, which is the repository for all publicly available documents. It also contains the bin directory, which is the repository for all programs you want to make available to the public. Make sure that the pub and bin directories have enough space for the files you plan to make available to remote systems, and for the files you expect users to copy there from remote systems. The default home directory of the anonymous FTP account is /data/ftp.

  5. When the form is complete, click on Submit to create the anonymous FTP account. To restore the form's default settings, click on Reset.

Notes:

After the account is established, use Tru64 UNIX commands to copy files and subdirectories to the pub and bin directories.

Any program you want to run under FTP must reside somewhere under the /data/ftp directory hierarchy. By convention, the bin directory is used to store programs and the pub directory is used to store documents.

Enabling or Disabling Anonymous Pure-FTP Access

To enable or disable the anonymous login for Pure-FTP, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Pure-FTP Server.

  3. From the Pure-FTP Server Administration menu, choose Enable/Disable Anonymous Pure-FTP Access.

    The current status of the account is displayed (either enabled or disabled).

  4. If access is enabled, click on Disable to disable access. If access is disabled, click on Enable to enable access.

File upload is disabled by default for anonymous FTP access. If you wish to enable upload for anonymous FTP, you need to edit /usr/local/etc/ftpaccess and add a line similar to the following:

upload /data/ftp /pub yes ftp daemon 0666

In the example, the anonymous FTP user (ftp) with home directory /data/ftp is allowed to upload files into the /data/ftp/pub directory and the resulting files have owner set to ftp, group set to daemon, and permissions set to 0666.

Enabling or Disabling chroot

chroot is a technique under UNIX, whereby users are kept in a confined part of the directory tree. Trying to change to a directory outside of this limited area will fail.

For example, assume there is a user with the user name mimi. With chroot disabled, mimi will be able to log in and retrieve any public-readable file in the file system.

Now, with chroot enabled, when mimi next carries out a FTP log in, only mimi's home directory (/usr/users/mimi or /home/mimi) will be reachable, not the whole file system.

To enable or disable the chroot for Pure-FTP, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Pure-FTP Server.

  3. From the Pure-FTP Server Administration menu, choose Enable/Disable chroot.

    The current status is displayed (either enabled or disabled).

  4. If chroot is enabled, click on Disable to disable the ability to execute chroot. If chroot is disabled, click on Enable to enable the ability to execute chroot.

Displaying Active Pure-FTP Users

You can display the current Pure-FTPd client sessions. To access the Show Active Pure-FTP Users page, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Pure-FTP Server.

  3. From the Pure-FTP Server Administration menu, choose Show Active Pure-FTP Users.

    The Show Active FTP Users page displays the output of the pure-ftpwho(1) command.

Enabling or Disabling Pure-FTP server

To enable or disable the Pure-FTP server, follow these steps:

  1. From the Administration utility Main menu, choose Manage Components.

  2. From the Manage Components menu, choose Pure-FTP server.

  3. From the Pure-FTP Server Administration menu, choose Enable/Disable menu for Pure-FTP.

  4. To enable the Pure-FTP server, click Enable. To disable the Pure-FTP server, click Disable.