This action might not be possible to undo. Are you sure you want to continue?
Objectives: At the end of this module, you would have gained fair knowledge on: •Use of FTP •Types of FTP access •Configuring a FTP site •FTP Client side commands
Using the File Transfer Protocol (FTP) is a popular way to transfer files from machine to machine across a network. FTP clients and servers have been written for all the popular platforms, thereby often making FTP the most convenient way of performing file transfer.
You can configure FTP servers in two ways. The first is a private, user only site, which allows only the users who is having an user account in FTP server to connect via FTP and access their files. The other kind of FTP server is anonymous, which allows anyone on the network to connect to it and transfer files without having an account. Because of the potential security risk involved with this setup, you should allow access only to certain directories on the system.
Installing the FTP Server
Red Hat Linux uses the freely available wu-ftpd server. This server comes as an RPM and will be installed during installation. If you have not selected the FTP during the installation you can install it from the Red Hat Linux CDROM as follow. Login in to the server as root and mount the CD-ROM and run the following command: # rpm –ivh /mnt/cdrom/RedHat/RPMS/*ftp*.rpm The above command will install the entire FTP server and client packages in your Linux server. To test the FTP server which you have installed, simply use the FTP client and connect to your machine.
How FTP Server Works
FTP service is controlled by /etc/xinetd.d/wu-ftpd file and is automatically invoked whenever someone requests for a connection. By default the FTP service will be disabled and you have to enable it by editing the /etc/xinetd.d/wu-ftpd file. In the file you may need to change the DISABLE option from yes to no. When a connection is detected, the FTP daemon in.ftpd is invoked and the session begins. For each and every FTP connection an in.ftpd daemon is invoked.
After the server is invoked, the client needs to provide a username and password. Two special usernames – anonymous and ftp – have been set aside for the purpose of allowing access to the public files. Any other access requires the user to have an account on the server. Users accessing your system’s FTP server are placed in their home directories when they first log in. At that point, they can change to any directories on the system to which they have permission. Anonymous users are placed in the home directory of the FTP users. By default, this directory is set to /var/ftp. After the user logs in, the FTP server executes a chroot system call, which is effectively changing the user’s root directory to /var/ftp directory
Configuring the FTP Server
You can configure and fine tune your FTP server by editing the different configuration files used by the FTP service. The /etc/ftpaccess File This file is the primary means of controlling who can access your server. Each line in the file either defines an attribute or sets its value.Given below is a sample /etc/ftpaccess file
deny-uid %-99 %65534deny-gid %-99 %65534allow-uid ftp allow-gid ftp guestgroup ftpchroot class all real,guest,anonymous * email root@localhost loginfails 5 readme README* login readme README* cwd=* message /welcome.msg login message .message cwd=* compress yes all tar yes all chmod no guest,anonymous delete no anonymous overwrite no anonymous rename no anonymous log transfers anonymous,guest,real inbound,outbound shutdown /etc/shutmsg passwd-check rfc822 warn
The guest group command is useful when you want to provide your real users with restricted FTP privilege. The format of the command is as follows: guestgroup groupname groupname... When users group is restricted, the users are treated much like an anonymous visitor; thus, the user’s account requires the same setup used for anonymous visitor. Also, the user’s password entry is a little different in the directory field. user1:enrypted password:uid:gid:comments:/var/ftp/./user1:/bin/false. The filed for the user’s home directory is broken up by /./ character. The effective root directory /var/ftp is listed before the / and the users relative home directory ./ is listed after the /. The shell parameter /bin/false is used when user is logs in using FTP. This users can not login to the server using telnet. The default guestgroup entry will be as follows:
email The email command specifies the site maintainers email address. Some error messages of informations requests provide this email address on demand. The default line in /etc/ftpaccess file is as follows: email root@localhost
loginfails The loginfails command enables you to disconnect clients after they have reached your predetermined number of fail login attempts. By default this number is five. loginfails 5
The readme command specifies the condition under which clients are notified that a certain file in their current directory was last modified. The command looks like this: readme path when class path is the name of the file about which you want to alert the clients (for eg: README). The when parameter should take on two forms: either LOGIN or CWD=dir. If it is LOGIN, the file name is displayed upon a successful login
The message command sets up special messages that are sent to the clients when they logs in or when they change to a certain directory. You can specify multiple messages. Here is the format of this command: message path when class path is the full pathname to the file that will be displayed, when is the condition used like in readme command, and the class is a list of classes to which this message command applies The default entry in /etc/ftpaccess is as follows: message /welcome.msg login message .message cwd=*
compress & tar
This commands enables the FTP server to compress or decompress files before transmission. With this capability, a client who might not have the necessary software to decompress a file can still fetch it in usable form. The format of the command is as follows: compress/tar switch classglob switch is either yes (to turn on this feature) or no(to turn it off). classglog is the list of classes to which this compress or tar option applies.
chmod, delete, overwrite, rename
These commands determines whether a client has authorization to perform these functions on the server’s files by using the client’s chmod, delete, overwrite, and rename command.
This command is used to log the client’s file transfer The command format is as follows: log transfer typelist directions typelist is the type of the users (real,guest, and anonymous) and the directions is a comma-seperated list specifying which direction the must be take in order to be logged
This command tells the server to periodically check for a particular file to see whether the server will be shut down shutdown /etc/shutmsg The above command will store the shutdown information in /etc/shutmsg file. If this file is exists clients can not be login using FTP. When the FTP server is restarting this file has been removed automatically.
When ever you are login as an anonymous user the FTP server will prompt you to supply your email address as password. The passwd-check command lets you determine how strictly you regulate the string submitted as an anonymous user’s email address. The format of this command follows: passwd-check strictness enforcement strictness is one of three possible strings: none, trivial, of rfc822; and enforcement is one of two posiible strings: warn on enforce.
The autogroup command provides tighter security of anonymous users by automatically assigning them certain group permission when they log in. The format of the autogroup line follows: autogroup groupname class class groupname is the name of the group in which the you want the anonymous users set and class is the name is a class that is defined by the class command.
The deny command enables you to explicitly deny service to certain hosts bases on their names, IP addresses. The format of the deny command is as follows: deny addrglob message file deny 10.0.0.0 /var/ftp/mesaage.10
The limit command enables you to control the number of users according to class and time of day. The format of the limit command is as follows. limit class n times message_file class is the class to limit, n is the maximum number of people allowed in that class, time is the time during which the limit is in effect and message_file is the file that will be displayed to the client when the maximum limit is reached.
The banner command display a sign on screen before the client provides a login and password combination. The format of the command follows: banner path path is the full path name of the file you want to display.
The alias command defines directory aliases for your FTP clients. The aliases are activated when the clients use the cd command and specify an aliases. This capability is useful for providing shortcuts to often requested files. The command format looks like this: alias string dir alias test /pub/music/mp3/tamil/2001/arr
The cdpath command establishes a list of paths to checks whenever client invoke the cd command. The format of the cdpath command follows: cdpath dir cdpath /pub/music cdpath /home/manoj/tools/av
The upload command controls the files that are placed on your server. This command determines the client’s permission for placing a file in specific directory. This command also determines the file’s permissions once it is placed in that directory. The format of upload command is upload directory dirglog switch owner group mode mkdir Here is a smaple entry: upload /var/ftp * no upload /var/ftp n/incoming yes ftp ftp 0755 nodir
The /etc/ftphosts File
The /etc/ftphosts file establishes rules on a peruser basis, determining whether or not users are allowed to log in from specific hosts. Each line in the file can be on of the two commands: allow username addrglob deny username addrglob allow command allows the users specified in username to connect via FTP from the explicitly listed address in addrglob. You can list multiple addresses. The deny command also work in the same way as allow but it denies the specified users from accessing the FTP server.
The /var/log/xferlog File
/var/log/xferlog file plays an important role in FTP configuration because the logs generated by the FTP server are stored in this file. Each line of the log file is described below: current-time: The current time in DDD MMM dd:mm:ss YYYY format. transfer-time: Total time in second spent transferring the file. remote-host: The hostname of the client that initiated the transfer. file-size: The size of the file that was transferred. Filename: The name of the file that was transferred.
FTP Administrative Tools
Several tools are available to help you administer your FTP server. These tools were automatically installed as part of the wu-ftp package when the server was installed.
The ftprestart command is used to restart an FTP server that has been shut down. The format of ftprestart is as follows # ftprestart –V The –V option merely prints a version number.
ftpshut The ftpshut command is used to shutdown the FTP server. The format of the ftpshut is as follows: ftpshut -l login-minutes -d drop-minutes time warninig message login-minutes is the number of minutes before server shutdown that the server will begin to refuse new FTP transactions. Default value is 10 drop-minutes is the number of minutes before server shutdown that the server will begin dropping existing connections. Default value is 5 time is the time at which the server will be shut down
ftpwho ftpwho displays all the active FTP users on the system. The output of the command is in the form of the /bin/ps command.The format of the command follows. pid tty stat time connections details. ftpcount It is simplified version of ftpwho, shows the current total of users in each class defined in /etc/ftpaccess.
FTP clients are used to get connectivity with a FTP server and will provide a set of commands to do the file transfer. To activate a FTP client simply type ftp from the command line as follows. # ftp 10.0.0.10 The above command connect the client to the FTP server 10.0.0.10. If DNS is installed you can even specify the name instead of the IP address. After getting connectivity you have to login to the server. If you are having a valid user name in the FTP server you can use it or else you can login as anonymous.
After logged in you can use a set of command to transfer files from to and fro. get put mget mput binary ascii prompt pwd lcd cd
bel bye Quit chmod close open delete machine ls mdelete
Downloading and Uploading files using FTP Clients
The example given below explain how to down load a file store in /var/ftp/pub/aita/employee.txt file to another Linux system root@localhost aita] $ ftp <ftp servers ipaddress> Username : anonymous Password:********** ftp> cd pub ftp> cd aita ftp> get employee.txt ftp> bye root@localhost aita] $
The example below explain how to upload a file from the local system to FTP server. root@localhost aita] $ ftp <ftp servers ipaddress> Username : anonymous Password:********** ftp> cd pub/upload ftp> put updated.txt ftp> bye root@localhost aita] $
The example below shows how to download and upload multiple files simultaneously using mget & mput root@localhost aita] $ ftp <ftp servers ipaddress> Username : anonymous Password:********** ftp> cd pub/docs ftp> prompt ftp> mget chap*
Automating the file transfer
Create a file .netrc in your home directory using any text editor. Add the following lines: machine 10.0.0.10 login manoj password mypassword macdef init get accel.txt Bye # chmod 600 .netrc # ftp 10.0.0.6 The above command will automatically connected to the FTP server and down load the file accel.txt and quit the FTP client.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.