You are on page 1of 36

Chapter – 14

File Transfer Protocol (FTP)


Objectives:

At the end of this module, you would have


gained fair knowledge on:

•Use of FTP
•Types of FTP access
•Configuring a FTP site
•FTP Client side commands
Using the File Transfer
Protocol (FTP) is a popular way
to transfer files from machine to
machine across a network. FTP
clients and servers have been
written for all the popular
platforms, thereby often making
FTP the most convenient way of
performing file transfer.
You can configure FTP servers in two
ways. The first is a private, user only site, which
allows only the users who is having an user
account in FTP server to connect via FTP and
access their files.
The other kind of FTP server is
anonymous, which allows anyone on the network
to connect to it and transfer files without having
an account.
Because of the potential security risk
involved with this setup, you should allow access
only to certain directories on the system.
Installing the FTP Server
Red Hat Linux uses the freely available wu-ftpd
server. This server comes as an RPM and will be installed
during installation. If you have not selected the FTP during the
installation you can install it from the Red Hat Linux CD-
ROM as follow.
Login in to the server as root and mount the CD-ROM and run
the following command:

# rpm –ivh /mnt/cdrom/RedHat/RPMS/*ftp*.rpm

The above command will install the entire FTP


server and client packages in your Linux server.
To test the FTP server which you have installed,
simply use the FTP client and connect to your machine.
How FTP Server Works
FTP service is controlled by /etc/xinetd.d/wu-ftpd
file and is automatically invoked whenever someone
requests for a connection. By default the FTP service will
be disabled and you have to enable it by editing the
/etc/xinetd.d/wu-ftpd file. In the file you may need to
change the DISABLE option from yes to no.
When a connection is detected, the FTP
daemon in.ftpd is invoked and the session begins. For
each and every FTP connection an in.ftpd daemon is
invoked.
After the server is invoked, the client needs to provide a
username and password. Two special usernames – anonymous
and ftp – have been set aside for the purpose of allowing
access to the public files. Any other access requires the user to
have an account on the server.
Users accessing your system’s FTP server are
placed in their home directories when they first log in. At that
point, they can change to any directories on the system to
which they have permission.
Anonymous users are placed in the home
directory of the FTP users. By default, this directory is set to
/var/ftp. After the user logs in, the FTP server executes a
chroot system call, which is effectively changing the user’s
root directory to /var/ftp directory
Configuring the FTP Server

You can configure and fine tune your FTP server


by editing the different configuration files used by
the FTP service.

The /etc/ftpaccess File

This file is the primary means of controlling who


can access your server. Each line in the file either
defines an attribute or sets its value.Given below
is a sample /etc/ftpaccess file
deny-uid %-99 %65534-
deny-gid %-99 %65534-
allow-uid ftp
allow-gid ftp
guestgroup ftpchroot
class all real,guest,anonymous *
email root@localhost
loginfails 5
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
chmod no guest,anonymous
delete no anonymous
overwrite no anonymous
rename no anonymous
log transfers anonymous,guest,real inbound,outbound
shutdown /etc/shutmsg
passwd-check rfc822 warn
Guestgroup
The guest group command is useful when you want to provide your real
users with restricted FTP privilege. The format of the command is as
follows:
guestgroup groupname groupname...
When users group is restricted, the users are treated much like an
anonymous visitor; thus, the user’s account requires the same setup used
for anonymous visitor. Also, the user’s password entry is a little different
in the directory field.
user1:enrypted password:uid:gid:comments:/var/ftp/./user1:/bin/false.
The filed for the user’s home directory is broken up by /./ character. The
effective root directory /var/ftp is listed before the / and the users
relative home directory ./ is listed after the /.
The shell parameter /bin/false is used when user is logs in using FTP.
This users can not login to the server using telnet. The default
guestgroup entry will be as follows:
email
The email command specifies the
site maintainers email address.
Some error messages of
informations requests provide this
email address on demand. The
default line in /etc/ftpaccess file is as
follows:
email root@localhost
loginfails
The loginfails command enables
you to disconnect clients after
they have reached your
predetermined number of fail
login attempts. By default this
number is five.
loginfails 5
readme
The readme command specifies the condition
under which clients are notified that a certain file in
their current directory was last modified. The
command looks like this:
readme path when class

path is the name of the file about which you


want to alert the clients (for eg: README). The when
parameter should take on two forms: either LOGIN or
CWD=dir. If it is LOGIN, the file name is displayed
upon a successful login
message
The message command sets up special messages
that are sent to the clients when they logs in or when they
change to a certain directory. You can specify multiple
messages. Here is the format of this command:

message path when class

path is the full pathname to the file that will be


displayed, when is the condition used like in readme
command, and the class is a list of classes to which this
message command applies
The default entry in /etc/ftpaccess is as follows:
message /welcome.msg login
message .message cwd=*
compress & tar
This commands enables the FTP server to
compress or decompress files before transmission.
With this capability, a client who might not have the
necessary software to decompress a file can still fetch
it in usable form.

The format of the command is as follows:


compress/tar switch classglob

switch is either yes (to turn on this feature) or


no(to turn it off). classglog is the list of classes to
which this compress or tar option applies.
chmod, delete, overwrite, rename
These commands determines whether a
client has authorization to perform these functions on
the server’s files by using the client’s chmod, delete,
overwrite, and rename command.

log transfers
This command is used to log the client’s file transfer The
command format is as follows:

log transfer typelist directions

typelist is the type of the users (real,guest, and anonymous) and


the directions is a comma-seperated list specifying which direction the
must be take in order to be logged
shutdown
This command tells the server to periodically
check for a particular file to see whether the server
will be shut down
shutdown /etc/shutmsg

The above command will store


the shutdown information in /etc/shutmsg file. If this
file is exists clients can not be login using FTP.
When the FTP server is restarting this file has been
removed automatically.
passwd-check
When ever you are login as an anonymous
user the FTP server will prompt you to supply your
email address as password. The passwd-check
command lets you determine how strictly you regulate
the string submitted as an anonymous user’s email
address. The format of this command follows:

passwd-check strictness enforcement

strictness is one of three possible strings: none,


trivial, of rfc822; and enforcement is one of two
posiible strings: warn on enforce.
autogroup
The autogroup command provides tighter
security of anonymous users by automatically
assigning them certain group permission when
they log in. The format of the autogroup line
follows:
autogroup groupname class class

groupname is the name of the group in


which the you want the anonymous users set and
class is the name is a class that is defined by the
class command.
deny
The deny command enables you to explicitly
deny service to certain hosts bases on their
names, IP addresses. The format of the deny
command is as follows:

deny addrglob message file

deny 10.0.0.0 /var/ftp/mesaage.10


limit
The limit command enables you to control the
number of users according to class and time of day.
The format of the limit command is as follows.

limit class n times message_file

class is the class to limit, n is the


maximum number of people allowed in that class,
time is the time during which the limit is in effect
and message_file is the file that will be displayed to
the client when the maximum limit is reached.
banner

The banner command display a sign on screen


before the client provides a login and password
combination. The format of the command
follows:

banner path

path is the full path name of the file you want


to display.
alias
The alias command defines directory
aliases for your FTP clients. The aliases are
activated when the clients use the cd
command and specify an aliases.
This capability is useful for providing
shortcuts to often requested files. The
command format looks like this:
alias string dir

alias test /pub/music/mp3/tamil/2001/arr


cdpath
The cdpath command establishes a list of
paths to checks whenever client invoke
the cd command. The format of the
cdpath command follows:

cdpath dir

cdpath /pub/music
cdpath /home/manoj/tools/av
upload
The upload command controls the files that
are placed on your server. This command determines
the client’s permission for placing a file in specific
directory. This command also determines the file’s
permissions once it is placed in that directory. The
format of upload command is
upload directory dirglog switch owner group
mode mkdir
Here is a smaple entry:
upload /var/ftp * no
upload /var/ftp n/incoming yes ftp ftp 0755
nodir
The /etc/ftphosts File
The /etc/ftphosts file establishes rules on a per-
user basis, determining whether or not users are allowed to log
in from specific hosts.

Each line in the file can be on of the two commands:


allow username addrglob
deny username addrglob

allow command allows the users specified in username


to connect via FTP from the explicitly listed address in
addrglob. You can list multiple addresses. The deny command
also work in the same way as allow but it denies the specified
users from accessing the FTP server.
The /var/log/xferlog File
/var/log/xferlog file plays an important role in FTP
configuration because the logs generated by the FTP server
are stored in this file. Each line of the log file is described
below:
current-time: The current time in DDD MMM dd:mm:ss
YYYY format.
transfer-time: Total time in second spent transferring
the file.
remote-host: The hostname of the client that initiated
the transfer.
file-size: The size of the file that was transferred.
Filename: The name of the file that was transferred.
FTP Administrative Tools
Several tools are available to help you
administer your FTP server. These tools were
automatically installed as part of the wu-ftp package
when the server was installed.

ftprestart
The ftprestart command is used to restart an FTP
server that has been shut down. The format of
ftprestart is as follows

# ftprestart –V
The –V option merely prints a version number.
ftpshut
The ftpshut command is used to shutdown the FTP
server. The format of the ftpshut is as follows:
ftpshut -l login-minutes -d drop-minutes time
warninig message

login-minutes is the number of minutes before


server shutdown that the server will begin to refuse
new FTP transactions. Default value is 10
drop-minutes is the number of minutes before server
shutdown that the server will begin dropping existing
connections. Default value is 5
time is the time at which the server will be shut down
ftpwho

ftpwho displays all the active FTP users on the


system. The output of the command is in the form of
the /bin/ps command.The format of the command
follows.
pid tty stat time connections details.

ftpcount

It is simplified version of ftpwho, shows the


current total of users in each class defined in
/etc/ftpaccess.
FTP Clients
FTP clients are used to get connectivity with a FTP
server and will provide a set of commands to do the file
transfer. To activate a FTP client simply type ftp from the
command line as follows.

# ftp 10.0.0.10

The above command connect the client to the FTP


server 10.0.0.10. If DNS is installed you can even specify the
name instead of the IP address. After getting connectivity you
have to login to the server. If you are having a valid user name
in the FTP server you can use it or else you can login as
anonymous.
After logged in you can use a set
of command to transfer files from to and fro.
get
bel
put
bye
mget Quit
mput chmod
binary close
ascii open .
prompt delete
pwd machine
ls
lcd
mdelete
cd
Downloading and Uploading files
using FTP Clients
The example given below explain how to down load
a file store in /var/ftp/pub/aita/employee.txt file to another
Linux system
root@localhost aita] $ ftp <ftp servers ipaddress>
Username : anonymous
Password:**********
ftp> cd pub
ftp> cd aita
ftp> get employee.txt
ftp> bye
root@localhost aita] $
The example below explain how to
upload a file from the local system to FTP
server.
root@localhost aita] $ ftp <ftp servers
ipaddress>
Username : anonymous
Password:**********
ftp> cd pub/upload
ftp> put updated.txt
ftp> bye
root@localhost aita] $
The example below shows
how to download and upload multiple files
simultaneously using mget & mput
root@localhost aita] $ ftp <ftp servers
ipaddress>
Username : anonymous
Password:**********
ftp> cd pub/docs
ftp> prompt
ftp> mget chap*
Automating the file transfer
Create a file .netrc in your home directory
using any text editor. Add the following lines:
machine 10.0.0.10
login manoj
password mypassword
macdef init
get accel.txt
Bye
# chmod 600 .netrc
# ftp 10.0.0.6
The above command will automatically connected
to the FTP server and down load the file accel.txt and quit
the FTP client.