FTP - configuration

UNIX Solaris
1

Hi all
I need basic help to configure/check an FTP account on Solaris 9 (5.9) (by shell)
with man ftp I'm not really able to configure that. On google or doc.sun.com I cant find a basic understanding of configuration an ftp server. Where are the files / setupfile.

does somebody helps me with the basics (how to start / configure /files)
ftp is already installed on solaris 9 - but I don't how its configured?
I operate by shell

sorry - but thousand thanks for any answers!
actino

2

Hi,

check if ftpd daemon is running or not, if running, no configuration is required, just try ftp yourservername

Thanks

3

hi
thanx for answering. Jep, the deamon is running and I can connect to ftp, move datas...

But, its not configured by myself - so I like to learn/check it on solaris 5.9. Where are all those settings. I found only the deamon folder /etc/ftpd.
or how ist the configuration file name?

thank you for help
actino

4

Hi actino,

This may be useful, see below:

FTP Check sheet when setting up a FTPD site.

ftpconfig - set up anonymous FTP

command to use:

 ftpconfig [ftpdir]

 ftpconfig -d ftpdir

OPTIONS
-d Create a new or update an existing ftpdir without
creating or updating the ftp user account. Use this
option when creating guest FTP user accounts.

 ftpdir
       The absolute pathname of the directory under which the
       anonymous FTP area is set up.

NAME
ftpaddhost - set up a virtual FTP host

command to use:

ftpaddhost -c | -l [-b] [-x xferlog] hostname root_dir

OPTIONS
The ftpaddhost script supports the following options:

 -b    Create a banner for the virtual host. This  option  is
       useful to confirm that the virtual host is working.

 -c    Configure complete virtual hosting. This option allows
       each  virtual  host  to  have  its  own version of the
       ftpaccess, ftpconversions,  ftpgroups,  ftphosts,  and
       ftpusers  files.  The  master version of each of these
       configuration  files  is  copied  from  the  /etc/ftpd
       directory   and   placed  in   the  /etc/ftpd/virtual-
       ftpd/hostname directory.  If  the  /etc/ftpusers  file
       exists it is appended to the virtual ftpusers file. If
       a virtual host lacks its own version of  a  configura-
       tion file, the master version is used.

 -l    Configure limited virtual hosting. This  option allows
       a  small  number  of  parameters to be configured dif-
       ferently for a  virtual host. See the virtual  keyword
       on the ftpaccess\(4\) manual page.

-x xferlog
Create a logfile entry such that the transfer logs for
the virtual host are written to the specified file. An
absolute path must be specified for the xferlog file.

FILES
/etc/ftpd/virtual-ftpd/hostname
The configuration files directory for the virtual host
hostname.

NAME
ftpservers - FTP Server virtual hosting configuration file

DESCRIPTION
The ftpservers file is used to configure complete virtual
hosting. In contrast to limited virtual hosting, complete
virtual hosting allows separate configuration files to be
specified for each virtual host.

File options

/etc/ftpd/ftpservers

File Format
There are two fields to each entry in the ftpservers file:

 address   directory-containing-configuration-files

For example:

 10.196.145.10    /etc/ftpd/virtual-ftpd/10.196.145.10
 10.196.145.200   /etc/ftpd//virtual-ftpd/10.196.145.200
 some.domain      INTERNAL

Either the actual IP address or a specific hostname can be
used to specify the virtual host. It is better to specify
the actual IP of the virtual host, as it reduces the need
for a domain lookup and eliminates DNS security related nam-
ing issues, for example:

 10.196.145.20     /etc/ftpd/config/faqs.org/
 ftp.some.domain   /etc/ftpd/config/faqs.org/

 Lines that begin with a \# sign are treated as comment  lines
 and are ignored.

NAME
in.ftpd, ftpd - File Transfer Protocol Server

Command to use

in.ftpd

OPTIONS
in.ftpd supports the following options:

 -4    When running in standalone mode,  listen  for  connec-
       tions  on  an  AF_INET  type socket. The default is to
       listen on an AF_INET6 type socket.

 -a    Enables use of the ftpaccess\(4\) file.

 -A    Disables use of the ftpaccess\(4\) file. Use  of  ftpac-
       cess is disabled by default.

 -C    Non-anonymous users need local credentials \(for  exam-
       ple,  to  authenticate to remote fileservers\). So they
       should be prompted for a  password  unless  they  for-
       warded credentials as part of authentication.

 -d    Writes debugging information to syslogd\(1M\).

 -i    Logs the names of all files received by the FTP Server
       to  xferlog\(4\). You can override the -i option through
       use of the ftpaccess\(4\) file.

 -I    Disables the use of AUTH and ident  to  determine  the
       username on the client. See RFC 931. The FTP Server is
       built not to use AUTH and ident.

 -K    Connections are only allowed for users who can authen-
       ticate  through the ftp AUTH mechanism. \(Anonymous ftp
       may also be allowed if it is  configured.\)  ftpd  will
       ask the user for a password if one is required.

 -l    Logs each FTP session to syslogd\(1M\).

 -L    Logs all commands sent to in.ftpd to syslogd\(1M\). When
       the  -L  option is used, command logging will be on by
       default, once the FTP Server is invoked.  Because  the

OR

Anonymous FTP can be set up under Solaris by performing the following steps.
Remember, however, that Anonymous FTP opens up your system to allow anonymous
users to perform file transfers. In general, Anonymous FTP should be considered
a security concern and should be enabled only if it is absolutely necessary.
Also, to allow FTP to work properly in a chroot environment, make sure that
the file system containing the FTP home directory is not mounted as nosuid.

  1. Create the FTP home directory structure:
    mkdir /export/ftp/pub
    mkdir /export/ftp/bin
    mkdir /export/ftp/dev
    mkdir /export/ftp/etc
    mkdir /export/ftp/usr
    mkdir /export/ftp/usr/lib

  2. Add the ls command to the FTP bin directory:
    cp /usr/bin/ls /export/ftp/bin
    chmod 111 /export/ftp/bin/ls

  3. Copy the necessary libraries into the FTP directory structure:
    cp /usr/lib/ld.so* /export/ftp/usr/lib
    cp /usr/lib/libc.so.1 /usr/lib/libdl.so.1 /export/ftp/usr/lib
    cp /usr/lib/libintl.so.1 usr/lib/libw.so.1 /export/ftp/usr/lib
    cp /etc/passwd /etc/group /etc/netconfig /export/ftp/etc

  4. Copy the necessary files into the FTP directory structure to resolve NIS names:
    cp /usr/lib/nss*.so.1 /export/ftp/usr/lib
    cp /usr/lib/libnsl.so.1 /export/ftp/usr/lib
    cp /usr/lib/straddr.so /export/ftp/usr/lib
    cp /etc/nsswitch.conf /export/ftp/etc

  5. Set the permissions for the /export/ftp/usr/lib and /export/ftp/etc directories:
    chmod 555 /export/ftp/usr/lib/*
    chmod 444 /export/ftp/etc/*

  6. Set the permissions of all the created directories:
    chmod 555 /export/ftp/usr/lib
    chmod 555 /export/ftp/usr
    chmod 555 /export/ftp/bin
    chmod 555 /export/ftp/dev
    chmod 555 /export/ftp/etc
    chmod 755 /export/ftp/pub
    chmod 555 /export/ftp

  7. Add the following line to the /etc/passwd file:
    ftp:x:30000:30000:Anonymous FTP:/export/ftp:/bin/false

  8. Add the following line to the /etc/shadow file:
    ftp:NP:6445::::

  9. Make sure that everything is owned by root and not by FTP:
    chown -R root /export/ftp

I hope this is of help.

Jnike

5

hi 1jnike
thank you for your great help! this ftp-checksheet is well to my self to understand and setup ftp.

But, if I use those commands/paths I cant understand how it is setup on our running ftp-server - because the following files are empty in etc/ftpd:
-ftpgroups
-ftphosts
-ftpserver
execpt ftpaccess & ftpconversion. But there is no information about our configuration (ex. paths...). Is there another possibility to check/install the configuration/ftp?

I hope that was my really last question - so that I can learn and operate by my self!
sorry und thanks, kind regards
actino

6

Hi actino,

The following is a general configuration file, for a WU-FTPD site, this is want you requested, which is located in the following example at:

# /etc/ftpd/ftpaccess

WU-FTPD Accessfile Example
ftpaccess.heavy

loginfails 2

# HEY YOU! Yeah, you with the editor.
# change the following line, or delete it, OK?
class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes local remote
tar yes local remote

# allow use of private file for SITE GROUP and SITE GPASS?
private yes

# passwd-check []
passwd-check rfc822 warn

log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg

# all the following default to "yes" for everybody
delete no guest,anonymous # delete permission?
overwrite no guest,anonymous # overwrite permission?
rename no guest,anonymous # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?

# specify the upload directory information
upload /var/ftp * no nobody nogroup 0000 nodirs
upload /var/ftp /bin no
upload /var/ftp /etc no
upload /var/ftp /incoming yes root daemon 0600 dirs

# directory aliases... [note, the ":" is not required]
alias inc: /incoming

# cdpath
cdpath /incoming
cdpath /pub
cdpath /

# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]$ ^\. ^-

# specify which group of users will be treated as "guests".
guestgroup ftponly

email user@hostname

I hope this is of help.

Jnike