The FTP service is simple to use and administer, which is why it is a good idea to begin with this step when configuring an Internet server. Chances are that your Linux installation already contains a functioning copy of an FTP server. The main steps of setting up an FTP server are as follows:
Server Installation
FTP servers usually come in the form of a single executable program, one that goes by names such as ftpd, in.ftpd, or something similar. It is typically located in the /sbin or /usr/sbin directory. On my test system, the FTP server was one of the components installed during the initial system setup. Caldera OpenLinux comes with one of the most commonly used FTP servers, developed at the University of Washington. This server's executable file is named in.ftpd and it is located in /usr/sbin/. Once installed, the FTP server provides access to files by users who have an account on your system. These users will be able to access the same files that they normally have access to, for instance when they log on to the system interactively. In other words, if you log on to a remote system via FTP using your username and password on that system, you'll be able to access files in your home directory for reading and writing. You might also be able to read (download) other files that you normally have read access to on that system.Configuring the Internet Superserver
Placing the FTP server executable on your computer is not sufficient by itself to provide FTP access. For this, you must also ensure that the FTP server is invoked when an incoming request arrives. Such incoming requests come in the form of connections to TCP port 21, the port reserved for FTP access. The standard method for invoking a server is through inetd, the Internet superserver. This server is configured through the file /etc/inetd.conf. On my test system, the Caldera OpenLinux installer placed the following entry in /etc/inetd.conf:ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
The two command-line switches used install the server to log entries to the system log ( -l) and to use the ftpaccess file. This file is optional; if it exists, the FTP server uses it to establish configuration options. For more information, read the manual page ( man ftpaccess .)
Configuring Anonymous Access
When a regular user logs on to the system via FTP, all the access privileges that normally apply to this user ID remain in effect throughout the FTP session. The user can retrieve any file or execute arbitrary commands on the system. In contrast, anonymous users cannot be allowed such a privilege. Unlike regular users who are trusted (why else would they have a password on your system?), anonymous users could turn out to be hostile intruders. As a result, their access must be limited to the downloading of publicly accessible files and optionally uploading files to public directories. In order for an FTP server to provide anonymous access, it is necessary to have a user account named ftp on your system. This user account is never used for interactive login, and does not require a valid password. However, when an anonymous FTP user connects to your system, the FTP server will use this account's access permissions for accessing files. Furthermore, anonymous users only see files that are located in the home directory associated with the ftp user ID. In addition to files anonymous users can download, this directory also contains special versions of commands such as ls, and a special copy of the etc directory. During an anonymous session, the FTP server uses the ftp home directory as its root directory; in other words, it can only see these copies of executable commands and files from /etc, not the originals. This prevents an anonymous user from accessing the real version of /etc/passwd (conceivably obtaining a copy of all your encrypted passwords if you're not using the shadow password suite; see Chapter 4, for more information) or executing other commands and exploiting them for security leaks. Most Linux distributions establish the ftp user ID and create its home directory during initial system installation. My test system is no exception: The ftp user ID and home directory were created by the Caldera OpenLinux installer. The file /etc/passwd contains the following entry:ftp:x:14:50:FTP User:/home/ftp:
In /home/ftp, I found the following files and directories:
/home/ftp/bin/
/home/ftp/bin/gzip
/home/ftp/bin/ls
/home/ftp/bin/tar
/home/ftp/bin/zcat -> gzip
/home/ftp/etc/
/home/ftp/etc/group
/home/ftp/etc/passwd
/home/ftp/pub/
The presence of the tar and gzip utilities allows the FTP server to provide the contents of an entire directory in a single transaction. With the tar command the files are combined into an archive, and then optionally compressed using gzip. These commands are explained in detail in Chapter 17, "Backups." As you can see, the pub directory is currently empty. Usually, files that can be downloaded by anyone are placed in this directory.