File Transfer Protocol Daemon ( FTPD )

File Transfer Protocol Daemon (FTPD) Implementation

wu-ftpd

FTPD binds to TCP port 21 and is running by default

SMF controls service configuration

svcs -l ftp - returns configuration

   #pkginfo -x | grep -i ftp - returns SUNWftpu|r packages

SUNWftpu - includes useful user packages

   #ftpcount - dumps count per class

   #ftpwwho - returns connected users & process information

   #ftpconfig - used to setup anonymous/guest FTP

SUNWftpr - includes server-side configuration files

  /etc/ftpd

    #ftpaccess - primary configuration file for wu-ftpd

    #ftphosts - allow|deny access to users from hosts

    #ftpservers - allows admin to define virtual hosts

    #ftpusers - users listed may NOT access the server via FTP

    #ftpconversions - facilitates tar, compress, gzip support

  wu-ftpd supports both types of FTP connections:

1. PORT - Active FTP

   - Client -> TCP:21(Server-Control-Connection)

   - Client executes 'ls' -> results in server initiating a connection back to the client usually on TCP:20(ftp-data)

2. PASV - Passive FTP

   - Client -> TCP:21(Server-Control-Connection)

   - Client executes 'ls' -> results in server opening a high-port and instructing the client to source(initiate) a connection to the server.

   - Client sources data connection to high-port on server

###Anonymous FTP configuration###

use 'ftpconfig' to provision anonymous access

Note: Guest connections are jailed using chroot()

###FTPD Class Support###

Facilitates the grouping of users for the purpose of assigning directives

3 Default Classes:

1. realusers - CAN login using shell(SSH/Telnet) - CAN browse the entire directory tree

2. guestusers - Temporary users - see chrooted envrionment

3. anonusers - General public - primarily for download capability

###Guest User Support###

Jailed/chrooted environment

Steps:

1. useradd -d /home/guests/unixcbt4 -s /bin/true

2. mkdir /export/home/guests/unixcbt4

3. chown unixcbt4 /export/home/guests/unixcbt4

4. ftpconfig -d /export/home/guests/unixcbt4 - sets up chrooted environment

5. updated /etc/ftpd/ftpaccess - config file

guestuser unixcbt4

6. restart ftp using svcadm restart ftp

Note: Guest users are similar to real users except guest users are chrooted/jailed.

###Virtual Hosts###

wu-ftpd - supports 2 forms of virtual hosts:

1. Limited - relies upon primary config files /etc/ftpd{ftpaccess,ftpusers...}

Admin. may define unique attributes including the following:

a. banner

b. logfile

c. hostname

d. email

e. distinct IP address

2. Full - relies upon distinct config files in specified directory

a. offers everything included with limited virtual hosts mode

b. also adds distinct config files

c. Note: Full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file.

###Limited Virtual Hosts Configuration###

/etc/ftpaccess

virtual 192.168.1.51 root /var/ftp2

virtual 192.168.1.51 hostname linuxcbtdb1.linuxcbt.internal

virtual 192.168.1.51 banner /var/ftp2/.welcome_message.msg

virtual 192.168.1.51 logfile /var/log/ftp2/xferlog

virtual 192.168.1.51 allow unixcbt3

Note: Virtual hosts do not allow real & guest users access by default

###Full Virtual Hosts Configuration###

/etc/ftpd/ftpservers

address configuration_direction

192.168.1.51 /etc/ftpd/ftp2

192.168.1.52 /etc/ftpd/ftp3