Archive for February, 2009

FTP server configuration on Redhat

How To Download And Install The VSFTP Package:

RedHat and Fedora software is installed using RPM packages. As of this writing, the most recent Fedora version used a VSFTP RPM file is named:

# vsftpd-1.2.0-5.i386.rpm

Now download the file to a directory such as /tmp and install it using the rpm command:

[root@bigboy tmp]# rpm -Uvh vsftpd-1.2.0-5.i386.rpm
Preparing… ########################################## [100%]
1:vsftpd     ########################################## [100%]

[root@bigboy tmp]#

How To Get VSFTP Started

Redhat Version 9, Fedora Core 1And Newer

You can start/stop/restart vsftpd after booting by using the following commands:

[root@bigboy tmp]# /etc/init.d/vsftpd start
[root@bigboy tmp]# /etc/init.d/vsftpd stop
[root@bigboy tmp]# /etc/init.d/vsftpd restart

To get vsftpd configured to start at boot:

[root@bigboy tmp]# chkconfig –level 345 vsftpd on

Testing To See If VSFTP Is Running

[root@bigboy root]# netstat -a | grep ftp
tcp        0        0        *:ftp         *:*        LISTEN
[root@bigboy root]#


Configuring The VSFTP as anonymous:

# vi /etc/vsftpd/vsftpd.conf

anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
xferlog_enable=YES

Other vsftpd.conf Options

There are many other options you can add to this file including:

Limiting the maximum number of client connections (max_clients)

Limiting the number of connections by source IP address (max_per_ip)

The maximum rate of data transfer per anonymous login. (anon_max_rate)

The maximum rate of data transfer per non-anonymous login. (local_max_rate)

Descriptions on this and more can be found in the vsftpd.conf man pages.

The /etc/vsftpd.ftpusers File

For added security you may restrict FTP access to certain users by adding them to the list of users in this file. Do not delete entries from the default list, it is best to add.

Anonymous Upload

If you want remote users to write data to your FTP server then it is recommended you create a write-only directory within /var/ftp/pub. This will allow your users to upload, but not access other files uploaded by other users. Here are the commands to do this:


[root@bigboy tmp]# mkdir /var/ftp/pub/upload
[root@bigboy tmp]# chmod 733 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have.


ftpd_banner= New Banner Here

Configuring The VSFTP as Sucure Users:

# vi /etc/vsftpd/vsftpd.conf

# anonymous_enable=YES
local_enable=YES
write_enable=YES
# anon_upload_enable=YES
# anon_mkdir_write_enable=YES
xferlog_enable=YES

FTP Users With Only Read Access To A Shared Directory:

Create a user group and shared directory. In this case well use “/home/ftp-users” and a user group name of “ftp-users” for the remote users.

[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs

Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user2
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user3
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user4
[root@bigboy tmp]# passwd user1
[root@bigboy tmp]# passwd user2

[root@bigboy tmp]# passwd user3
[root@bigboy tmp]# passwd user4

Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# touch /home/ftp-docs/abc
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/*
[root@bigboy tmp]# chmod 740 /home/ftp-docs/*

Users should now be able to log in via ftp to the server using their new user names and passwords. If you absolutely don’t want any FTP users to be able to write to any directory then you should comment out the write_enable line in your vsftpd.conf file like this:

#write_enable=YES

Restart vsftp for the configuration file changes to take effect.

Sample Login Session To Test Funtionality

Check for the presence of a test file on the ftp client server.

[root@smallfry tmp]# ls
total 1
-rw-r–r– 1 root root 0 Jan 4 09:08 testfile


[root@smallfry tmp]#

Now we have to keep the file in location:

# cd /home/ftp-docs/ that will be downloaded.

Advertisements

Comments (2)