FTP Servers

FTP uses a client/server model. As a client, FTP accesses a server, and as a server, FTP provides access to files or storage. Just about every computer platform available has software written to enable a computer to act as an FTP server, but Ubuntu provides the average user the ability to do this without paying hefty licensing fees and without regard for client usage limitations.

There are two types of FTP servers and access: anonymous and standard. A standard FTP server requires an account name and password from anyone trying to access the server. Anonymous servers allow anyone to connect to the server to retrieve files. Anonymous servers provide the most flexibility, but they can also present a security risk. Fortunately, as you will read in this chapter, Ubuntu is set up to use proper file and directory permissions and commonsense default configuration, such as disallowing root to perform an FTP login.

Note

Many Linux users now use OpenSSH and its suite of clients, such as the sftp command, for a more secure solution when transferring files. The OpenSSH suite provides the sshd daemon and enables encrypted remote logins (see Chapter 19 for more information).

Choosing an Authenticated or Anonymous Server

When you are preparing to set up your FTP server, you must first make the decision to install either the authenticated or anonymous service. Authenticated service requires the entry of a valid username and password for access. As previously mentioned, anonymous service allows the use of the username anonymous and an email address as a password for access.

Authenticated FTP servers are used to provide some measure of secure data transfer for remote users, but will require maintenance of user accounts as username and passwords are used. Anonymous FTP servers are used when user authentication is not needed or necessary, and can be helpful in providing an easily accessible platform for customer support or public distribution of documents, software, or other data.

If you use an anonymous FTP server in your home or business Linux system, it is vital that you properly install and configure it to retain a relatively secure environment. Generally, sites that host anonymous FTP servers place them outside of the firewall on a dedicated machine. The dedicated machine contains only the FTP server and should not contain data that cannot be restored quickly. This dedicated-machine setup prevents malicious users who compromise the server from obtaining critical or sensitive data. For an additional, but by no means a more secure setup, the FTP portion of the file system can be mounted read-only from a separate hard drive partition or volume, or mounted from read-only media, such as CD-ROM, DVD, or other optical storage.

Ubuntu FTP Server Packages

The Very Secure vsftpd server, like wu-ftpd also discussed in this chapter, is licensed under the GNU GPL. The server can be used for personal or business purposes. The wuftpd and vsftpd servers will be covered in the remainder of this chapter; just enable the Universe repository to see the full listing of FTP servers available to you.

Other FTP Servers

One alternative server is NcFTPd, available from http://www.ncftp.com. This server operates independently of inetd (typically used to enable and start the wu-ftp server) and provides its own optimized daemon. Additionally, NcFTPd has the capability to cache directory listings of the FTP server in memory, thereby increasing the speed at which users can obtain a list of available files and directories. Although NcFTPd has many advantages over wu-ftpd, NcFTPd is not GPL licensed software, and its licensing fees vary according to the maximum number of simultaneous server connections ($199 for 51 or more concurrent users and $129 for up to 50 concurrent users, but free to education institutions with a compliant domain name).

Note

Do not confuse the ncftp client with ncftpd. The ncftp-3.1 package included with Ubuntu is the client software, a replacement for ftp-0.17, and includes the ncftpget and ncftpput commands for transferring files via the command line or by using a remote file uniform resource locator (URL) address. ncftpd is the FTP server, which can be downloaded from www.ncftpd.com.

Another FTP server package for Linux is ProFTPD, licensed under the GNU GPL. This server works well with most Linux distributions and has been used by a number of Linux sites, including ftp.kernel.org and ftp.sourceforge.net. ProFTPD is actively maintained and updated for bug fixes and security enhancements. Its developers recommend that you use the latest release (1.2.10 at the time of this writing) to avoid exposure to exploits and vulnerabilities. Browse to http://www.proftpd.org to download a copy.

Yet another FTP server package is Bsdftpd-ssl, which is based on the BSD ftpd (and distributed under the BSD license). Bsdftpd-ssl offers simultaneous standard and secure access using security extensions; secure access requires a special client. For more details, browse to http://bsdftpd-ssl.sc.ru.

Finally, another alternative is to use Apache (and the HTTP protocol) for serving files. Using a web server to provide data downloads can reduce the need to monitor and maintain a separate software service (or directories) on your server. This approach to serving files also reduces system resource requirements and gives remote users a bit more flexibility when downloading (such as enabling them to download multiple files at once). See Chapter 20, "Apache Web Server Management," for more information about using Apache.