File Layouts of Authenticated and Anonymous FTP

Previous page
Table of content
Next page

Unless you've enabled anonymous FTP logins, the file layout of the FTP server is very simple. The FTP server file layout is integrated with the system in the same way that most other core services are. There are several configuration files in /etc, some of which do double-duty as systemwide resource files used by other services. Individual users' home directories are considered part of the FTP server layout because each authenticated user connects directly into his home directory.

If you've enabled anonymous FTP, there's a server root area just as in Apache; this is created at the time when you elect to enable anonymous FTP, as you'll see in the later section of this chapter, "Allowing Anonymous FTP Access." The default location for the FTP server root is /var/ftp, and several subdirectories exist to help the server manage FTP users who don't actually have user accounts on the system.

When a user who has an account on the server logs in via FTP with her username and password, the server provides access to the user's home directory and all its files. The user can enter an ls command to verify that this is the area to which she has access by examining the files present there. Each regular user thus connects into a different point on the FTP server when logging in as a userher home directory.

Anonymous FTP provides a way for a user without an account to connect. An anonymous user opens the connection, enters anonymous or ftp as his username, and any text string (conventionally the user's email address, although this isn't enforced or authenticated in any way) for the password. The user is then given access to a "public" FTP area: /var/ftp, the home directory of the ftp user (which is also created when anonymous FTP is enabled).

There's a fundamental difference between regular account users and anonymous FTP users, though. Anonymous FTP is performed in a chroot "jail" by default, meaning that to the user, /var/ftp appears to be the server root (/). Nothing outside /var/ftp is accessible or even visible. A regular account user can enter a command such as cd /usr/local to move to any part of the system and access files with the same readability permissions as in a terminal session, but an anonymous FTP user can't get out of /var/ftp at all. An anonymous user who enters cd /pub will be taken to /var/ftp/pub.

You can specify additional users who must be "chrooted" in the same way as anonymous FTP logins by adding them to the /etc/ftpchroot file. That's just one example of the configuration files that control the FTP server.

Caution

Authenticated users have FTP access to your FreeBSD machine by default, but you have to specifically enable anonymous FTPif you want it. Allowing anonymous FTP effectively opens up your system to a form of unauthorized, untraceable access. You should only enable anonymous FTP if you have a good reason to do so!




Previous page
Table of content
Next page
FreeBSD 6 Unleashed
FreeBSD 6 Unleashed
ISBN: 0672328755
EAN: 2147483647
Year: 2006
Pages: 355
Authors: Brian Tiemann
BUY ON AMAZON
Metrics and Models in Software Quality Engineering (2nd Edition)
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
File System Forensic Analysis
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
DNS & BIND Cookbook
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy