FTP Server

Several FTP servers are available for the Linux platform. With SLES, two commonly used FTP servers are Pure-FTP (pure-ftpd) and VSFTP (vsftpd). Both of these FTP servers are included with SLES distributions and may be optionally installed during the OES installation.

The Pure-FTP server is intended to provide fast, lightweight FTP access to a Linux server. It offers a focus on tight integration with the Linux kernel and a standards-compliant and security-aware design.

The VSFTP server, or Very Secure FTP server, is an FTP server that was coded with a focus on security. Given the focus of this server, it is the FTP server most commonly used with SLES and will be the center of this discussion.

Regardless of the server you select, the purpose of an FTP server is to provide a means of easily transferring files over network connections. All File Transfer Protocol (FTP) servers communicate over TCP/IP and should conform to RFC 959. The VSFTP server meets these requirements. When the primary VSFTP server daemon (vsftpd) is started, you can perform file transfers from any FTP client to the OES Linux Server. This is normally done by authenticating as a local user to the FTP server. However, if you are also using the LUM component of OES, FTP users can be configured for redirection back to your Novell eDirectory tree. Without LUM, the FTP server will be limited to authenticating locally stored users only. For more information on LUM, please see Chapter 8, "Users and Network Security."

The VSFTP server is a fully functional FTP server with many features, such as those in the following list. This section provides basic installation and configuration information so that you can use FTP file access with NetDrive.

• xinetd-based service management The Internet Super Daemon Extended, or xinted, manages the vsftpd process. This allows xinetd to provide an additional security layer for vsftpd. As incoming requests are encountered, xinetd verifies the request, and if allowed, spawns the vsftpd process. With this integration, FTP service management is performed via the YaST Network Services (inetd) module.

• Authenticated user access Local user access can be used to provide local and LUM users with complete access to private files. These accounts can be locked into their home directory through the use of a CHROOT jail.

• Anonymous user access Anonymous user accounts can be set up to provide users with basic access to public files. Using a CHROOT jail, anonymous access can be locked into a specific directory structure to reduce potential security risks.

• Firewall support If the FTP client is behind a firewall, FTP server supports passive mode data transfer and the configuration of a range of passive data ports.

• FTP logs The FTP service maintains a log of several activities, including FTP sessions, unsuccessful login attempts, active session details, and system errorand FTP serverrelated messages.

For detailed information on all VSFTP server features, see the VSFTP homepage at http://vsftpd.beasts.org/.

Installing FTP Server

The VSFTP server can be installed as an optional component during the OES Linux installation or it can be installed later through YaST. To install VSFTP using YaST:

1.	Access YaST from a terminal using yast, or from a graphical environment using yast2 or the YaST launcher from the application menu.
2.	Select the Search category in YaST. From within the Search category, enter vsftpd and click Search.
3.	In the right pane, the vsftpd package should be displayed. Click the check box to mark vsftpd for installation.
4.	Click Accept to start the software installation. At this point you may be prompted to install a few additional packages to satisfy dependencies. If so, select to continue the installation to install all required packages.
5.	At the conclusion of the software installation, SuSEconfig is executed to update the system configuration. After this completes, select Finish to exit the Install and Remove Software module.
6.	After being installed, the FTP service must be enabled through xinetd. From within YaST, select the Network Services category and locate and select the Network Services (inetd) module.
7.	From within the Network Services Configuration (xinetd) screen, locate and select ftp in the Currently Available Services list, and then click on the Toggle Status (On or Off) button to enable the FTP service (see Figure 12.11). Select Finish to update the FTP configuration file and restart the xinetd service. Figure 12.11. YaST Network Services (xinetd) configuration for FTP.

When the VSFTP server has been installed, and enabled within xinetd, you are ready to configure the FTP server.

Configuring the FTP Server

Before you start the vsftpd server daemon, you should configure it by adjusting the configuration parameters found in the configuration file. The default configuration file is /etc/vsftpd.conf. The parameters in this configuration file do include comments; however, full descriptions, including default values for parameters, are only available through the man page (man 5 vsftpd.conf).

The vsftpd server daemon can be run in two modes: standalone or behind xinetd. From a security perspective, running vsftpd behind xinetd is a commonly used configuration. However, if the FTP service is expected to be heavily used, or if additional security is not necessary (LAN-only accessible location), running the FTP server in standalone mode is an option.

When you configure vsftpd, some options are only applicable to the standalone mode of vsftpd. For example, the IP address the FTP server will listen on can be configured via the listen_address parameter within vsftpd.conf. However, this parameter will only be recognized in standalone mode. When protected by xinetd, the IP address configuration is performed within xinetd.

The vsftpd server daemon reads the default configuration file /etc/vsftpd.conf upon daemon startup and configures itself accordingly. If any change is made to this file, the next FTP connection will cause xinetd to spawn a new session of the FTP daemon and the new configuration will automatically take affect.

GENERAL SETTINGS

The General section of the configuration file is used to configure system-wide behavior of the VSFTP server. Table 12.1 lists the available General server settings, with a brief description and the default setting in the configuration file.

TRANSFER SETTINGS

The Transfer section of the configuration file is used to configure file transfer behavior of the VSFTP server. Table 12.2 lists the available Transfer server settings, with a brief description and the default setting in the configuration file.

LOCAL USER SETTINGS

The Local User section of the configuration file is used to configure the FTP capabilities and environment for local users. These settings also apply to LUM users if the LUM component of OES is enabled. Table 12.3 lists the available Local User settings, with a brief description and the default setting in the configuration file.

 /etc/vsftpd. chroot_list 

ANONYMOUS USER SETTINGS

The Anonymous User section of the configuration file is used to configure the FTP capabilities and environment for anonymous, or guest, users. Table 12.4 lists the available Anonymous User settings, with a brief description and the default setting in the configuration file.

LOG SETTINGS

The Log Settings section of the configuration file is used to configure the logging behavior of the FTP server. Table 12.5 lists the available Log settings, with a brief description and the default setting in the configuration file.

With a basic FTP server running, NetDrive can be used by OES clients to access FTP resources, as described earlier in this chapter. For more information on using an FTP server in more general situations, see the SLES online documentation, or the vsftpd documentation at http://vsftpd.beasts.org/.