Running a File Transfer Protocol Server


The File Transfer Protocol (FTP) service allows users to download files fromand in some cases upload files toyour Linux system using special programs called FTP clients, or in some cases using a standard web browser.

To offer FTP service on your Linux computer, you must do the following:

  • Install the vsftpd service on your computer

  • Configure Linux to automatically start the vsftpd service when you start your computer

  • Configure your Linux firewall to allow traffic related to FTP requests

Installing vsftpd

You can install the vsftpd FTP server using the Package Management tool. Start this tool by choosing Desktop, System Settings, Add/Remove Applications. In the Package Management tool, scroll down to the Servers category and check the box next to the FTP Server package group, as shown in Figure 34.8. Then click the Update button to install the new software.

Figure 34.8. Use the Package Management tool to install the vsftpd FTP server that comes with Fedora Core 4.


Enabling or Disabling FTP

To configure Fedora Core 4 to start the vsftpd server each time you start your computer, choose Desktop, System Settings, Server Settings, Services to start the Service Configuration tool. Check the box next to the vsftpd service, as shown in Figure 34.9.

Figure 34.9. Using the Service Configuration tool, you can configure Fedora Core 4 to start vsftpd server as needed whenever you start your computer.


After you check the box next to the vsftpd service, click the Save button to save your changes. Be sure to click the Start button first if you want to run vsftpd right away.

If you prefer to use command-line tools, you can use the chkconfig command to configure Fedora Core 4 to automatically start the vsftpd server:

  [root@workstation20 you]# /sbin/chkconfig --level 5 gssftp on [root@workstation20 you]# 

You have now configured your Fedora Core 4 computer to accept incoming FTP connections.

Allowing FTP Through Your Firewall

Before incoming FTP requests can be received, you must configure your Linux firewall to allow FTP-related traffic. To do this, choose Desktop, System Settings, Security Level to start the Security Level Configuration tool.

In the standard Security Level Configuration tool, check the box next to FTP in the Trusted Services area.

Be sure also that the Enable Firewall option is selected from the Security level drop-down list.

Controlling FTP Access

The FTP server normally allows users to log in with their account and password information, thereby gaining full read and write access to your systemlimited only by file system permissionsjust as if they were accessing files directly. If certain users have no valid need to access their files remotely via FTP, you should disable FTP logins for their accounts as a precautionary measure.

The /etc/ftpusers file contains a list of login accounts, one per line, that are not allowed to log in to FTP using their account. To shut off FTP access for a specific user on your system, use your favorite text editor to add a line to /etc/ftpusers containing only the name of the account. For example, to prevent you from logging in via ftp, add the following line to /etc/ftpusers:

 you 

The user you is no longer allowed to log in to FTP via his account.

Using or Disabling Anonymous FTP

File Transfer Protocol is a special kind of service that allows connecting users to log in as the user ftp or the user anonymous without supplying a password, to access a set of files you have provided for public download. Anonymous FTP is commonly used to distribute large software or media files to the general public via the Internet.

By default, the Fedora Core 4 FTP server is configured to allow anonymous logins. The files that users will be able to download when they log in anonymously are those stored in /var/ftp.

There is no reason to allow anonymous logins, however, if you don't plan to distribute files publicly via FTP. If this is the case for you, you should disable anonymous FTP. You can do this simply by editing the /etc/ftpusers file and adding the user ftp to the end of the file.

Be Careful with Anonymous FTP

Anonymous FTP is a service with a relatively poor security history. To avoid data loss or theft, it is recommended that Linux and Unix beginners or users without a dedicated and properly configured FTP host not run anonymous FTP servers.

If you do plan to offer anonymous FTP, you must take care to remove write permission from all directories in /var/ftp and write and execute permission from all files in /var/ftp.




    SAMS Teach Yourself Red Hat(r) Fedora(tm) 4 Linux(r) All in One
    Cisco ASA and PIX Firewall Handbook
    ISBN: N/A
    EAN: 2147483647
    Year: 2006
    Pages: 311
    Authors: David Hucaby

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net