|
|
From:
Joel Hammer
<jlh@cc846558-a.twsn1.md.home.com>
Subject: Setting up ftp server Someone asked how to set up a ftp server. Its not hard. In fact, the person asking the question may already have one set up and not know it! First, make sure
you have the directory /home/ftp/. You should have subdirectories bin,etc,lib and
pub. irwin <irwin@taranto.com> To set the local timezone into your xferlog or syslog, you need to copy the zoneinfo file to the ~ftp tree. In general, /etc/localtime is a link to /usr/share/lib/zoneinfo/... But you cannot use soft-link with ftp daemons because when the ftp daemon runs, it might not be able to access /etc. The solution is to duplicate the zone file in ~ftp/etc. Taking wu-ftpd and Caldera Openlinux as an example: cp /usr/share/zoneinfo/America/Los_Angeles /home/ftp/etc/localtime Change "Los_Angeles" to your own time zone reference. Now syslog would record the right time. In a simple world, the ftp daemon would to be running all the time in the background, listening for requests on port 21. When the other computer logs in, "ftp" will serve as a password and a user name, and the client can look only into the files in the pub directory. Oi, the times we live in. To make your computer faster and more secure, tcp wrappers are used to start the ftp daemon. Make sure the following command is in your /etc/inetd.conf file. ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a Then, start up or restart the inet daemon, inetd, by executing the following commands: /etc/rc.d/init.d/inet stop You should see inetd running, not in.ftpd. I think that's all there is to it (unless I have left something out) EXCEPT security. If all the above worked, anyone in the world could (and many strangers will try), to log onto your ftp server. I don't know much about security but I believe this service is very insecure. That explains why I get lots of strangers trying to log onto my ftp server. They don't succeed because I have at least two layers of security, ipchains and hosts.allow and hosts.deny. The latter two files are used to control who may start services controlled by inetd. I like ipchains the most but hosts.allow/deny will work. I would greatly advise learning ipchains before getting too friendly with the net, however. Here are excerpts from my hosts.allow and hosts.deny. These only affect services controlled by inetd. Other important services, sendmail for example, are not affected by these files. File /etc/hosts.deny > ALL : ALL This is simple. Any host not allowed is denied. File /etc/hosts.allow > # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. ALL: 192.168.0.2
192.168.0.1 192.168.0.3 This allows only host(s) xxx.xxx.xxx.xxx to use my telnet and ftp services. Notice, I allow all my private network to use all my inetd supplied services. (I suppose you could allow named clients like bob.fishbowl.com in these files but I am not sure about the name lookup procedure here so I always used ip addresses.) Read the man pages on these two files. Don't forget, you have to stop/start inetd after you changes these files. There are diagnostic programs noted in the man pages. Good luck. > Post questions. > Joel |