Tuesday, February 21, 2012

FTP Server

File Transfer Protocol ( FTP )

Description:

Linux offers powerful networking capabilities. Consequently it has become one of most popular Operating System that make the backbone of the world wide web. One of the popular method of hosting services across the Internet is the use of FTP server that use the File Transfer Protocol to aid file transfers across the Internet. Set-up FTP server for various access needs.

Introduction:

  • If you want to enable other users to download files from a location on your server's hard disk or to upload file to that location then one solution is to set-up an FTP server.
  • When users want to upload/download from your FTP server they use a program called the FTP client.
  • These communications between the FTP server and FTP client takes place using the File Transfer Protocol ( FTP ).
  • FTP is not considered a secure protocol as communications between the FTP client and server are unencrypted. Consequently Secure FTP ( SFTP ) is gaining popularity among users. 
  • Many FTP servers still its disk space and download its files. Anonymous FTP access is used mostly to enable users to access freely available documents program etc. via the internet without access control.
  • 530 Please login with USER and PASS.
FTP Servers included in Linux

Very Secure File Transfer Protocol Daemon ( vsftpd )
TUX
wu-ftpd
gssftpd


Installing the vsftpd FTP server:

Depending on the choices chosen during installation, the FTP daemon may have been installed.

  • Check for it in Applications|System Settings|Add/Remove Application . Check the check box for the vsftp package.
  • To start the FTP service ( enabling users to upload/download files), we can use the services configuration tool located in Application|system Settings|Server Setting|Srvices.
  • Alternatively type service-config-services at the command line.
  • Select vsftpd in the list and then click the start button.
  • Click on file save it.
  • From the command line, use the service command.
# service vsftp start  ( to start the service )
# service vsftp stop   ( to stop the  service )

  • The commands shown above are specific to Linux. A more generic command.
# /etc/init.d/vsftpd start
# /etc/init.d/vsftpd stop


Testing the FTP server :

Now you have setup the FTP server and started the service, we'll adopt the role of the client to quickly test the server. From the command line type the command.

#ftp
   Connected to host.domain/ip-address.
   220 (vsFTPd version)
   530 Please login with USER and PASS.
   530 Please login with USER and PASS.
   KERBEROS_V4 rejected asan authentication type
   Name (ip-address:root):anonymous
   331 Please specify the password.
   Password:
   230 Login successful. 
   Remote system type is UNIX.
   Using binary mode to transfer files.
   ftp> bye
   221 Goodbye.


Configuring an anonymous FTP for file download:

  • Anonymous users can not read form any directory from the machine in which the server is hosted.
  • By default the vsftpd package creates a directory tree starting ar /var/ftp/pub and enables anonymous read access to this directory. Anonymous users connect to the /var/ftp directory when they establish a session with the FTP server.


Setting Up the FTP server:
  1. Place some content in the /vat/ftp/pub directory so that other users can access it.
  2. The owner of l the /var/ftp/pub is the root account and is only permitted to that directory.

Using and FTP client to test anonymous read access:

  1. Now you can test for anonymous access by using an FTP client to try grab a copy of this file via FTP connection.
  2. Both Windows and Linux machines can use FTP using the command line.
  3. FTP clients are given as a default package on the installation of the system.
  4. Connect to the FTP server and log in as the anonymous user.

$ ftp 192.168.53.77 ( ip address )
Connected to 192.168.53.77.
220 ( vsFTPd 2.0.5 )
Name (192.168.53.77:user):anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

  • You can list the files in the current directory. This is the directory where you connected. 

ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 0 0  21 feb 13 11.14 file 1
226 Directory send OK.

  • Any Linux command related to file system navigation will be executed in the server. To execute a command in the local system, precede the command with an exclamation mark (!). To change the local directory  , use the 'lcd' commad.
ftp> !pwd
/home/user/Desktop
ftp>lcd~
Local directory now /home/user

  • To download a file, use the 'get' command. To get multiple files, use the 'mget' command.
ftp> get file1
local: file 1 remote: file 1
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file 1 ( 16 bytes ).
226 File send OK.
16 bytes received in 0.00 secs ( 84.0 kB/s )

  • To exit out of the session, use the bye command.
ftp> bye
221 Goodbye.
$


Configuring and anonymous  FTP server for file upload :

  • Anonymous FTP users can write only into directories that we allow them to write to.
  • By default, vsftpd dose not allow users to upload to the FTP server at all; we must first configure the server to allow anonymous users to write to some directory.

Setting up the FTP server for Anonymous write access:

  • To create a writable directory, you'll need the root account for this. Let's cerate a directory called 'uploads' in the /var/ftp/pub directory.
# mkdir /var/ftp/pub/uploads

  • To set the permission of the upload directory so that it allows write only access to anonymous FTP users.
# chgrp ftp /var/ftp/pub/uploads
# chmod -R 730 /var/ftp/pub/uploads

  • To configure the vsftpd server to allow anonymous upload, edit the configuration file /etc/vdftpd/vsftpd.conf.
#Uncomment this to allow the anonymous FTP user to upload files. This only
#has an effect if the above global write enable is activated. Also, you will 
#obviously need to create a directory a directory writable by the FTP user.
#anon_upload_enable = YES

Remove the hash in front of the previous line. It should now look like.

 anon_upload_enable=YES

  • Restart the FTP service for the changes to take effect.

Using an FTP client to test anonymous write access:

  • Connect to the server and authenticate as anonymous user.
$ftp 10.0.2.15
Connected to 10.0.2.15.
220 ( vsFTPd 2.0.1 )
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type.
Name (10.0.2.15:root):  anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

  • Change to the directory in which you have write permissions.

ftp> cd pub/uploads
250 Directory successfully changed.
ftp>

  • Upload the file you want using the 'put' command. For multiple files use the 'mput' command.


ftp> put ftp
local:ftp remote:ftp
227 Entering Passive Mode (10,0,2,15,110,4)
150 Ok to send data.
226 File receive OK.
575 bytes send in 0.00027 seconds (2.1e+03 Kbytes/s)
ftp>


FTP authentication vis a system account :

Your system has an user account called 'user'. This account can be used to gain access to the FTP server. These users will be presented their HOME directories to work with.

$ ftp 10.0.2.15
Connected to 10.0.2.15.
220 (vsftpd 2.0.1)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBERROS_V4 rejected as an authentication type
Name (10.0.2.15:root):user
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Disabling Local System Users Account for FTP:

  • By default the users logged in through FTP would have the same permission to read, write and execute the contents of their home directory via FTP that they would have had if they were accessing the directory by logging in at the computer.
  • Authentication via FTP is not encrypted so allowing FTP via user accounts is actually not a good idea to allow access to your system if you have got anything sensitive to protect.
  • Edit the vsftpd configuration file to disallow access to the system users and comment the following line.
# Uncomment this to allow local users to log in.
local_enable=Yes

This line should then read as

# uncomment this to allow local users to log in.
# local_enable=YES

Blocking FTP Access for selected user account:

  • To deny FTP access to individual users edit the vdftpd configuration file to allow system users access to the FTP server.
  • Edit the /etc/vsftpd.ftpusers file. This file contains the list of system users no allowed to access to the FTP server.
  • Add the name of the users that you want to deny access to. In the lab,we add the  user 'user'.
  • Save and Exit and restart the FTP server daemon.
  • Try logging in as the user.
$ftp 10.0.2.15
connected to 10.0.2.15.
220 (vdftpd 2.0.2)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (10.0.2.15:root):user
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.
ftp>

Configuring an FTP greeting banner:

  • Open the vdftpd configuration file for editing.
  • Search for the line that asks you to customize a login banner.
# you may fully customize the login banner string:
# ftpd_banner=welcome to -------- services.
  • Uncomment the line that says 'ftpd_banner' and write and appropriate login banner.
  • Restart the FTP server and see if your banner has taken effect.

$ftp 10.0.2.15
connected to 10.0.2.15.
220 Welcome to the ------------ service.
Name (10.0.2.15:root): 



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)