Common factors to the Establishment of an FTP Server
Presuppositions to the examples
(1) Required functions
- No other service except for ftp runs on the server.
- Only specific registered users are allowed to access the server (no anonymous user accounts are allowed).
- Authenticating the user in not only a user ID and a password but also a source IP address
- The server provides ftp service for each user equally.
(2) Platform
- Hardware with Linux operating system tolerable for 24 hour continuous operation
- Fundamental settings as an Internet server have already been done.
(3) Network configuration (see Figure 9.1)
- Permanent connection to the Internet ( via ISP) is prepared.
- The server is placed in the DMZ (De-Militarized Zone) branch from a firewall.
- The firewall allows only ftp connections for the server.
- Data stored in the server are transferred from data source system(s) in intranet through the firewall.
Figure 9-1. Presuppositions to examples
2 Process to set up FTP server software
This section introduces an outline of practical process of setting up FTP service in case of "proftpd" on Linux environment. Please refer to the "installation guide" of the software on the details.
(1) Installation
Things to do first are download the archived file of the latest version of the software from the official site or its mirror sites, extraction, compilation and then installation.
To store server modules and related files to the proper directories by make install command, you should become root or super user as you have to write some files to protected directories or installation might fail.
$ tar zxvf proftpd-1.2.9.tar.gz
$ cd proftpd-1.2.9
$ ./configure
$ make
$ su
Password: xxxxxx
# make install
# exit
$
|
(2) Configuration
There are typical procedures and examples for configuration of "proftpd" in the user's guide in the official site. According to the procedures, it is possible to complete the general configuration. In addition the following procedures (including explicit descriptions) are required to customize the configuration on the presuppositions. Descriptions for configuration are including in a specific configuration file named "proftpd.conf". A directory where the configuration file is installed depends on each platform. In this example, it is installed under the directory of " /user/local/etc/".
3 Create a user account
There are four procedures in creating a user account. It is important to decide an appropriate group for a new user account taking consideration of allowable files and directories from the operational view in stability and security.
(1) Create a home directory
The example to create a new directory of "/data" where an FTP user logs in is as follows. Each underline shows a command to type.
# mkdir /data
#
|
Then create each sub-directory to store each type of data.
# mkdir /data/OBS
# mkdir /data/NWP
# mkdir /data/SAT
#
|
(2) Create a new group
Before creating a new user account, the group that the new user belongs to must be created if it does not exist. In the following example three groups (i.e. grp-a, grp-b and grp-c) are created.
# groupadd grp-a
# groupadd grp-b
# groupadd grp-c
#
|
(3) Create a new user account
A new user account is created by the useradd command as follows.
# useradd -g grp-a -d /data/ -s /sbin/nologin user-1
#
|
Where:
-g grp-a
|
:specify the group new user belongs to
|
-d /data/
|
:specify login directory
|
-s /sbin/nologin
|
:specify login shell; "/sbin/nologin" is recommended for FTP only users
|
user-1
|
:specify new username
|
(4) Set a password for the user
A password for the user is set up by the passwd command as follows.
# passwd user-1
Changing password for user user-1
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
#
|
Then a pair of the username and password should be informed to the user by safe means such as a letter.
How to change login groups
It is possible to change login groups of a user by the "usermod" command.
# usermod -g grp-b user-1
#
|
In this example, the group for user-1 will be changed to grp-b.
4 Start-up and check
Procedures after basic configuration work are start the ftp up by commands and to confirm the normal status of its process as follows:
# /usr/local/bin/proftpd
# ps ax |grep proftpd
1334 ? S 0:00 [proftpd]
#
|
Finally, a comprehensive check to confirm the ftp service should be done by using a local host. An example of login procedures is shown below. Underlined portions are user input.
$ ftp localhost
Connected to SERVER01
220 ProFTPD 1.2.9 Server (MET FTP) [SERVER01]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:user-1): user-1
331 Password required for user-1.
Password:*******
230 User user-1 logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> bye
221 Goodbye.
$
|
Comments