Skip to main content

Common factors to the Establishment of an FTP Server

By Vikas Bagwe

Presuppositions to the examples

(1) Required functions

  • No other service except for ftp runs on the server.
  • Only specific registered users are allowed to access the server (no anonymous user accounts are allowed).
  • Authenticating the user in not only a user ID and a password but also a source IP address
  • The server provides ftp service for each user equally.

(2) Platform

  • Hardware with Linux operating system tolerable for 24 hour continuous operation
  • Fundamental settings as an Internet server have already been done.

(3) Network configuration (see Figure 9.1)

  • Permanent connection to the Internet ( via ISP) is prepared.
  • The server is placed in the DMZ (De-Militarized Zone) branch from a firewall.
  • The firewall allows only ftp connections for the server.
  • Data stored in the server are transferred from data source system(s) in intranet through the firewall.
Figure 9-1. Presuppositions to examples

2 Process to set up FTP server software

This section introduces an outline of practical process of setting up FTP service in case of "proftpd" on Linux environment. Please refer to the "installation guide" of the software on the details.

(1) Installation

Things to do first are download the archived file of the latest version of the software from the official site or its mirror sites, extraction, compilation and then installation.
To store server modules and related files to the proper directories by make install command, you should become root or super user as you have to write some files to protected directories or installation might fail.

$ tar zxvf proftpd-1.2.9.tar.gz
$ cd proftpd-1.2.9
$ ./configure
$ make
$ su
Password: xxxxxx
# make install
# exit
$

(2) Configuration

There are typical procedures and examples for configuration of "proftpd" in the user's guide in the official site. According to the procedures, it is possible to complete the general configuration. In addition the following procedures (including explicit descriptions) are required to customize the configuration on the presuppositions. Descriptions for configuration are including in a specific configuration file named "proftpd.conf". A directory where the configuration file is installed depends on each platform. In this example, it is installed under the directory of " /user/local/etc/".

3 Create a user account

There are four procedures in creating a user account. It is important to decide an appropriate group for a new user account taking consideration of allowable files and directories from the operational view in stability and security.

(1) Create a home directory

The example to create a new directory of "/data" where an FTP user logs in is as follows. Each underline shows a command to type.

# mkdir /data
#

Then create each sub-directory to store each type of data.

# mkdir /data/OBS
# mkdir /data/NWP
# mkdir /data/SAT
#

(2) Create a new group

Before creating a new user account, the group that the new user belongs to must be created if it does not exist. In the following example three groups (i.e. grp-a, grp-b and grp-c) are created.

# groupadd grp-a
# groupadd grp-b
# groupadd grp-c
#

(3) Create a new user account

A new user account is created by the useradd command as follows.

# useradd -g grp-a -d /data/ -s /sbin/nologin user-1
#

 Where:
-g grp-a
:specify the group new user belongs to
-d /data/
:specify login directory
-s /sbin/nologin
:specify login shell; "/sbin/nologin" is recommended for FTP only users
user-1
:specify new username

(4) Set a password for the user

A password for the user is set up by the passwd command as follows.


# passwd user-1
Changing password for user user-1
New UNIX password:
Retype new UNIX password:
passwd: all authentication tokens updated successfully
#

Then a pair of the username and password should be informed to the user by safe means such as a letter.

How to change login groups

It is possible to change login groups of a user by the "usermod" command.

# usermod -g grp-b user-1
#

In this example, the group for user-1 will  be changed to grp-b.

4 Start-up and check

Procedures after basic configuration work are start the ftp up by commands and to confirm the normal status of its process as follows:

# /usr/local/bin/proftpd
# ps ax |grep proftpd
 1334 ?        S    0:00 [proftpd]
#

Finally, a comprehensive check to confirm the ftp service should be done by using a local host. An example of login procedures is shown below. Underlined portions are user input.

$ ftp localhost
Connected to SERVER01
220 ProFTPD 1.2.9 Server (MET FTP) [SERVER01]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (localhost:user-1): user-1
331 Password required for user-1.
Password:*******
230 User user-1 logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> bye
221 Goodbye.
$

Previous_Page
Labels:

Comments

Post a Comment

Popular posts from this blog

INSTALL CISCO VPN CLIENT ON WINDOWS 10 (32 & 64 BIT). FIX REASON 442

By
This article shows how correctly install Cisco VPN Client (32 & 64 bit) on Windows 10 (32 & 64 bit) using simple steps, overcome the ‘ This app can’t run on this PC ’ installation error , plus fix the Reason 442: Failed to enable Virtual Adapter error message . The article applies to New Windows 10 installations or Upgrades from earlier Windows versions and all versions before or after Windows 10 build 1511 .  To simplify the article, we’ve broken it into the following two sections: How to Install Cisco VPN client on Windows 10 (clean installation or upgrade from previous Windows), including Windows 10 build prior or after build 1511 . How to Fix Reason 442: Failed to enable Virtual Adapter on Windows 10 Figure 1. The Cisco VPN Client Reason 442: Failed to enable Virtual Adapter error on Windows 10 HOW TO INSTALL CISCO VPN CLIENT ON WINDOWS 10 (NEW INSTALLATIONS OR O/S UPGRADES) The instructions below are for new or clean Windows 10 inst...
45 comments
Read more

Linux File and Directory Permissions

By
file & directory protection is a essential of any OS and Linux OS is no exception for it! These authorizations allow you to choose exactly who can access your files & directory, providing an overall improved system security. There was one of the major flaws in the older Windows operating-system where, by standard, all users can see each other people's information (Windows 95, 98, Me). For overcoming it, editions of the Windows based computer system such as NT, 2000, XP and 2003 lot more security features added. They fully support file & directory permissions, just as Linux system has since the beginning. Together, we'll now assess a directory listing from our Lab Linux system hosting server, to help us understand the information provided. a simple 'ls' command will give you the file and directory listing within a given directory, including the option  '-l' will display number of new areas that we are going to discuss here:
Post a Comment
Read more

How to create a Hirens Boot CD 15.2 USB Disk

By
Hiren’s BootCD (HBCD) is a bootable CD that contains a set of tools that can help users to fix their computer if their system fails to boot. More specifically, HBCD contains hardware diagnostic programs, partition tools, data recovery utilities, antivirus tools and many other tools to fix your computer problems.  I write this article because I use Hiren’s BootCD frequently to troubleshoot computer problems, specially when a computer doesn’t boot anymore due to a virus attack or due to a corrupted file system. In this article you will find instructions on how to put Hiren’s BootCD on a USB flash drive (stick) in order to troubleshoot computer problems in the future.
4 comments
Read more