FTP

  1. What it is
    1. Older protocol -- but part of the WWW
    2. Features
      1. File transfer and file managment.
        1. cp, rm, mv, ls, cat
      2. Disallows other commands.
      3. Verifies each user by password
        1. Better security but more annoying that NFS
    3. Supposidly faster that http for large files, but my testing does not show that.
    4. Sites that don't want rlogin can still get more power than http:
  2. FTP security.
    1. ftpd runs as root (needed to bind to socket <1024).
    2. User ftp does a suid(user), and then lets the user access whatever he wants.
    3. Means the file system enforces security.
    4. Anonymous ftp does a chroot(~ftp).
  3. How to set it up.
    1. Choose an invocation method
      1. Standalone method.
        1. Always running, so no exec cost.
        2. Always running, so always uses a process
        3. Just change some rc file to start up ftpd
        4. Better for high usage situations.
      2. Inetd.conf method
        1. Inetd.conf
          1. Inetd.conf runs internet programs that have low usage.
          2. Waits for a connection on the socket, then runs the program.
          3. Allows gazillion services to run using only a single process.
          4. Just add a line in /etc/inetd.conf
            5. ftp    stream tcp nowait root /usr/sbin/rcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
        2. Ftpd only runs when there's a connection, so uses no resources while idle.
        3. Need to exec a new process each time ftp is invoked.
        4. Better for low usage situation.
    2. Choose if you want anonymous FTP
      1. If not, just complete /etc/ftpusers.
        1. More secure.
        2. No warez access, no secret dirs.
        3. Users can access anything, including their home dirs.
        4. Users are people who
        5. Have a name and know the password in /etc/passwd
        6. Do NOT appear in /etc/ftpusers.
        7. Do have a standard shell (/etc/shells).
      2. If so, make entire directory structure in ~ftp.
        1. Possible usernames are ftp and anonymous.
        2. More friendly, can publish stuff.
        3. Need system usable by chroot'ed commands.
        4. ~ftp not writeable by no-one.
        5. ~ftp/bin not writeable including ls command.
        6. ~ftp/etc not writeable incuding passwd group for ls without passwords
        7. ~ftp/pub chose permissions public files go here.
        8. ~ftp/lib with libc often needed.
        9. ~ftp/dev with zero, null often needed. (Don't up all of dev here!!).
    3. New capabilities in /etc/ftpaccess
      1. Need -a on ftpd to use.
      2. Set group of anonymous users.
      3. deny users from a set of hosts.
      4. limit number of users by time, hosts
      5. deny file retrieval for file pattern
      6. Many others.
  4. FTP maintainance
    1. Look at log file, trim log file.
    2. Delete unneeded files in ~ftp/pub.