There are many different ways you can share files with users on your network. This capability is important because you don’t always want your users storing things locally on their desktop or laptop.
Should something happen to your end users’ systems, they would lose all their work…not to mention that it would cause a backup strategy nightmare. An easier solution for management and security would be to store all your files in a centralized location.
To transfer a file using the FTP protocol, a user must log in to an FTP server, which can be done with credentials or anonymously. When the user is connected, she can traverse the directory structure for any directory or file for which she has permissions.
If the protocol is not configured properly, this can leave your entire system open to attack and make it hard to track if the attack is done through an anonymous connection!
The second big issue with the FTP protocol is that when the user logs in with a username and password, they are passed over the network in clear-text, meaning that anyone listening can see them.
So, why use the FTP protocol at all? It’s easy to set up, and when used correctly, it’s highly effective for delivering files to end users.
Almost all major computer makers (HP, Dell, Apple) offer drivers for their systems over FTP, which allows for simple download by end users and organized structure on the back end for the drivers themselves.
Task 1 : Installing FTP Services
In RHEL6 and later versions, we use the vsftpd package, which stands for Very Secure FTP Daemon.
This particular FTP server offers additional features that make it a more secure choice if you have to use FTP. As with all services that you’d like to offer to your network users, you need to make sure that the appropriate packages are installed. Here’s how.
Step 1. Grab the required package:
# yum install -y vsftpd
Step 2. When the installation is complete, verify it was installed successfully:
# rpm -qa | grep vsftpd
vsftpd-2.2.2-6.el6.x86_64
Step 3. Ensure that the service will start on system boot:
# chkconfig vsftpd on
Step 4. Verify the service starts on boot:
# chkconfig vsftpd –list
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Task 2: Configuring VSFTP in Linux
Step 1. Look at which options are available in the config file:
# grep -v ^# vsftpd.conf
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
Step 2. Now let’s go over what each of these options can be used for:
anonymous_enable=YES
The default; sets security, although it should be changed to NO for better host-based security
local_enable=YES
Allows local users to log in
write_enable=YES
Enables users to write to directories
local_umask=022
Sets the umask for all uploaded files
dirmessage_enable=YES
Displays directory messages
xferlog_enable=YES
Logs all transfer activity to /var/log/xferlog
connect_from_port_20=YES
Forces port transfers to originate from port 20
xferlog_std_format=YES
Logs everything in standard transfer format
listen=YES
Allows the server to listen for connections
pam_service_name=vsftpd
Specifies the name used for the PAM service
userlist_enable=YES
Enables the service to consult user_list
tcp_wrappers=YES
Allows incoming requests based on the TCP Wrappers configuration
userlist_deny=YES
Enables users listed in user_list to log in via FTP.
These default settings for the vsftpd service allow you to get off the ground running with the FTP service.
At this point, any one of your system’s users is able to log in to the vsftpd service, but because the firewall is enabled by default, the connection will be denied.
Before you open the connection to your users, take some time to become familiar with the different options you can configure on your FTP server. The config file is heavily documented as to what each option does.
0 responses on "FTP configuration in Linux"