sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
System Administration Guide: Resource Management and Network Services 

Previous Previous     Contents     Index     Next Next
Chapter 38

Administering the FTP Server (Tasks)

This chapter includes tasks that are described in the following table to set up and administer an FTP server.

Table 38-1 Task Map: Administering the FTP Server

Task

Description

For Instructions

Configure access to the FTP server

Use the ftpaccess, ftpusers, and the ftphosts files in the /etc/ftpd directory to establish or restrict access to the FTP server.

How to Set User Login Limits

How to Control the Number of Invalid Login Attempts

How to Disallow FTP Server Access to Particular Users

How to Restrict Access to the Default FTP Server

How to Define FTP Server Classes

Set up FTP server logins

Establish login accounts for real, guest and anonymous users.

How to Set Up Real FTP Users

How to Set Up Guest FTP Users

How to Set Up Anonymous FTP Users

How to Create the /etc/shells file

Customize message files

Edit the /etc/ftpd/ftpaccess file to configure the FTP server to return messages to the FTP client related to specific events.

How to Customize Message Files

How to Create Messages to Be Sent to Users

How to Configure the README Option

Configure access to files on the FTP server

Use the /etc/ftpd/ftpaccess file to specify classes of users who are allowed to execute certain commands or to download and upload files to the FTP server.

How to Configure DA Discovery for Dial-up Networks

Controlling Uploads and Downloads on the FTP Server

Enable limited or complete virtual hosting

Use the /etc/ftpd/ftpaccess file to configure the FTP server to support multiple domains on the same machine.

How to Enable Limited Virtual Hosting

How to Enable Complete Virtual Hosting

Start the FTP server

Edit the /etc/inet/inetd.conf file to start the FTP server in nowait or standalone mode.

How to Start an FTP Server From inetd.conf

How to Start a Standalone FTP Server

Shut down the FTP server

Use the /etc/ftpd/ftpaccess file and run the ftpshut to shut down the FTP server.

Shutting Down the FTP Server

Troubleshoot some common FTP server problems

Check syslogd and use greeting text and log commands to debug problems on the FTP server.

How to Check syslogd for FTP Server Messages

How to Use greeting text to Verify ftpaccess

How to Check the Commands Executed by FTP Users

Controlling FTP Server Access

You can use the following configuration files in the /etc/ftpd directory to control access to the FTP server.

  • ftpusers is used to list users who are denied access to the FTP server.

  • ftphosts is used to allow or deny login from various hosts to various accounts on the FTP server.

  • ftpaccess is the main FTP configuration file. The FTP server only reads the /etc/ftpd/ftpaccess file if called with the -a option. When the ftpaccess file is used, all users must be members of a class to be allowed access to the FTP server. You can specify many ftpaccess directives that apply only to a particular class.

    For further information, see ftpusers(4), ftphosts(4), and ftpaccess(4)

    Note - In all FTP server configuration files, lines beginning with # signs are treated as comments.

ProcedureHow to Define FTP Server Classes

To log in to the FTP server, users must be members of a class when the ftpaccess file is used. To add the class directive to the ftpaccess file, you specify the class name, typelist of users who are permitted access from a particular host.

  1. Become superuser.

  2. Add entries for anonymous, guest, and real users in the ftpaccess file.

    class class typelist addrglob[addrglob...]

    class

    Keyword that is used to define FTP users.

    class

    A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged in user is considered a member of the first class matched.

    typelist

    A comma-separated list of the keywords that match the three types of users: anonymous, guest, and real.

    addrglob

    A globbed domain name or a globbed numeric address. The addrglob can also be the name of a file, starting with a slash (`/`), which contains additional address globs: address:netmask or address/cidr.

    Here are some examples of globbed addresses:

    • Numeric IPv4 address: 10.1.2.3

    • Globbed domain name *.provider.com

    • Globbed numeric IPv4 address 10.1.2.*

    • Numeric IPv4 address:netmask 10.1.2.0:255.255.255.0

    • Numeric IPv4 address/CIDR 10.1.2.0/24

    • Numeric IPv6 address: 2000::56:789:21ff:fe8f:ba98

    • Numeric IPv6 address/CIDR: 2000::56:789:21ff:fe8f:ba98/120

Example--Defining FTP Server Classes

class  local  real,guest,anonymous *.provider.com
class  remote real,guest,anonymous *

The previous example defines the local class as any user of the type real, guest, or anonymous who logs in from *.provider.com. The last line defines remote as any user who logs in from anywhere other than *.provider.com.

ProcedureHow to Set User Login Limits

You can limit the number of simultaneous logins by users of a certain class with directives that are set in the ftpaccess file. Each login limit contains the name of a class, a UUCP-style days-of-week list, and a message file to display if the limit is exceeded.

To set user login limits, follow the steps in the next procedure.

  1. Become superuser.

  2. Add the following entries to the ftpaccess file:

    limit class n times [message_file]

    limit

    Keyword that is used to restrict simultaneous logins by the specified number of users of a defined class at certain connection times.

    class

    A name that is defined by the class keyword. Each login is compared against a list of defined classes. The logged-in user is considered a member of the first class matched.

    n

    Number of users.

    times

    Day-of-week and time-of-day when the class can connect. Use Any for any day.

    message_file

    Message file that is displayed if a user is denied access.

Example--Setting User Login Limits

limit   anon     50  Wk0800-1800		/etc/ftpd/ftpmsg.deny
limit   anon    100  Any				/etc/ftpd/ftpmsg.deny
limit   guest   100  Any				/etc/ftpd/ftpmsg.deny

The first line of the preceding example shows a limit of 50 simultaneous logins that are allowed to users of class anon during weekly work hours. The second line limits anon users to 100 simultaneous logins outside of working hours. The last line shows a limit of 100 guest logins that are allowed at any time. For information on how to specify day and time parameters, see ftpaccess(4).

The example further indicates that the content of the file /etc/ftpd/ftpmsg.deny is returned when a specified login limit is reached, assuming ftpmsg.deny exists. For information on using the /usr/sbin/ftpcount command to view the number and login limit for each class of user who is logged in at a particular time, see ftpcount(1).

Users are allowed login to the FTP server unless a specified limit is reached. Anonymous users are logged in as the user ftp. Real users are logged in as themselves, and guests are logged in as real users with a chroot environment to limit access privileges.

For information on using the /usr/sbin/ftpwho command to check the identities of the users logged into the FTP server, see ftpwho(1).

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2003 Sun Microsystems