1. Home
  2. Linux systems
  3. Red Hat Linux 9 Professional Secrets

Setting up Secure Anonymous FTP

Setting up Secure Anonymous FTP

Anonymous FTP refers to the use of the user name anonymous, which anyone can use with FTP to transfer files from a system. Anonymous FTP is a common way to share files on the Internet.

If you have used anonymous FTP to download files from Internet sites, you already know the convenience of that service. Anonymous FTP makes information available to anyone on the Internet. If you have a new Linux application that you want to share with the world, set up anonymous FTP on your Linux PC, and place the software in an appropriate directory. After that, all you need to do is announce to the world (probably through a posting in the comp.os.linux.announce newsgroup) that you have a new program available. Now, anyone can get the software from your system at his or her convenience.

Even if you run a for-profit business, you can use anonymous FTP to support your customers. If you sell a hardware or software product, you may want to provide technical information or software 'fixes' through anonymous FTP.

Unfortunately, the convenience of anonymous FTP comes at a price. If you do not configure the anonymous FTP service properly, intruders and pranksters may gain access to your system. Some intruders may simply use your system's disk as a temporary holding place for various files; others may fill your disk with junk files, effectively making your system inoperable (this sort of attack is called a denial-of-service-DoS-attack). At the other extreme, an intruder may gain user-level (or, worse, root-level) access to your system and do much more damage.

Note 

If you have installed Red Hat Linux from this book's companion CD-ROMs, you already have anonymous FTP on your system. The default setup also employs the necessary security precautions.

Trying Anonymous FTP

To see anonymous FTP in action, try accessing your system by using an FTP client. For example, in the following sample session, I have accessed my system from another PC on the LAN (my input appears in boldface):

ftp localhost
Connected to localhost (127.0.0.1).
220 (vsFTPd 1.1.3)
Name (localhost:naba): anonymous
331 Please specify the password.
Password:       <-- I can type anything as password.
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,87,69)
150 Here comes the directory listing.
d--x--x--x    2 0        0            4096 Jan 19 19:31 bin
d--x--x--x    2 0        0            4096 Jan 19 19:31 etc
drwxr-xr-x    2 0        0            4096 Jan 19 19:31 lib
drwxr-sr-x    2 0        50           4096 Dec 13 16:13 pub
226 Directory send OK.
ftp> bye
221 Goodbye.

When you successfully log in for anonymous FTP, you access the home directory of the user named ftp (the default directory is /var/ftp). Place the publicly accessible files-the ones you want to enable others to download from your system-in the /var/ftp/pub directory.

Start Sidebar
Learning the Key Features of Anonymous FTP

The key features of an anonymous FTP setup are as follows:

  • There is a user named ftp whose home directory is /var/ftp. The user does not have a shell assigned. Here is what you get when you search for ftp in the /etc/passwd file:

        grep ftp /etc/passwd
    ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin

    The x in the second field means that no one can log in with the user name ftp. The login shell for this account, listed in the last field as /sbin/nologin, also ensures that the ftp user cannot log in (type man nologin to see what the nologin shell does).

  • Here is the full permission setting and owner information for the /var/ftp directory:

        drwxr-xr-x    6 root     root         4096 Jan 18 14:31 ftp

    As this line shows, the /var/ftp directory is owned by root, and the permission is set to 755 (only root can read and write; everyone else can only read; for more information on permission settings, see the chmod command described in Appendix A).

  • To view the contents of the /var/ftp directory, type the ls -la command. The output of this command is as follows:

        total 24
    drwxr-xr-x    6 root     root         4096 Jan 18 21:20 .
    drwxr-xr-x   21 root     root         4096 Jan 18 21:33 ..
    d--x--x--x    2 root     root         4096 Jan 18 21:20 bin
    d--x--x--x    2 root     root         4096 Jan 18 21:20 etc
    drwxr-xr-x    2 root     root         4096 Jan 18 21:20 lib
    drwxr-sr-x    2 root     ftp          4096 Dec 13 11:13 pub

    The permission settings of the bin and etc directories are 111 (execute only). All files inside the bin directory are also execute-only (permission setting 111). All files in the etc directory are read-only (permission setting 444).

  • The pub directory is where you place any files you want to enable others to download from your system through anonymous FTP.

End Sidebar



BackCover
Red Hat Linux 9 Professional Secrets
Introduction
Part I: Setting Up Red Hat Linux
Part II: Exploring Red Hat Linux
Part III: Internetworking with Red Hat Linux
Chapter 13: Internet Connection Setup
Chapter 14: Web Server
Chapter 15: Mail Server
Chapter 16: News Server
Chapter 17: FTP Server
Installing FTP Software
Understanding FTP
Configuring the FTP Server
Setting up Secure Anonymous FTP
Summary
Chapter 18: DNS and NIS
Chapter 19: Samba and NFS
Part IV: Managing Red Hat Linux
Part V: Programming Red Hat Linux
Part VI: Appendixes
List of Figures
List of Tables
List of Code Examples
List of Sidebars