12.1 Running an FTP ServerAn FTP server lets you transfer files from one system to another via a network. When two computers are connected to the Internet, you can use FTP to transfer files from one to the other even though the computers are not directly connected. An FTP server attempts to authenticate users that ask to use it. You can configure your FTP server to accept requests only from users who have an account on the system running the FTP server, or you can configure it to accept requests from anyone, via a facility known as anonymous FTP.
12.1.1 Installing and Starting the FTP ServerTo install the FTP Server package group, use the Package Management Tool. After installing the package group, you must tell xinetd to respond to FTP clients. To do so, use the Service Settings Tool to associate the xinetd and vsftpd services with the current runlevel. Also, restart xinetd so that it's aware that it knows to respond to requests for the vsftpd service. 12.1.2 Testing the FTP ServerTo test your FTP server, start an FTP client by issuing the following command: ftp localhost The FTP server should prompt you for a login user account name and password. To log in anonymously, specify the username anonymous and use an email address, such as user@example.com, as the password. If you correctly supply the username and password, you should see the FTP prompt that lets you know the FTP server is ready to execute FTP subsystem commands. Type quit and press Enter to exit the FTP client.
Once your FTP server is working, try contacting it from a remote system. If you have a Windows machine, you can contact your server by using the built-in Windows FTP client that works similarly to the Linux FTP client, interpreting the same FTP subsystem commands. Open an MS-DOS Prompt window and type the command: ftp server where server specifies the hostname or IP address of your Linux server. Generally, once the FTP subsystem prompt is available, you should immediately issue the binary (or bin) command. This command specifies that files will be transferred verbatim; without it, executable files, documents, and other files that contain binary data will be scrambled when transferred. Generally, transferring text files and other non-binary files in binary mode will not damage them.
When you're ready to actually transfer some files, use the FTP commands described in Table 12-1. Here's a typical FTP session that you can use as a model: # ftp localhost C:\>ftp 192.168.0.2 Connected to 192.168.0.2. 220 ready, dude (vsFTPd 1.1.0: beat me, break me) Name (localhost:root): billmccarty 331 Please specify the password. Password: 230 Login successful. Have fun. ftp> bin 200 Binary it is, then. ftp> ls 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 500 500 33 Jan 04 17:06 file-for-download.txt 226 Directory send OK. ftp: 79 bytes received in 0.00Seconds 79000.00Kbytes/sec. ftp> get 3c90x-1.0.0e.tar.gz 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for file-for-download.txt (33 bytes). 226 File send OK. ftp: 33 bytes received in 0.00Seconds 33000.00Kbytes/sec. ftp> quit 221 Goodbye.
12.1.3 Securing Your FTP ServerIf your computer is connected to the Internet or another potentially hostile network, you should revise the FTP configuration to improve security. Two measures are generally recommended. First, if you don't need to provide FTP to anonymous users, disable anonymous FTP. To do so, edit the file /etc/vsftpd.conf, replacing the line: anonymous_enable=YES with the line: anonymous_enable=NO Second, if your users only download files, never upload them, you should disable FTP writes. To do so, edit the file /etc/vsftpd.conf, replacing the line: write_enable=YES with the line: write_enable=NO |