[ Pobierz całość w formacie PDF ]
.Whether you decide tomanually copy them, or get the files made for your convenience from the archive, it will be yourresponsibility to modify, adjust for your needs and place the files related to the Wu-ftpd softwarein the appropriate places on your server, as shown below.The server configuration files archiveto download is located at the following Internet address: http://www.openna.com/books/floppy.tgz" To run an FTP server, the following files are required and must be created or copied tothe appropriate directories on your server.Copy the ftpaccess file in the  /etc/ directory.Copy the ftpusers file in the  /etc/ directory.Copy the ftphosts file in the  /etc/ directory.Copy the ftpgroups file in the  /etc/ directory.Copy the ftpconversion file in the  /etc/ directory.Copy the ftp file in the  /etc/pam.d/ directory.Copy the ftpd file in the  /etc/logrotate.d/ directory.You can obtain the configuration files listed below on our floppy.tgz archive.Copy the followingfiles from the decompressed floppy.tgz archive to the appropriate places or copy and paste themdirectly from this book to the concerned file.Configuration of the  /etc/ftpaccess fileThe  /etc/ftpaccess file is the main configuration file used to configure the operation of the Wu-ftpd server.This file is the primary means of controlling what users, and how many users, canaccess your server, and other important points of the security configuration.Each line in the fileeither defines an attribute or sets its value.Step 1Edit the ftpaccess file (vi /etc/ftpaccess) and add/change in this file the following lines:class openna guest 208.164.186.*limit openna 20 MoTuWeTh,Fr0000-1800 /home/ftp/.too_many.msgemail admin@openna.comloginfails 3readme README* loginreadme README* cwd=*450Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingServer Software (File Sharing Network Services) 2CHAPTER 1message /home/ftp/.welcome.msg loginmessage.message cwd=*compress yes alltar yes allchmod yes guestdelete yes guestoverwrite yes guestrename yes guestlog commands real,guestlog transfers real,guest inbound,outboundguestgroup ftpadminguestgroup webmaster# We don't want users being able to upload into these areas.upload /home/ftp/* / noupload /home/ftp/* /etc noupload /home/ftp/* /dev no# We'll prevent downloads with noretrieve.noretrieve /home/ftp/etcnoretrieve /home/ftp/devlog security real,guestguest-root /home/ftp ftpadmin webmasterrestricted-uid ftpadmin webmasterrestricted-gid ftpadmin webmastergreeting tersekeepalive yesnoretrieve.notarStep 2Now, change its default permission to be 600:[root@deep /]# chmod 600 /etc/ftpaccessThis tells ftpaccess file to set itself up for this particular configuration setup with:class openna guest 208.164.186.*The option  class specifies a class of users who can access your FTP server.You can define asmany classes as you want in the  ftpaccess file.In our example, we define the class name, and we allow only guest user with accounts on the FTP server to access theirhome directories via FTP if they are coming from the address 208.164.186.*.It s important to notethat three different kinds of users exist: anonymous, guest, and real.Anonymous users areanyone on the network who connect to the server and transfer files without having an account onit.Guest users are real users on the system for which their session is set up exactly as withanonymous FTP (this is the one we setup in our example), and Real users must have accountsand shells (this can pose a security risk) on the server to be able to access it.limit openna 20 MoTuWeTh,Fr0000-1800 /home/ftp/.too_many.msgThe option  limit specifies the number of users allowed to log in to the FTP server by class andtime of day.In our example, we limit access to the FTP server for the class name to 20users from Monday through Thursday , all day, and Friday from midnight to6:00 p.m.Also, if the limit of 20 users is reached, the content of the file451Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingServer Software (File Sharing Network Services) 2CHAPTER 1is displayed to the connecting user.This can be a useful parameterwhen you need to control the resources of your server.loginfails 3The option  loginfails specifies the number of failed login attempts connection clients can makebefore being disconnected.In our example we disconnect a user from the FTP server after threefailed attempts.readme README* loginreadme README* cwd=*The option  readme specifies to notify clients at login time, or upon using the change workingdirectory command, that a certain file in their current directory was last modified.In our example,we set the name of the file to be relative to the FTP directory , and the conditionunder which to display the message to be either displayed upon a successful login ordisplayed when a client enters the new default directory.message /home/ftp/.welcome.msg loginmessage.message cwd=*The option  message specifies to display special messages to the client when they either log in,or upon using the change working directory command.In our example, we indicate the locationand the name of the files to be displayed , and thecondition under which to display the files to be either displayed upon a successful login ,or displayed when a client enters a new directory.For the  readme and  messageoptions above, remember that when you re specifying a path for anonymous users, the path mustbe absolutely relative to the anonymous FTP directory.compress yes alltar yes allchmod yes guestdelete yes guestoverwrite yes guestrename yes guestThese options,  compress ,  tar ,  chmod ,  delete ,  overwrite , and  rename , specify thepermissions that you want to give to your users for these commands.In our example, we givepermission to the guest group to chmod, delete, overwrite, and rename files, and alloweverybody to use compress and tar commands.If you don't specify the following directives,they default to  yes for everybody.log commands real,guestThe option  log commands specifies to enable logging of individual commands by users forsecurity purposes.In our example, we log all real and guest users individual commands.The resulting logs are stored in the  /var/log/message file.log transfers real,guest inbound,outboundThe option  log transfers specifies to log all FTP transfers for security purposes.In our example,we log all real and guest users transfers that are both inbound and outboundwhich specify the direction that the transfers must take in order to belogged.The resulting logs are stored in the  /var/log/xferlog file [ Pobierz caÅ‚ość w formacie PDF ]