Professional File Transfer with proFTPD - Going Home (
Page 5 of 11 )
Your Linux system should already have an FTP client installed
- start it up, give it the name of the server to connect to ("localhost", in
this example), and log in as a user with an existing account on the system.
$ ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.2.8 Server (ProFTPD) [olympus.melonfire.com] Name
(localhost:joe): joe 331 Password required for joe.
Password: *******
230 User joe logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
How about looking around a little?
ftp> ls
227 Entering Passive Mode (127,0,0,1,4,139).
150 Opening ASCII mode data connection for file list
-rw------- 1 joe joe 9144 May 7 05:47 mbox
-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz
226 Transfer complete.
ftp>
Let's see if you can upload and download files.
ftp> bin
200 Type set to I.
ftp> get mbox
local: mbox remote: mbox
227 Entering Passive Mode (127,0,0,1,4,143).
150 Opening BINARY mode data connection for mbox (9144 bytes)
226 Transfer complete.
9144 bytes received in 0.00042 secs (2.1e+04 Kbytes/sec)
ftp> put outfile
local: outfile remote: outfile
227 Entering Passive Mode (127,0,0,1,4,145).
150 Opening BINARY mode data connection for outfile
226 Transfer complete.
ftp>
How about moving around the file system?
ftp> cd /
250 CWD command successful.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,36,136)
150 Opening ASCII mode data connection for /bin/ls.
total 193
drwxr-xr-x 2 root 4096 Apr 28 15:33 bin
drwxr-xr-x 4 root 1024 Apr 28 17:32 boot
drwxr-xr-x 20 root 118784 May 6 11:52 dev
drwxr-xr-x 41 root 4096 May 6 16:46 etc
drwxr-xr-x 17 root 4096 May 6 16:47 home
drwxr-xr-x 2 root 4096 Jun 22 2001 initrd
drwxr-xr-x 7 root 4096 Apr 28 17:29 lib
drwx------ 2 root 16384 Apr 28 17:17 lost+found
drwxr-xr-x 2 root 4096 Aug 27 2002 misc
drwxr-xr-x 4 root 4096 Apr 28 12:03 mnt
drwxr-xr-x 2 root 4096 Aug 23 1999 opt
dr-xr-xr-x 80 root 0 May 6 2003 proc
drwxr-x--- 5 root 4096 May 3 18:23 root
drwxr-xr-x 2 root 8192 Apr 28 17:31 sbin
drwxrwxrwt 3 root 4096 May 6 16:20 tmp
drwxr-xr-x 15 root 4096 Apr 28 17:19 usr
drwxr-xr-x 18 root 4096 May 5 17:42 var
226 Transfer complete.
ftp> cd /home
250 CWD command successful.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,4,157).
150 Opening ASCII mode data connection for file list
drwx------ 4 joe users 4096 Apr 28 11:02 joe
drwx------ 4 john users 4096 May 5 09:32 john
drwx------ 4 sarah users 4096 Jan 26 16:12 sarah
226 Transfer complete.
ftp>
All done? Log out.
ftp>bye
221 Goodbye.
Now, you'll have seen, from the above demonstration, that the
logged-in user can not only view his or her home area, but also other parts of
the directory tree. Since this is generally considered a serious security hole,
the first order of business is to configure proFTPD to "jail" users to their
home area and prevent them from moving around the rest of the system. Luckily,
doing this is fairly simple - just add the lines
# jail users to their home areas
DefaultRoot ~
to your "proftpd.conf" file, and restart the server.
$ killall -HUP proftpd
Now, try logging in again. This time, when you attempt to move up
and out of your home area, you'll see that proFTPD does not permit you to do
this.
$ ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.2.8 Server (ProFTPD) [olympus.melonfire.com] Name
(localhost:joe): joe 331 Password required for joe.
Password: *******
230 User joe logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Using binary mode to transfer files.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,4,161).
150 Opening ASCII mode data connection for file list
-rw------- 1 joe joe 9144 May 7 05:47 mbox
-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz
226 Transfer complete.
ftp> pwd
257 "/" is current directory.
ftp> cd /
250 CWD command successful.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,4,163).
150 Opening ASCII mode data connection for file list
-rw------- 1 joe joe 9144 May 7 05:47 mbox
-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz
226 Transfer complete.
ftp> cd /home
550 /home: No such file or directory
ftp> cd /bin
550 /bin: No such file or directory
ftp> bye
221 Goodbye.
Just incidentally, proFTPD's default settings do not allow "root"
to log in, even with the correct password. The reason is that "root" is just too
powerful a user to be permitted access via FTP; permitting "root" login opens up
a security hole that might be exploited by determined hackers to gain super-user
access to the system.
If, despite the warning above, you still want to
allow "root" login to the FTP server, you can do so by adding the RootLogin
directive to the configuration file, as below:
RootLogin on
Simple, huh? Now, how about setting up the server to handle anonymous
FTP.
