Professional File Transfer with proFTPD - Going Home (Page 5 of 11 )
Your Linux system should already have an FTP client installed - start it up, give it the name of the server to connect to ("localhost", in this example), and log in as a user with an existing account on the system.
$ ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.2.8 Server (ProFTPD) [olympus.melonfire.com] Name
(localhost:joe): joe 331 Password required for joe.
Password: *******
230 User joe logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
How about looking around a little?
ftp> ls
227 Entering Passive Mode (127,0,0,1,4,139).150 Opening ASCII mode data connection for file list-rw------- 1 joe joe 9144 May 7 05:47 mbox-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz226 Transfer complete.ftp>
Let's see if you can upload and download files.
ftp> bin
200 Type set to I.ftp> get mboxlocal: mbox remote: mbox227 Entering Passive Mode (127,0,0,1,4,143).150 Opening BINARY mode data connection for mbox (9144 bytes) 226 Transfer complete. 9144 bytes received in 0.00042 secs (2.1e+04 Kbytes/sec)ftp> put outfilelocal: outfile remote: outfile227 Entering Passive Mode (127,0,0,1,4,145).150 Opening BINARY mode data connection for outfile226 Transfer complete.ftp>
How about moving around the file system?
ftp> cd /
250 CWD command successful.ftp> ls -l227 Entering Passive Mode (127,0,0,1,36,136)150 Opening ASCII mode data connection for /bin/ls.total 193drwxr-xr-x 2 root 4096 Apr 28 15:33 bindrwxr-xr-x 4 root 1024 Apr 28 17:32 bootdrwxr-xr-x 20 root 118784 May 6 11:52 devdrwxr-xr-x 41 root 4096 May 6 16:46 etcdrwxr-xr-x 17 root 4096 May 6 16:47 homedrwxr-xr-x 2 root 4096 Jun 22 2001 initrddrwxr-xr-x 7 root 4096 Apr 28 17:29 libdrwx------ 2 root 16384 Apr 28 17:17 lost+founddrwxr-xr-x 2 root 4096 Aug 27 2002 miscdrwxr-xr-x 4 root 4096 Apr 28 12:03 mntdrwxr-xr-x 2 root 4096 Aug 23 1999 optdr-xr-xr-x 80 root 0 May 6 2003 procdrwxr-x--- 5 root 4096 May 3 18:23 rootdrwxr-xr-x 2 root 8192 Apr 28 17:31 sbindrwxrwxrwt 3 root 4096 May 6 16:20 tmpdrwxr-xr-x 15 root 4096 Apr 28 17:19 usrdrwxr-xr-x 18 root 4096 May 5 17:42 var226 Transfer complete.ftp> cd /home250 CWD command successful.ftp> ls -l227 Entering Passive Mode (127,0,0,1,4,157).150 Opening ASCII mode data connection for file listdrwx------ 4 joe users 4096 Apr 28 11:02 joedrwx------ 4 john users 4096 May 5 09:32 johndrwx------ 4 sarah users 4096 Jan 26 16:12 sarah226 Transfer complete.ftp>
All done? Log out.
ftp>bye
221 Goodbye.
Now, you'll have seen, from the above demonstration, that the logged-in user can not only view his or her home area, but also other parts of the directory tree. Since this is generally considered a serious security hole, the first order of business is to configure proFTPD to "jail" users to their home area and prevent them from moving around the rest of the system. Luckily, doing this is fairly simple - just add the lines
# jail users to their home areas
DefaultRoot ~
to your "proftpd.conf" file, and restart the server.
$ killall -HUP proftpd
Now, try logging in again. This time, when you attempt to move up and out of your home area, you'll see that proFTPD does not permit you to do this.
$ ftp localhost
Connected to localhost (127.0.0.1).
220 ProFTPD 1.2.8 Server (ProFTPD) [olympus.melonfire.com] Name
(localhost:joe): joe 331 Password required for joe.
Password: *******
230 User joe logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Using binary mode to transfer files.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,4,161).
150 Opening ASCII mode data connection for file list
-rw------- 1 joe joe 9144 May 7 05:47 mbox
-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz
226 Transfer complete.
ftp> pwd
257 "/" is current directory.
ftp> cd /
250 CWD command successful.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,4,163).
150 Opening ASCII mode data connection for file list
-rw------- 1 joe joe 9144 May 7 05:47 mbox
-rw-rw-r-- 1 joe joe 966281 May 7 04:44 proftpd-1.2.8.tar.gz
226 Transfer complete.
ftp> cd /home
550 /home: No such file or directory
ftp> cd /bin
550 /bin: No such file or directory
ftp> bye
221 Goodbye.
Just incidentally, proFTPD's default settings do not allow "root"
to log in, even with the correct password. The reason is that "root" is just too powerful a user to be permitted access via FTP; permitting "root" login opens up a security hole that might be exploited by determined hackers to gain super-user access to the system.
If, despite the warning above, you still want to allow "root" login to the FTP server, you can do so by adding the RootLogin directive to the configuration file, as below:
RootLogin on
Simple, huh? Now, how about setting up the server to handle anonymous
FTP.
Next: Signed, Anonymous >>
More Administration Articles
More By Vikram Vaswani, (c) Melonfire
