Networking - FTP


Concept of FTP

Transfers files to and from a computer running a File Transfer Protocol - FTP server.

By the above picture we can understand how we shall work by FTP. Let’s explain this picture at length. There is a user account in server’s computer (192.168.10.1) named jon who have a home directory and a file called mydoc.txt in this directory. On the other hand client’s system (192.168.10.3) has an administrator login id root that has a file named newdoc.txt in one’s home directory. Now root can login in server computer if he knows jon’s password or he is a user of server system as login named jon through FTP in network. After login he is enabled to transfer a file of his home directory from server to client system (mydoc.txt can be copied on client) or from client to server system (newdoc.txt can be copied on server) by using only sitting front of client system.

Usually, in the ftp server there are two types of users who can share or access the files.

Normal User: Who has an own account and login permission in the server computer, then this type of user is called Normal user or Local user. By default he can perform both upload (To copy file in client computer from server) and download (To copy in server computer from client).

Anonymous User: On the other hand who has no account in the server computer, but they can transfer the files or login in the server computer then this type of user is called anonymous user. The login id and password of anonymous user are given below.

Login Name: anonymous

Password: anonymous

To Setup FTP

In Red Hat Linux, the ftp server’s package name is vsftpd (Very Security FTP Daemon) which comes with Linux installation CD. To check whether the package is setup or not, we can use the rpm command with –q option.

[root@localhost root]# rpm -q vsftpd

vsftpd-1.2.1-5

There are some important files are used to configure the vsftpd server which are given below with marking boldly all important lines

[root@localhost root]# vi /etc/vsftpd/vsftpd.conf

# Example config file /etc/vsftpd/vsftpd.conf

#

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit, to make the ftp daemon more usable.

# Please see vsftpd.conf.5 for all compiled in defaults.

#

# READ THIS: This example file is NOT an exhaustive list of vsftpd options.

# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

# capabilities.

#

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).

anonymous_enable=YES

#

# Uncomment this to allow local users to log in.

local_enable=YES

#

# Uncomment this to enable any form of FTP write command.

write_enable=YES

#

# Default umask for local users is 077. You may wish to change this to # #022,

# if your users expect that (022 is used by most other ftpd's)

local_umask=022

#

# Uncomment this to allow the anonymous FTP user to upload files. This only

# has an effect if the above global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

#

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

#

# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES

#

# Activate logging of uploads/downloads.

xferlog_enable=YES

#

# Make sure PORT transfer connections originate from port 20 (ftp-data).

connect_from_port_20=YES

#

# If you want, you can arrange for uploaded anonymous files to be owned by

# a different user. Note! Using "root" for uploaded files is not

# recommended!

#chown_uploads=YES

#chown_username=whoever

#

# You may override where the log file goes if you like. The default is #shown

# below.

#xferlog_file=/var/log/vsftpd.log

#

# If you want, you can have your log file in standard ftpd xferlog format

xferlog_std_format=YES

#

# You may change the default value for timing out an idle session.

#idle_session_timeout=600

#

# You may change the default value for timing out a data connection.

#data_connection_timeout=120

#

# It is recommended that you define on your system a unique user which the

# ftp server can use as a totally isolated and unprivileged user.

#nopriv_user=ftpsecure

#

# Enable this and the server will recognise asynchronous ABOR requests. Not

# recommended for security (the code is non-trivial). Not enabling it,

# however, may confuse older FTP clients.

#async_abor_enable=YES

#

# By default the server will pretend to allow ASCII mode but in fact ignore

# the request. Turn on the below options to have the server actually do ASCII

# mangling on files when in ASCII mode.

# Beware that turning on ascii_download_enable enables malicious remote parties

# to consume your I/O resources, by issuing the command "SIZE /big/file" in

# ASCII mode.

# These ASCII options are split into upload and download because you may wish

# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),

# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be

# on the client anyway..

#ascii_upload_enable=YES

#ascii_download_enable=YES

#

# You may fully customise the login banner string:

#ftpd_banner=Welcome to blah FTP service.

#

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# useful for combatting certain DoS attacks.

#deny_email_enable=YES

# (default follows)

#banned_email_file=/etc/vsftpd.banned_emails

#

# You may specify an explicit list of local users to chroot() to their home

# directory. If chroot_local_user is YES, then this list becomes a list of

# users to NOT chroot().

#chroot_list_enable=YES

# (default follows)

#chroot_list_file=/etc/vsftpd.chroot_list

#

# You may activate the "-R" option to the builtin ls. This is disabled by

# default to avoid remote users being able to cause excessive I/O on large

# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# the presence of the "-R" option, so there is a strong case for enabling it.

#ls_recurse_enable=YES

pam_service_name=vsftpd

userlist_enable=YES

#enable for standalone mode

userlist_deny=NO

listen=YES

tcp_wrappers=YES

ð This is the main configuration file of the vsftpd server. It carries all the important information of vsftpd. Such that, whether anonymous user can login or not, umask value, login message (Banner) etc.

[root@localhost root]# vi /etc/vsftpd.user_list

# vsftpd userlist

# If userlist_deny=NO, only allow users in this file

# If userlist_deny=YES (default), never allow users in this file, and

# do not even prompt for a password.

# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers

# for users that are denied.

root

bin

daemon

adm

lp

shutdown

halt

mail

news

operator

ð Usually, this configuration file act in two ways. Which are given below,

a. If we add a line “userlist_deny=NO” in “/etc/vsftpd/vsftpd.conf” file then it allows users in this file.

b. If we add a line “userlist_deny=YES” (default) in “/etc/vsftpd/vsftpd.conf” file then it never allows users in this file and do not even prompt for a password.

[root@localhost root]# vi /etc/vsftpd.ftpusers

# Users that are not allowed to login via ftp

bin

daemon

adm

lp

sync

halt

operator

games

nobody

ð This file carries all local users login name that can't login to server computer by vsftpd.

[root@localhost root]# vi /etc/hosts.allow

#

# hosts.allow This file describes the names of the hosts which are

# allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

vsftpd : 192.168.10.33

vsftpd : 192.168.10.50

vsftpd : 192.168.9.*

vsftpd : www.world.com

ð Only which machine can’t be used to login in the server computer.

[root@localhost root]# vi /etc/hosts.deny

#

# hosts.deny This file describes the names of the hosts which are

# *not* allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

# The portmap line is redundant, but it is left to remind you that

# the new secure portmap uses hosts.deny and hosts.allow. In particular

# you should know that NFS uses portmap!

vsftpd : 192.168.10.55

vsftpd : 92.168.10.23

ð Which machine can’t be used to login in the server computer.

[root@localhost root]# service vsftpd start

Starting vsftpd for vsftpd: [ OK ]

ð It starts the vsftpd server.

Working with FTP

[root@localhost root]# ftp

Ex.

[root@localhost root]# ftp 192.168.10.3

Connected to 192.168.10.3 (192.168.10.3).

220 (vsFTPd 1.2.1)

Name (192.168.10.3:root): root

331 Please specify the password.

Password:

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

ð After connection successfully client can access files to transfer from server computer to client, and also he can download files in server computer. In below there are some commands given.

Some common but important commands are given below,

Command

Description

Command

Description

account

Send account command to remote server.

bell

Beep when command completed.

case

Toggle mget upper/lower case id mapping.

delete

Delete remote file.

close

Terminate ftp session.

dir

List contents of remote directory.

exit

Terminate ftp session and exit.

get

Receive file.

help

Print local help information.

ls

List contents of remote directory.

mdelete

Delete multiple files.

mdir

List contents of multiple remote directories.

mget

Get multiple files.

mkdir

Make directory on the remote machine.

mode

Set file transfer mode.

mput

Send multiple files

put

Send one file

pwd

Print working directory on. remote machine.

quit

Terminate ftp session and exit.

rmdir

Remove directory on the. remote machine.

size

Show size of remote file.

status

Show current status.

user

Send new user information

umask

Get(set)umask on remote side.

mget

Get multiple files.

mkdir

Make directory on the remote machine.

Example,

ftp> status

Connected to 192.168.10.3.

No proxy connection.

Mode: stream; Type: binary; Form: non-print; Structure: file

Verbose: on; Bell: off; Prompting: on; Globbing: on

Store unique: off; Receive unique: off

Case: off; CR stripping: on

Ntrans: off

Nmap: off

Hash mark printing: off; Use of PORT cmds: on

Tick counter printing: off

ftp> ls

227 Entering Passive Mode (192,168,10,3,203)

150 Here comes the directory listing.

drwxr-xr-x 3 0 0 4096 May 10 11:25 Desktop

-rw-r--r-- 1 0 0 49 Jun 07 10:44 NewStudenName

-rw-r--r-- 1 0 0 49 Jun 07 10:41 StudenName

-rw-r--r-- 1 0 0 1065 Apr 15 16:19 anaconda-ks.cfg

-rw-r--r-- 1 0 0 0 Jun 08 06:16 autoscan.log

-rw-r--r-- 1 0 0 19968 Jun 07 11:29 command.doc

-rw-r--r-- 1 0 0 389 Jun 08 06:16 configure.scan

-rw-r--r-- 1 0 0 707 Jun 07 11:04 datafile

-rw-r--r-- 1 0 0 13824 Jun 07 12:09 dhcp.doc

-rw-r--r-- 1 0 0 53 Jun 07 07:57 file1

-rw-r--r-- 1 0 0 78 Jun 07 10:14 file2

-rw-r--r-- 1 0 0 53 Jun 07 10:15 file3

drwxr-xr-x 2 0 0 4096 Jun 07 07:42 file:

-rw-r--r-- 1 0 0 53254 Apr 15 16:19 install.log

-rw-r--r-- 1 0 0 3005 Apr 15 16:18 install.log.syslog

-rw-r--r-- 1 0 0 16143 Jun 07 10:49 redhat.sxw

-rw-r--r-- 1 0 0 0 Jun 07 15:50 textfile.txt

226 Directory send OK.

ftp > get file1

local: file1 remote: file1

227 Entering Passive Mode (192,168,10,3,191)

150 Opening BINARY mode data connection for file1 (53 bytes).

226 File send OK.

ð To download file from server to client computer we use this command. The file will be downloaded to the current directory of client's computer.

ftp > put

ð To download file from client to server computer we use this command.

ftp > mget *

ftp > mput *

ð Both commands can upload and download multiple files respectively.

ftp> bye

221 Goodbye.

ð To exit FTP server we use bye, exit, quit etc commands.