لطفا منتظر باشید ...
12.1 Running an FTP Server
An FTP
server lets you transfer files from one system to another via a
network. When two computers are connected to the Internet, you can
use FTP to transfer files from one to the other even though the
computers are not directly connected.
An FTP server attempts to authenticate users that ask to use it. You
can configure your FTP server to accept requests only from users who
have an account on the system running the FTP server, or you can
configure it to accept requests from anyone, via a facility known as
anonymous FTP.
 | FTP carries significant risk. FTP sends login passwords over the network as clear text. Anyone using a packet sniffer can discover passwords entered during an FTP session and use them to breach security. A more secure alternative is the Secure Shell (SSH) scp utility, described later in this chapter. However, servers providing public access to downloadable files must use FTP rather than SSH. |
12.1.1 Installing and Starting the FTP Server
To install the FTP Server package group, use the Package Management
Tool. After installing the package group, you must tell
xinetd to respond to FTP clients. To do
so, use the Service Settings Tool to associate the
xinetd and
vsftpd services with the current runlevel.
Also, restart xinetd so that
it''s aware that it knows to respond to requests for
the vsftpd service.
12.1.2 Testing the FTP Server
To test
your FTP server, start an FTP client by issuing the following
command:
ftp localhost
The FTP server should prompt you for a login user account name and
password. To log in anonymously, specify the username
anonymous and use an email address, such as
user@example.com, as the password. If you
correctly supply the username and password, you should see the FTP
prompt that lets you know the FTP server is ready to execute FTP
subsystem commands. Type quit and
press Enter to exit the FTP client.
 | By default, FTP does not allow the root user to log in. You could modify this behavior, but doing so could compromise system security because FTP sends passwords across the network in an insecure manner. |
Once your FTP server is working, try contacting it from a remote
system. If you have a Windows machine, you can contact your server by
using the built-in Windows FTP client that works similarly to the
Linux FTP client, interpreting the same FTP subsystem commands. Open
an MS-DOS Prompt window and type the command:
ftp server
where server specifies the hostname or IP
address of your Linux server. Generally, once the FTP subsystem
prompt is available, you should immediately issue the binary (or bin) command. This command specifies that
files will be transferred verbatim; without it, executable files,
documents, and other files that contain binary data will be scrambled
when transferred. Generally, transferring text files and other
non-binary files in binary mode will not damage them.
| If your FTP server fails to respond, check your host firewall configuration. The firewall may be blocking FTP traffic. See Section 12.5. |
When you''re ready to actually transfer some files,
use the
FTP
commands described in Table 12-1.
Here''s a typical FTP session that you can use as a
model:
# ftp localhost
C:\>ftp 192.168.0.2
Connected to 192.168.0.2.
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (localhost:root): billmccarty
331 Please specify the password.
Password:
230 Login successful. Have fun.
ftp> bin
200 Binary it is, then.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- 1 500 500 33 Jan 04 17:06 file-for-download.txt
226 Directory send OK.
ftp: 79 bytes received in 0.00Seconds 79000.00Kbytes/sec.
ftp> get 3c90x-1.0.0e.tar.gz
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file-for-download.txt (33 bytes).
226 File send OK.
ftp: 33 bytes received in 0.00Seconds 33000.00Kbytes/sec.
ftp> quit
221 Goodbye.
12.1.3 Securing Your FTP Server
If your
computer is connected to the Internet or another potentially hostile
network, you should revise the FTP configuration to improve security.
Two measures are generally recommended.
First, if you don''t need to provide FTP to anonymous
users, disable anonymous
FTP. To do so, edit the file /etc/vsftpd.conf,
replacing the line:
anonymous_enable=YES
with the line:
anonymous_enable=NO
Second, if your users only download files, never upload them, you
should disable FTP writes. To do so, edit the file
/etc/vsftpd.conf, replacing the line:
write_enable=YES
with the line:
write_enable=NO
