لطفا منتظر باشید ...
Setting Up an
Anonymous FTP Server
One popular use for FTP servers is to provide
anonymous FTP access. As noted earlier in this chapter, anonymous FTP servers
partially overlap in function with Web servers, so you might prefer to use only a Web server. On the other hand, using only an
anonymous FTP server, or even using both, might be worthwhile in some
situations. For instance, you might want both anonymous file retrieval and
username/password login file transfer on one system, but have no need for HTTP.
Running both might make sense as a convenience to your users, some of whom
might prefer or have readier access to just one type of client program.Before setting up an anonymous FTP server,
you should be aware of the special needs and security concerns that come with
these servers. Indeed, these issues may be critical in your decision of whether
to run an anonymous FTP server. Once you've made the decision, you'll need to dig
into your FTP server's configuration files to set up the appropriate options to
allow anonymous FTP access. You may also need to modify additional options on
your system, such as directory permissions.
Special Needs of Anonymous Servers
The usual purpose of an anonymous FTP server
is to deliver files from the server to the client. You might set up such a
server to hold software, documentation files, and so on that you want to be
publicly available. You can link to these files by specifying a URL in a Web
page that begins with ftp:// , such as ftp://ftp.threeroomco.com/pub/manual.pdf . A couple of points in this description deserve special emphasis: The files on an anonymous FTP site are generally
transferred from the server to the client, much as in a typical Web server
configuration. For this reason, anonymous FTP configurations usually disallow
file uploads. There are exceptions to this rule, but these are generally
accompanied by configurations that immediately hide the uploaded files from
callers, to prevent the site from becoming a trading post for illicit
materials. If you need to receive files from others, you may want to set up a
regular FTP server and give a username and password to the individual from whom
you need to receive files. You might also consider exchanging documents
via e-mail. The files on an anonymous FTP site are publicly
available. This means you should never place
confidential material on such a server. In order to protect the server's own OS
files and the files of any regular users, anonymous FTP servers restrict the
anonymous access to a special directory tree; everything outside of that tree
is off limits. Most FTP servers use the chroot() system call to
create a chroot jail, as
described in
accomplish this goal.WARNING
align=left border=0> Although a chroot jail can be a
useful security tool, it's not foolproof. The best practice is to keep
sensitive data off of the anonymous FTP server so that it won't fall into the
wrong hands should a miscreant break out of the chroot jail.
Because the FTP server runs in a chroot jail,
you may need to copy some system configuration files into the chroot jail directory.
Many FTP server packages for Linux already include appropriate copies of the
critical system files. Some servers, including ProFTPd, are able to read some
of their configuration files before locking themselves in the chroot jail,
so the number of files that must be copied is minimal.Some configurations, such as those generally
used with ProFTPd, work best with a chroot jail if the server
is run from a SysV startup script. Other configurations, such as those
generally used with WU-FTPD, permit anonymous server configurations even when
the server is run from a super server. The trick is that the chroot() system call can only be used by a program that's run as root . If your
super server configuration for the FTP server calls the FTP server as anything
but root , it won't be able to set up the chroot jail. (The
username-setting options in FTP server configuration files generally operate
after the chroot() call; until that time, a server run from a SysV or local startup
script runs as root .) Anonymous FTP servers require that certain
files reside in particular directories. These are described in the upcoming
section, "
Security Concerns of Anonymous Servers
Anonymous FTP servers, because they are
normally accessible to the outside world, are a potential security threat. In
theory, this threat need not be any greater than the threat from, say, Web or
mail servers. In practice, though, anonymous FTP's risk may be somewhat
greater. Part of the reason for this is that FTP servers, and WU-FTPD in
particular, have a less than stellar security history. A further part of the
problem is that FTP was designed for two-way file transfer, so a security flaw
that allows a user to break out of the chroot jail may allow the
user to overwrite critical system files, or at least arbitrary user files. A
mail server, by contrast, gives an attacker less leverage, because the mail is
processed in certain specified ways. (To be sure, bugs in mail servers have
been discovered that can be used to acquire more power.) On the plus side, a server that functions only as an anonymous FTP server doesn't pose a risk
due to the transfer of usernames and passwords, as is a concern for a
non-anonymous FTP server. The anonymous FTP server accepts all comers and any
password, so there are no sensitive passwords to be compromised. Thus, in some
respects, an anonymous server can be more secure than a non-anonymous server.Because a single FTP server can be configured
to perform both anonymous and non-anonymous operations, you run the risk of
getting the worst of both worlds if you run both types of FTP server
configurations on one system. Your best bet when running an anonymous FTP
server is to configure it to accept only
anonymous access, at least from the outside world. Minimize the number of user
accounts on the system, and don't run unnecessary servers or store any
sensitive data on the computer. These steps can help minimize the damage should
your anonymous FTP server be compromised.
Setting Anonymous Options
Most FTP packages that ship with Linux
distributions include operational or almost-operational anonymous FTP
configurations. You may need to fine-tune these configurations to get the
system truly working, though. This section describes the options in WU-FTPD and
ProFTPd that accomplish this task, beginning with the creation of the directory
tree that's common to both servers and moving on to server-specific
configuration options.
Setting Up an Anonymous Directory Tree
The first step to creating an anonymous FTP
site is creating an appropriate directory tree. A common choice for this tree's
location is /home/ftp , but you can place it somewhere else if you prefer. In most cases,
this tree should be owned by root or a user who is to maintain the FTP site, and have 755 ( rwxr-xr-x )
permissions. This allows the administrator to edit files in the directory, but
it gives nobody else write access. In particular, the ftp user (or
whatever username you use for anonymous access) can't write to the anonymous
FTP directory. Subdirectories and files should follow the same pattern,
although most files will lack the execute permission bit.A typical anonymous FTP directory contains
subdirectories as follows: pub This is the traditional location for the files that users will
access. You can structure it in whatever way you feel is appropriate and
populate it with whatever files you like. Be sure that all files are world
readable, or at least readable by the ftp user. bin The FTP server may call other programs to perform some functions. These
programs must be accessible in the /bin directory (relative
to the root created by chroot() ). Most commonly, ls is required. You may also need tar , gzip , and zcat (this
being a symbolic link to gzip ). In FTP packages, the directory of this name may include
executables that are larger than the ones in the main computer's /bin directory, because the FTP directory's executables are built statically linked,
so as to obviate the need for separate library files, as described next. Be
sure that your executable programs in this directory have their execute bits
set. lib This directory contains dynamic library files that are used by the
binary files in /bin . If you copy binary files from your regular /bin directory, you can use the ldd command to determine what library files you must copy to the FTP
tree's lib directory to match. For instance, you can type ldd /bin/ls to learn what libraries ls requires. etc The FTP server may rely upon two files from the /etc directory
to do its work: passwd and group . You don't need to (and should probably not) copy your entire
regular passwd and group files. The most critical entry is the one for ftp , or
whatever username you use for anonymous access.Once you've set up these directories and
files, the basic directory structure should be adequate. You may need to add a
few more files, or modify existing files, for particular purposes. For
instance, if you add the ability to compress files using a tool other than gzip , you'll
need to copy an appropriate executable to the FTP server's /bin directory.
WU-FTPD Anonymous Options
The most important anonymous FTP server
configuration options for WU-FTPD appear in the /etc/ftpaccess file. Specifically,
you may need to set or adjust the following options: class You
must create a class that
includes anonymous access. This
class may be the same as a class for other types of access. compress , tar , chmod , delete , overwrite , and rename
These options, described earlier, allow you to specify who may issue commands
that involve specific types of options. You may want to exclude anonymous users
from the last four of these to prevent them from changing files on the server.
This setting may be redundant with filesystem controls, but redundancy can be
useful in the event one type of control malfunctions or is misconfigured. anonymous-root
Set this option to the root directory for the chroot
jail in which WU-FTPD will run itself.Most WU-FTPD configurations run from a super server with root privileges. When such a system
receives an anonymous login, it spawns a subprocess as ftp , so WU-FTPD can run an anonymous
server even from a super server.
ProFTPd
Anonymous Options
The main ProFTPd options for configuring an
anonymous FTP server appear in the proftpd.conf file, along
with the other major server options. A simple but workable anonymous FTP
configuration in this file might resemble the following: <Anonymous /home/ftp> User ftp Group ftp # We want clients to be able to login with "anonymous" as well as #"ftp" UserAlias anonymous ftp # Limit WRITE everywhere in the anonymous chroot <Limit WRITE> DenyAll </Limit> </Anonymous>
Some key points about this configuration
include the following: The <Anonymous> directive
grouping is the key to the ProFTPd anonymous access configuration. When this
directive is present, ProFTPd knows to handle matching logins somewhat
differently than normalnamely, to create a chroot jail in the
specified directory ( /home/ftp in this example). The User and Group directives tell ProFTPd which username and group name to use for the anonymous
server configuration. ProFTPd launches itself and then spawns a subprocess
under the appropriate username and group. You should be sure that your FTP
directory configuration is accessible to the username and group you choose. The UserAlias directive tells
ProFTPd to admit users who type anonymous as the
username as anonymous users. The <Limit WRITE> grouping tells ProFTPd to deny write access to all users. If you set up your
permissions appropriately in the anonymous FTP directory tree, this setting should be redundant. Redundant security measures are
a good precaution, though; in case one setting is in error or subject to a bug,
the other should provide protection. If you wanted to create a pseudo-anonymous
server that takes an anonymous username but requires a password, you could use the AnonRequiresPassword on directive. You would then also need to set an appropriate password
in /etc/passwd or /etc/shadow . (ProFTPd will authenticate the user before
locking itself in its chroot jail, so use your system's password file, not the matching file in
the chroot jail directory.) If you want the server to function only as an anonymous FTP server, you should take
steps to limit or eliminate FTP access to ordinary users. If possible, run the
FTP server on a computer that supports just the bare minimum of administrative
users, and deny them access by entering their usernames in the /etc/ftpusers file.
