Red Hat Linux 7 Unleashed

By William Ball

• Table of Contents
  • Copyright
  • About the Lead Authors
  • About the Contributing Authors
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • I. Red Hat Linux Installation and User Services
  • Chapter 1. Introduction to Red Hat Linux
  • Chapter 2. Installation of Your Red Hat System
  • Chapter 3. LILO and Other Boot Managers
  • Chapter 4. Configuring the X Window System, Version 11
  • Chapter 5. Window Managers
  • Chapter 6. Connecting to the Internet
  • Chapter 7. IRC, ICQ, and Chat Clients
  • Chapter 8. Using Multimedia and Graphics Clients
  • II. Configuring Services
  • Chapter 9. System Startup and Shutdown
  • Chapter 10. SMTP and Protocols
  • Chapter 11. FTP
    • Getting and Installing the FTP Server
    • How the FTP Server Works
    • Configuring Your FTP Server
    • FTP Administrative Tools
    • Using FTP Clients
    • Summary
  • Chapter 12. Apache Server
  • Chapter 13. Internet News
  • Chapter 14. Domain Name Service and Dynamic Host Configuration Protocol
  • Chapter 15. NIS: Network Information Service
  • Chapter 16. NFS: Network Filesystem
  • Chapter 17. Samba
  • III. System Administration and Management
  • Chapter 18. Linux Filesystems, Disks, and Other Devices
  • Chapter 19. Printing with Linux
  • Chapter 20. TCP/IP Network Management
  • Chapter 21. Linux System Administration
  • Chapter 22. Backup and Restore
  • Chapter 23. System Security
  • IV. Red Hat Development and Productivity
  • Chapter 24. Linux C/C++ Programming Tools
  • Chapter 25. Shell Scripting
  • Chapter 26. Automating Tasks
  • Chapter 27. Configuring and Building Kernels
  • Chapter 28. Emulators, Tools, and Window Clients
  • V. Appendixes
  • A. The Linux Documentation Project
  • B. Top Linux Commands and Utilities
  • C. The GNU General Public License
  • D. Red Hat Linux RPM Package Listings

How the FTP Server Works

FTP service is controlled from the /etc/inetd.conf file and is automatically invoked whenever someone connects to the FTP port. (Ports are logical associations from a network connection to a specific service. For example, port 21 associates to FTP, port 23 associates to Telnet, and so on.) When a connection is detected, the FTP daemon (/usr/sbin/in.ftpd) is invoked and the session begins. The default /etc/inetd.conf file installed with your Red Hat distribution contains the necessary line for this step to occur.

After the server is invoked, the client needs to provide a username and corresponding password. Two special usernames—anonymous and ftp—have been set aside for the purpose of allowing access to the public files. Any other access requires the user to have an account on the server.

If a user accesses the server using an account, an additional check is performed to ensure that the user has a valid shell. If the user doesn't, access is denied to the system. This check is useful if you want to limit user access to a server (for example, POP mail) and do not want users logging in via Telnet or FTP. Valid shells are listed in the your system's /etc/shells file. If you install a new shell, be sure to add it to your /etc/shells listing so people using that shell can connect to the system via FTP.

Users accessing your system's FTP server are placed in their home directories when they first log in. At that point, they can change to any directories on the system to which they have permission. Anonymous users, on the other hand, have several restrictions.

Anonymous users are placed in the home directory for the FTP users. By default, this directory is set to /home/ftp by the anonftp RPM package. Note that other Linux distributions may use a different default FTP directory! After the users get there, the FTP server executes a chroot system call, effectively changing the program's root directory to the FTP users' directories. Access is denied to any other directories in the system, including /bin, /etc, and /lib. This change in the root directory prevents the server from seeing /etc/passwd, /etc/group, and other necessary binaries (such as /bin/ls). To make up for this change, the server package creates bin, etc, and lib directories under /home/ftp. This is where necessary libraries and programs (such as ls) are placed; it's also where the server software can access them even after the chroot system call has been made.

For security reasons, files placed under the /home/ftp directory have their permissions set such that only the server can see them. (This is done automatically during anonftp's install.) Any other directories created under /home/ftp should be set up so they are world-readable. Most anonymous FTP sites place such files under the pub subdirectory.

Share This