One of the main administrative tasks in configuring the FTP daemon is providing access for certain user classes to the files available on the FTP server. FTP recognizes three different user classes for access control purposes:
Anonymous FTP allows a user without a login on your host to transfer files to and from a public directory. A user can type the ftp command to connect to your host and type anonymous or ftp as a login name. The user can then type any string of characters as a password. (By convention, the password is the host name of the user’s host). The anonymous user is then given access only to the user ftp’s home directory, usually called /home/ftp.
The difference between the anonymous and guest ftp class is that a guest user needs a password to log in. Unlike anonymous ftp, you can restrict guest users to certain directory structures on the server system, which gives you additional control over who is allowed to ftp to a system.
The following sections describe the tasks involved in setting up an anonymous ftp access:
Adding a user ftp to the /etc/passwd file
Creating the anonymous FTP directory
You can follow the instructions in this section, or you can use System Administration Manager (SAM) to configure anonymous ftp access. SAM is an online user interface for performing system administration tasks. It provides extensive online help to configure anonymous ftp access. To run SAM, type sam at the HP-UX prompt.
Adding a User ftp to the /etc/passwd File |
 |
Use a text editor to open the /etc/passwd file, and add an entry for the user ftp as shown in the following example:
ftp:*:500:guest:anonymous ftp:/home/ftp:/usr/bin/false |
The password field must be *, the group membership must be guest, and the login shell must be /usr/bin/false. In this example, the user ftp’s user ID is 500, and the anonymous ftp directory is /home/ftp .
For more information on the passwd file, type man 4 passwd at the HP-UX prompt.
Creating an Anonymous FTP Directory |
|
The anonymous FTP directory consists of four subdirectories: usr, etc, pub, and dist, created under the /home/ftp directory. These subdirectories allow the FTP user to obtain the same directory structure as a real user.
To create an anonymous FTP directory, complete the following steps:
Create the ftp home directory that you configured in the /etc/passwd file, as in the following example:
Create the subdirectory /usr/bin under the ftp home directory:
Copy the file /sbin/ls to the /home/ftp/usr/bin directory, and set the permission of the /home/ftp/usr/bin directory to 0111 (executable only):
# cp /sbin/ls /home/ftp/usr/bin |
# chmod 0111 /home/ftp/usr/bin/ls |
Set the owner of the /home/ftp/usr/bin and /home/ftp/usr directories to root, and set the permissions to 0555 (the directory cannot be written or edited):
# chown root /home/ftp/usr/bin |
# chmod 0555 /home/ftp/usr/bin |
# chown root /home/ftp/usr |
# chmod 0555 /home/ftp/usr |
Create the subdirectory etc under the ftp home directory:
Copy the files /etc/passwd and /etc/group to the /home/ftp/etc directory. The ls command requires these commands to display the owners of the files and directories under the /home/ftp directory.
# cp /etc/passwd /home/ftp/etc |
# cp /etc/group /home/ftp/etc |
Replace the password field in all entries in the /home/ftp/etc/passwd file with *, and delete the shell field from the end of each entry, as shown in the following example:
#ftp:*:500:guest:anonymous ftp:/home/ftp: |
#acb:*:8996:20::/home/acb: |
Replace the password field in all the entries in the /home/ftp/etc/group file with *, as shown in the following example:
Set the owner of the files in the /home/ftp/etc directory to root, and set the permission of the /home/ftp/etc/group directory to 0444 (read-only), as shown in the following example:
# chown root /home/ftp/etc/passwd |
# chmod 0444 /home/ftp/etc/passwd |
# chown root /home/ftp/etc/group |
# chmod 0444 /home/ftp/etc/group |
Set the owner of the /home/ftp/etc directory to root, and set the permission of the /home/ftp/etc directory to 0555 (that is, the directory cannot be written or edited), as shown in the following example:
# chown root /home/ftp/etc |
# chmod 0555 /home/ftp/etc |
Create the pub directory under /home/ftp. Set the owner of the /home/ftp/pub directory to user ftp and its permissions to 0777 (read, write, and execute permissions), as shown in the following example:
# chown ftp /home/ftp/pub |
# chmod 0777 /home/ftp/pub |
Anonymous ftp users can put files in this directory to make them available to other anonymous ftp users.
Create a directory called dist under /home/ftp. Set the owner of the /home/ftp/dist directory to user root and its permissions to 0755 (writable only by root), as shown in the following example:
# chown root /home/ftp/dist |
# chmod 0755 /home/ftp/dist |
The superuser can put read-only files in this directory to make them available to anonymous ftp users.
Set the owner of user ftp’s home directory to root and the permissions to 0555 (not writable), as shown in the following example:
Figure 2-1 shows the directory structure for an anonymous ftp directory.
Printable version
