Red Hat Fedora Linux 3 Bible

The first implementations of FTP date back to 1971, predating the Web by almost two decades. FTP was created at a time when most computing was done on large mainframe computers and minicomputers. The predominant platforms using FTP were UNIX systems.

FTP set out to solve the need to publish documents and software so that people could get them easily from other computer systems. On the FTP server, files were organized in a directory structure; users could connect to the server over the network (usually the Internet), move up and down the directory structure to find the files that interested them, and download files from (and possibly upload files to) the server.

Originally, one drawback with FTP servers was that when people looked for a file or a document on the Internet, they had to know which FTP server held the file they were looking for. Tools such as Gopher and WAIS helped in searches. With the advent of the Web, however, users can now rely on a variety of search engines and links from Web pages to help identify FTP servers that have the files they want. In fact, when you download files by clicking a link from a Web page, you may not even be aware that the file is being downloaded from an FTP server.

Attributes of FTP servers

That FTP was implemented on large, multiuser UNIX systems accounts for many of the design decisions that remain a part of FTP today. FTP servers in Linux draw on FTP features that have resulted from years of testing and experience gained from other UNIX versions of FTP. Some attributes of FTP servers follow:

• Because FTP was originally used on multiuser systems, only limited parts of the file system in Fedora are devoted to public FTP access. Those who access FTP from a public user account (by default, the anonymous user name) are automatically given an FTP directory (often /var/ftp) as their root directory. From there, the anonymous user can access only files and directories below that point in the file system.

• Access to the FTP server relies on a login process that uses standard UNIX login names (that is, those user names found in /etc/passwd). Although strangers to the system could log in using anonymous as a user name, users with their own accounts on the system could log in with their own user names through FTP and most likely have access to a greater part of the file system (in particular, their own private files and directories).

• The lftp command and other FTP client programs let you log in and then operate from a command interpreter (similar to a very simple shell). Many of the commands that you use from that command interpreter are familiar UNIX commands. You change directories with cd, list files with ls, change permissions with chmod, and check your location with pwd (to name a few). When you find where you want to be, you use the get command to download a file or the put command to upload one.

As an administrator of an FTP server, it is your responsibility to make sure that you share your files in a way that gives people access to the information you want them to have without compromising the security of your system. This means implementing a strong security policy and relentlessly monitoring the system to prevent abuse.

FTP user types

Several different types of users can log in to and use an FTP server. Real users represent the category of users who have login accounts to the Fedora system that contains your FTP server (that is, you know them and have given them permission for other uses besides FTP). A guest user is similar to a real user account, except that guest user access to the computer’s file system is more restricted. The user name anonymous is the most common for providing public access.

The vsFTPd server also supports the concept of virtual users. The recommended method for creating virtual users for vsFTPd is to configure PAM (pluggable authentication modules) to point to per-user configuration files. A tutorial to configure vsFTPd to allow virtual users is available at www.debiansec.com/linux/services/ftp.html.