FTP Configuration and notes on Solaris

by Ras 23. July 2012 20:58

### ftp ##
FTP service on Solaris is:
wu-ftpd

To show the ftp service status:

svcs -l ftp

pkginfo -x | grep ftp
returns below:
ftpr (for root) and ftpu (for users)

SUNWftpu  - includes useful user packages
ftpcount  - dumps count of users per class
ftpwwho - return connected users & process information
ftpconfig - used to setup anonymous/guest FTP



SUNWftpr
/etc/ftpd  - contains most of the configuaration files
   - ftpaccess  - primary configuration file for wu-ftpd
   - ftphosts  - allow/deny access users from hosts
   - ftpservers - allows admin to define virtual hosts
   - ftpusers - users listed may NOT access the server via FTP
   - ftpconversions - faciliates tar, compress, gzip support

1. PORT - Active FTP
  - Client  -> TCP:21 (Server-Control-Conneciton)
  - Client executes 'ls' -> results in server initiating a conneciton back to the client usally on TCP:20(ftp-data)
2. PASV - Passive FTP
  - Client -> TCP:21(Server-Control-Connection)
  - Client executes 'ls' -> results in server opening a high-port and instructing the client to source(initiate) a connection to the server.
  - Client sources data connection to highport on server


# Guest users # won't have access to the directories structure (e.g pwd doesn't work on ftp)

To create a guest users you need to
1. Create a user with no shell
2. provide the home directory for him and give access
3. ftpconfig -d <homedirectory>   - this says directory is guest fdir
4. in the ftpaccess file add the below
guestuser  <guestusername>
5. reload the service


### Virtual hosts ###

wu-ftpd
1. Limited - relies upon primary config files /etc/ftpd {ftpaccess, ftpusers ...}
Admin may define unique attaributes like banner, logfile, hostname, email,detinct IP address

2. Full - relies upon distinct config files in specified dirs
offers all in limited mode and also adds distinct config files
full-mode will use default config files in /etc/ftpd if the full virtual hosts instance is unable to find a distinct file.

### Limited virtual hosts configuration ###
/etc/ftpaccess
 virtual 192.168.1.51 root /var/ftp2
 virtual 192.168.1.51 hostname <virtualhostname>
 virtual 192.168.1.51 banner <banner>
 virtual 192.168.1.51 logfile /var/log/ftp2/xferlog
 virtual 192.168.1.51 allow unixcbt2


### Full virtual hosts configuration ###
/etc/ftpd/ftpservers
 #address <configuration_direction>
 192.168.1.51 /etc/ftpd/ftp2
 192.168.1.52 /etc/ftpd/ftp3

Tags:

Solaris

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)

About the author

Ras is a network/Security professional working on multiple areas with multiple certificates like CCNP, CCIP, CCSP, CCSA, CCSE, LPI, PM, IPv6, ..

Month List