Customer Reviews

Read More

The World's Leader in Virtual Server Technology

FTP Services  (2)
pg. 9

• The ProFTP Configuration File
• FTP User Accounts
• Creating FTP User Accounts
• Editing FTP User Accounts
• Changing FTP User Passwords
• Removing FTP Users
• Anonymous FTP
• Allowing Anonymous FTP Uploads
• FTP Welcome Messages and Directory Messages
• The FTP Activity Log

The ProFTP Configuration File
The ~/usr/local/etc/proftpd.conf file is the main configuration file for your FTP service. It contains directives relating to the operation of your FTP server. The ProFTP configuration file is very similar to that of the Apache Web server, from its configuration format to its modular design.
For a list of available configuration directives for ProFTP, please refer to the ProFTP website at the following URL:
http://www.proftpd.net/docs/configuration.html

FTP User Accounts
Virtual Server can add unlimited FTP user accounts, edit and remove user accounts, and change user account passwords.

Creating FTP User Accounts
You can create FTP accounts for an unlimited number of users by using the vadduser command through a SSH connection. The vadduser command will always create an email account for the user, as well. It is possible for a user on your virtual server to have an email account without having an FTP account, but it is not possible for a user to have an FTP account without an email account.
To create an email/FTP user account, SSH to your virtual server and type the following at the command prompt:
vadduser Enter
You’ll be asked what username you would like to assign to this email/FTP account. Choose a username up to 16 characters in length and press Enter. Keep in mind that when you’re done, the email address for the account will be this username followed by an @ symbol and your virtual server’s domain name. If you have more than one domain name associated with your virtual server, any of these domain names will work with the new account.
Next, you will be asked for a password for the account. Enter a password and press Enter. You will be asked to confirm the password to make sure that you typed it correctly. For security purposes, this password is not displayed on the screen. To make this password harder to crack, it should contain at least one non-alphabetic character and be a mixture of upper and lower case.
You will then be asked for the full name of the user of this email/FTP account. While this information is not really necessary for the account to function properly, it will help you as an administrator to keep track of all the email/FTP accounts on your virtual server. Type the full name and press Enter. Next, you’ll be asked if you want to grant FTP access for this account. Since you do want to provide FTP access for this user, you should press Y, Enter. You’ll then be asked if you want to implement an FTP quota for this user. An FTP quota limits the amount of disk space that this user will be able to upload and store in their home directory. To implement a quota on this user, press Y, Enter and then indicate the maximum number of Megabytes to allow the user to upload by typing a number and pressing Enter. If you do not wish to implement an FTP quota for this user, simply type N, then Enter.
Finally, you’ll be given a choice of locations for the email/FTP user’s home directory. You have three choices:
1) /usr/home/username
2) /usr/local/etc/httpd/htdocs/username
3) /ftp/pub/username
Choose 1 if you want this user to have FTP access in order to store files on the server, but you do not want those files to be available to the general public via FTP or the Web. This will create a directory with the user’s name in the ~/usr/home directory.
Choose 2 if you want this user to be able to create Web pages and transfer them to your virtual server through FTP. With option 2, any files transferred to the server by this user will be publicly available through a Web browser at the address http://www.yourdomain.com/username/, where username is the name of this user. This option creates a directory with the user’s name in the ~/usr/local/etc/httpd/htdocs directory, which it will use as the home for this user.
Choose 3 if you want this user to be able to transfer files to your virtual server and make those files available from your anonymous FTP service. This option creates a directory with the user’s name in the ~/ftp directory of your virtual server. Any files placed in this directory will be available through an FTP client or Web browser at the following address:
ftp://ftp.yourdomain.com/pub/username/
After you have chosen a location for the home directory, the following message appears on your screen to verify that the account has been created:
Email/FTP User added successfully.

Editing FTP User Accounts
There are some cases where you may need to edit the information for an FTP account. The best way to do this is with the vedituser command. This command allows you to change the user’s full name, home directory, and other information. This is very helpful in a situation where you wish to allow a user to maintain Web pages, but do not want the directory to be named after that user. You cannot change a user’s password with the vedituser command.
To edit a user’s information, type:
vedituser Enter
You’ll then be asked for the name of the user that you want to edit. Type the user’s name and press Enter. Your virtual server will then ask for various pieces of information, similar to the way that it was first entered with the vadduser command. After each question, you’ll see the current setting in brackets. If the answer in the brackets is correct, simply press Enter. If you’d like to change the value of a current setting, type in the new value and press Enter.
When asked for the directory to use as the user’s home, you’re given the same three choices as you were given with the vadduser command as explained previously in this guide. You may either choose one of these three options, or specify an alternate directory by typing in the path starting from the home directory of your virtual server, and pressing Enter.
Example: if you had some Web pages in the ~/www/htdocs directory of your virtual server, and you wanted to allow a user to use this as their home directory, you would type the following:
/www/htdocs Enter
When you’ve entered all the required information, you should see a message that says:
Email/FTP User edited successfully.

Changing FTP User Passwords
Your FTP users cannot change their own passwords, because doing so requires administrative access to your virtual server. Therefore, you will need to change passwords for your users should this become necessary. To do so, login to your virtual server and type the following at the command prompt:
vpasswd username Enter
The username should be the name of the user for whom you wish to change the password. You’ll then be asked to type the new password twice. After doing so, the user’s password will be changed, and you should see a message that says:
passwd: updating passwd database
passwd: done

Removing FTP Users
You can remove an FTP account from your virtual server at any time by using the vrmuser command from the command prompt. To do so, type:
vrmuser Enter
You’ll then be asked for the name of the account that you want to delete. After doing do, the user will no longer have an account on your system. You should be aware, however, that even though the vrmuser command removes a user from your system, it does not delete a user’s home directory or its contents. If you want to delete this directory, you will need to do this yourself using the rm -r command.

Anonymous FTP
In addition to properly authenticated users, you can allow "anonymous" connections to your FTP server by modifying the ProFTP configuration file.
Anonymous FTP allows you to make files publicly available for downloading through a Web browser or FTP client without requiring a username or password. Anonymous FTP is often used to provide public archives of data or programs.
The Virtual Server come pre-configured to allow Anonymous FTP access to any files placed in or below the /usr/home/username/ftp directory.
You can further configure your Virtual Server's FTP service to allow anonymous uploads or to display a welcome message, as described in the following sections.
To prevent the Anonymous FTP service from overwhelming the authenticated FTP service, anonymous connections can be limited in number and the access permissions and rights of the anonymous can be locked down.
The following example from within the proftpd.conf directory displays a basic configuration for anonymous FTP access:

# A basic anonymous configuration, no upload directories.lt;Anonymous ~ftp>
Userftp
Group ftp
# We want clients to be able to login with
# "anonymous" as well as "ftp"
UserAlias anonymous ftp

# Limit the maximum number of anonymous logins
MaxClients10

# We want 'welcome.msg' displayed at login, 
# and '.message' displayed
# in each newly chdired directory.
DisplayLoginwelcome.msg
DisplayFirstChdir .message

# Limit WRITE everywhere in the anonymous chroot
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>

Allowing Anonymous FTP Uploads
You can configure your Virtual Server to accept incoming files (uploads) from Anonymous FTP users. Because Anonymous FTP users can only access directories within the FTP root, anonymous upload can only be enabled for directories located within your Virtual Server's ~/ftp directory.

FTP Welcome Messages and Directory Messages
You can display a standard greeting to anonymous visitors to your virtual server’s anonymous FTP service by creating a text file called “.welcome” in your ~/ftp directory. If you would like to do this now, log in to you virtual server and type:
cd ~/ftp Enter
pico welcome.msg Enter
This will take you to the FTP root directory and create a file called “welcome.msg”
Now, type your greeting into the pico editor just as you’d like it to appear.
When you’re done, press Ctrl+X, Y, Enter to exit pico.
It is also possible to display custom messages to FTP visitors in individual directories by creating a file called “.message” in the directory wherein you want the message to appear. Create it in the same way you did the .welcome file, and place it in the directory you want the message to appear in.

The FTP Activity Log
A record is kept of all the FTP activity that occurs on your virtual server. This record is kept in a file called xferlog, which is located in your ~/usr/log directory. Whenever a file is transferred through your FTP service, an entry is made in the xferlog file. The following is a sample entry from an xferlog file:
Fri Oct 3 10:41:55 1997 1294 tide14.microsoft.com 4500828 /pub/demos/P952_256.ZIP b _ o a proxyuser@microsoft.com ftp 0 *
Take a close look at each part of this log entry. All entries in the xferlog file follow the same format.
current-time: The first part of the entry indicates the time that the file transfer was completed. It takes the form “Day Month Date Hour Minute Second Year.” In the example above, this section is “Fri Oct 3 10:41:55 1997”
transfer-time: The next part indicates the total time in seconds that it took to complete the transfer. In this case, “1294” or just over 21 ½ minutes.
remote-host: Next comes the IP address or host name of the individual who performed the transfer. In this case, it’s “tide14.microsoft.com.”
file-size: This indicates the size of the transferred file in bytes. The size of the file transferred in this example is “4500828,” bytes or about 4.5 MB.
path and filename: The path and name of the file that was transferred is displayed next. In this example, it’s “/pub/demos/P952_256.ZIP,” or more precisely, the file was called P952_256.ZIP and it was located in the /pub/demos subdirectory of the virtual server’s FTP root.
transfer-type: This next part of the entry is a single character indicating the type of transfer that was performed. It is either an “a” if it was an ascii (text) transfer, or “b” if it was a binary file was transferred. In this case, a binary file was retrieved.
special-action-flag: Next comes one or more single character flags indicating additional information about the file that was transferred. These characters can be are “C” if the file was compressed, “U” if the file was uncompressed, “T” if the file was tarred (archived), or “_” if no special action was taken. No special action was taken in this example.
direction: The direction of the transfer is indicated next with either an “o” if the transfer was outgoing (sent from your virtual server), or “I” if the transfer was incoming (received by your virtual server). The file in this example was retrieved from the virtual server.
access-mode: Next, an indication of the type of FTP access that the user was using is given. An “a” indicates that the user was using anonymous FTP, while “r” indicates real (user authenticated) FTP access. The user in this example was an anonymous FTP user.
username: The username comes next, if the user had user-authenticated access. If the transfer was performed by an anonymous user, the email address they entered as a password is used instead. In our example, the username is “proxyuser@microsoft.com.”
service-name: Next comes the name of the service being invoked for the transfer. In this example, as in most cases in this log file, it is “ftp.”
authentication-method: Next to last comes a number that indicates the authentication method being used for the transfer. In most cases this is a “0,” as it is in this case.
authenticated-user-id: At the very end of the entry comes the user id returned by the authentication method. A “*” indicates that the user id is not available, as is the case in this example.

That’s a lot of information! Depending on your level of experience and how much information you want to track, this information may or may not be important to you. Understanding the source information, however, will help you as you learn about commands in the next section that can generate meaningful reports from this information.

For more information about automating tasks with cron, please see our section on Automating Tasks with Cron