WU-FTPD has an optional configuration file named /etc/ftpaccess. This file is read if the FTP daemon is run with the -a command line option. In the discussion of Listing 3.6, we saw that Red Hat does run the FTP daemon with the -a option, which means that Red Hat uses the ftpaccess file. The active entries in the Red Hat 7.2 ftpaccess file are shown in Listing 3.16.
Listing 3.16: Excerpts of the Red Hat ftpaccess File
# Don't allow system accounts to log in over ftp deny-uid %-99 %65534-
deny-gid %-99 %65534-allow-uid ftp allow-gid ftp
# To chroot a user, modify the line below or create
# the ftpchroot group and add the user to it. guestgroup ftpchroot
class all real,guest,anonymous *
# Set this to your email address email [email protected]
# Allow 5 mistyped passwords loginfails 5
# Notify the users of README files at login and cwd readme README* login readme README* cwd=*
# Messages displayed to the user message /welcome.msg login message .message cwd=*
# Allow on-the-fly compression and tarring compress yes all tar yes all
# Prevent anonymous users (and partially guest users)
# from executing dangerous commands chmod no guest,anonymous delete no anonymous overwrite no anonymous rename no anonymous
# Turn on logging to /var/log/xferlog log transfers anonymous,guest,real inbound,outbound
# If /etc/shutmsg exists, don't allow logins shutdown /etc/shutmsg
# Use user's email address as anonymous password passwd-check rfc822 warn
Blank lines, inactive lines, and most of the comments have been removed from the ftpaccess file to create a listing that is more suitable for a book. However, all of the active commands used in the Red Hat configuration are shown in Listing 3.16.
The deny-uid and deny-gid commands define ranges of UIDs that are not allowed to log in to the FTP server. In Listing 3.16, UIDs and GIDs that are less than 99 (%-99) or greater than 65534 (65534-%) are not allowed to log in. This blocks all of the UIDs and GIDs that are normally used for system accounts. However, on the Red Hat system, this also blocks the ftp user account that is used for anonymous FTP because that account is assigned UID 14 and GID 50. The allow-uid and allow-gid commands define exceptions to the rules defined by the deny-uid and deny-gid commands. Therefore, all of the system accounts except ftp are prevented from logging into this FTP server.
To understand the next command, you need to understand that WU-FTPD offers three types of service:
• Real FTP, in which a user logs in with a standard username and password, and is granted access to files based on the UID and GID associated with that user's account.
• Anonymous FTP, in which the user logs in as an anonymous guest, and is limited to those files stored in the anonymous FTP home directory.
• Guest FTP, in which the user logs in with a standard username and password, and is limited to those files found in the user's home directory.
The guestgroup command defines the users who are limited to guest FTP service. The value that follows the command guestgroup must be a valid group name from the /etc/group file. Every user account listed as a member of that group is limited to the guest FTP service. As the comment indicates, ftpchroot does not exist as a group unless you create it. The guestgroup command in the Red Hat configuration is only an example. It has no real effect.
If you do decide to limit a user to guest FTP, you must create the same file structure in the user's home directory as was created in the anonymous FTP home directory. See the steps outlined previously for creating an anonymous FTP service, and duplicate all of those steps in the home directory of each user that you limit to guest FTP.
The class command maps the source address of the FTP connection to a user "class." The format of the command is class name type address where class is the keyword. name is the arbitrary name we are assigning to the class. type is the type of FTP service being used, which is either anonymous, guest, or real. And address is the source address of the connection, written as either a domain name or an IP address.
In Listing 3.16, the class command assigns the name all to anonymous, guest, and real connections from all sources. The * is a wildcard character that matches anything. Therefore a * by itself matches all addresses, whereas *.foobirds.org matches all hosts in the foobirds.org domain. After the class all is defined, it can be used in other configuration commands.
The email command defines the email address of the FTP server system administrator. Change this to a valid e-mail address.
Use loginfails to set a limit on the number of times a user can enter the wrong password before the session is terminated. Three incorrect passwords is a common value. In Listing 3.16, the value is set to 5.
The readme commands notify the user that a README file exists when the user logs in or changes directories. The message is issued only if the directory to which the user changes contains a file with a name that matches the filename on the readme command line. In Listing 3.16, the filename in both commands is README*, which matches any filename that begins with the string README.
The message commands perform a similar task. The message commands point to files that contain the welcome messages that are displayed when the user logs into the system and when the user changes directories.
The compress and tar commands specify whether or not on-the-fly compressing and tarring are allowed, and who is allowed to use these services. In Listing 3.16, both services are allowed, and they are allowed for all types of users. Note that "all" is the class defined earlier in this ftpaccess file.
In the same way that services can be allowed, specific FTP commands can be disallowed. Listing 3.16 forbids anonymous FTP users from changing the permission of a file (chmod), deleting files (delete), overwriting files (overwrite), and renaming files (rename); also it prevents users of the guest FTP service from changing file permissions.
The log command specifies what FTP should log and when it should be logged. In the example, FTP will log file transfer statistics for users of the anonymous, guest, and real FTP servers, for both uploads and downloads. The log command can also be used to log the commands invoked by the users and any violations of security rules.
The shutdown command points to the file that directs the FTP server to cease operations. Based on the shutdown command in Listing 3.16, this server will shut down if instructed to do so by the file /etc/shutmsg. The file contains the year, month, hour, and minute the server should shut down, along with an offset from the shutdown time that the server should stop accepting connections, and a second offset for when it should break connections that were previously established. Additionally, the file can contain a text message to be displayed prior to the shutdown.
The last command in this sample ftpaccess file is passwd-check. It tells FTP to warn anonymous users who do not enter an email address as their password, but to accept the user's login anyway. To prevent users from logging in who do not enter an e-mail address, the keyword warn at the end of the sample passwd-check command must be changed to enforce.
The Red Hat ftpaccess file shown in Listing 3.16 is a typical WU-FTPD configuration. There are, however, additional features available for WU-FTPD. To find out more, see the ftpaccess main page and the HOWTO files in /usr/share/doc/wu-ftpd-2.6.1.
Was this article helpful?