Andrew Hudson - Fedora™ Unleashed, 2008 edition

This chapter contains an overview of the available FTP soft ware included with Fedora, along with some details concerning initial setup, configuration, and use of FTP- specific clients. Fedora also includes an FTP server software package named vsftpd, the Very Secure FTP Daemon, and a number of associated programs you can use to serve and transfer files with the FTP protocol.

FTP uses a client/server model. As a client, FTP accesses a server, and as a server, FTP provides access to files or storage. Just about every computer platform available has software written to enable a computer to act as an FTP server, but Fedora enables the average user to do this without paying hefty licensing fees and without regard for client usage limitations.

There are two types of FTP servers and access: standard and anonymous. A standard FTP server requires an account name and password from anyone trying to access the server. An anonymous server allows anyone to connect to the server to retrieve files. Anonymous servers provide the most flexibility, but they can also present a security risk. Fortunately, as you will read in this chapter, Fedora is set up to use proper file and directory permissions and common-sense default configurations, such as disallowing rootfrom performing an FTP login.

Many Linux users now use OpenSSH and its suite of clients, such as the sftpcommand, for a more secure solution when transferring files. The OpenSSH suite provides the sshddaemon and enables encrypted remote logins (see Chapter 15 for more information).

When you are preparing to set up your FTP server, you must first make the decision to install either the authenticated or anonymous service. Authenticated service requires the entry of a valid username and password for access. As previously mentioned, anonymous service allows the use of the username anonymousand an email address as a password for access.

Authenticated FTP servers provide some measure of secure data transfer for remote users, but require maintenance of user accounts as usernames and passwords are used. Anonymous FTP servers are used when user authentication is not needed or necessary, and can be helpful in providing an easily accessible platform for customer support or public distribution of documents, software, or other data.

If you use an anonymous FTP server in your home or business Linux system, it is vital that you properly install and configure it to retain a relatively secure environment. Sites that host anonymous FTP servers generally place them outside the firewall on a dedicated machine. The dedicated machine contains only the FTP server and should not contain data that cannot be restored quickly. This dedicated-machine setup prevents malicious users who compromise the server from obtaining critical or sensitive data. For an additional, but by no means more secure setup, the FTP portion of the file system can be mounted read-only from a separate hard drive partition or volume, or mounted from read-only media, such as CD-ROM, DVD, or other optical storage.

The Very Secure vsftpdserver, like wu-ftpd(also discussed in this chapter), is licensed under the GNU GPL. The server can be used for personal or business purposes. Other FTP servers are available for Fedora, but only vsftpdcomes bundled with this book's DVD. The wu-ftpdand vsftpdservers are covered in the remainder of this chapter.

One alternative server is NcFTPd, available from http://www.ncftp.com. This server operates independently of xinetd(typically used to enable and start the wu-ftpserver) and provides its own optimized daemon. Additionally, NcFTPd has the capability to cache directory listings of the FTP server in memory, thereby increasing the speed at which users can obtain a list of available files and directories. Although NcFTPd has many advantages over wu-ftpd, NcFTPd is not GPL-licensed software, and its licensing fees vary according to the maximum number of simultaneous server connections ($199 for 51 or more concurrent users and $129 for up to 50 concurrent users, but free to education institutions with a compliant domain name). Because of this licensing, NcFTPd is not pack aged with Fedora, and you will not find it on this book's DVD.

Do not confuse the ncftpclient with ncftpd. The ncftp-3.1.7-4package included with Fedora is the client software, a replacement for ftp-0.17-22,and includes the ncftpgetand ncftpputcommands for transferring files via the command line or with a remote file uniform resource locator address. ncftpdis the FTP server, which can be downloaded from www.ncftpd.com.

Another FTP server package for Linux is ProFTPD, licensed under the GNU GPL. This server works well with most Linux distributions and has been used by a number of Linux sites, including ftp.kernel.org and ftp.sourceforge.net. ProFTPD is actively maintained and updated for bug fixes and security enhancements. Its developers recommend that you use the latest release (1.2.10 at the time of this writing) to avoid exposure to exploits and vulnerabilities. Browse to http://www.proftpd.org to download a copy.

Yet another FTP server package is Bsdftpd-ssl, which is based on the BSD ftpd(and distributed under the BSD license). Bsdftpd-ssloffers simultaneous standard and secure access through security extensions; secure access requires a special client. For more details, browse to http://bsdftpd-ssl.sc.ru/.

Finally, another alternative is to use Apache and the HTTP protocol for serving files. Using a web server to provide data downloads can reduce the need to monitor and maintain a separate software service (or directories) on your server. This approach to serving files also reduces system resource requirements and gives remote users a bit more flexibility when downloading (such as enabling them to download multiple files at once). See Chapter 17, "Apache Web Server Management," for more information about using Apache.

As part of the Workstation installation, the client software for FTP is already installed. You can verify that FTP-related software is installed on your system by using the RPM (Red Hat Package Manager), grep, and sortcommands in this query:

$ rpm -qa | grep ftp | sort

The sample results might differ, depending on what software packages are installed. In your Fedora file system, the /usr/bin/pftpfile is symbolically linked to /usr/bin/ftpas well as the vsftpdserver under the /usr/sbindirectory. The base anonymous FTP directory structure is located under the /var/ftpdirectory. Other installed packages include additional text-based and graphical FTP clients.

If vsftpdis not installed, you can find it under FTP Server in the Add/Remove Applications dialog.

If you host an FTP server connected to the Internet, make it a habit to always check the Fedora site, http://fedora.redhat.com, for up-to-date system errata and security and bug fixes for your server software.

Because the anonftpand wu-ftpdRPM packages are not included with Fedora, you must download and install them if you want to use the wu-ftpdserver. Retrieve the most recent packages for Linux from http://www.wu-ftpd.org/ to build from the latest source code or obtain RPM packages from a reputable mirror.