Oct 6 12:21:59 shuttle2 ftpd[5229]: QUIT
Oct 6 12:21:59 shuttle2 ftpd[5229]: FTP session closed
The sample log shows the username and password entries for an anonymous login. The CWD entry shows that a cd
command is used to navigate to the pub
directory. Note that the commands shown do not necessarily reflect the syntax the user typed, but instead list corresponding system calls the FTP server received. For example, the LIST entry is actually the ls
command.
Log Security Violations and File Transfers
Two other logging commands are useful in the /etc/ftpaccess
configuration file. This line enables the logging of security violations:
log security []
Violations are logged for anonymous, guest, and real users, as specified in the typelist
— the same as other log
commands. If you do not specify a typelist
, security violations for all users are logged.
This line writes a log of all files transferred to and from the server:
log transfers [ []]
typelist
is the same as in log commands and log security lines. directions
is a comma- separated list of the keywords inbound
for uploaded files and outbound
for downloaded files. If no directions
list is given, both uploaded and downloaded files are logged. Inbound and outbound logging is turned on by default.
Configure Permission Control
Controlling user activity is an important component of securing your system's server. The ftpaccess
file includes a number of commands that enable you to determine what users can and cannot execute during an FTP session. You can use these permission controls to allow users to change file permissions, delete and overwrite files, rename files, and create new files with default permissions. You learn how to use all these ftpaccess
file command lines in the following sections.
NOTE
By default, all the ftpaccess
file command lines prohibit anonymous users from executing actions and enable authorized users to do so.
Allow Users to Change File Permissions
The chmod
line determines whether a user can change a file's permissions. Here is the command line:
chmod
This command acts the same as the standard chmod
command.
The yes|no
parameter designates whether the command can be executed. typelist
is a comma-delimited string of the keywords anonymous, guest
, and real
. If you do not specify a typelist
string, the command is applied to all users. An exhaustive description of its purpose and parameters can be found in the man page.
Assign Users File-Delete Permission
The delete
line determines whether the user can delete files with the rm command. Here's the command line:
delete
The yes|no
parameter is used to turn this permission on or off, and typelist
is the same as the chmod
command.
Assign Users File-Overwrite Permission
This command line of the ftpaccess
file allows or denies users the ability to overwrite an existing file. Here's the command line:
overwrite
The FTP client determines whether users can overwrite files on their own local machines; this line specifically controls overwrite permissions for uploads to the server. The yes|no
parameter toggles the permission on or off, and typelist
is the same as in the chmod
line.
Allow Users to Rename Files
You can enable or prevent a user from renaming files by using this command line:
rename
The yes|no
parameter toggles the permission on or off, and typelist
is the same comma-delimited string as in chmod
.
Allow Users to Compress Files
This line determines whether the user is able to use the compress
command on files:
compress []
The yes|no
parameter toggles the permission on or off, and classglob
is a regular expression string that specifies one or more defined classes of users. The conversions that result from the use of this command are specified in the ftpconversions
file, which contains directions on what compression or extraction command is to be used on a file with a specific extension, such as .Z
for the compress
command, .gz
for the gunzip
command, and so on. See the section "Configuring FTP Server File-Conversion Actions" later in this chapter.
Assign or Deny Permission to Use tar
This line determines whether the user is able to use the tar
(tape archive) command on files:
tar [ ...]
The yes|no
parameter toggles the permission on or off, and classglob
is a regular expression string that specifies one or more defined classes of users. Again, the conversions that result from the use of this command are specified in the ftpconversions
file.
Determine What Permissions Can Apply to User-Created Upload Files
This line is a bit different from the other commands in the permission control section. The umask
command determines with what permissions a user can create new files; here it is.
umask
The yes|no
parameter toggles based on whether a user is allowed to create a file with his default permissions when uploading a file. Like the overwrite
command you read about earlier in this section, this command line is specific to uploaded files because the client machine determines how new files are created from a download.
Configure Commands Directed Toward the cdpath
This alias
command allows the administrator to provide another name for a directory other than its standard name:
alias
The alias
line applies to only the cd
command. This line is particularly useful if a popular directory is buried deep within the anonymous FTP user's directory tree. The following is a sample entry:
alias linux-386 /pub/redhat/7.3/en/i386/
This line would allow the user to type cd linux-386
and be automatically taken to the /pub/redhat/7.3/en/i386
directory.
The cdpath
line specifies the order in which the cd command looks for a given user-entered string. The search is performed in the order in which the cdpath
lines are entered in the ftpacess
file.
For example, if the following cdpath
entries are in the ftpaccess
file,
cdpath /pub/redhat/
cdpath /pub/linux/
and the user types cd i386
, the server searches for an entry in any defined aliases, first in the /pub/redhat
directory and then in the /pub/linux
directory. If a large number of aliases are defined, it is recommended that symbolic links to the directories be created instead of aliases. Doing so reduces the amount of work on the FTP server and decreases the wait time for the user.
Structure of the shutdown
File
The shutdown command tells the server where to look for the shutdown
message generated by the ftpshut
command or by the user. The shutdown
command is used with a pathname to a shutdown file, such as:
Читать дальше