Solaris

Hi all
I need basic help to configure/check an FTP account on Solaris 9 (5.9) (by shell)
with man ftp I'm not really able to configure that. On google or doc.sun.com I cant find a basic understanding of configuration an ftp server. Where are the files / setupfile.

does somebody helps me with the basics (how to start / configure /files)
ftp is already installed on solaris 9 - but I don't how its configured?
I operate by shell

sorry - but thousand thanks for any answers!
actino

Hi,

check if ftpd daemon is running or not, if running, no configuration is required, just try ftp yourservername

Thanks

hi
thanx for answering. Jep, the deamon is running and I can connect to ftp, move datas...

But, its not configured by myself - so I like to learn/check it on solaris 5.9. Where are all those settings. I found only the deamon folder /etc/ftpd.
or how ist the configuration file name?

thank you for help
actino

Hi actino,

This may be useful, see below:

FTP Check sheet when setting up a FTPD site.

1.

ftpconfig - set up anonymous FTP

command to use:

ftpconfig [ftpdir]

ftpconfig -d ftpdir



OPTIONS
-d Create a new or update an existing ftpdir without
creating or updating the ftp user account. Use this
option when creating guest FTP user accounts.

ftpdir
The absolute pathname of the directory under which the
anonymous FTP area is set up.


2.

NAME
ftpaddhost - set up a virtual FTP host


command to use:

ftpaddhost -c | -l [-b] [-x xferlog] hostname root_dir


OPTIONS
The ftpaddhost script supports the following options:

-b Create a banner for the virtual host. This option is
useful to confirm that the virtual host is working.

-c Configure complete virtual hosting. This option allows
each virtual host to have its own version of the
ftpaccess, ftpconversions, ftpgroups, ftphosts, and
ftpusers files. The master version of each of these
configuration files is copied from the /etc/ftpd
directory and placed in the /etc/ftpd/virtual-
ftpd/hostname directory. If the /etc/ftpusers file
exists it is appended to the virtual ftpusers file. If
a virtual host lacks its own version of a configura-
tion file, the master version is used.

-l Configure limited virtual hosting. This option allows
a small number of parameters to be configured dif-
ferently for a virtual host. See the virtual keyword
on the ftpaccess(4) manual page.
-x xferlog
Create a logfile entry such that the transfer logs for
the virtual host are written to the specified file. An
absolute path must be specified for the xferlog file.

FILES
/etc/ftpd/virtual-ftpd/hostname
The configuration files directory for the virtual host
hostname.




3.

NAME
ftpservers - FTP Server virtual hosting configuration file


DESCRIPTION
The ftpservers file is used to configure complete virtual
hosting. In contrast to limited virtual hosting, complete
virtual hosting allows separate configuration files to be
specified for each virtual host.


File options

/etc/ftpd/ftpservers


File Format
There are two fields to each entry in the ftpservers file:

address directory-containing-configuration-files


For example:

10.196.145.10 /etc/ftpd/virtual-ftpd/10.196.145.10
10.196.145.200 /etc/ftpd//virtual-ftpd/10.196.145.200
some.domain INTERNAL

Either the actual IP address or a specific hostname can be
used to specify the virtual host. It is better to specify
the actual IP of the virtual host, as it reduces the need
for a domain lookup and eliminates DNS security related nam-
ing issues, for example:

10.196.145.20 /etc/ftpd/config/faqs.org/
ftp.some.domain /etc/ftpd/config/faqs.org/

Lines that begin with a # sign are treated as comment lines
and are ignored.


4.

NAME
in.ftpd, ftpd - File Transfer Protocol Server

Command to use

in.ftpd



OPTIONS
in.ftpd supports the following options:

-4 When running in standalone mode, listen for connec-
tions on an AF_INET type socket. The default is to
listen on an AF_INET6 type socket.

-a Enables use of the ftpaccess(4) file.

-A Disables use of the ftpaccess(4) file. Use of ftpac-
cess is disabled by default.

-C Non-anonymous users need local credentials (for exam-
ple, to authenticate to remote fileservers). So they
should be prompted for a password unless they for-
warded credentials as part of authentication.

-d Writes debugging information to syslogd(1M).

-i Logs the names of all files received by the FTP Server
to xferlog(4). You can override the -i option through
use of the ftpaccess(4) file.

-I Disables the use of AUTH and ident to determine the
username on the client. See RFC 931. The FTP Server is
built not to use AUTH and ident.

-K Connections are only allowed for users who can authen-
ticate through the ftp AUTH mechanism. (Anonymous ftp
may also be allowed if it is configured.) ftpd will
ask the user for a password if one is required.

-l Logs each FTP session to syslogd(1M).

-L Logs all commands sent to in.ftpd to syslogd(1M). When
the -L option is used, command logging will be on by
default, once the FTP Server is invoked. Because the


OR


Anonymous FTP can be set up under Solaris by performing the following steps.
Remember, however, that Anonymous FTP opens up your system to allow anonymous
users to perform file transfers. In general, Anonymous FTP should be considered
a security concern and should be enabled only if it is absolutely necessary.
Also, to allow FTP to work properly in a chroot environment, make sure that
the file system containing the FTP home directory is not mounted as nosuid.

1. Create the FTP home directory structure:
mkdir /export/ftp/pub
mkdir /export/ftp/bin
mkdir /export/ftp/dev
mkdir /export/ftp/etc
mkdir /export/ftp/usr
mkdir /export/ftp/usr/lib

2. Add the ls command to the FTP bin directory:
cp /usr/bin/ls /export/ftp/bin
chmod 111 /export/ftp/bin/ls

3. Copy the necessary libraries into the FTP directory structure:
cp /usr/lib/ld.so* /export/ftp/usr/lib
cp /usr/lib/libc.so.1 /usr/lib/libdl.so.1 /export/ftp/usr/lib
cp /usr/lib/libintl.so.1 usr/lib/libw.so.1 /export/ftp/usr/lib
cp /etc/passwd /etc/group /etc/netconfig /export/ftp/etc

4. Copy the necessary files into the FTP directory structure to resolve NIS names:
cp /usr/lib/nss*.so.1 /export/ftp/usr/lib
cp /usr/lib/libnsl.so.1 /export/ftp/usr/lib
cp /usr/lib/straddr.so /export/ftp/usr/lib
cp /etc/nsswitch.conf /export/ftp/etc

5. Set the permissions for the /export/ftp/usr/lib and /export/ftp/etc directories:
chmod 555 /export/ftp/usr/lib/*
chmod 444 /export/ftp/etc/*

6. Set the permissions of all the created directories:
chmod 555 /export/ftp/usr/lib
chmod 555 /export/ftp/usr
chmod 555 /export/ftp/bin
chmod 555 /export/ftp/dev
chmod 555 /export/ftp/etc
chmod 755 /export/ftp/pub
chmod 555 /export/ftp

7. Add the following line to the /etc/passwd file:
ftp:x:30000:30000:Anonymous FTP:/export/ftp:/bin/false

8. Add the following line to the /etc/shadow file:
ftp:NP:6445::::

9. Make sure that everything is owned by root and not by FTP:
chown -R root /export/ftp


I hope this is of help.

Jnike

hi 1jnike
thank you for your great help! this ftp-checksheet is well to my self to understand and setup ftp.

But, if I use those commands/paths I cant understand how it is setup on our running ftp-server - because the following files are empty in etc/ftpd:
-ftpgroups
-ftphosts
-ftpserver
execpt ftpaccess & ftpconversion. But there is no information about our configuration (ex. paths...). Is there another possibility to check/install the configuration/ftp?

I hope that was my really last question - so that I can learn and operate by my self!
sorry und thanks, kind regards
actino

Hi actino,

The following is a general configuration file, for a WU-FTPD site, this is want you requested, which is located in the following example at:


# /etc/ftpd/ftpaccess


WU-FTPD Accessfile Example
ftpaccess.heavy

loginfails 2

# HEY YOU! Yeah, you with the editor.
# change the following line, or delete it, OK?
class local real,guest,anonymous *.domain 0.0.0.0
class remote real,guest,anonymous *

limit local 20 Any /etc/msgs/msg.toomany
limit remote 100 SaSu|Any1800-0600 /etc/msgs/msg.toomany
limit remote 60 Any /etc/msgs/msg.toomany

readme README* login
readme README* cwd=*

message /welcome.msg login
message .message cwd=*

compress yes local remote
tar yes local remote

# allow use of private file for SITE GROUP and SITE GPASS?
private yes

# passwd-check []
passwd-check rfc822 warn

log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg

# all the following default to "yes" for everybody
delete no guest,anonymous # delete permission?
overwrite no guest,anonymous # overwrite permission?
rename no guest,anonymous # rename permission?
chmod no anonymous # chmod permission?
umask no anonymous # umask permission?

# specify the upload directory information
upload /var/ftp * no nobody nogroup 0000 nodirs
upload /var/ftp /bin no
upload /var/ftp /etc no
upload /var/ftp /incoming yes root daemon 0600 dirs

# directory aliases... [note, the ":" is not required]
alias inc: /incoming

# cdpath
cdpath /incoming
cdpath /pub
cdpath /

# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-

# specify which group of users will be treated as "guests".
guestgroup ftponly

email user@hostname


I hope this is of help.

Jnike