SDB:FTP server
This article describe in short how to set up a FTP server.
Selecting an FTP Server from openSUSE
OpenSUSE comes with following FTP servers. Users can install any one based on their needs:
pure-ftpd
Attributes
- prepared for usage as standalone ftp server
- prepared for usage with xinetd
- many features like PAM support, IPv6, chroot()ed home directories, virtual domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded ports for passive downloads, upload and download ratios, Apache log files, and more
Configuration Files
- /etc/pam.d/pure-ftpd
- /etc/pure-ftpd/pure-ftpd.conf
- /etc/xinetd.d/pure-ftpd
See also
vsftpd
Quick Setup
- Install vsftpd using YaST software management
- Enable vsftpd in xinetd. This can be done manually by editing /etc/xinetd.d/vsftpd and changing disabled = yes to disabled = no, or by using the following command
chkconfig vsftpd on
- Start xinetd if its not running already.
/etc/init.d/xinetd start
- Make sure that xinetd is started automatically at boot time
chkconfig xinetd on
- Check that FTP server is working fine. By default only anonymous login is allowed. Data in /srv/ftp/ is made publicly available.
Quick Configuration
To configure vsftpd edit /etc/vsftpd.conf.
- To enable writing of file on server, uncomment
write_enable=YES
- To allow local system users to log in, uncomment
local_enable=YES
- By default, a user can not look outside his/her home directory. To disable this, uncomment
chroot_local_user=NO
- To disable anonymous login
anonymous_enable=NO
Attributes
- prepared for usage with xinetd
- codebase was written with security in mind
- small and lightweight
Configuration Files
- /etc/logrotate.d/vsftpd
- /etc/pam.d/vsftpd
- /etc/vsftpd.conf
- /etc/vsftpd.chroot_list
- This file describes the names of the users that have access to the whole system tree. To all other users their home directory will be showed as root directory (chroot).
- /etc/shells
- Before admitting a local user to login, the system defaults to check if it has a valid user shell. In case PAM authentication is not available.
- /etc/ftpusers
- This file describes the names of the users that may _*NOT*_ log into the system via the FTP server. This usually includes "root", "uucp", "news" and the like, because those users have too much power to be allowed to do "just" FTP.
proftpd
Quick Setup
- if you want install proftpd you need to add contrib repository ( how to do it you could find on http://en.opensuse.org/Contrib )
- to install mysql modul use
zypper in proftpd-sql-mysql
- to install postgresql modul use
zypper in proftpd-sql-postgresql
Quick Configuration
- to enable uploads directory, uncomment whole <Directory uploads/*> section and as root run :
mkdir /srv/ftp/uploads #create uploads directory chown ftp:ftp /srv/ftp/uploads #change owner /etc/init.d/proftpd restart #restart ftp server
FTP Firewall Settings
When the ftpd-server resists on a firewalled server (which is recommented) some ports must be opened and kernel-modules for passive FTP must be added. This section describes how to allow access to a server protected by a local SuSEfirewall2.
- Modify the following lines in /etc/sysconfig/SuSEfirewall2" manually (verified with openSUSE 11.0):
FW_LOAD_MODULES=ip_conntrack_ftp
FW_SERVICES_ACCEPT_RELATED_EXT="0/0,tcp"
- Use YaST_Firewall to allow the pure-ftpd or vsftpd service to be accessed from the external interface. Save the settings and restart the firewall.