It is recommended that the user install with one of the
Server installation groups or use
either specify all packages or make sure that
xinetd are installed. Selecting the
Anonymouse FTP Server at installation time is the best
Packages that are installed for the installation groups can be found
on the installation CD in the
The section for the Anonymous FTP Server contains the following:
xinetd wu-ftpd anonftp
Network Server including the following packages:
openssh-server sysstat xinetd talk-server telnet-server rusers-server rwall-server finger-server rsh-server tftp-server ypserv
The packages can be installed by mounting the installation cdrom and running the command:
cd /mnt/cdrom/RedHat/RPMS rpm -Uvh xinetd* wu-ftpd* anonftp*
/var/ftp is the root directory for the FTP server. The
anonftp package sets almost everything up. It provides generic
copies of the libraries and files needed in /var/ftp/*. For most uses,
no further configuration is needed by the administrator.
The anonftp RPM places some binaries and libraries in the
/home/ftp directories to allow FTP users to do things like
automatically gunzip files as they are being retrieved, or retrieve
whole directories as tar files. There are a few extra files placed
by the anonftp RPM that probably will never be used, and should
probably be removed in the interest of security.
cd /home/ftp/bin rm cpio sh zcat cd ../etc rm ld.so.cache cd ../lib rm ld.so* libtermcap*
Finally, the permissions should be changed on these files to improve security.
chmod 111 ~ftp/bin/* ~ftp/bin ~ftp/etc ~ftp/lib chmod 444 ~ftp/etc/* chmod 555 ~ftp ~ftp/lib/*
When you're done, you should have the following:
/var/ftp/bin/: total 328 d--x--x--x 2 root root 4096 Dec 19 08:26 . dr-xr-xr-x 6 root root 4096 Dec 19 08:26 .. ---x--x--x 1 root root 16284 Aug 17 10:53 compress ---x--x--x 1 root root 50140 Aug 17 10:53 cpio ---x--x--x 1 root root 51804 Aug 17 10:53 gzip ---x--x--x 1 root root 43612 Aug 17 10:53 ls ---x--x--x 1 root root 146940 Aug 17 10:53 tar lrwxrwxrwx 1 root root 4 Dec 19 08:26 zcat -> gzip /var/ftp/etc/: total 20 d--x--x--x 2 root root 4096 Dec 19 08:26 . dr-xr-xr-x 6 root root 4096 Dec 19 08:26 .. -r--r--r-- 1 root root 53 Aug 17 10:53 group -r--r--r-- 1 root root 485 Aug 17 10:53 ld.so.cache -r--r--r-- 1 root root 79 Aug 17 10:53 passwd /var/ftp/lib/: total 1444 d--x--x--x 2 root root 4096 Dec 19 08:26 . dr-xr-xr-x 6 root root 4096 Dec 19 08:26 .. -r-xr-xr-x 1 root root 90092 Aug 17 10:53 ld-2.1.92.so lrwxrwxrwx 1 root root 12 Dec 19 08:26 ld-linux.so.2 -> ld-2.1.92.so -r-xr-xr-x 1 root root 1109404 Aug 17 10:53 libc-2.1.92.so lrwxrwxrwx 1 root root 14 Dec 19 08:26 libc.so.6 -> libc-2.1.92.so -r-xr-xr-x 1 root root 80224 Aug 17 10:53 libnsl-2.1.92.so lrwxrwxrwx 1 root root 16 Dec 19 08:26 libnsl.so.1 -> libnsl-2.1.92.so -r-xr-xr-x 1 root root 38876 Aug 17 10:53 libnss_files-2.1.92.so lrwxrwxrwx 1 root root 22 Dec 19 08:26 libnss_files.so.2 -> libnss_files-2.1.92.so -r-xr-xr-x 1 root root 86548 Aug 17 10:53 libpthread-0.8.so lrwxrwxrwx 1 root root 17 Dec 19 08:26 libpthread.so.0 -> libpthread-0.8.so -r-xr-xr-x 1 root root 25688 Aug 17 10:53 librt-2.1.92.so lrwxrwxrwx 1 root root 15 Dec 19 08:26 librt.so.1 -> librt-2.1.92.so lrwxrwxrwx 1 root root 19 Dec 19 08:26 libtermcap.so.2 -> libtermcap.so.2.0.8 -r-xr-xr-x 1 root root 12088 Aug 17 10:53 libtermcap.so.2.0.8
If you're missing any of these files, re-install the anonftp RPM and try again. To see the permissions as shown aboive type the command
ls -al ~ftp/*/
You will get the listings as shown above.
/var/ftp/pub is created with 2755 permissions
(set group ID on execution). To tighten that up, use
chmod 555 ~ftp/pub
Place any files you want to make available via FTP in the
/pub/ directory. You can make subdirectories in
/pub/ as well.
For security, and to make sure anonymous users can read the files,
all files in
/pub/ should be set to mode 444, and all
directories to mode 555. Do this with:
chmod 444 (name-of-file) chmod 555 (name-of-directory)
Some sites have an ``incoming'' directory, where users can drop off files to be added to your archive. I do not recommend this unless it's absolutely necessary, since such directories are inevitably abused by pirated-software traders and the like (Note: Under US Federal Law a site is responsiable for its content). If you want an incoming directory anyway:
mkdir ~ftp/incoming chmod 333 incoming
The mode 333 means that people will be able to change into the directory, and place files there, but not list any files in the directory. This will deter improper use somewhat, but don't put too much faith in it - again, the best way to make sure an incoming directory isn't abused is not to have one. If you do have an incoming directory, check it daily and clean out anything you don't want around.
You're all set! For security, make sure that nothing below
/var/ftp is writeable by anyone:
chmod -R a-w ~ftp
(You'll still be able to write to the FTP directories as root.)