FTP setup

FTP

Introduction

FTP, or File Transfer Protocol is a network protocol that is designed to transfer files in computer networks. FTP allows you to connect to FTP servers, browse directories, download or upload files. You can configure your server with Calculate utilities provided in the sys-apps / calculate-server package. OpenLDAP server is used to store user accounts and groups, while ProFTPD is used as the FTP server. All necessary software is included in [Calculate Directory Server] (cds).

LDAP configuration

OpenLDAP server is used to store user accounts and groups, while ProFTPD is used as the FTP server. Configure the LDAP service according to the manual.

Setting up an FTP server

Before setting up the FTP server, configure the account storage service for Unix users:

cl-setup unix
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Added ldif file ... [ok] 
* Unix service configured ... [ok]

To configure the FTP server, run:

cl-setup ftp
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes 

* Added ldif file ... [ok] 
* Starting Proftpd ... [ok]
* FTP service configured ... [ok]

Once completed, the FTP server will start with access for the anonymous user. The /tmp and /pub directories will be created on the server.

To connect to FTP ftp.exmpale.org , open any browser that supports the FTP protocol and enter ftp: //ftp.example.org as the the page address.

Accounts

Accounts are used for authorized access to the FTP server. For each of them, a home directory can be configured. When used in conjunction with a Unix service. The privileges are account-specific.

To add an account, use the cl-useradd command. To create an account named user1 and assign a password to it, run:

cl-useradd -p user1 ftp

To create an account named user1 with home directory and assign a password to it, run:

cl-useradd -p -m user1 ftp

The default home directory for it will be located in the ~ ~ /pub/users/[HTML_REMOVED] ~~ FTP root directory. Only the owner has access to this directory.

To create an account named user1 with a specific home directory and assign a password to it, run:

cl-useradd -p -m -d pub/user1 user1 ftp

In this case, the home directory will be at the specified location relative to the root directory of the FTP service.

To change a user's password, use the cl-passwd command:

cl-passwd user1 ftp

To remove an account, use the cl-userdel command. Note that this also removes its home directory.

cl-userdel user1 ftp

Note

When you create an FTP account, the Unix account is created automatically. When you remove an FTP account, the Unix account remains.

Directory access management

Access privileges are attributes of a file or directory that tell to the server who can do what with this file or directory.

Files have two owners: a user ( user owner ) and a group ( group owner ). Access privileges are file-specific. They can be divided into three groups: Access for the user that owns the file ( owner ). Access for the group that owns the file (group). Access for other users (others).

For each category, three types of access are established: ( x ) - the right to run the file / to enter the directory, ( r ) - the right to read the file or the directory, ( w ) - the right to change (edit) the file , to delete and create files in the directory.

To determine the permissions of directories, the FTP service interacts with the Unix service: each FTP account has a corresponding Unix account. Thus, a user who logs in to an FTP server under their account gets specific file access privileges depending on whether they are the owner of the file and are in the group that owns the file. If the user does not own the file and does not belong to the group that owns the file, then access is determined by the others rule. In the case of anonymous FTP access, permissions are also determined by others .

Use the chmod command to configure access rights on the server.

For instance, to set the access rights as user=all, group=read/write и others=read only, run the following:

chmod u=rwx,g=rw,o=r file

To make pubwriter the owner group, run:

chgrp pubwriter pub

To allow the group to write to the pub directory, run:

chmod g+w pub

Managing Unix groups

Since FTP is closely related to the Unix service, the groups to which the user belongs are managed by the Unix service.

To add group test to the Unix service, run:

cl-groupadd pubwriter unix

To remove group test from the Unix service, run:

cl-groupdel test unix

Two commands, cl-usermod and cl-groupmod are used respectively to add and remove accounts.

To add user guest to group pubwriter, run:

cl-usermod -a pubwriter guest unix

To move user guest to group pubwriter, run:

cl-usermod -G pubwriter guest unix

To remove user guest from group pubwriter, run:

cl-groupmod -d guest1 pubwriter unix