FTP setup
Updated 7 March 2019
Introduction
FTP, or File Transfer Protocol is a network protocol that is designed to transfer files in computer networks. FTP allows you to connect to FTP servers, view directory contents and upload files from and to the server. The mail server can be configured via Calculate Utilities provided by sys-apps/calculate-server. User and group accounts are stored on the OpenLDAP server, ProFTPD being used as an FTP server. All necessary software is included in [Calculate Directory Server] (cds).
LDAP configuration
Calculate Utilities refer to the OpenLDAP server to store and manage users, groups and computers. Configure the LDAP service according to the manual.
Setting up an FTP server
Before setting up the FTP server, configure the account storage service for Unix users:
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes
* Added ldif file ... [ok]
* Unix service configured ... [ok]
To configure the FTP server, run:
* WARNING: Running this program will modify the configuration files and the LDAP database. If you want to continue, enter 'yes', else enter 'no': yes
* Added ldif file ... [ok]
* Starting Proftpd ... [ok]
* FTP service configured ... [ok]
When the configuration process is completed, the FTP server will be started with access enabled for anonymous. Two directories, called /tmp and /pub will be created on the FTP server.
To connect to FTP ftp.exmpale.org~, open any browser that supports this protocol and type ~ftp://ftp.example.org in the address bar.
Accounts
Accounts are used for authenticated access to the FTP server. A home directory can be configured for any or each of them, and when used in conjunction with a Unix service, access privileges can be configured per account.
To add an account, use the cl-useradd
command. To create an account named user1 and assign a password to it, run:
cl-useradd -p user1 ftp
To create an account named user1 with home directory and assign a password to it, run:
cl-useradd -p -m user1 ftp
The default home directory for it will be located in the ~ ~ /pub/users/[HTML_REMOVED] ~~ FTP root directory. Only the owner has access to this directory.
To create an account named user1 with a specific home directory and assign a password to it, run:
cl-useradd -p -m -d pub/user1 user1 ftp
In this case, the home directory will be at the specified location relative to the root directory of the FTP service.
To change a user's password, use the cl-passwd
command:
cl-passwd user1 ftp
To remove an account, use the cl-userdel
command. Note that this also removes its home directory.
cl-userdel user1 ftp
Note
When you create an FTP account, the Unix account is created automatically. When you remove an FTP account, the Unix account remains.
Directory access management
Access privileges are attributes of a file or directory that tell to the server who can do what with this file or directory.
Files have two owners: a user ( user owner ) and a group ( group owner ). Access privileges are file-specific. They can be divided into three groups: Access for the user that owns the file ( owner ). Access for the group that owns the file (group). Access for other users (others).
For each category, three types of access are established: ( x ) - the right to run the file / to enter the directory, ( r ) - the right to read the file or the directory, ( w ) - the right to change (edit) the file , to delete and create files in the directory.
To define access to directories, the FTP service communicates with the Unix service: each FTP account is associated with the Unix account of the same name. Thus, a user logging in to the FTP server gets access to the file depending on whether he or she is the owner of the file and on whether he or she is in the group that owns the file. If the user does not own the file and does not belong to the group that owns the file, then access is determined by the others rule. In case of anonymous access to FTP, the permissions are also defined by others.
Permissions are set on the server with the chmod
command.
For instance, to set the access rights as user=all, group=read/write и others=read only, run the following:
chmod u=rwx,g=rw,o=r file
To make pubwriter the owner group, run:
chgrp pubwriter pub
To allow the group to write to the pub directory, run:
chmod g+w pub
Managing Unix groups
Since the FTP service is fully integrated with the Unix service, the user's groups are managed via the Unix service.
To add group pubwriter to the Unix service, run:
cl-groupadd pubwriter unix
To remove group test from the Unix service, run:
cl-groupdel test unix
There are two tools to add and remove accounts: cl-usermod
and cl-groupmod
.
To add user guest to group pubwriter, run:
cl-usermod -a pubwriter guest unix
To move user guest to group pubwriter, run:
cl-usermod -G pubwriter guest unix
To remove user guest from group pubwriter, run:
cl-groupmod -d guest1 pubwriter unix