Friday, April 23, 2010

File Transfer Protocol (FTP)

Introduction
FTP is an acronym for File Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network. You can use FTP to exchange files between computer or access online software archives. Keep in mind, however, that many FTP sites are heavily used and require several attempts before connecting. The most commonly used ftp package is VSftp, which stand for ‘very secure file transfer protocol’.
File Transfer Protocol (FTP), is a standard Internet protocol, is the simplest way to exchange files between computers on the internet. You can use FTP to exchange files between computer accounts and transfer files for an account and desktop computer, or access online software archives.

Active FTP
Active FTP works as follows:
  • Client connects to the FTP server by establishing an FTP control connection to port 21 of the server. Commands such as 'ls' and 'get' are sent over this connection.
  • Whenever client requests data over the control connection, the server initiates data transfer connections back to the client. The source port of these data transfer connections is always port 20 on the server, and the destination port is a high port on the client.
  • Thus the 'ls' listing that you asked for comes back over the "port 20 to high port connection", not the port 21 control connection.
  • FTP active mode data transfer therefore does this in a counter intuitive way to the TCP standard as it selects port 20 as its source port (not a random high port > 1024) and connects back to the client on a random high port that has been pre-negotiated on the port 21 control connection.
  • Active FTP may fail in cases where the client is protected from the Internet via many to one NAT (masquerading). This is because the firewall will not know which of the many servers behind it should receive the return connection.

Passive FTP
Passive FTP works as follows:

  • Client connects to the FTP server by establishing a FTP control connection to port 21 of the server. Your commands such as 'ls' and 'get' are sent over that connection.
  • Whenever the client requests data over the control connection, the client initiates the data transfer connections to the server. The source port of these data transfer connections is always a high port on the client with a destination port of a high port on the server.
  • Passive FTP should be viewed as the server never making an active attempt to connect to the client for FTP data transfers.
  • Passive FTP works better for clients protected by a firewall as the client always initiates the required connections.


Setup File Transfer Server
VSFTP keeps its configuration in vsftpd.conf, which can be access by executing the command below:

#nano /etc/vsftpd/vsftpd.conf

Most of the frequently used options are already inside the configuration file. All administrator needs to do is to add or remove the comment (#) at the beginning of the lines to activate or deactivate the options.
Each option is bind to values or directives, which will affect how VSFTP works. Different options results in different form of ftp server. Try exploring each of the options in the configuration file when possible.



FTP user List
You can restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access.

#nano /etc/vsftpd.ftpusers

Anonymous Upload
VSFTPD allows only anonymous FTP downloads to remote users. But if you would like to allow remote users to be able to write data to your FTP server, it is recommended that you create a write only directory within /var/ftp/pub. This will enable users to upload but not access other files uploaded by other users.
# mkdir /var/ftp/pub/upload
Chmod 722 /var/ftp/pub/upload

Authorized FTP Users with Read only Access to a directory
1. Enter into text editor mode for vsftpd.conf by typing the following command.
# nano /etc/vsftpd/vsftpd.conf

2. Disable anonymous FTP by editing the following line to
# anonymous_enable=NO

3. Enable local individual logins by editing the following line to
#local_enable=YES4.
Change the following to disallow write_enable
#write_enable = NO

4. Change the following to disallow write_enable
#write_enable = NO

5. Start the VSFTP services
#service vsftpd start

6. Create a user group and shared directory
#groupadd ftp-users
#mkdir /home/ftpFolder

7. Make directory accessible to ftp-users group
#chmod 750 /home/ftpFolder
#chown root:ftp-users /home/ftpFolder

8. Add users and make their default directory /home/ftpFolder
#useradd –g ftp-users –d /home/ftpFolder user1
#passwd user1

9. Copy files to be downloaded by users into/home/ftpFolder
Change the permission of the files in the /home/ftpFolder directory for read only access by the group
#chown root:ftp-users /home/ftpFolder *
#chmod 740 /home/ftpFolder *

Test FTP Functionality
A simple test procedure that ensures that the FTP is working properly
#ftp 192.168.1.1
#
ftp>

If you have disable the upload transfer. You will not be able to upload files into the instructor computer
# put testfile
#testfile

List the directory and download the file.
#ls
-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm
#get -rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm.tmp
227 Entering Passive Mode (192,168,1,100,44,156)
150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288 bytes).
226 File send OK.
76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)
#exit

Posted by at No comments:
Labels:

Network Information Services (NIS)

Introduction
To access Linux computer, you would need to have a valid username and password. A common problem that a large network of Lunux computer that normally each user would require an account on every linux computer.
However there is such services offered in Linux that would allow you to setup one central managed database of usernames and password called NIS. NIS only requires you to maintain one password database on the NIS server and configure the other system on the network as clients.

Features of NIS
1.Able to create user accounts that can be shared across all systems on your network.
2.The user account is created only on the NIS server.
3.Users only need to change their passwords on the NIS server only
4.NIS clients are typically limited to Unix or Linux operating systems

Install NIS
There are 3 ways to install NIS on the NIS Server:
1.Install through Yum
2.Install RPM package

Yum (Yellowdog Updater Modified)
Install through yum is simple. Just execute the following command to install
#yum install ypserv ypbind portmap yp-tools

RPM Package Manager
Installing through RPM Package manager requires a bit more work. Normally we will install from the CD/DVD-ROM provided. If in any case a CD/DVD-ROM is not available, we will have to download the rpm file from online source.

a) Navigate to the source, which most like be the CD/DVD-ROM. The source CD/DVD-ROM have to be inserted first.

#cd /media/RHEL_5.3\x86\DVD/server

b) Install RPM
#rpm –ivh ypbind*
#rpm –ivh ypserv*
#rpm –ivh yptools*

Setting up NIS server
•The following steps are performed on the instructor computer
•Log in as root

The following command bring you to the text editor mode of the network config file
#nano /etc/sysconfig/network

Type and follow text into the file and press Crt + X and Y to save and exit from the text editor
NISDOMAIN=”NIS_LINUX_SERVER”

NIS server will have to be configured as NIS Client as well ,so you would also have to edit the NIS Client configuration file too as being the sever itself or as localhost.

#nano /etc/yp.conf

Type and follow text into the file and press Crt + X and Y to save and exit from the text editor
ypserver 127.0.0.1

Start the necessary NIS daemons in the /etc/init.d directory and perform chkconfig commands to ensure they start after
_________________________
#service portmap start
#service yppasswdd start
#service ypserv start
#chkconfig portmap on
#chkconfig yppasswdd on
#chkconfig ypserv on
_________________________

Type the following command to confirm that the above services are running
# rpcinfo -p localhost

Initialize your NIS domain by adding the instructor computer into the NIS server list

# /usr/lib/yp/ypinit –m
#instructor ~ the computer name
#y

OR

#/usr/lib86/yp/ypinit –m
#instructor ~ the computer name
# y

Start the ypbind and ypxfrd Daemons
•You can only perform the following command if your NIS files have already been created

#service ypbind start
#service ypxfrd start
#chkconfig ypbind on
#chkconfig ypxfrd on

Type the following command to confirm that the all NIS daemons are running
# rpcinfo -p localhost

Create NIS users
Create two user account called studentA & studentB. Both the password is password.

#useradd -g users studentA
#passwd password
#password ~ re-entering of passord
# cd /var/yp
#make ~ creating directory for user

#useradd -g users studentB
#passwd password
#password ~ re-entering of passord
# cd /var/yp
#make ~ creating directory for user

Confirm user authentication information has been updated by using the ypmatch or getent command

#ypmatch studentA passwd
#getent passwd studentB


Setting up NIS client
The authconfig-tui command enter into a program that automatically configures the NIS files after prompting you for the IP address and domain of the NIS server. It is the fastest and easiest way of setting up NIS client. * use the tab button to move around the menu.
#authconfig-tui

Once done check the yp.conf file to ensure that the required NIS information has been entered into the files

#nano /etc/yp.config
#nano /etc/sysconfig/network

Troubleshooting Techniques

NIS SERVER
While setting up NIS Server , if you faced any problem during the setup phase. , You would have to delete the /var/yp/NIS_LINUX_SERVER directory and restart portmap , yppasswd,ypserv before you are able to setup again.

#nano /etc/sysconfig/network

Remove the following text from the file and press Crt + X and Y to save and exit from the text editor

NISDOMAIN=”NIS_LINUX_SERVER”

NIS server will have to be configured as NIS Client as well ,so you would also have to edit the NIS Client configuration file too as being the sever itself or as localhost.

#nano /etc/yp.conf

Remove the following text from the file and press Crt + X and Y to save and exit from the text editor

ypserver 127.0.0.1

Restart the necessary NIS daemons in the /etc/init.d directory and perform chkconfig commands to ensure they start after the next reboot

#service portmap restart
#service yppasswdd restart
#service ypserv restart
#chkconfig portmap on
#chkconfig yppasswdd on
#chkconfig ypserv on

Test NIS Access to NIS Server

The following commands allow you to ypcat , ypmatch and getent command from the student computer.

# ypcat passwd
#ypmatch passwd
#getent passwd <>

Test that firewall allow NIS Daemon to pass through.
•Ensure that telnet is enable for Instructor and Student Computer
#telnet
#<>
#

•Using ssh to log into NIS client

#shh –l
#

If for both telnet or shh you are unable to log in then you would have to check on Linux firewall settings.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)