» Home     » How To…   » Site Map   » Contact Us 
 Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
Your location: Home > Unix/Linux support > Configuring ftpd on Facilitized Unix/Linux hosts
 Documentation
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » E-mail & netnews 
 » Networking 
 » Printing 
 » Purchasing 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Your health 
 » Macintosh support 
 » Unix/Linux support 
 » Windows PC support 

Configuring ftpd on Facilitized Unix/Linux hosts

Facilitized Unix/Linux hosts come with a locally-modified version of wu-ftpd installed as /usr/local/etc/ftpd (note that the version number in the ftpd banner does not reflect some of the security fixes and modifications that we have made). The following Unix man pages have information about configuration options for ftpd:

  • ftpd
  • ftpusers
  • ftpaccess

and should be read by anyone setting up ftpd on their workstation. This document is an overview of some configuration issues with our ftpd, with an emphasis on SCS-specific features and issues.

Enabling ftpd

ftpd runs out of inetd. If you do not have an entry for ftpd in your host's inetd.conf file, you should add the following line to inetd.conf.local : 
ftp stream tcp nowait root /usr/sbin/tcpd /usr/local/etc/ftpd -a
and then run /usr/adm/fac/bin/newinetd.conf . See the section on daemons & services in the local unix administrator's guide for more detailed instructions.

Enabling anonymous FTP

Before enabling anonymous FTP on your host, you should consider whether it would be better to use the SCS anonymous FTP servers and serve your data out of AFS.

Most Facilitized hosts are deployed with an "ftp" user in /etc/passwd, but anonymous FTP is disabled because the the home directory for this user does not exist by default. To enable anonymous FTP, create a home directory for the ftp user.

If you do not have an entry for the "ftp" user in /etc/passwd, you can add the following entry: 

ftp:x:14:50:FTP User:/home/ftp:

Important notes:

  • By default, anonymous FTP on Facilitized hosts does not use a chrooted environment. Instead access is restricted by .htaccess files (see our documentation on using .htaccess files for details). Regardless of .htaccess restrictions, anyone using anonymous FTP will be able to list any directories on your local host (or on AFS) that the ftp user can access.
  • Do not set up .htaccess files such that anonymous FTP users can write to any area on your local machine. If you do, these areas will quickly be used by "hackers" to distribute bootleg software and movies.

Non-anonymous FTP

If ftpd is enabled on a Facilitized host, by default you will need to use a Kerberos ftp instance password to login as a non-anonymous user. This password will be sent over the network in the clear, and should be different than any of your other passwords in order to limit your exposure should it be sniffed.




 This site is maintained by SCS Computing Facilities; send comments to help@cs.cmu.edu.
 Accessibility information  © Carnegie Mellon School of Computer Science