---

---

Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 442 "/home/ftp/etc/group" file has entries for each of these allowed groups, each of which has just one member. It’s important that guest group appears one per line in the configuration file. log security real,guest This option “log security” specifies to enables logging of violations of security rules for real, guest and/or anonymous FTP clients. In our example, we specifies to log violations for users using FTP server to access real accounts, and for users using FTP server to access guest accounts <real,guest>. guest-root /home/ftp ftpadmin webmaster restricted-uid ftpadmin webmaster restricted-gid ftpadmin webmaster These clauses “guest-root, restricted-uid, restricted-gid” specifies and control whether or not guest users will be allowed access to areas on the FTP server outside their home directories (this is a important security feature). In our example, we specified the chroot() path for users <ftpadmin and webmaster> to be </home/ftp>, and they cannot access each other's files because they are restricted to their home directories <restricted-uid ftpadmin webmaster>, <restricted-gid ftpadmin webmaster>. Multiple UID ranges may be given on the line. If a guest-root is chosen for the user, the user's home directory in the “<root-dir>/etc/passwd” file is used to determine the initial directory and their home directory in the system-wide “/etc/passwd” is not used. This is a security feature. greeting terse This option “greeting” specifies how much system information will be displayed before the remote user logs in. There are three parameters you can chose: <full> is the default and shows the hostname and daemon version of the server, <brief> whose shows only the hostname, and <terse> will simply says "FTP server ready" in your terminal. keepalive yes This option “keepalive” specifies whether the system should send keep alive messages to the remote FTP server. If set to “yes” then death of the connection or crash of remote machines will be properly noticed. Configuration of the “/etc/ftphosts” file The “/etc/ftphosts” file is used to define whether users are allowed to log in from certain hosts or whether there are denied access. Step 1 Create the ftphosts file (touch /etc/ftphosts) and add for example in this file the following lines: # Example host access file # # Everything after a '#' is treated as comment, # empty lines are ignored allow ftpadmin 208.164.186.1 208.164.186.2 208.164.186.4  deny ftpadmin 208.164.186.5 In the example bellow, we allow the user <ftpadmin> to connect via FTP from the explicitly listed addresses <208.164.186.1 208.164.186.2 208.164.186.4>, and deny the specified <ftpadmin> user to connect from the site <208.164.186.5>. Step 2 Now, change its default permission to be 600: [root@deep /]# chmod 600 /etc/ftphosts