Jonathan's Contribution

Linux Configuration

Henry's Virtual FTP Server

[Home] [Up][Prev][Next]

References

I'm using wu-ftp V2.6.0.  I got the latest rpm from rpmfind.net, and installed it as root.  Once installed the most useful configuration informaton on this subject is found in /usr/doc/wu-ftp-2.6.0/HOWTO/VIRTUAL.FTP.SUPPORT.  It is also useful to read /usr/doc/wu-ftp-2.6.0/README. and follow some of the links at the end of it.

What do we want to do

We want to serve two ftp sites ftp.novatek.co.nz, and ftp.cmex.org.  off this server box.  Also this server box, Henry, is shielded from the internet world by the firewall Gateway.   All communications arriving from the external world, addressed to the domains novatek.co.nz and cmex.org do so on ip addresses 24.113.94.87 and 24.113.98.164 respectively. Gateway's DNS configuration, makes this magic possible.  Gateway's Firewall and Port Forwarding then passes all ftp traffic from 24.113.94.87 and 24.113.98.164 to addresses 192.168.0.201 and 192.168.0.203 respectively.   These 192.168.0.x addresses are ip aliased on Henry.
 
This organisation has the advantage of being able to separate out serving to separate boxes later without breaking  too many things.

Directory Structure

The virtual ftp directories are rooted off /usr/local/ftp.  A ls -l of this directory produces:
-------------------------
drwxr-xr-x   7 root     ftp          4096 Sun Mar 12 20:02:51 2000 cmex/
drwxr-xr-x   7 root     ftp          4096 Sat Feb 26 19:09:55 2000 novatek/
-------------------------
Note that the directories belong to the ftp group.  Under these  directories we put the standard anon ftp directory structure.  I found directories not being visible sometimes when creating the directory structure.  I ended up copying the directory structure out of /home/ftp, and things work fine.  If anyone knows what causes this, I'm interested.
 
A ls -l * of /usr/local/ftp produces:
-------------------------
cmex:
total 28
drwxr-xr-x   7 root     ftp          4096 Sun Mar 12 20:02:51 2000 ./
drwxr-xr-x   4 root     root         4096 Sat Mar 04 16:42:03 2000 ../
d--x--x--x   2 cmex     ftp          4096 Sat Feb 26 23:28:49 2000 bin/
d--x--x--x   2 cmex     ftp          4096 Sat Feb 26 23:28:49 2000 etc/
drwxr-sr-x   2 ftp      ftp          4096 Sat Feb 26 23:28:50 2000 incoming/
drwxr-xr-x   2 cmex     ftp          4096 Sat Feb 26 23:28:50 2000 lib/
drwxr-sr-x   3 cmex     ftp          4096 Sun Mar 12 21:32:21 2000 pub/

novatek:
total 28
drwxr-xr-x   7 root     ftp          4096 Sat Feb 26 19:09:55 2000 ./
drwxr-xr-x   4 root     root         4096 Sat Mar 04 16:42:03 2000 ../
d--x--x--x   2 root     ftp          4096 Sun Dec 12 11:04:47 1999 bin/
d--x--x--x   2 root     ftp          4096 Sun Dec 12 11:04:47 1999 etc/
drwxr-sr-x   2 ftp      ftp          4096 Thu Apr 20 18:33:35 2000 incoming/
drwxr-xr-x   2 root     ftp          4096 Sun Dec 12 11:04:48 1999 lib/
dr-xr-sr-x   7 root     ftp          4096 Fri Apr 21 10:46:28 2000 pub/
-----------------------
 Note the sgid on incoming and pub. It is a mystery to me why this is required, but it makes things work.

Configuration

Following the instructions in /usr/doc/wu-ftp-2.6.0/HOWTO/VIRTUAL.FTP.SUPPORT we create the following config files.  The ftpaccess man page is most useful in understanding each of the configuration items in the ftpaccess file.  Note that I copied all the /etc/ftp* files into the respective /etc/ftp.novatek and /etc/ftp.cmex
 
In understanding how this ftpaccess configuration works, do not overlook the explainations of virtual, hostname, and passive
 
>>>>>>>>>>>>>/etc/ftpservers
# ftpservers

#ftp.novatek.co.nz      /etc/ftp.novatek
192.168.0.201           /etc/ftp.novatek
#ftp.cmex.org           /etc/ftp.cmex
192.168.0.203           /etc/ftp.cmex
<<<<<<<<<<<<</etc/ftpservers
 
This file tells the ftpd daemon where to look for its virtual server configurations when ftp requests arrive with a specific (aliased) ip address.  ftpd will look for configuration options in the files in these directories before looking in /etc/.
 
>>>>>>>>>>>>/etc/ftp.novatek/ftpaccess
# ftp.novatek/ftpaccess

class   all   real,guest,anonymous  *
virtual * allow *
email ftpkeeper@novatek.co.nz
hostname ftp.novatek.co.nz
passive address 192.168.0.201 192.168.0.0/24
passive address 24.113.94.87 0.0.0.0/0

root            /usr/local/ftp/novatek
banner          /etc/ftp.novatek/ftpbanner
logfile         /var/log/ftp.novatek

keepalive yes
timeout idle 14400
timeout maxidle 14400

upload  /usr/local/ftp/novatek  *               no
upload  /usr/local/ftp/novatek  /incoming       yes  ftp  ftp  0666

passwd-check warn

loginfails 5

greeting brief

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

limit   all     20      Any             /etc/msgs/ftptoomany

compress        yes             all
tar             yes             all
chmod           no              guest,anonymous
delete          no              guest,anonymous
overwrite       no              guest,anonymous
rename          no              guest,anonymous

log commands real
log transfers anonymous,real inbound,outbound
<<<<<<<<<<<</etc/ftp.novatek/ftpaccess
 
>>>>>>>>>>>>/etc/ftp.cmex/ftpaccess
# ftp.cmex/ftpaccess

class   all   real,guest,anonymous  *
virtual * allow *

email ftpkeeper@cmex.org
hostname ftp.cmex.org
passive address 192.168.0.203 192.168.0.0/24
passive address 24.113.98.164 0.0.0.0/0

root            /usr/local/ftp/cmex
banner          /etc/ftp.cmex/ftpbanner
logfile         /var/log/ftp.cmex

keepalive yes
timeout idle 14400
timeout maxidle 14400

upload  /usr/local/ftp/cmex             *               no
upload  /usr/local/ftp/cmex             /incoming       yes  ftp  ftp  0666

passwd-check warn

loginfails 5

greeting brief

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

limit   all     20      Any             /etc/msgs/ftptoomany

compress        yes             all
tar             yes             all
chmod           no              guest,anonymous
delete          no              guest,anonymous
overwrite       no              guest,anonymous
rename          no              guest,anonymous

log commands real
log transfers anonymous,real inbound,outbound
<<<<<<<<<<<</etc/ftp.cmex/ftpaccess
 
>>>>>>>>>>>>/etc/ftp.*/ftpbanner
                Welcome to Cmex's FTP Site

  You are being hosted by %L.

  The local time in Vancouver, Canada is: %T

  There are %N of %M users logged on.

  Log in and have a look around.  Enjoy :-)
                        %E
<<<<<<<<<<<</etc/ftp.*/ftpbanner
 
Note that in the ftpaccess files we changed the filespec's of the log files, each virtual ftp site having its own log files.  We need to change logrotate configuration so that logrotation does what it should.  (I suspect this is very much RedHat).
 
>>>>>>>>>>>>>>>>/etc/logrotate.d/ftpd
/var/log/xferlog {
    # ftpd doesn't handle SIGHUP properly
    nocompress
}
/var/log/ftp.novatek {
    nocompress
}

/var/log/ftp.cmex {
    nocompress
}
<<<<<<<<<<<<<<<</etc/logrotate.d/ftpd
[Home] [Up][Prev][Next]

Last modified: Tue Feb 8 22:00:00 PST 2000
Copyright © Jonathan Marks, 1999, 2000. All rights reserved.
http://jon.novatek.co.nz/linux/config/henry-ftp.html.