SUN Solaris FTP
SUN Solaris comes with ftp daemon based on WU-FTPd Washington University project.
While not being very enthusiastic about its vulnerabilities discovered over the years and being rather
abandoned by its developers ,still it comes by default and as long as Sun ok with that it is ok with me too.
Below I will shortly introduce configuring it for local user access as well as anonymous one.
By default FTP daemon (in.ftpd) is disabled. Here is the initial state you have it :
root@Solaris# svcs ftp
STATE STIME FMRI
disabled 7:21:44 svc:/network/ftp:default
As ftpd is inet managed daemon more information can be queried from inetadm:
root@Solaris# inetadm -l svc:/network/ftp:default
SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd -a”
user=”root”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
default tcp_trace=FALSE
default tcp_wrappers=FALSE
default connection_backlog=10
Insecure you say , well , you are right – let’s sharpen it a bit.
Enable more detailed logging.
root@Solaris# inetadm -m svc:/network/ftp:default tcp_trace=TRUE
root@Solaris# inetadm -m svc:/network/ftp:default user=”ftpuser”
root@Solaris# inetadm -l svc:/network/ftp
SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd -a”
user=”ftpuser”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSE
default connection_backlog=10
When execution option –a is given (and it is by default) then ftpd will consult /etc/ftpd/ftpaccess
file for additional restrictions and tweaks. Here are the few that are worth enabling.
Uncomment following lines to have more verbose logging available:
log transfers real,guest,anonymous inbound,outbound
xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %Xr
Make sure these changes are applied
root@Solaris# svcadm refresh svc:/network/ftp:default
Configure anonymous access.
All the configs so far will allow only local valid users to connect by ftp and be automatically
placed in their respective home directories. To allow anonymous ftp access with dedicated chrooted for that folder there is a special set of tools to use. Actually it is just one script that does all the hard work behind the scenes – creates ftp user, creates directory tree , sets up needed permissions, sets up chrooted environment for the anonymous ftp user.
root@Solaris# ftpconfig /oracle/ftpuser 注意:这里的路径必须是已创建用户的家目录
Updating user ftp
Creating directory /oracle/ftpuser
Updating directory /oracle/ftpuser
root@Solaris#more /etc/passwd
ftpuser:x:2001:2001::/oracle/ftpuser:/bin/sh
That is all, now you can login anonymously and download anything from /export/home/ftp_pub/pub directory. To also allow upload there , change the upload option in “/etc/ftpd/ftpaccess” and set accordingly permissions on the Solaris level for the directory pub (777)
root@Solaris# vi /etc/ftpd/ftpaccess
upload class="anonusers" * /pub yes
#upload class="anonusers" * * no nodirs
root@Solaris# chmod 777 /etc/ftpd/ftpaccess
And finally enable it
root@Solaris# svcadm enable ftp
验证:
DOS环境下使用ftp
C:Documents and SettingsAdministrator>ftp 10.5.77.12
ftp> lcd D:
Local directory now D:.
参考文献:http://yurisk.info/2010/03/31/solaris-configure-ftp-server/