This section provides the SunTM Internet FTP ServerTM command line procedures for configuration. subscriber authentication, and maintenance.
FTP configuration is comprised of the following steps:
Create the anonymous FTP directory. This directory contains the subdirectories and binaries required for FTP support, and is cloned to create each virtual host's root FTP directory.
Create the virtual host directory structure: This contains a cloned tree of the anonymous FTP directory as well as the FTP access file for the virtual host.
Solaris ISP Services installation has been completed
FTP has been registered with the Sun Internet Admistrator (see the online help for the Sun Internet Administrator Register Services Screen)
Sun Internet FTP Server is installed, but not configured
The virtual host has not been created
The directories /usr/sbin and /usr/lib are in your root $PATH.
The ISP anonymous FTP directory will be created as /opt/IspFtpDir. This is an example only; you need to determine the actual name and location
The FTP virtual host is myVH.org.This is an example only; you need to provide the actual virtual host name
The FTP virtual host root directory will be created in/export/home
Use ftpconfig(1m) to create the anonymous FTP directory:
ftpconfig -d /opt/IspFtpDir
This creates the following in the specified directory: bin/, dev/, etc/, pub/, usr/, var/, and Welcome. The directory bin/ is a symbolic link to /usr/bin, and Welcome is the welcome message displayed to the FTP user on successful login.
The ftpconfig(1m) command only needs to be run once regardless of the number of virtual hosts you need to create. Ensure you do not create the ISP anonymous FTP directory in /tmp.
Use ftpaddhost(1m) to create the virtual host directory:
ftpaddhost /opt/IspFtpDir /export/home/ myVH.org
This creates the directory /export/home/myVH.org. The contents of the anonymous FTP directory /opt/IspFtpDir are cloned to create the required file hierarchy within /export/home/myVH.org: dev/, etc/, pub/, usr/, var/, and the file Welcome .
The FTP access configuration file /etc/inet/ftpaccess is copied to the virtual host etc/ directory (/etc/inet/hostname/). Thus, each virtual host you define using ftpaddhost(1m) inherits the configuration defined in /etc/inet/ftpaccess.
Create the subscriber (real user) account in /etc/passwd. See passwd(4) and admintool(1M) for further information. Make note of the user ID associated with the user login name.
Edit /etc/group and enter a unique group ID for the subscriber (real user) account in the file, then add the user login name to the newly created group. See group(4) for further information.
The following procedures for configures the virtual host for LDAP authentication.
Determine the UID and GID you will assign to the FTP subscriber and subscriber directories.
Create an LDIF file defining the virtual host type (org, net, com, edu, and so on), virtual host name, country code, subscriber directory, UID, and GID.
You can use the following example as a template, replacing:
country_code with the two-letter code for your country, for example us, de, ca, and so on.
virtual_host_type with the virtual host type.
For example if the virtual host is accessed via myVH.org, you would replace virtual_host__type with org
Your_ISP_Name with the name of your ISP.
Virtual_host_Name with the name of the virtual host.
For example if the virtual host is accessed via myVH.org, you would replace virtual_host__name with myVH.
virtual_host_dir with the full path name to the virtual host root directory.
For example if the virtual host myVH.org is located in /export/home/myVH.org, you would replace virtual_host__dir with /export/home/myVH.org.
dn: dc=virtual_host_type dc: virtual_host_type objectclass: domain dn: ou=virtual_host_name,o=Your_ISP_Name,c=country_code ou: virtual_host_name associateddomain: virtual_host_name.virtual_host_type objectclass: organizationalUnit objectclass: domainRelatedObject objectclass: top dn: dc=virtual_host_name,dc=virtual_host_type dc: virtual_host_name objectclass: domain objectclass: labeledURIObject associatedname: ou=virtual_host_name,o=Your_ISP_Name,c=country_code description: DNS to DN mapping for virtual_host_name.virtual_host_type labeleduri: ldap:///ou=virtual_host_name,o=Your_ISP_Name,c=country_code??sub dn: ou=Services,ou=virtual_host_name,o=Your_ISP_Name,c=country_code ou: Services objectclass: organizationalUnit dn: ou=Groups,ou=virtual_host_name,o=Your_ISP_Name,c=country_code ou: Groups objectclass: organizationalUnit dn: ou=People,ou=virtual_host_name,o=Your_ISP_Name,c=country_code ou: People objectclass: organizationalUnit dn: ou=SUNWftp,ou=Services,ou=virtual_host_name,o=Your_ISP_Name,c=country_code ou: SUNWftp objectclass: organizationalUnit dn: ispversion=1.0,ou=SUNWftp,ou=Services,ou=virtual_host_name,o=Your_ISP_Name,c=country_code ispversion: 1.0 cn: SUNWftp objectclass: ispservice ispdirectoryroot:virtual_host_dirdn: cn=ftp,ou=People,ou=virtual_host_name,o=Your_ISP_Name,c=country_codecommonname: ftp uid: ftp sn: ftp userpassword: ftp objectclass: ispSubscriber uidnumber: 60001 gidnumber: 70001 ispcontentdirectory: virtual_host_dir |
Before saving the file, ensure there are no trailing blanks. If there are any trailing blanks, ldapadd will report a syntax error.
Save the file as virtual_host_name.ldif, for example, myVH.ldif
The virtual host and subscriber information is added using the ldappadd command syntax:
# ldapadd -v -D"bindDN" -w bindPassword -f filename.ldif
You are logged in as root on the computer where Sun Directory Services and the Solaris FTP server are installed.
The password of the Directory Service administrator is ftp555.
The country code is us.
The Directory Service administrator distinguished name is "cn=admin,o=intra,c=us".
Your corporate domain name is intra.net.
You have created and saved the LDAP configuration file as myVH.ldif.
The command to add the virtual host and subscriber information to LDAP would then be:
# ldapadd -v -D"cn=admin,o=intra,c=us" -w ftp555 -f myVH.ldif
The standard FTP installation places an entry in /etc/inetd.conf, thereby automatically starting the FTP server when an FTP connection is made.
The ftpshut(1m) command creates the file /var/ftp/shutdown which disables FTP.
To reenable FTP, enter the command:
ftpshut enable
This deletes the /var/ftp/shutdown file, allowing subsequent FTP connections to automatically start the FTP daemon.
The ftpshut(1m) command is used to shut down the FTP server. You can optionally specify the number of minutes to new user lockout and disconnect of existing users as well as the logout message, or you can specify a configuration file containing this information.
The ftpshut(1m) command creates the file/var/ftp/shutdown. This blocks the restart of the FTP server until you enter the command ftpshut enable.
Shut down FTP immediately:
ftpshut now
Shut down FTP in 15 minutes, deny access to new users in 5 minutes, disconnect users not in file transfer mode in 10 minutes:
root# ftpshut -l 5 -d 10 15 System going down in 15 minutes
The shutdown message is limited to 76 characters maximum.
Please refer to the ftpshut(1m) man page for information on creating and using a shutdown configuration file.
Refer to ftpaccess(4) for the definition of class and procedures for defining new classes.
Use the ftpcount(1m) to display the number of active users per class:
/usr/sbin/ftpcount
The number of users per class and the class maximums are displayed:
root# ftpcount Service class anon - 2 users ( 10 maximum) Service class guest - 0 users ( 10 maximum) Service class real - 0 users root# |
Removal of an FTP virtual host depends on the type of subscriber authentication; and whether or not the virtual host is also serving as a web hosting site.
The following procedure uses the examples:
The FTP virtual host is myVH.org.
the FTP virtual host chroot directory is/export/home/myVH.org.
Remove the FTP virtual host entry from /etc/inet/ftpservers. For example, you would delete the line myVH.org /etc/inet/myVH.org/ftpaccess.
If this is an FTP-only virtual host:
Remove the FTP virtual host entry from /etc/inet/hosts. For example, you would delete the line containing myVH.org from /etc/inet/hosts.
Remove the virtual host chroot directory; in this example, /export/home/myVH.org.
If this is an FTP/web site host:
Change directory to the virtual host chroot directory, in this example /export/home/myVH.org.
Remove the file Welcome, and remove the following directories only if they do not contain web data:dev/, etc/, pub/, usr/, and var/.
Remove the FTP virtual host entries from LDAP using Deja, or via the command line as described by ldapdelete(1m).