6. Configuring an FTP Server

FTP (File Transfer Protocol) is a standard network protocol used to exchange and handle files over a TCP/IP based network.
Setting up an FTP server is done in several stages.

Installing FTP

Setting up an FTP service requires that LDAP and Unix services be installed, so if they are not yet, begin by executing:

cl-setup ldap
cl-setup unix

To install the FTP service, enter:

cl-setup ftp

After this, FTP will be accessible for the_anonymous_ user. The directories /pub and /tmp will be automatically created, too, in the ftp directory.

To connect to an FTP server, open any browser that supports this protocol and enter the page address: ftp://yourserver.

Accounts

Accounts are used for authorized access to the FTP server. For each of them, a home folder can be set and permissions distinguished when used in conjunction with the Unix service.

Account management

Add an account

To add an account for the FTP service, use the cl-useradd command:
  • Make the account "user1", and set the password for it:
    cl-useradd -p user1 ftp
    
  • Make the account "user1" with a home directory and set the password. By default, the home directory is created in @/pub/users/<account_name> in the FTP directory. This directory will have access to this user only:
    cl-useradd -p -m user1 ftp
    
  • Make the account "user1" with a home directory in the specified location and set the password. In this case, the home directory will be located to the specified relative path in the FTP directory:
    cl-useradd -p -m -d pub/user1 user1 ftp
    

Change the password

To change the account's password, use cl-passwd:

cl-passwd user1 ftp

Remove an account

Removing an account from the FTP service is done with the cl-userdel; this also removes the user's home directory:

cl-userdel user1 ftp

P.S. Since a Unix account is created automatically when you create an FTP account, if you happened to delete the FTP account later, the Unix account would remain.

Manage permissions to directories

Access rights or permissions are attributes of a file or a directory which tell to the server who can have access to the file/directory and what they can do.
Each file has two owners: the user owner and the group owner. Access permissions are thus divided in three groups: access for the user owner (owner), access for the group owner (group), access for other users (others).

For each category three types of access can be set: (r) allows to read the file\directory, (w) allows to modify (edit) the file or to create/remove files in the directory, (x) allows to execute the file or open the directory.

To define access permissions to directories, the FTP service interacts with the Unix service: for each FTP account, there will be a Unix account with the same name. Thus, a user logged in to their account on the FTP service is granted some access rights to the file depending on whether they are the file's owner or belong to the group owner. If the user does not own the file and does not belong to the group owner, permissions default to the others access rights. In the case of anonymous access to FTP, permissions are also defined by those specified for others.

Set access rights

Permissions are set on the server with the chmod command.

# setting permissions: user=all group=read\write others=read
chmod u=rwx,g=rw,o=r file

# setting group-owner pubwriter
chgrp pubwriter pub
# allow writing to the directory @/pub@ for the group owner
chmod g+w pub

Manage Unix groups

Since FTP is closely related to the Unix service, managing groups the user belongs to is done through Unix.

Add a group

Adding group is done by executing cl-groupadd:

# add group "pubwriter" 
cl-groupadd pubwriter unix

Remove a group

Removing a group is done with the cl-groupdel command:

# remove the group "test" 
cl-groupdel test unix

Add/remove user accounts within a group

You can add or delete user accounts in two ways:
  • by using the cl-usermod command:
    # add the "guest" user to the group "pubwriter" 
    cl-usermod -a pubwriter guest unix
    
    # change all groups of the "guest" user for the "guest" group
    cl-usermod -G guest guest unix
    
  • by using the cl-groupmod command:
    # remove the "guest1" and "guest2" users from the group "pubwriter" 
    cl-groupmod -d guest1,guest2 pubwriter unix
    
    # add the users "guest1" and "guest2" to the group "pubwriter" 
    cl-groupmod -a guest1,guest2 pubwriter unix
    
Thank you!