Appendix 5

     Here we are going to setup a ftp server. By default FreeBSD provides you with a ftp server with which you can do most of the basic services available. But for a robust access control you need to install other ftp servers, hence we used wu-ftpd-2.4.2b18. This was another package available from the CD-ROM. You can, as usual, get it from www.freebsd.org.
     When you install the package you will get the following files:

/usr/local/libexec/ftpd
/usr/local/etc/ftpaccess.example
/usr/local/etc/ftpconversions.example
/usr/local/etc/ftpusers.example

The remaining three are the sample files. You should copy these files without their .example
extenstions. This are the files that controls different permissions. Let's begin with the ftpaccess file:

------------------------------- Start of ftpaccess file ----------------------------
#########################################################
# actual file was modified by Junan on 17th July, 1998 #
#########################################################
loginfails 3
class local real,anonymous *.ant.yatsushiro-nct.ac.jp 0.0.0.0
class remote real,anonymous *
limit local 10 Any /etc/msgs/msg.toomany
linit remote 60 Any /etc/msgs/msg.toomany
readme README* login
readme README* cwd=*
message /etc/msgs/welcome.msg login
message .message cwd=*
private yes
passwd-check rfc822 warn
compress yes local remote
tar yes local remote
log commands real
log transfers anonymous,real inbound,outbound
shutdown /etc/msgs/shutmsg
delete no anonymous # delete permission
overwrite no anonymous # overwrite permission
rename no anonymous # rename permission
chmod no anonymous # chmod permission
umask no anonymous # umask permission
upload /var/ftp * no
upload /var/ftp /incoming yes root daemon 0600 dirs
upload /var/ftp /bin no
upload /var/ftp /etc no
alias inc: /incoming
cdpath /incoming
cdpath /pub
cdpath /
email root@ant.yatsushiro-nct.ac.jp
------------------------------- End of ftpaccess file ----------------------------

The following two lines describe the class provided to users. It divides users into two groups local and remote. Both local and remote users are again divided into two groups real and anonymous. Here local users who have accounts on this server are also permitted to login as anonymous user and are permitted to access from anywhere(0.0.0.0). Remote users are also permitted to login as real or anonymous.

class local real,anonymous *.ant.yatsushiro-nct.ac.jp 0.0.0.0
class remote real,anonymous *

The following two lines limits the number of users permitted to use ftp simultaneously. The first line limits the local users and the second line limits the remote users. The 11th user trying to ftp to our server will get the message saved in /etc/msgs/msg.toomany. As you can clearly understand that we have to create these files beforehand.

limit local 10 Any /etc/msgs/msg.toomany
linit remote 60 Any /etc/msgs/msg.toomany

The welcome message! It is useful to give a welcome message in the file according to your taste. The second line is the file name that is showed while it exists in the directory you change to. You can change it as your necessity, README would be a good idea.

message /etc/msgs/welcome.msg login
message .message cwd=*

Yes, as the names suggest these options are used while downloading files.
compress yes local remote

tar yes local remote

The permitted commands are controled for the anonymous users here. If you are interested in testing these by setting to, you are welcome --- you will get a lot of surprising results! Just for a pointer: if you set delete permission for anonymous to yes, anonymous will be able to delete files owned by the user ftp.

delete no anonymous # delete permission
overwrite no anonymous # overwrite permission
rename no anonymous # rename permission
chmod no anonymous # chmod permission
umask no anonymous # umask permission

You won't have to touch anything with the ftpconversions file. ftpusers file disables the users who should not be permitted using the service from remote or even local hosts. A typical file can be:

------------------------------- Start of ftpusers -----------------------------------
root
toor
daemon
operator
games
news
uucp
xten
ingres
nobody
------------------------------- Start of ftpusers -----------------------------------

For Example, omitting root means that root is permitted to use ftp from remote or local hosts which is equivalent to giving a root login from remote hosts not wanted risk!
Now that we are over with setting all these configuration files we can restart the inetd, the internet super daemon.

maple# kill -1 `cat /var/run/inetd.pid`

Finally comes the mime.types file. Most probably you won't have to change this file.