FTP Server

From Outrun Wiki
Jump to: navigation, search

1 Overview

Outrun features an embedded FTP server based on vsftpd. The FTP server makes it easy to exchange files with Outrun such as:

  • Oracle installer files
  • Backup images
  • Linux ISO images
  • Anything else you need to up/download

Of course other methods can also be used (in particular, Secure Copy aka SSH) but FTP is sometimes more convenient, and browsers have read-only FTP client features.

2 Using FTP

Browser - Download files only
Point your browser to ftp://servername|ip-address/
FTP client FileZilla
Install FileZilla, available via ftp://<outrun-server>/tools/ or FileZilla (latest version, other platforms than Windows)
Connect it via FileZilla's site manager or quick connect (no password required)
Linux command line - wget
Download any file using wget ftp://outrun-server/<path>
Linux command line - curl
Browse ftp using curl -l ftp://outrun-server/<path>/ (note the trailing '/')
Download any file using curl -O ftp://outrun-server/<path>/<file>

3 Outrun FTP configuration

In Outrun, it is configured a bit different from the default:

  • It uses xinetd to be launched on-demand instead of running as a background process all the time
  • Anonymous uploads are enabled (but only on the 'incoming' directory)
  • Anonymous login does not require a password
  • Anonymous users are able to delete or rename files

Other standard features of vsftpd remain unchanged, so:

  • You can login as any user (with password) except root and get access to the home directory of the user as well as all other files that user has access to (handy to login as user "oracle" for example
  • Even if you login as a valid user, your files will appear as owned by "ftp" with group "ftp".

4 Enabling / Disabling the FTP server

Checking FTP status

chkconfig --list ftp Shows if FTP is enabled or disabled

Enabling/disabling:

chkconfig ftp on to enable

chkconfig ftp off to disable

5 Security

The disadvantage of allowing anonymous access (including uploads) is the security risk. VSFTP however restricts access in a few ways:

  • Uploads only to ftp incoming folder (/var/ftp/incoming on Linux)
  • No creation of subdirectories
  • Uploaded files have no execution rights

If you completely want to disable FTP however:

  • Use chkconfig to switch it off
  • Modify the /etc/xinetd.d/ftp config file so it can never be started (don't remove the file completely as it can be rewritten during YUM updates)
  • Use a firewall (iptables) to block the ftp ports