Linux, CCNA and MCSE Questions: FTP (File Transfer Protocol) Server

1 What is FTP?

FTP stands for File Transfer Protocol used to transfer files from one host to another host over a TCP-based network.

2. How ftp works?

FTP is built on client-server architecture and utilizes separate control and data connection between the client and server. FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it.

Usually, the FTP server, which stores files to be transferred, uses two ports for the transferring purpose. One port for commands and another port for sending and receiving data. Requesting from client computers are received at the port 21 of server. ie., it is exclusively reserved for sending commands, therefore it is called the Command Port.

Once an incoming request is received, the data requested or uploaded by the client computer is transferred through a separate port 22 and referred as Data Port. At this point, depending on the Active or Passive mode of the FTP connection, the port number used for the Data Transfer Varies.

3. What is Active FTP?

In Active FTP connection, the connection is initiated by the Client, and the data connection is initiated by the Server. And as the server actively establishes the data connection with the client, hence it is called the Active FTP. Here the client opens up a port higher than 1024 and it connects to the server through port 21. Then the server opens its port 20 to establish a data connection.

4. What is Passive FTP?

In Passive FTP connection, both command and data connections are established by the client. In this the server acts as entirely passive, that's why it is called the Passive FTP. Here the server listens for incoming requested connections from client through port 21 and the client also initiates the data connection at port 20.

5. What is the main difference between the Active FTP and Passive FTP?

The main difference between the Active FTP and the Passive FTP is based on who initiates the data connection between the server and the client. If the data connection is initiated by the server, that is called Active FTP and if the data connection is initiated by the client, that is called Passive FTP.

6. What is the profile for FTP server?

(i) It is used for uploading and downloading the files and directories cannot be downloaded.

(ii) The FTP server packageis vsftpd.

(iii) The FTP client packages are ftp and lftp.

(iv) The FTP server deamon is vsftpd (Very Secure FTP deamon)

(v) The FTP scripting file is /etc/initd/vsftpd

(vi)Port numbers 20 for data connection and 21 for FTP command connection.

(vii) The document root for FTP is /var/ftp

(viii) The FTP home directory is /var/ftp

(ix) The FTP configuration files are,

(a) /etc/vsftpd/vsftpd.conf

(b) /etc/vsftpd/user_list

(d) /etc/pam.d/vsftpd

7. How to configure the FTP server?

(i) Install the FTP package by # yum install vsftpd* -y command.

(ii) Goto FTP document root directory and create some files by # cd /var/ftp/pub

# touch f(1..10}

(iii) Restart the FTP service or deamon by # service vsftpd restart command in RHEL - 6.

# systemctl restart vsftpd command in RHEL - 7.

(iv) Make the FTP service or deamon enable even after reboot the server by

# chkconfig vsftpd on command in RHEL - 6 and # systemctl enable vsftpd command in RHEL - 7.

(v) Add the FTP service to the IP tables (RHEL - 6) and Firewalld (RHEL - 7).

RHEL - 6 :

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --deport 21 -j ACCEPT

# iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --deport 21 -j ACCEPT

# iptables -A INPUT -m state --state NEW -m tcp -p tcp --deport 20 -j ACCEPT

# iptables -A OUTPUT -m state --state NEW -m tcp -p tcp --deport 20 -j ACCEPT

RHEL - 7 :

# firewall-cmd --permanent -add-service=ftp command in RHEL - 7.

# firewall-cmd --complete-reload command in RHEL - 7.

8. How to configure the FTP client and how to connect the ftp server?

(i) Go to the client machine and install the FTP and Lftp packages.

# yum install ftp* lftp* -y

(ii) Connect the FTP server from client.

# ftp

Example : # ftp 172.25.9.11 or ftp://server.example.com

Username : ftp

Password :

ftp > ls (to see the files in the FTP document root directory)

(iii) We can also connect the FTP server through browser.

(i) Open the web browser and type in address bar as,

ftp://172.25.9.11 or ftp://server.example.com

9. How to configure the Secure FTP server?

(i) Open the FTP configuration file by # vim /etc/vsftpd/vsftpd.conf command.

(ii) Go to line no : 12 and type as, ananymous_enable=no (save and exit the file)

* ananymous_enable=yes (by default)

It means anybody can login to the FTP server without any username and password.

If ananymous_enable=no, then we must provide the username and passwords when it prompts.

(iii) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

(iv) Assign the FTP user password by # passwd ftp (type and retype the ftp user password)

(v) Go to client side and connect the FTP server by # ftp 172.25.9.11 command.

10. How to configure the FTP server to upload the files feature?

(i) Open the FTP configuration file by # vim /etc/vsftpd/vdftpd.conf command.

(ii) Go to line no : 19 and type as, writable_enable=yes

(iii) Go to line no : 29 and type as, anon_upload_enable=yes (save and exit the file)

(iv) Make the uploaddirectory in /var/ftp/pub directory by # mkdir /var/ftp/pub/upload

(v) Change the group of the upload directory as ftp by # chgrp ftp upload command.

(vi) Change the permissions of the upload directory by # chmod 775 upload command.

(vii) To permanently add the ftp service to SELinux policy by

# getsebool -a | grep ftp (to check the SELinux Booleans for FTP service)

# setsebool -p allow_ftpd_anon_write on

# chcon -t public_content_rw_t upload (to add read-write context of the upload directory)

# setsebool -p ftp --full-access=1 command or # setenforce=0 command to disable the SELinux.

(viii) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

11. How to deny the particular system to use the FTP server?

(i) Open the /etc/hosts.deny file and put an entry of system which one to deny the ftp service.

# vim /etc/hosts.deny (goto last line and type as below)

vsftpd : 172.25.9.10 (to deny 172.25.9.10 system)

vsftpd : ALL (to deny all the systems)

vsftpd : ALL EXCEPT *.example.com (to deny all the systems except example.com domain systems)

(save and exit the file)

(ii) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

* Now 172.25.9.10 system will not access the FTP services.

* If we put an entry in /etc/hosts.allow file as, ALLOW ALL EXCEPT 172.25.5.10 then, except 172.25.5.10 system all the systems can avail the FTP service.

12. How to change the ownership of the uploaded file in FTP?

If we upload or download any files the files owner and group are ftp only. We can change the ownership of the uploaded or downloaded files as follows.

(i) Open the FTP configuration file by # vim /etc/vsftpd/vsftpd.conf command.

(ii) Go to line no : 48 and type as, chown_upload=yes

(iii) Go to line no : 49 and type as, chown_username=

(iv) We can display the banner when we connect the FTP server by uncomment on line no : 86 and type as, ftp_banner=" Welcome to Hyderabad "

(v) We can limit the FTP maximum connections at a time to 5 by put an entry in configuration file as,

max_clients=5 (save and exit the file)

(v) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

13. How to deny specific users to access the ftp services?

(i) Open the FTP users file by # vim /etc/vsftpd/ftpusers command.

(ii) Enter the user names whom to deny FTP services. For example as follows,

root

raju

junnu (save and exit the file)

(iii) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

14. What is LFTP and how to configure LFTP?

LFTP is also used to upload or download the files. But, by using LFTP we can login to the FTP server without password because It will not ask any passwords. To use LFTP we have to install the LFTP package on server.

(i) Install the LFTP package by # yum install lftp* -y command.

(ii) Restart the lftp deamon by # service lftpd restart command in RHEL - 6 or

# systemctl restart lftpd command in RHEL - 7.

(iii) Go to client system and access the LFTP server by,

# lftp 172.25.9.11 (to connect the LFTP server)

lftp> cd pub (to move to the pub directory)

lftp> get f1 (to download the f1 file)

lftp> mget f2 f3 f4 f5 (to download the f2 f3 f4 and f5 multiple files at a time)

lftp> put f9 (to upload the f9 file)

lftp> mput f10 f11 f12 (to upload the f10 f11 f12 multiple files at a time)

lftp> quit (to quit the ftp server)

* In LFTP " Tab " key works as usual but in FTP " Tab " will not work.

15. How to allow the root user to access the FTP server?

By default root user is blocked to access the FTP server. To allow the root user to access the FTP server follow the below steps.

(i) Open the /etc/vsftpd/user_list file by # vim /etc/vsftpd/user_list command.

(ii) Go to root user line and comment on that line. For example # root (save and exit the file)

(iii) Open the /etc/vsftpd/ftpuser file by # vim /etc/vsftpd/ftpuser command.

(iv) Go to root user line and comment on that line. For example # root (save and exit the file)

(v) Restart the ftp deamon by # service vsftpd restart command in RHEL - 6 or

# systemctl restart vsftpd command in RHEL - 7.

* Even though we changed the above, the root user cannot access the FTP server because the home directory context is not added. we can solve this as follows.

(vi) # getsebool -a | grep ftp (to check the SELinux Boolean of the root home directory)

(vii) # setsebool -p ftp_home_dir on (to change the Boolean of the root home directory)

* Now go to client system and try to login the FTP server as root user. Here we can access the FTP server.

16. What are the difference between FTP and LFTP servers?

(i)The user name and password are required to access the FTP server but LFTP does not requires passwords.

(ii) In ftp>prompt the " Tab " key will not work but in lftp> prompt the " Tab " key will work as usual.

Other useful FTP Commands :

# ftp 172.25.9.11 (to access the FTP server provide FTP user name and password)

ftp > ls (to see all the files and directories in FTP root directory)

ftp > !ls (to see the local nothing present working directory files)

ftp > pwd (to see the FTP present working directory)

ftp > !pwd (to see the local file system's present working directory)

ftp > get (to download the specified file)

ftp > mget (to download multiple files at a time)

ftp > cd /var/ftp/pub/upload (to move to upload directory)

ftp > put (to upload the specified file into the FTP upload directory)

ftp > lcd /root/Downloads (to change to the local /root/Download directory)

ftp > help (to get the help about FTP commands)

ftp > bye or quit (to quit or exit from the FTP server)

# lftp 172.25.9.11 (to access the LFTP server without asking any passwords)

Linux, CCNA and MCSE Questions

Monday, October 17, 2016

FTP (File Transfer Protocol) Server

No comments:

Linux, CCNA and MCSE Questions: User Managment