Configuring an FTP server with Tnftpd (formaly Lukemftpd)

this is obsolete doc -- see http://doc.nethence.com/ instead

Installation

Tnftpd is built within NetBSD. On other Unices make sure gcc, make and yacc are available. Here rhel,

rpm -q gcc make byacc

fetch it (ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/), compile and install it,

cd ~/

wget ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20100324.tar.gz

tar xzf tnftpd-20100324.tar.gz

cd tnftpd-20100324/

./configure && make && make install

note. if you get this error (on recent Linux systems),

glob.c:723: error: 'ARG_MAX' undeclared (first use in this function)

replace 'ARG_MAX' by 'sysconf(_SC_ARG_MAX)' in libnetbsd/glob.c.

ref http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518858

Configuration

On RHEL5/6, make some useful links,

cd /etc/

ln -s /usr/local/etc/ftpd.conf

ln -s /usr/local/etc/ftpusers

enable anonymous ftp (/sbin/nologin shell is fine),

mkdir -p /var/ftp/

On NetBSD you should first,

cd /etc/

mv ftpusers ftpusers.dist

mv ftpchroot ftpchroot.dist

enable anonymous ftp,

grep ^csh /etc/shells

chpass -s /bin/csh ftp

On Slackware you should first,

removepkg proftpd

cd /etc/

mv ftpusers ftpusers.dist

Configure the daemon,

vi /etc/ftpd.conf

like,

motd          all    none

portrange     all       50000 50999

umask         chroot    022

umask         real      022

Note. in a NAT configuration, advertise the public IP,

advertize     all       IP_ADDRESS

Note. "denyquick all" isn't recommended as it would help attackers to guess login usernames. Still, you can activate it if you only got anonymous access !

Note. the default configuration is described in the DEFAULTS chapter in ftpd.conf(5). Search for manuals,

cd /usr/local/share/man/

find . -type f

man ./man8/tnftpd.8

man ./man5/ftpusers.5

man ./man5/ftpd.conf.5

Enable some users,

cd /etc/

vi ftpusers

like,

USERNAME            allow   chroot

ftp             allow   guest

anonymous       allow   guest

*               deny

Ready to go

Run the daemon (and add it to /etc/rc.local),

cd ~/

/usr/local/libexec/tnftpd -D -4 -ll -V "go see your mom"

ps aux | grep tnftpd

Note. "-D" for daemon mode

Note. "-4" for IPv4

Note. "-ll" to log login attempts, put, get, etc... to syslog

Note. "-L xferlog" for xferlogs

Note. "-a" to force the anondir (default: ftp user's homedir)

Note. "-h althostname" for alternate hostname

Enable at boot time,

cd /etc/

cat >> rc.local <<EOF9

echo -n starting lukemftpd...

/usr/local/libexec/tnftpd -D -4 -ll && echo done

EOF9

Otherwise here's the inetd.conf configuration,

#ftp stream tcp nowait root /usr/local/libexec/tnftpd tnftpd -ll

Anonymous upload

Eventually create the incoming directory,

mkdir -p /var/ftp/upload/

chmod 777 /var/ftp/upload/

note. ftpd.conf has 'umask guest 0707' which means users can upload but can't download, delete nor overwrite.

note. if you plan to make your repository readable by HTTP too, make sure you deactivate PHP on this directory. You don't want anymore to upload php hacks and execute them through apache.