SUN Solaris FTP
SUN Solaris comes with ftp daemon based on WU-FTPd Washington University project.While not being very enthusiastic about its vulnerabilities discovered over the years and being rather abandoned by its developers ,still, it comes installed by default and as long as Sun ok with that it is ok with me too.Below I will shortly introduce configuring it for local user access as well as anonymous one.
By default FTP daemon (in.ftpd) is disabled. Here is the initial state you have it :
root@Solaris# svcs ftp
STATE STIME FMRI disabled 7:21:44 svc:/network/ftp:defaultAs ftpd is the inet managed daemon more information can be queried from inetadm:
root@Solaris# inetadm -l svc:/network/ftp:default
SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE default tcp_trace=FALSE default tcp_wrappers=FALSE default connection_backlog=10Insecure you say , well , you are right – let’s sharpen it a bit. Enable more detailed logging:
root@Solaris# inetadm -m svc:/network/ftp:default tcp_trace=TRUE
root@Solaris# inetadm -l svc:/network/ftp
SCOPE NAME=VALUE name="ftp" endpoint_type="stream" proto="tcp6" isrpc=FALSE wait=FALSE exec="/usr/sbin/in.ftpd -a" user="root" default bind_addr="" default bind_fail_max=-1 default bind_fail_interval=-1 default max_con_rate=-1 default max_copies=-1 default con_rate_offline=-1 default failrate_cnt=40 default failrate_interval=60 default inherit_env=TRUE tcp_trace=TRUE default tcp_wrappers=FALSE default connection_backlog=10When option –a is given (and it is by default) then ftpd will consult /etc/ftpd/ftpaccess file for additional restrictions and tweaks. Here are the few that are worth enabling. Uncomment following lines to have more verbose logging available:
log transfers real,guest,anonymous inbound,outbound xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa %u %Xc %Xs %XrMake sure these changes are applied:
root@Solaris# svcadm refresh svc:/network/ftp:default
Configure anonymous access.
All the configs done so far will allow only local valid users to connect by ftp and be automatically placed in their respective home directories. To allow anonymous ftp access with dedicated chrooted for that folder there is a special set of tools to use. Actually it is just one script that does all the hard work behind the scenes – creates ftp user, creates directory tree , sets up needed permissions, and sets up chrooted environment for the anonymous ftp user.
root@Solaris# ftpconfig /export/home/ftp_pub
Updating user ftp Creating directory /export/home/ftp_pub Updating directory /export/home/ftp_pubThat is all, now you can login anonymously and download anything from /export/home/ftp_pub/pub directory. To also allow upload there , change the upload option in /etc/ftpd/ftpaccess and set accordingly permissions on the Solaris level for the directory pub (777):
upload class=anonusers * /pub yes #upload class=anonusers * * no nodirsAnd finally enable it:
root@Solaris# svcadm enable ftp
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.
