作者:惠萍孝正慧云 | 来源:互联网 | 2023-08-17 10:52
SUNSolarisFTPSUNSolariscomeswithftpdaemonbasedonWU-FTPdWashingtonUniversityproject.While
SUN Solaris FTP
SUN Solaris comes with ftp daemon based on WU-FTPd
Washington University project.
While not being very enthusiastic about its
vulnerabilities discovered over the years and being rather
abandoned by its
developers ,still it comes by default and as long as Sun ok with that it is ok
with me too.
Below I will shortly introduce configuring it for local user
access as well as anonymous one.
By default FTP daemon (in.ftpd) is disabled. Here is the initial state you
have it :
root@Solaris# svcs
ftp
STATE STIME FMRI
disabled 7:21:44
svc:/network/ftp:default
As ftpd is inet managed daemon more information can
be queried from inetadm:
root@Solaris#
inetadm -l svc:/network/ftp:default
SCOPE
NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd
-a”
user=”root”
default
bind_addr=”"
default bind_fail_max=-1
default
bind_fail_interval=-1
default max_con_rate=-1
default
max_copies=-1
default con_rate_offline=-1
default
failrate_cnt=40
default failrate_interval=60
default
inherit_env=TRUE
default >tcp_trace=FALSE
default
tcp_wrappers=FALSE
default connection_backlog=10
Insecure you say , well ,
you are right – let’s sharpen it a bit.
Enable more detailed
logging.
root@Solaris# inetadm -m
svc:/network/ftp:default tcp_trace=TRUE
root@Solaris#
inetadm -m svc:/network/ftp:default user=”ftpuser”
root@Solaris#
inetadm -l svc:/network/ftp
SCOPE NAME=VALUE
name=”ftp”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.ftpd
-a”
user=”ftpuser”
default
bind_addr=”"
default bind_fail_max=-1
default
bind_fail_interval=-1
default max_con_rate=-1
default
max_copies=-1
default con_rate_offline=-1
default
failrate_cnt=40
default failrate_interval=60
default
inherit_env=TRUE
tcp_trace=>TRUE
default
tcp_wrappers=FALSE
default connection_backlog=10
When execution option –a
is given (and it is by default) then ftpd will consult
/etc/ftpd/ftpaccess
file for additional restrictions and tweaks. Here are the
few that are worth enabling.
Uncomment following lines to have more verbose
logging available:
log transfers real,guest,anonymous
inbound,outbound
xferlog format %T %Xt %R %Xn %XP %Xy %Xf %Xd %Xm %U ftp %Xa
%u %Xc %Xs %Xr
Make sure these changes are applied
root@Solaris#
svcadm refresh svc:/network/ftp:default
Configure anonymous
access.
All the configs so far will allow only local valid users to
connect by ftp and be automatically
placed in their respective home
directories. To allow anonymous ftp access with dedicated chrooted for that
folder there is a special set of tools to use. Actually it is just one script
that does all the hard work behind the scenes – creates ftp user, creates
directory tree , sets up needed permissions, sets up chrooted environment for
the anonymous ftp user.
root@Solaris#
ftpconfig /oracle/ftpuser 注意:这里的路径必须是已创建用户的家目录
Updating user
ftp
Creating directory /oracle/ftpuser
Updating directory
/oracle/ftpuser
root@Solaris#more
/etc/passwd
ftpuser:x:2001:2001::/oracle/ftpuser:/bin/sh
That is
all, now you can login anonymously and download anything from
/export/home/ftp_pub/pub directory. To also allow upload there , change the
upload option in “/etc/ftpd/ftpaccess” and set accordingly permissions on the
Solaris level for the directory pub (777)
root@Solaris#
vi /etc/ftpd/ftpaccess
upload class="anonusers" * /pub yes
#upload
class="anonusers" * * no nodirs
>root@Solaris# chmod 777
/etc/ftpd/ftpaccess
And finally enable it
root@Solaris#
svcadm enable ftp
验证:
DOS环境下使用ftp
C:\Documents and Settings\Administrator>ftp
10.5.77.12
ftp> lcd D:\
Local directory now D:\.
参考文献:http://yurisk.info/2010/03/31/solaris-configure-ftp-server/
Solaris – configure ftp server,布布扣,bubuko.com