Start the FTP server under AIX

Start the FTP server-Linux Enterprise Application-Linux server application under AIX. The following is a detailed description. Start the FTP server in AIX-Default FTP and wu-ftpd

Platform: IBM AIX

I. Default FTP

After the ibm aix operating system is installed, check the/etc/inetd. conf file. There will be a line
Ftp stream tcp6 nowait root/usr/sbin/ftpd ftp
This indicates that the system will enable the ftpd provided by AIX by default to enable AIX to provide standard ftp services. However, the ftp service provided by AIX has certain limitations. For example, a common user can view other directories except the user directory and root file system in/home, user Control is not flexible enough.

By default, ftp is a service in inetd, and/etc/initab-> rc. tcpip inetd uses/etc/inetd. conf to configure whether to run
Lssrc-ls inetd
Startsrc-t ftp configuration is nothing to mention
Startsrc-s tcpip connects all tcpip subsystems. Of course, if inetd and inittab do not close FTP

Deny Access From some users. edit/etc/ftpusers to add the user to be rejected. each user has a row For example:
# More/etc/ftpusers
Guest
When you attempt to log on to ftp, the system reports the following error:
Name (localhost: root): guest
530 User ql access denied.
Login failed

In the AIX environment, the default read/write attribute of the files uploaded from Windows to the AIX server is 640 (rw-r -----). To change the default read/write attribute to 644, use the vi editor to open/etc/inetd. in the conf file, add "-u 033" at the end of the "ftp" definition line, and then refresh the inetd process:
Refresh-s inetd
This changes the default attributes of the ftp file.

Use ftp to automatically transfer files as a client
1. Create the file. netrc in the root directory of the user.
2. Set the. netrc attribute to 600 and the owner to an ftp user.
3. Customize the content of. netrc. For example:
Machine Login Password
Macdef init
Get file1
Put file2
....
Quit

Note:. netrc must end with an empty line.

Ii. wu-ftp under AIX

Wu-ftpd, an enhanced FTP server software
This article introduces the installation and system configuration of the world-wide ftp server software wu-ftpd to AIX users.

Here we recommend a powerful ftp server software wu-ftpd, which can make up for the functional shortcomings of ftpd. Users familiar with Linux are clear. The default ftp server software in Linux is wu-ftpd. This software was developed by Washington University-http://wuarchive.wustl.edu. It has very powerful functions:
1) The user can automatically compress or decompress the file while downloading the file;
2) Different access restrictions can be imposed on machines on different networks;
3) records the upload and download times of files;
4) information about transmission can be displayed, so that you can understand the current transmission status in a timely manner;
5) You can set the maximum number of connections to improve efficiency and effectively control the load.

You can download:
Http://www-1.ibm.com/servers/aix/products/aixos/linux/altlic.html. The latest version of wu-ftpd provided by IBM is 2.6.2.

1. Install wu-ftpd.

Wu-ftpd downloaded from the IBM website is in rpm format. You must install the fileutils package before installation. You can also download the package from the IBM Linux Toolbox website. After installation, you can find the/usr/sbin/wu. ftpd file, which is used to replace the ftp server process of the original ftpd. To automatically start wu-ftpd when starting inetd, you need to set/etc/inetd. change ftp stream tcp6 nowait root/usr/sbin/ftpd ftp to ftp stream tcp6 nowait root/usr/sbin/wu in conf. ftpd ftp, and then use refresh-s inetd to refresh the inetd process. After installation, run the/usr/sbin/ckconfig command to check whether the installation is correct. In this case, you can use wu-ftpd. You can use lssrc-t ftp to list the status of wu-ftpd at any time.
The wu. ftpd command also has some parameters, which are briefly described here:
-D when an error occurs on the FTP server, the error is sent to the system syslog;
-L records the connection information of each FTP client into the system syslog;
-T set the FTP client to be connected for several minutes. If no operation is performed, the connection is closed;
-A enables wu-ftp to use the/etc/ftpaccess setting;
-A: Disable/etc/ftpaccess settings for wu-ftp;
-L records the programs executed after logging on to the FTP client in the system syslog;
-I records the logs of files uploaded by the FTP client in the/usr/adm. xferlog file;
-O records the FTP client download file logs in the/usr/adm/xferlog file.

Ii. configuration of wu-ftpd.

Wu-ftpd has the following six configuration files:
Ftpaccess (Master configuration file to control access permissions)
Ftpconvertions (Configuration File compression/Decompression conversion)
Ftpgroups (set the ftp-defined group)
Ftphosts (set individual user permissions)
Ftpservers (set different IP addresses/Domain names to correspond to different virtual hosts)
Ftpusers (set which accounts cannot log on via ftp)
The following describes some common parameters in the file.

1./etc/ftpaccess (main configuration file of wu-ftpd)
Class -- defines a group. Its usage is as follows:
Class <种类> <用户地址> [ <用户地址> ……]
Only group users defined by the class can log on to ftp. You can use a multi-layer class to restrict which groups of users can log on to from where. There are three important classes: real, anonymous, and guest. If real is not included in the definition, no real users on this machine can be connected with their own accounts (real users are users with their own accounts on the host ). If anonymous is not defined, it means that no one without an account will be connected. If there is a defined guest, then the guest group members can come up. In addition <用户地址> The IP address used by ftp users.
Here are some examples:
Class all real, guest, anonymous *
Defines a class named all, which contains three types of logon users with all IP addresses, that is, anyone can log on to ftp.
Class local real localhost loopback
The local class means that only real users can connect to the local machine.
Class remote guest, anonymous *
The remote class contains the guest and anonymous users from anywhere, but real users cannot log on.
Class rmtuser real! * .Example.com
The rmtuser class contains any remote real users (except example.com), that is, example.com is on the "Blacklist.
Autogroup -- automatically corresponds to a group. Its usage is as follows:
Autogroup […]
Because there is no class concept in UNIX, only the group concept exists. User control is based on groups. Once the defined users belong to the same class are logged on, they will be mapped to a corresponding group, in this way, you can use Unix File permissions to restrict a group of people.
Deny -- deny Logon at some addresses. The usage is as follows:
Deny <拒绝登录的地址> <信息文件>
Disable some machines to log on and display <信息文件> . For example:
Deny 210.62.146. *: commandid 254/etc/reject. msg
In reject. msg, you can give reasons for refusal to log on.
Guestgroup -- set a visitor Group
Guestuser -- set the Guest account
Realgroup -- set the real group
Realuser -- set the real account
Defumask -- set the umask of a class. The usage is as follows:
Defumask []
Umask is the permission mask of the file when it is created, which is very important for uploading files.
Timeout -- set logon timeout. Usage:
Timeout accept <秒>
Accept logon timeout. The default value is 120 seconds.
Timeout connect <秒>
Login establishment timeout, default 120 seconds
Timeout data <秒>
Data transmission time-out, default 1200 seconds
Timeout idle <秒>
User daze timeout, default 900 seconds
File-limit -- restrict a class to only a few files. The usage is as follows:
File-limit [] []
The number of files accessed by a class of users includes in (upload) and out (download). total raw indicates the entire transfer result, not only the data file. For example:
File-limit out 20 testftp
Restrict testftp users to download up to 20 files
Byte-limit -- restrict a class to only a few bytes. Its usage is similar to that of file-limit.
Limit-time -- limits how long a logon can last. The usage is as follows:
Limit-time {* | anonymous | guest} <分钟>
This method can be used to limit the online time of a user to prevent the user from failing to access the ftp site. For example:
Limit-time guest 5
It takes only 5 minutes for the user of the guest account
Limit -- limits the number of people allowed to launch a class at the same time. The usage is as follows:
Limit <登录数目> <时间区段> <额满信息文件>
Set the maximum number of concurrent users of a class in a certain time segment, followed by the information to be displayed when the number of logins exceeds. For example:
Limit all 32 Any/home/ftp/etc/toomanyuser. msg
Only 32 Users can be allowed to log on at any time. If the number of users exceeds the limit, logon is denied and information is displayed.
Limit levellone 5 Any2300-0600/home/ftp/etc/toomanyuser. msg
Only five users can log on to levellone from.
Noretrieve -- set which files cannot be downloaded
Noretrieve [absolute/relative] [class =]… [-] [ <文件名> …]
Absolute or relative indicates whether the file uses an absolute or relative path.
Allow = retrieve -- set which files can be downloaded
Allow [absolute/relative] [class =]… [-] [ <文件名> …]
Loginfails -- set the number of failed login attempts
When a user logs on, he or she may enter an incorrect ID or password. This setting can cause the user to be disconnected after entering the wrong number of times.
Greeting -- display the version information of the Server. The usage is as follows:
Greeting
When the server information displayed on the user login screen is full, it is the default value, including the version number and hostname. brief only has hostname, while terse only has "FTP server ready" information.
Barnner -- set the information that the user sees before entering the Login screen. The usage is as follows:
Banner <文件路径>
This section describes the information that appears before the ID/Password is entered during user login. The file path is relative to the actual path, rather than the ftp root directory.
Host -- set the ftp host Name
Email -- specifies the ftp administrator's email address
Message -- Information File Settings, usage:
Message <文件> { <何时> {......}}
The file path here is relative to the ftp root directory. "When" refers to the response after you perform any action. There are several options:
Login (login time)
Cwd = <目录> (When entering a directory)
The class name is defined previously. You can send your information to only the persons you want.
In addition to text, the content of the information file can also use the following predefined codes:
% T (local time)
% F (the space remaining in the current partition)
% C (current directory)
% E (administrator's email)
% R (client host name)
% L (local host name)
% U (user name)
% M (How many users can log on to the same class as me)
% N (How many users are currently logged on to the same class user as me)
% B (absolute disk size, current partition (unit: blocks ))
% B (preferred disk size, current partition (unit: blocks ))
% Q (currently used blocks)
% I (maximum available inodes (+ 1 ))
% I (Preferred inodes restrictions)
% Q (currently used indoes)
% H (Time Limit for excessive disk space usage)
% H (Time Limit for Excessive File Usage)
Readme -- notifies users of README files that have been updated
Log commands -- Record the commands used by the user. The usage is as follows:
Log commands <用户种类>
Log transfers -- records the files transmitted by the user. The usage is as follows:
Log transfers <用户种类> <传输方向>
Set the types of user files to be recorded, including inbound (User upload) and outbound (user download), for example:
Log transfers anonymous, guest inbound, outbound
Log security -- Record security, which is used as follows:
Log security <用户种类>
It is especially used to record security records of certain users, such as noretrive and notar.
Log syslog-record the syslog file to the System
Alias -- sets the directory alias. Its usage is as follows:
Alias <别名字符串> <目录>
Cdpath -- set the sequence of searching for cd replace Directories
Shutdown -- notifies the user that the site is shutting down
Shutdown <信息文件>
If the information file exists, after a specified time, the file will refuse to log on and cut off the existing logon. When the time is up, it will shut down. The format of this information file is as follows:
<年> <月> <日> <时> <分> <拒绝倒数> <断线倒数> <文字>
Chmod -- set whether the File Permission can be changed
Delete -- sets whether the file can be deleted.
Overwrite -- overwrite the file
Rename -- rename a file
Umask -- allow setting umask
Passwd-check -- set the password check degree of anonymous FTP. The usage is as follows:
Passwd-check ()
Set whether to check the password of the anonymous ftp user. none indicates no check, trivial indicates any password containing @, and rfc822 indicates that the password follows the RFC822 format, enforce indicates that the password check is not allowed, and warn indicates that the password check only contains warning information.
Deny = email -- reject a specific email as a password
Path-filer -- determines which file names are not available
Path-filer <错误信息文件> <允许字符> <不允许字符>
Upload -- set upload permission
Upload [absloute/relative] [class =]… [-] <设定的目录> > [Dirs/nodirs] [d_mode]
Used to set permissions for the directory we want to set:
Absoulte/relative use absolute or relative paths
Class = Specify a class
Root-dir refers to the root-dir users, that is, the chroot logon directory.
The Set directory refers to the directory we want to limit
Yes/no indicates whether a new file can be opened in this directory
Owner. The group indicates the file owner and group.
Mode indicates the File Permission.
Dirs/nodirs indicates whether a new directory can be opened.
D_mode: sets the directory permission when a new directory is created. If this parameter is not set, the permission is set based on the mode.
Thoughput -- control download speed
Thoughput <子目录列表> <文件> <远端地址列表>
To control the speed at which a remote address can capture certain files in a subdirectory, for example:
Thoughput/e/ftp ** oo -*
Thoughput/e/ftp/sw ** 1024 0.5 *
Thoughput/e/ftp sw * readme oo -*
Thoughput/e/ftp sw ** oo-* .foo.com
The preceding "oo" indicates that no limit is imposed on bytes/sec, and "-" or "1.0" indicates a double. The first line indicates that files under/e/ftp do not limit the download speed. The second line indicates that any file under/sw * is limited to 1024 bytes/sec *
0.5 = 512 bytes/sec; the speed limit of the readme file is canceled in the third line; the last line is open to * .foo.com at full speed.
Anonymous-root -- set the root directory of an anonymous user for a class
Anonymous-root []
Guest-root -- preset a guest user root directory
Guest-root []
Specify the uid range.
Deny-uid, deny-gid -- reject a UID (GID) Range
Allow-uid, allow-gid -- allows a certain UID (GID) Range
Restricted-uid, restricted-gid -- restrict the user from leaving his/her logon directory
Unrestricted-uid, unrestricted-gid -- the user can leave his/her logon directory.
Dns refuse_mismatch
Dns refuse_mismatch <信息文件> [Override]
When a user uses an unregistered IP address, he is denied to log on. override will ignore the error and ask him to log on. The information file will be shown to the user.

2./etc/ftphosts

The ftphosts file is similar to the access and deny in ftpaccess. It is especially used to set logon for some IDs. It has no class definition, so it must be a real user.
Allow | deny <用户> <地址> [ <地址> ……]
Here are some examples:
Allow rose 140.0.0/8
Deny jack 140.123.0.0: 255.255.0.0
Allow rose to come in from 140. *. *. Deny jack from 140. 123.

3./etc/ftpservers

This file controls the configuration file used for logon when you have different IP addresses/hostnames. For example:
10.196.145.10/etc/ftpd/ftpaccess. somedomain/
10.196.145.200/etc/ftpd/ftpaccess. someotherdomain/
Some. domain internal
10.196.145.20/etc/ftpd/config/faqs.org/
Ftp. some. domain/etc/ftpd/config/faqs.org/

4./etc/ftpusers

Users recorded in this file are prohibited from using FTP.

5./etc/ftpgroups.

Use the site group command to switch the group online. Site exec is prone to security vulnerabilities and is generally not recommended.

6./etc/ftpconversions

It is used for tar, compress, gzip, and other action instruction configuration files. You only need to use presets. If you do not enable instant compression and packaging, you can also clear the content.

Iii. Some commands related to wu-ftpd.

After wu-ftpd is installed, several ftp management commands will be installed under/usr/bin:
Ftpcount:
The ftpcount command can calculate the number of users currently connected to the FTP server and list the upper limit.
The command output is as follows:
Service class local --- 0 -- Users (20 maximum)
Service class remote -- 5 -- Users (100 maximum)
Ftpwho:
The ftpwho command can list the details of the users currently connected.
Ftpshut:
The ftpshut command is used to generate a shut. msg file set in/etc/ftpaccess for shutdown setting. The format of the ftpshut command is:
Ftpshut <-l min> <-d min> time <说明>
-L this parameter sets the number of minutes before the FTP server function is disabled;
-D sets the number of minutes before the FTP server function is disabled;
Time specifies the time when the FTP server is shut down. For example, write 0620;

4. Some descriptions about wu-ftpd.

Wu-ftpd is a free software with open source code. Therefore, IBM is not responsible for maintenance and technical support of the software. At present, some security vulnerabilities have been discovered on wu-ftpd, and wu-ftpd has been improving. Therefore, all direct and indirect losses caused by the use of wu-ftpd are caused, IBM does not assume any responsibility.