Critical Link

Chapter 11 FTP

Home
Resume
References
Critical Link Summary
Other Projects

11.1 The File Transfer Protocol (FTP)

FTP is a service that allows users to move files from one place to another. It was designed to enable you to list files residing on other computers, copy files from another computer to your computer (download), or copy files from your computer to another computer (upload).

FTP is most often used to get files from or place files on other computers on the Internet. These sites are generally accessed through anonymous FTP, which does not require a password, and thus is available to anyone on the Internet.

Critical Link supports incoming anonymous FTP, which allows others on the Internet to access certain files that your company makes available on the Critical Link Server. In addition to an anonymous account that anyone can access, Critical Link also provides guest accounts, which are limited to those who know the guest login name and password.

You can use FTP internally (within your company’s network) to place files in the anonymous and guest FTP directories where they can be accessed by internal and external users.

Internal users can also use FTP to place WWW files into the Critical Link Server’s WWW page tree. These files can then be accessed by internal and external users.

11.2 Enabling and Disabling FTP

 When you are ready to configure FTP, click on the FTP (File Transfer Protocol) hyperlink on the Critical Link Home Configuration Page. This will take you to the FTP Configuration Page. The first section of this Page allows you to enable or disable FTP service.

Enabled

If you want to activate FTP service, click the Enabled radio button.

Disabled

This is the default setting. Select this button only if you will not be allowing external FTP access.

Run on ...
If you want FTP service to run on the Critical Link system, select this button.

Systems

In this field, enter the names of other systems on your internal network that will be running FTP servers, if any.

You must notify Critical Link of the machines that run FTP in order for the Firewall to permit FTP traffic to and from these systems.

You can run FTP servers on as many systems as you like, provided they run TCP/IP and are configured to run an FTP daemon. Novell clients are cannot offer FTP service to outside machines.

Add Blank

Click the Add Blank button to add boxes for additional systems. To remove an entry, blank it out.

11.3 FTP Configuration

There are three basic types of FTP service available: Anonymous Users, Guest Account Users, and Real Users. Each of these types is described below. It should be noted that Anonymous and Guest Account Users are fictitious users/accounts created on the server to allow access by whole classes of human users.

Anonymous Users

Unless you explicitly prohibit it, an Anonymous account allows any Internet user to FTP to your Critical Link Server, logging in as the “anonymous” and giving any password (usually the user’s e-mail address). The Anonymous user is placed in a tightly controlled directory tree specific to the anonymous account and is not allowed to move outside of that directory tree. Granting Anonymous FTP privileges can be a very useful way of spreading company information you wish to disseminate.

Guest Account Users

Guest accounts are similar to the Anonymous account, except that each one has its own account name and a required password. A Guest User must know the Guest account name and password in order to gain FTP access to the Guest account. The Guest user is placed in a tightly controlled directory tree specific to the Guest account and is not allowed to move outside of that directory tree. Guest accounts are more private than Anonymous accounts, but they should not be considered absolutely secure, since users need only a single password to gain access. Typical Guest accounts might belong to customers and associates who should have only limited access to your data.

You can set up any number of Guest FTP Accounts. Guest accounts are most often used to provide files to a smaller number of people than anonymous accounts. It is common to give a number of people the same guest account and password.

Real Users

This type of FTP account typically grants the most privileges and also requires each user to have an account for enhanced security.

When users with Real FTP accounts perform their FTP login to the Critical Link Server, they are placed in their home directories. They may change to any directory they are allowed to access through individual or group permissions, and may also send or receive files as allowed by their access privileges.

See Chapter 19, Publishing on the Internet for details on placing files in these directories.

Real Users’ individual accounts are not configured here but in the User Data Page. See“FTP and Telnet Access” for information about how to configure your Real User FTP accounts.

Configuring Anonymous and Guest Users

In this section of the FTP Configuration Page, you will use the following table to configure your Anonymous and Guest Users. Remember that each Anonymous and Guest User account has an individual directory tree and each Guest account has an individual password.

To enhance security, Anonymous and Guest users are not allowed to move to any level above their own directories. When they log in, Anonymous and Guest Users will appear to be in the root directory. However, the actual directory is:

/services/ftp/<username>
where <username> is the name you enter into the table.

User Name

In this field, anonymous appears as a predefined user and has already been assigned its own directory. ftp (lower case) can be used as a synonym for anonymous in this field.

Names for existing Guest users accounts will be displayed; you should enter a name here only if you want to create a new account.

Enter the name of the Guest User account in this field.

When you create a new account the system automatically creates two new directories, in addition to several directories for its own use, for the user as follows:

/services/ftp/<username>

/services/ftp/<username>/incoming
The incoming directory is where the Guest User is allowed to place files. The <username> directory is owned by an internal group. (See Group Ownership, below.)

To remove an entry, simply delete the user name field.

Password

Enter the Guest User’s password in this field.

To change a password, delete the old password and type in the new one, or simply replace the old one with the new one.

The anonymous account does not have a password.

Group Ownership

In this field, enter the name of the group that owns rights to this account’s files. Unless it is one of the groups defined in the Groups Page, a new group will be created. Only users belonging to this internal group may FTP files into the group’s area (the <username> and <username>/incoming directories shown in the example above).

Users logging in through the Guest User accounts do not belong to the group that is assigned ownership of this account, but instead belong to the ftp group which has no privileges. This means that the Guest User can only transfer files into the incoming directory.

Enter the name of the group that will have ownership of this account’s files.

If you do not assign group ownership, the default group, sys, is assigned ownership.

Disk Space

Disk space for file transfers to the server is allocated to Guest Users in megabytes. If this number is set to zero, no FTP transfers to the server (uploads) are allowed.

Max

In this field, enter the maximum number of megabytes allotted to the user. Leave this field blank if you do not want to impose a limit.

Used

This read-only field displays the number of megabyte currently occupied by this account’s files.

Expire Incoming (days)

In this field, enter the number of days after which a Guest User’s files will be deleted from the incoming directory. If you do not want to place a limit on the number of days till expiration, leave this field blank.

If the Expire Incoming (days) field displays N/A, it means there is no incoming directory. Conversely, if you enter N/A into the Expire Incoming (days) field, Critical Link will not create of an incoming directory for this account, and will delete any existing incoming directory and its contents.

Max Logins

Enter the maximum number of simultaneous logins you want to allow for this account. Leave this field blank if you do not wish to impose any limit.

Max Session Download (MB)

Enter the maximum total amount of data (in megabytes) that a user is allowed to download (“get”) over the course of a session. Leave this field blank if you do not wish to impose any limit.

Max Session Upload (MB)

Enter the maximum total amount of data (in megabytes) that a user is allowed to upload (“put” in incoming) over the course of a session. Leave this field blank if you do not wish to impose any limit.

Max File Upload (MB)

Enter the maximum size (in megabytes) of any one file that a user is allowed to upload (“put” in incoming). Leave this field blank if you do not wish to impose any limit.

Enabled

Check this box to enable access for the Guest User whose account you have just configured. Uncheck the box to disable access while leaving all the data in place.

Note that members of the group specified in the Group Ownership field can access the Guest User’s files even if this account is disabled. The group specified is usually an internal group which is responsible for the directory in which the Guest User’s files reside.

To remove the Guest User account data, delete the User Name field and click the Apply button.

Add Blank

Click on the Add Blank button to add rows to the table for additional Guest Users. To remove an entry, blank out the User Name field.

Real Users

In this section of the FTP Configuration Page, you will configure the usage limits for “real” users–those users you have configured through the User Data Page. The same limits apply to all Real users.

Max Logins

Enter the maximum number of simultaneous logins you want to allow for all real users. In other words, if Max Logins is set to 4, and real users already have 4 FTP sessions going, then no other logins from real users are allowed. Leave this field blank if you do not wish to impose any limit

Max Session Download (MB)

Enter the maximum total amount of data (in megabytes) that any real user is allowed to retrieve (“get”) over the course of a session. Leave this field blank if you do not wish to impose any limit.

Max Session Upload (MB)

Enter the maximum total amount of data (in megabytes) that any real user is allowed to upload (“put” in the incoming directory) over the course of a session. Leave this field blank if you do not wish to impose any limit.

Max File Upload (MB)

Enter the maximum size (in megabytes) of any one file which any real user is allowed to upload (“put” in the incoming directory). Leave this field blank if you do not wish to impose any limit.

Public Anonymous FTP Directories

In this section of the Configuration Page, you can set up sub-directories for Anonymous FTP users. They will be created under the directory /services/ftp/anonymous.

Directory

In this field, enter the name of the Anonymous FTP directory you want to create, for example, pub or sales. Anonymous users will have access to the directories you create in this field.

Note that Anonymous users will appear to be in the root (/) directory when they log in. The actual login directory is
/services/ftp/anonymous. From this directory, the user can move into the specific sub-directories you have created. For example, the actual directory
/services/ftp/anonymous/pub will appear, to users logging in through the Anonymous FTP account, to be /pub.

Group Ownership

In this field, enter the name of the internal group that will own this sub-directory.

If the name of the sub-directory you have created is also the name of an internal group, that group becomes the owner of the sub-directory. For example, if there is an internal group called sales, that group would automatically own the anonymous directory named sales.

If you do not assign group ownership, ownership is assigned to the sys group.

Only members of the group that owns the directory may put files there via Telnet or Real user FTP access.

See “User Configuration” for details about assigning group membership.

Enabled

Check this box to enable access to the anonymous sub-directory by Anonymous FTP users. Uncheck the box to disable access while leaving all the data in place.

Note that group owners can access the directory via Telnet or Real user FTP access even if Anonymous FTP access is disabled.

Add Blank

Click on the Add Blank button to add rows to the table for additional Anonymous FTP directories. To delete an entry, clear the directory field; to rename an entry, edit the field.

FTP Parameters

These parameters control all users (Real, Guest, or Anonymous) using FTP.

Session Timeout

Enter the maximum length of a session in minutes (the default is 180 minutes). The session will be automatically terminated when it goes past this time.

Max Idle Timeout

Enter the maximum time that a session may be idle, in minutes, before the user is logged out (the default is 180 minutes). The session will be automatically terminated if it has been idle longer than this.

Max Login Attempts

Enter the maximum number of attempts to login that a user is allowed (the default is 5 attempts). The connection will be automatically terminated if a login has not been successfully completed within this number of attempts.

Login Timeout

Enter the maximum time a user is allowed for attempting to login before the user is disconnected, in minutes (the default is 5 minutes).

Max Process Load

Enter the maximum percentage of total system processes that can be in use by any application (not just FTP) for an FTP login to be allowed. The default is 70%. For example (using the default number), if more than 70% of total processes allowed on the system are in use, then new FTP logins will be refused.

Apply

When you have completed entering data on the FTP Configuration Page, click the Apply button to add all the new data to the configuration file. Some parameters, such as maximum upload/download sizes are not put into effect until an FTP user’s next login.

Refresh

Use Refresh to update the data on this page with the values saved by Applys done by other administrators. Refresh will “undo” any changes which you have not Applied.

Go Back to Previous Page

When you have finished your work on this page, click the Go Back to Previous Page link to return to the Page you were using before this one. Or, click the Go to Critical Link Configuration link to jump directly to the Critical Link Configuration Home Page.


Copyright © Internet Dynamics, Westlake Village, CA, 1995. All rights reserved.
No part of this work may be reproduced without the express permission of Internet Dynamics.
Top of Page
Home Page
Resume
Experience
References
Summary of Critical Link