vsftpd, you must start or restart the server like so: service vsftpd start.
xinetd Configuration for wu-ftpd
xinetd (pronounced 'zy-net-d') is the extended Internet services daemon, and handles incoming connections for network services. xinetd is the preferred replacement for a similar tool (used with other Linux distributions and older Red Hat releases) called inetd. However, in addition to several other improvements over inetd, xinetd enables you to apply individual access policies to different network connection requests, such as FTP.
This daemon controls a number of services on your system, according to settings in configuration files under the /etc/xinetd.d directory. This section shows you how to edit the appropriate files to enable the use of the wu-ftpd FTP server.
Configuring xinetd for the wu-ftp Server
When you use RPM to install wu-ftp, the RPM package might contain a xinetd configuration file, /etc/xinetd.d/wu-ftpd, as shown in Listing 20.2. You need to edit the file because its default settings disable incoming FTP requests.
Do not be confused by the first line of the wu-ftpd file's text. Even though the line reads default: on, FTP service is off unless you specifically configure its use. The line is a comment because it begins with a pound sign (#) and is ignored by xinetd. Whether FTP service is on is determined by the text line disable = yes.
xinetd Configuration File for wu-ftpd# default: on
# description: The wu-ftpd FTP server serves FTP connections. It uses
# normal, unencrypted usernames and passwords for authentication.
service ftp {
disable = yes
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.ftpd
server_args = -l -a
log_on_success += DURATION
nice = 10
}
Using an editor, change the disable = yes line to disable = no. Save the file and exit the editor. You then must restart xinetd because configuration files are parsed only at startup. To restart xinetd as root, issue the command /etc/rc.d/init.d/xinetd restart. This makes a call to the same shell script that is called at any runlevel to start or stop the xinetd daemon (and thus start up or shut down the system). xinetd should report its status as:
# /etc/rc.d/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
After it is restarted, the FTP server is accessible to all incoming requests.
Starting the Very Secure FTP Server (vsftpd) Package
Previous versions of Red Hat's Linux distributions required you to edit a file named vsftp under the /etc/xinetd.d directory to enable and start the Very Secure FTP server, vsftpd. With Fedora, you can now simply use the system-config-services client or service command to start vsftpd. For example, start the server using the service command like this:
# service vsftpd start
Starting vsftpd for vsftpd: [ OK ]
Use the system-config-services client or service command to start, stop, or restart the vsftpd server. Do not run two FTP servers on your system at the same time!
You can also use the shell script named vsftpd under the /etc/rc.d/init.d directory to start, stop, restart, and query the vsftpd server. You must have root permission to use the vsftpd script to control the server, but any user can query the server (to see whether it is running and to see its process ID number) using the status keyword like this:
$ /etc/rc.d/init.d/vsftpd status
Configuring the Very Secure FTP Server
The vsftpd server, although not as popular as wu-ftpd, is used by Red Hat, Inc. for its FTP server operations. (The vsftpd server home page is located at http://vsftpd.beasts.org/.) The server offers features such as simplicity, security, and speed. It has been used by a number of sites, such as ftp.debian.org, ftp.gnu.org, rpmfind.net, and ftp.gimp.org. Note that despite its name, the Very Secure FTP server does not enable use of encrypted user- names or passwords.
Its main configuration file is vsftpd.conf, which resides under the /etc/vsftpd directory. The server has a number of features and default policies, but you can override them by changing the installed configuration file.
By default, anonymous logins are enabled, but users are not allowed to upload files, create new directories, or delete or rename files. The configuration file installed by Fedora allows local users (that is, users with a login and shell account) to log in and access their home directories. This configuration presents potential security risks because usernames and passwords are passed without encryption over a network. The best policy is to deny your users access to the server from their user accounts. The standard vsftpd configuration disables this feature.
