Part of system administration involves reviewing log files for what the server is doing, who accessed it, what files were transferred, and other pieces of important information. You can use a number of commands within /etc/ftpacess to control your FTP server's logging actions.
This line allows the administrator to redirect where logging information from the FTP server is recorded:
log <syslog>{+<xferlog>}
By default, the information for commands is stored in /var/log/messages, although the man pages packaged in some RPMs state that this information is written to /var/log/xferlog. Check your server's settings for information regarding the location of your file transfer logs.
This line enables logging for all commands issued by the user:
log commands [<typelist>]
typelist is a comma-separated list of anonymous, guest, and real. If no typelist is given, commands are logged for all users. Some wu- ftpd RPMs set the logging of all file transfers to /var/log/xferlog (see the next section). However, you can add the log command to ftpaccess with the commands keyword to capture user actions. Logging is then turned on and user actions are captured in /var/log/messages. Here is a sample log file:
Oct 6 12:21:42 shuttle2 ftpd[5229]: USER anonymous
Oct 6 12:21:51 shuttle2 ftpd[5229]: PASS [email protected]
Oct 6 12:21:51 shuttle2 ftpd[5229]: ANONYMOUS FTP LOGIN FROM 192.168.2.31 [192.168.2.31], [email protected]
Oct 6 12:21:51 shuttle2 ftpd[5229]: SYST
Oct 6 12:21:54 shuttle2 ftpd[5229]: CWD pub
Oct 6 12:21:57 shuttle2 ftpd[5229]: PASV
Oct 6 12:21:57 shuttle2 ftpd[5229]: LIST
Oct 6 12:21:59 shuttle2 ftpd[5229]: QUIT
Oct 6 12:21:59 shuttle2 ftpd[5229]: FTP session closed
The sample log shows the username and password entries for an anonymous login. The CWD entry shows that a cd command is used to navigate to the pub directory. Note that the commands shown do not necessarily reflect the syntax the user typed, but instead list corresponding system calls the FTP server received. For example, the LIST entry is actually the ls command.
Two other logging commands are useful in the /etc/ftpaccess configuration file. This line enables the logging of security violations:
log security [<typelist>]
Violations are logged for anonymous, guest, and real users, as specified in the typelist — the same as other log commands. If you do not specify a typelist, security violations for all users are logged.
This line writes a log of all files transferred to and from the server:
log transfers [<typelist> [<directions>]]
typelist is the same as in log commands and log security lines. directions is a comma- separated list of the keywords inbound for uploaded files and outbound for downloaded files. If no directions list is given, both uploaded and downloaded files are logged. Inbound and outbound logging is turned on by default.
Configure Permission Control
Controlling user activity is an important component of securing your system's server. The ftpaccess file includes a number of commands that enable you to determine what users can and cannot execute during an FTP session. You can use these permission controls to allow users to change file permissions, delete and overwrite files, rename files, and create new files with default permissions. You learn how to use all these ftpaccess file command lines in the following sections.
By default, all the ftpaccess file command lines prohibit anonymous users from executing actions and enable authorized users to do so.
The chmod line determines whether a user can change a file's permissions. Here is the command line:
chmod <yes|no> <typelist>
This command acts the same as the standard chmod command.
The yes|no parameter designates whether the command can be executed. typelist is a comma-delimited string of the keywords anonymous, guest, and real. If you do not specify a typelist string, the command is applied to all users. An exhaustive description of its purpose and parameters can be found in the man page.
The delete line determines whether the user can delete files with the rm command. Here's the command line:
delete<yes|no> <typelist>
The yes|no parameter is used to turn this permission on or off, and typelist is the same as the chmod command.
This command line of the ftpaccess file allows or denies users the ability to overwrite an existing file. Here's the command line:
overwrite <yes|no> <typelist>
The FTP client determines whether users can overwrite files on their own local machines; this line specifically controls overwrite permissions for uploads to the server. The yes|no parameter toggles the permission on or off, and typelist is the same as in the chmod line.
You can enable or prevent a user from renaming files by using this command line:
rename <yes|no> <typelist>
The yes|no parameter toggles the permission on or off, and typelist is the same comma-delimited string as in chmod.
This line determines whether the user is able to use the compress command on files:
compress <yes|no> [<classglob>]
The yes|no parameter toggles the permission on or off, and classglob is a regular expression string that specifies one or more defined classes of users. The conversions that result from the use of this command are specified in the ftpconversions file, which contains directions on what compression or extraction command is to be used on a file with a specific extension, such as .Z for the compress command, .gz for the gunzip command, and so on. See the section 'Configuring FTP Server File-Conversion Actions' later in this chapter.
tarThis line determines whether the user is able to use the tar (tape archive) command on
