OmniUnlimited
asked on
How Do You Set Up FTP?
Hello Experts!
Can anyone explain to me how you can set up an FTP connection to a random directory on a server (or if this is even possible, or if it is restricted to only particular directories?)
I am running Apache 2.2.4 on a Linux system under a Centos release 6.5.
Can anyone explain to me how you can set up an FTP connection to a random directory on a server (or if this is even possible, or if it is restricted to only particular directories?)
I am running Apache 2.2.4 on a Linux system under a Centos release 6.5.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello Experts!
Thanks for your input. So I guess what both of you are saying is that I need a third-party program to do ftp. Does anybody know what the ftp binary does in my /usr/bin/ directory?
Thanks for your input. So I guess what both of you are saying is that I need a third-party program to do ftp. Does anybody know what the ftp binary does in my /usr/bin/ directory?
Do you want to run the ftp server on your computer so that others can connect to it and send you files or pull files from you?
Or are you trying to connect to somebody else's ftp server so you can send them files or pull files from them?
/usr/bin/ftp is a ftp client program. It is used for you to connect to a ftp server running on another computer to send files or get files from that ftp server.
Or are you trying to connect to somebody else's ftp server so you can send them files or pull files from them?
/usr/bin/ftp is a ftp client program. It is used for you to connect to a ftp server running on another computer to send files or get files from that ftp server.
ASKER
Well, the server is mine, and I am trying to set it up so a friend can send or get files from it.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does anybody know what the ftp binary does in my /usr/bin/ directory?
The binary in /usr/bin is a ftp client.
From what you are describing, you may want to setup a anonymous ftp server.
I would not suggest setting up an anonymous ftp server, too much of a security risk.
@OmniUnlimited is this for your home? If so do you have a static IP address? If you don't have a static IP address it may be difficult to do as your friend will need to know your IP address. You might have to subscribe to a dynamic DNS service if your router supports it.
@OmniUnlimited is this for your home? If so do you have a static IP address? If you don't have a static IP address it may be difficult to do as your friend will need to know your IP address. You might have to subscribe to a dynamic DNS service if your router supports it.
ASKER
SFTP sounds good. How do I go about setting it up?
@giltjr: The server does have a static IP address.
@giltjr: The server does have a static IP address.
If you are running Linux, then more than likely it is already there. Most Linux distributions automatically setup sftp.
If you normal logon to your Linux box from a locally attached monitor/keyboard try issuing the command:
sftp userid@localhost
where userid is your userid. When promoted for a password use your normal password. If that works:
1) Setup a user-id and password for your friend.
2) If you have the firewall setup and running on your CentOS, make sure it is setup to allow TCP port 22 (a.k.a ssh)
3) Configure your router to forward port 22 to your Linux box.
4) Have your friend get a sftp client, give him your static IP address
He now does
ssh userid@x.x.x.x
where userid is the userid you setup for him and he enters the password you setup for him.
He can then do the most important function "ftp" functions:
ls
cd
put
get
If you normal logon to your Linux box from a locally attached monitor/keyboard try issuing the command:
sftp userid@localhost
where userid is your userid. When promoted for a password use your normal password. If that works:
1) Setup a user-id and password for your friend.
2) If you have the firewall setup and running on your CentOS, make sure it is setup to allow TCP port 22 (a.k.a ssh)
3) Configure your router to forward port 22 to your Linux box.
4) Have your friend get a sftp client, give him your static IP address
He now does
ssh userid@x.x.x.x
where userid is the userid you setup for him and he enters the password you setup for him.
He can then do the most important function "ftp" functions:
ls
cd
put
get
ASKER
@giltjr: I'm sorry, but I'm getting a little confused. You seem to be using the terms SFTP, FTP, and SSH almost synonymously. This is what I want:
Let's say my friend has an FTP Client like Dreamweaver or Filezilla. The only thing I want my friend to be able to do is to connect to my server using that client. I don't want him executing server commands like ls, cd, put, etc, and I want him limited to only the directory I give to him. How do I set this up?
I don't know what you mean by the term "Linux box", and I connect to my server from a remote station.
Let's say my friend has an FTP Client like Dreamweaver or Filezilla. The only thing I want my friend to be able to do is to connect to my server using that client. I don't want him executing server commands like ls, cd, put, etc, and I want him limited to only the directory I give to him. How do I set this up?
I don't know what you mean by the term "Linux box", and I connect to my server from a remote station.
sftp = "ftp" like functions provided by ssh. You have to install ssh to do sftp.
--> "... connection to a random directory ..."
Implies that the user is NOT fixed to a single directory, but can change directories.
--> "I am running Apache 2.2.4 on a Linux system under a Centos release 6.5. "
Are you wanting him to ftp to the above system? If so that is the "linux box" I am talking about. If you server is not the linux system above, what OS is it running?
--> " FTP Client like Dreamweaver or Filezilla"
Both support using sftp. In Filezilla you select the protocol "sftp". I have never used Dreamweaver, but I know it supports it.
--> "... connection to a random directory ..."
Implies that the user is NOT fixed to a single directory, but can change directories.
--> "I am running Apache 2.2.4 on a Linux system under a Centos release 6.5. "
Are you wanting him to ftp to the above system? If so that is the "linux box" I am talking about. If you server is not the linux system above, what OS is it running?
--> " FTP Client like Dreamweaver or Filezilla"
Both support using sftp. In Filezilla you select the protocol "sftp". I have never used Dreamweaver, but I know it supports it.
ASKER
"... connection to a random directory ..."
I'm sorry, I meant connect to a directory I choose at random for my friend, not that he would have the luxury of going anywhere on the server he wants. He would need to stay in his directory and any subfolders he creates within that directory.
I am running the system I mentioned in my question. I simply didn't know you could refer to that as a "Linux box".
Yes, the file clients support SFTP, but seem to operate the same under SFTP as they do under FTP with the functionality I described in limiting the person who logs in to their respective folder.
I'm sorry, I meant connect to a directory I choose at random for my friend, not that he would have the luxury of going anywhere on the server he wants. He would need to stay in his directory and any subfolders he creates within that directory.
I am running the system I mentioned in my question. I simply didn't know you could refer to that as a "Linux box".
Yes, the file clients support SFTP, but seem to operate the same under SFTP as they do under FTP with the functionality I described in limiting the person who logs in to their respective folder.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It's not the client that limits which "folder" they can get to. It is the security on the server. This it true no matter what protocol you use, ftp or sftp.
What you want is a chrooted environment. Here are directions on how to setup SFTP so your friend will be jailed in his home directory and not be able to move around the filesystem.
http://www.putorius.net/2011/04/how-to-chroot-users-in-sftp-server.html
http://www.putorius.net/2011/04/how-to-chroot-users-in-sftp-server.html
ASKER
Thank you all for your input.
Well, from your comments, I can see it may be a challenge to acheive what I am looking for. I already have the user set up for SSH shell access. Does that automatically give them access via SFTP?
I tried setting up a jailed environment for SSH, but that didn't work very well as the jail cuts my friend off from a lot of server functionality. Seems I'd pretty much have to duplicate all programming and binaries from the server within the jailed environment, which unfortunately, seem ridiculous.
Well, from your comments, I can see it may be a challenge to acheive what I am looking for. I already have the user set up for SSH shell access. Does that automatically give them access via SFTP?
I tried setting up a jailed environment for SSH, but that didn't work very well as the jail cuts my friend off from a lot of server functionality. Seems I'd pretty much have to duplicate all programming and binaries from the server within the jailed environment, which unfortunately, seem ridiculous.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ssh is NOT meant to be setup as a chroot'ed enviroment. As you found out there is WAY too many things you have to link to or duplicate to make ssh usable.
If you have him setup for ssh then he should be able to sftp without any additional changes on your side. Other than he may have access to directories that you may not want him to have access too.
If you want to chroot sftp you should be able to follow:
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
I have never setup a chroot'ed environment for sftp, so I can't vouch for the instructions.
There are other instructions that not only setup chroot'ed sftp, but prevent users from accessing via ssh. If you don't want him ssh'ing to your server, you may want to search for those and implement.
If you have him setup for ssh then he should be able to sftp without any additional changes on your side. Other than he may have access to directories that you may not want him to have access too.
If you want to chroot sftp you should be able to follow:
http://www.thegeekstuff.com/2012/03/chroot-sftp-setup/
I have never setup a chroot'ed environment for sftp, so I can't vouch for the instructions.
There are other instructions that not only setup chroot'ed sftp, but prevent users from accessing via ssh. If you don't want him ssh'ing to your server, you may want to search for those and implement.
ASKER
Thank you experts, the FTP solutions provided I'm sure would work, but since SSH is already set up on the server, we are opting for SFTP.
You can use VSFTP.
https://www.digitalocean.com/community/articles/how-to-set-up-vsftpd-on-centos-6--2