FTP file services on OES servers are provided by Pure-FTPd, a free (BSD), secure, production-quality and standard-conformant FTP server. The OES implementation includes support for FTP gateway functionality as on OES and offers a level of integration between AD and Pure-FTP that allows users to authenticate to AD for FTP access to the server.
This section discusses the following topics:
Before installing Pure-FTPd, ensure that users requiring FTP access have access rights to the areas on the server they need to use.
To install Pure-FTPd, select thepattern in the OES installation.
The FTP server supports a home directory for users on local and remote CIFS servers. The remote server should be an OES server. When the home directory is set for the user in AD, the user is placed in the home directory on successful login to the OES server.
Pure-FTPd supports three levels of home directory, default home directory, a user specific home directory on the local system, and a user specific home directory identified by the value set in AD.
DefaultHomeDirectory or AD home directories can be disabled. If both of them are enabled, the following is used to establish the precedence:
User specific home directory set in AD
Default home directory
An administrator can set the home directory for AD users as part of the User object in AD. On successful login to the FTP server, the user is placed in the home directory set in the user object. The User's home directory can exist either on the OES server that is hosting the FTP service or on any other OES server in the same tree.
A new EnableRemoteHomeDirectory option is now available to support this home directory. By default, this option is set to NO and the home directory set for the user in AD is ignored.
To enable AD based home directory support, you must set both EnableRemoteHomeDirectory and remote_server to YES. FTP will then read the user’s home directory from AD and mount it locally.
DefaultHomeDirectory indicates the path to the common home directory for all FTP users. On successful login to the Pure-FTPd, users are placed in the default home directory. The default home directory can be a locally mounted NSS path or on a remote CIFS share. The NSS volume can be configured by using the DefaultHomeDirectory and DefaultHomeDirectoryServer settings. If the home directory is on a remote server, use DefaultHomeDirectoryServer, and set the DNS name of the remote CIFS server. As with any NSS volume, the FTP client should have required rights over the NSS volume whether DefaultHomeDirectory is on a local or remote server or not.
The DefaultHomeDirectoryServer option is now available to differentiate whether DefaultHomeDirectory is on a local or remote server. By default, this option is set to NO so DefaultHomeDirectory points to a local path.
To set DefaultHomeDirectory to point to a remote CIFS server with a DNS entry, you must specify the full path to the remote server, including the share name. For example, DefaultHomeDirectory /sharename. You must also set both DefaultHomeDirectory and remote_server to YES.
NOTE:The following are not supported for AD users:
POSIX home directory
Trusted GID feature
Support for backslashes in input path is provided. Using FTP client on Windows, you can use backslash as separator in the path. allow_backslash_in_path option is now available to allow back slash in the path. By default the option is set to NO.
Ensure that the FTP server can resolve the DNS name of the remote OES server.
To configure the Pure-FTPd server on OES, edit the /etc/pure-ftpd/pure-ftpd.conf file.
NOTE:It is very strongly recommended that you read through the entire /etc/pure-ftpd/pure-ftpd.conf file and be familiar with the available parameters and settings.
For more information, see the pure-ftpd man page.
Start the Pure-FTPd server using the rcpure-ftpd command.
Pure-FTPd is loaded by using a configuration file. Multiple instances of Pure-FTPd can be loaded using different configuration files.
By default, an instance of Pure-FTPd using /etc/pure-ftpd/pure-ftpd.conf file is loaded at the boot time. For loading multiple instances, new configuration files need to be created.
To load a new instance of Pure-FTPd:
Create a new configuration file for each instance.
For example: Copy /etc/pure-ftpd/pure-ftpd.conf to /etc/opt/novell/pure-ftpd1.conf.
Modify the following settings in the configuration file to avoid IP address or port conflicts between the instances:
PIDFile: Points to the full path of the PID file created by the pure-ftpd instance. PID file is used for unloading a particular instance of pure-ftpd. Hence, ensure that the PID File path is unique for every instance.
For example: /var/run/pure-ftp1.pid, /var/run/pure-ftp2.pid.
Bind: By default, pure-ftpd binds to all the IP addresses on the system and listens to requests over port 21. Modify the settings of the bind such that all the pure-ftpd instances bind to different IP addresses or port combinations.
also, modify the settings in the /etc/pure-ftpd/pure-ftpd.conf to avoid any IP address or port conflict from the second instance.
For example: If a system has two interfaces with two IP addresses 10.1.1.1 and 10.1.1.2, then the bind setting for two pure-ftpd instances can be Bind 10.1.1.1,21 and Bind 10.1.1.2,21.
Load the new instance using /usr/sbin/pure-config.pl <Full path of the config file>
For example: /usr/sbin/pure-config.pl /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf loads an instance using the config file /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf.
Use the following methods to verify that the new instance of pure-ftpd is successfully loaded:
The ps –eaf | grep pure-ftpd command lists all the instances of pure-ftpd loaded on the system.
The PID file as specified using the PIDFile entry in the configuration file has been created.
An FTP connection from the client to the server over the IP address being used by the pure-ftpd instance can be created.
A new script, pure-ftp-stop.pl, is added to unload an instance of pure-ftpd and all its child processes. The full path of the configuration file used to load the instance of pure-ftpd must be passed to the pure-ftp-stop.pl script.
For example: /usr/sbin/pure-ftpd-stop.pl /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf unloads the instance of pure-ftpd that was loaded using /etc/opt/novell/pureftpd-confs/pure-ftp1.conf.
The PID file of the pure-ftpd instance is also used for unloading the pure-ftpd instance.
The PID file specified using the PIDFile entry in the configuration file has been deleted.
The number of instances displayed by ps –eaf | grep pure-ftpd is reduced.
An FTP connection request to the server errors out.
After logging in to the AD tree, users can access files and directories on a remote Linux server whether or not the server is running Linux FTP Server software. The remote server can be another Linux OES server.
This section describes how to configure and use the Remote Server Navigation feature.
The CIFS protocol lets you transfer files and navigate to and from remote OES servers.
To navigate to remote servers, use the following command:
cd //remote server name/share/directory pathname
File operations such as get, put, and delete can be used on the remote server, even without changing the directory path to that server.
get //remote_server_name/share/directory path/filename
The double slash (//) indicates that the user wants to access a remote server. After the double slash, the first entry must be the name of the remote server. The remote server name should be full DNS server name.
Configuration file: /etc/pure-ftpd/pure-ftpd.conf
The configuration parameters for remote server navigation are as follows:
Enables remote server navigation for the Pure-FTPd server.
The following configuration parameters needs to be set for remote server navigation:
Option yes restricts users to login only to his home directory and cannot navigate to other directories including remote OES servers.
Option yes allows only anonymous login.
Option yes restricts users to rename the file.
Table 7-3 Linux FTP Server path formats
Specifying the volume and directory path name
Navigating to different volumes
Switching back to the home directory
Switching to the root of the server
The Linux FTP Server does not support wildcards at the root of the server.
When chroot capability is enabled, AD users are allowed to login with chrooted.
By default, AD users access files through SMB protocol. Beginning with OES 2018 SP1, they can also access files through SMB2 protocol. To enable this, add the entry client max protocol = SMB2 under the 'global' heading in /etc/samba/smb.conf on the FTP server.
[global] client max protocol = SMB2
Enabling SMB2 access for AD users provides them the capability to access DFS junctions.
Co-existence Issue in Default Home Directory for Cluster Volumes: If Default Home Directory is used and the physical and cluster pool names is greater than 15 characters, then the NCP and CIFS server names will be different. Therefore, FTP login is impacted for both Remote Home Directory and Default Home Directory.
If eDirectory and Active Directory users co-existence is needed, run two instances of FTP server. One instance for eDirectory users with NCP (Virtual) server name and another instance for Active Directory users with CIFS (netbios) server name. For more information on initializing multiple instances, see Initializing Multiple Instances.