Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 291 lines (222 sloc) 11.578 kb
cf2eb4c 1.0.12
layer authored
1 Allegro FTPd documentation
8bc8dce See ChangeLog
dancy authored
2
cf2eb4c 1.0.12
layer authored
3 Table of Contents:
a0b4906 See ChangeLog
dancy authored
4
cf2eb4c 1.0.12
layer authored
5 1. Installation
6 A. from source code
7 B. using the supplied binaries
8 2. Configuration
9 A. anonymous FTP setup
10 B. Firewall considerations
11 C. Restricted users
12 3. Security notes
a0b4906 See ChangeLog
dancy authored
13
cf2eb4c 1.0.12
layer authored
14 *******************************************************************************
15 1. Installation
8bc8dce See ChangeLog
dancy authored
16
d37814b see ChangeLog
dancy authored
17 Allegro FTPd (aFTPd) has been tested on Linux, Solaris, and FreeBSD on
18 Allegro Common Lisp. Other platforms supported by Allegro Common Lisp
19 may work as well but Allegro FTPd has not be tested on them.
8bc8dce See ChangeLog
dancy authored
20
cf2eb4c 1.0.12
layer authored
21 You can either build aFTPd from sources or use the binaries built by
22 Franz Inc. If you want to build your own, then you must have Allegro
d37814b see ChangeLog
dancy authored
23 Common Lisp Enterprise Edition, version 7.0 or better.
cf2eb4c 1.0.12
layer authored
24
25 *******************************************************************************
26 1A. Installation: from source code
27
79f9018 2002-09-16 Kevin Layer <layer@crikey>
layer authored
28 The source code to aFTPd is licensed under the terms of the Lisp
29 Lesser GNU Public License (http://opensource.franz.com/preamble.html),
30 known as the LLGPL. The LLGPL consists of a preamble (see above URL)
31 and the LGPL. Where these conflict, the preamble takes precedence.
32 aFTPd is referenced in the preamble as the "LIBRARY."
33
cf2eb4c 1.0.12
layer authored
34 Download and unpack the source code. Then, startup Allegro CL
35 Enterprise and type, in the directory containing the source code:
36
cbc59c2 2002-09-16 Kevin Layer <layer@crikey>
layer authored
37 :ld config.cl
cf2eb4c 1.0.12
layer authored
38 :cl ftpd.cl
39 (build)
40
d37814b see ChangeLog
dancy authored
41 or just type "make" (requires GNU make, which is typically installed
42 as /usr/local/bin/gmake on FreeBSD).
cbc59c2 2002-09-16 Kevin Layer <layer@crikey>
layer authored
43
cf2eb4c 1.0.12
layer authored
44 This will make an `aftpd' directory with the program `aftpd' and
12da4d2 1.0.14
layer authored
45 supporting files. Use this directory in step (1C).
cf2eb4c 1.0.12
layer authored
46
47 *******************************************************************************
48 1B. Installation: using the supplied binaries
49
12da4d2 1.0.14
layer authored
50 You may use the supplied binaries if you do not have a copy of Allegro
51 Common Lisp Enterprise Edition. The Linux binaries will work on x86
d37814b see ChangeLog
dancy authored
52 Red Hat 7.3 or later, or any glibc 2.2 capable system. The Solaris
53 binaries will work on Solaris 5.8 or later. The FreeBSD binaries will
54 work on FreeBSD 4.10 or later. See the file binary-license.txt for
12da4d2 1.0.14
layer authored
55 the license terms for use of these binaries.
cbc59c2 2002-09-16 Kevin Layer <layer@crikey>
layer authored
56
12da4d2 1.0.14
layer authored
57 When extracted the .tgz files will create the `aftpd' from step (1A).
58 Use this directory in step (1C).
cbc59c2 2002-09-16 Kevin Layer <layer@crikey>
layer authored
59
60 *******************************************************************************
61 1C. Installation: finishing up
62
50d8602 See ChangeLog
dancy authored
63 Now that you have an aftpd/ directory (either by building or
64 extracting a pre-built binary) you can complete the installation
d37814b see ChangeLog
dancy authored
65 process.
66
67 First, make sure that you have disabled any existing ftp server you
68 might have configured on your system. Verify by attempting to make an
69 ftp connection to localhost. If you get a connection refused
70 response, then there is no FTP server running.
71
72 The default installation process installs the program in the
50d8602 See ChangeLog
dancy authored
73 /usr/local/sbin/aftpd directory. If this is not what you want, you
d37814b see ChangeLog
dancy authored
74 can edit 'makefile' and the appropriate startup script for the
75 platform:
76 Linux: aftpd.init
77 Solaris: S99aftpd
78 FreeBSD: rc.aftpd.sh
50d8602 See ChangeLog
dancy authored
79
13c4a29 2002-09-18 Kevin Layer <layer@crikey>
layer authored
80 To finish the installation, do:
50d8602 See ChangeLog
dancy authored
81
13c4a29 2002-09-18 Kevin Layer <layer@crikey>
layer authored
82 # make install
50d8602 See ChangeLog
dancy authored
83
d37814b see ChangeLog
dancy authored
84 NOTE: you must have GNU make to use the supplied makefile. On
85 FreeBSD, GNU make is typically installed as /usr/local/bin/gmake.
86
87 This will copy the aftpd directory into /usr/local/sbin and install
88 the appropriate scripts to make the FTP server start up at boot time.
89 For Linux, the installation is assumed to be Redhat-like.
50d8602 See ChangeLog
dancy authored
90
91 To execute the server by hand, run /usr/local/sbin/aftpd/aftpd.
13c4a29 2002-09-18 Kevin Layer <layer@crikey>
layer authored
92 Information on optional command line switches follows.
93
94 The FTP server only works properly when run as 'root'.
cf2eb4c 1.0.12
layer authored
95
96 *******************************************************************************
97 2. Configuration
98
99 Allegro FTPd configuration is determined by the defparameter forms in
100 config.cl. Most of the forms have comments which indicate their
101 proper use. All of the parameters can be overridden at runtime by the
102 /etc/aftpd.cl file (or whichever pathname is specified in *configfile*
103 in ftpd.cl). /etc/aftpd.cl is loaded when the FTP server is first
104 started, and every time a new connection is made. Simply supply setq
105 forms in /etc/aftpd.cl to override default configuration variables.
a0b4906 See ChangeLog
dancy authored
106
8bc8dce See ChangeLog
dancy authored
107 Command line options:
fe31a96 jkf/cox recommended updates
dancy authored
108
8bc8dce See ChangeLog
dancy authored
109 -f file Use alternate config file.
110 -d Run in debug mode [doesn't fork]
111 -p portnum Use alternate ftp server port
112
cf2eb4c 1.0.12
layer authored
113 *******************************************************************************
114 2A. Configuration: anonymous FTP setup
f2f0951 initial
layer authored
115
09a0036 Made readme.txt more verbose in some places
dancy authored
116 There are two configuration variables related to the anonymous FTP
117 account. *anonymous-ftp-names* lists the desired aliases for the
118 anonymous login account. The default value of *anonymous-ftp-names*
119 is ("ftp" "anonymous"), which means that supply the login name 'ftp'
120 or 'anonymous' during an FTP login session will initiate an anonymous
121 FTP session.
122
123 The second configuration variable is *anonymous-ftp-account*. This
124 variable defaults to "ftp" and names the local account under which
125 operations will be performed during the anonymous FTP session. Make
126 sure the account exists in /etc/passwd.
127
128
129 The home directory for the *anonymous-ftp-account* should be set up
130 for a chroot environment. Required files (relative to the chroot'd
131 home directory)
f2f0951 initial
layer authored
132
cf2eb4c 1.0.12
layer authored
133 /dev/null
f552b3e Minor update to README
dancy authored
134 Linux:
135 mknod null c 1 3; chmod a+w null
136 Solaris:
137 mknod null c 13 2; chmod a+w null
d37814b see ChangeLog
dancy authored
138 FreeBSD:
139 mknod null c 2 2; chmod a+w null
cf2eb4c 1.0.12
layer authored
140
141 /bin/ls
142 Ideally (from a security standpoint) it should be statically
143 linked. If not, then the necessary shared libraries should exist
144 in the anonymous ftp account home directory.
f2f0951 initial
layer authored
145
146 Optional:
cf2eb4c 1.0.12
layer authored
147
148 /welcome.msg
149 Displayed after authentication has been completed.
150
151 /etc/passwd
152 /etc/group
153 If you want 'ls' to display user/group names instead of id
154 numbers.
155
156 /bin/tar
157 /bin/zip
158 /bin/bzip2
159 /bin/gzip
160 /bin/compress
d37814b see ChangeLog
dancy authored
161 If you want conversions. Don't forget their shared libraries.
8bc8dce See ChangeLog
dancy authored
162
f1089c0 See ChangeLog
dancy authored
163 No files/directories should be writeable except for those directories
164 in which you want to allow anonymous FTP uploads.
165
cf2eb4c 1.0.12
layer authored
166 If the `ls' or `dir' commands from an FTP client show no files, and
167 you know there are files to list, check that `ls' runs while
168 chroot'd. It may be that some shared library needed by `ls', if it is
169 dynamically linked, is not there.
170
171 *******************************************************************************
172 2B. Configuration: Firewall considerations
173
174 For passive FTP to work, the ports specified by *pasvrange* in
d37814b see ChangeLog
dancy authored
175 config.cl must be open on the firewall. Additionally, *ftpport*
176 should be open.
cf2eb4c 1.0.12
layer authored
177
178 *******************************************************************************
179 2C. Configuration: Restricted users
8bc8dce See ChangeLog
dancy authored
180
181 Restricted users:
182
09a0036 Made readme.txt more verbose in some places
dancy authored
183 If you would like to give a user restricted FTP access to files in
184 their home directory (and below), you can use the *restricted-users*
185 feature.
186
187 *restricted-users* defaults to the empty list, meaning no regular
188 users are restricted. To restrict users, simply set this variable to
189 the list of those user's login name strings. For example, to restrict
190 users joe, bobby, and mike, add the following line to /etc/aftpd.cl:
191
192 (setq *restricted-users* '("joe" "bobby" "mike"))
193
e858e3b 2002-12-18 Kevin Layer <layer@crikey>
layer authored
194 To restrict a single user, you must still use a list like so:
09a0036 Made readme.txt more verbose in some places
dancy authored
195
196 (setq *restricted-users* '("joe"))
197
198 This feature is best for FTP-only users, i.e., users that have no
199 other file access on the system beyond FTP. If a user has, for
200 example, shell or NFS access to the system, they could make a symbolic
201 link in their home directory that will allow them to escape this
202 restriction. The FTP protocol implemented in this version of the
8bc8dce See ChangeLog
dancy authored
203 Allegro FTPd doesn't allow for the creation of symbolic links, so
204 FTP-only accounts shouldn't (in the absence of bugs) be able to
09a0036 Made readme.txt more verbose in some places
dancy authored
205 escape.
206
207 The usual way of disabling shell access for an account is to change
208 the user's shell to something like /sbin/nologin or /bin/false.
209 Again, make sure that you've disabled any other possible filesystem
210 access methods that may be available to the restricted user.
8bc8dce See ChangeLog
dancy authored
211
212 If you want to allow a restricted user to reach other restricted
213 subsets of the filesystem, you can make symbolic links in their home
214 directory which point to other directories. As long as those
215 directories and subdirectories don't have symbolic links which point
216 outside of them, the user will remain confined within them.
217
218 The restricted user feature works by keeping careful track of the
219 user's current working directory. When a restricted user initially
220 logs in, their cwd (current working directory) is set to their home
221 directory (as stated in /etc/passwd). All pathnames that a user
222 enters are parsed and converted into absolute pathnames. When the
223 pathname parser encounters '..', it strips one component from the tail
224 of the pathname. All absolute pathnames must have a prefix that is
225 equal to the restricted user's directory, otherwise access will be
226 denied.
227
228 The following example illustrates these concepts:
229
230 [User's home directory is /home/dancy]
231 login: cwd starts at /home/dancy
232
233 cd ..: disallowed because absolute pathname is /home
234
235 cd /: disallowed because absolute pathname is /
236
237 cd ../../home/dancy: allowed because absolute pathname is /home/dancy
238
239 cd somedir: allowed because absolute pathname is /home/dancy/somedir.
240 [cwd is now /home/dancy/somedir]
241
242 cd ..: allowed because absolute pathname is /home/dancy
243 [cwd is now /home/dancy]
244
245 [Assume that 'dirptr' is a symbolic link to /home/joe]
246 cd dirptr: allowed because absolute pathname is /home/dancy/dirptr
247 even though the ultimate destination, as far as the
248 operating system is concerned, is /home/joe.
249 [cwd is now /home/dancy/dirptr]
250
251 cd ..: allowed because absolute pathname is /home/dancy again.
252
cf2eb4c 1.0.12
layer authored
253 *******************************************************************************
254 3. Security notes
f1089c0 See ChangeLog
dancy authored
255
cf2eb4c 1.0.12
layer authored
256 Since this FTP server is written in Common Lisp, it should be free of
257 buffer overflows. None of the foreign functions used fill in any
f1089c0 See ChangeLog
dancy authored
258 variable-sized buffers so things should be safe on that front as well.
259 One target of attack may be the conversions. Bugs in conversion
260 programs could lead to security compromises. For example, gzip-1.2.4
261 may suffer a buffer overflow if its command line is too long (see
262 http://www.securityfocus.com/advisories/3801 ). Make sure all of your
263 conversion programs are up-to-date. If you're really worried, you can
cf2eb4c 1.0.12
layer authored
264 set *conversions* to 'nil' to disallow all conversions. If you want
265 to audit the security of this FTP server, it is recommended that you
266 examine the make-full-path and glob functions (and their callers and
267 callees).
5909d96 See ChangeLog
dancy authored
268
269 *******************************************************************************
270 4. *pasvipaddrs* example and information.
271
272 (setf *pasvipaddrs*
273 '(("192.168.1.0/24" . "192.168.1.99")
274 ("192.168.2.0/255.255.255.0" . "192.168.1.98")
429d5ea slight update to README
dancy authored
275 ("127.0.0.1" . "127.0.0.1")
5909d96 See ChangeLog
dancy authored
276 ("0.0.0.0/0" . "99.44.22.54")))
277
278 This is a contrived example of a complicated network. The first two
279 entries show two different ways of specifying the network number and
280 netmask. Clients connecting from 192.168.1.x will be told to use the
281 address 192.168.1.99 for their PASV connections. Clients from
282 192.168.2.x will be told to use 192.168.1.98. The single client from
429d5ea slight update to README
dancy authored
283 127.0.0.1 (localhost) will be told to use 127.0.0.1. This is a
284 reasonable rule to have in all configurations.. The final entry
285 serves as a default entry. If the client's IP address doesn't match
286 any other entry, this entry will be used. If no default entry is
5909d96 See ChangeLog
dancy authored
287 specified, the FTP server will use the IP address of its side of the
288 FTP control connection. Note that this does not affect the IP
289 interface to which the passive connection is bound. It only controls
290 that address that is returned to the client.
Something went wrong with that request. Please try again.