18.5 Novell FTP (Pure-FTPd) and OES 2
FTP file services on OES 11 SP1 servers are provided by Pure-FTPd, a free (BSD), secure, production-quality and standard-conformant FTP server. The OES implementation includes support for FTP gateway functionality as on NetWare and offers a level of integration between eDirectory and Pure-FTP that allows users to authenticate to eDirectory for FTP access to the server.
This section discusses the following topics:
18.5.1 New FTP Features Added for SP3
The ability to run multiple FTP instances and common home directory support have been added for SP3.
18.5.2 Configuring Pure-FTPd on an OES 2 Server
Edit the /etc/pure-ftpd/pure-ftpd.conf file to configure the Pure-FTPd server.
NOTE:All the Pure-FTPd users must be LUM enabled on the server.
The following table lists the recommended configuration parameters for Pure-FTPd.
Table 18-10 Configuration Parameters
|
Parameter |
Description |
|---|---|
|
DefaultHomeDirectory /tmp |
Default home directory of the user. |
|
ChrootEveryone no |
Cage in every user in his home directory. |
|
MaxClientsNumber 10 |
Maximum numbers of clients that can simultaneously access the server. |
|
PassivePortRange 40000 40020 |
Port range for passive connection replies. Range must be a minimum of 2*MaxClientsNumber. |
|
MaxClientsPerIP 3 |
Maximum number of sim clients with the same IP address |
|
NoRename yes|no |
Set to yes if you do not want the users to rename the files |
|
remote_server yes |
Enables remote server navigation for the FTP server ChrootEveryone parameter is required for remote_server to be enabled |
|
disallow_list_oes_server yes |
Disables the site slist from listing the OES servers |
|
edir_ldap_port 389 |
LDAP port of the eDirectory server |
|
AnonymousOnly no |
Enables authenticated connection to pure-ftp server |
|
NoAnonymous yes |
Disables anonymous connection |
|
ChrootEveryone no |
Allows the user to browse outside the home directory. This configuration is required for remote server navigation |
18.5.3 Administering and Managing Pure-FTPd on an OES 2 Server
Starting Pure-FTPd
Start the Pure-FTPd server using the rcpure-ftpd command.
Initializing Multiple Instances
Pure-FTPd is loaded by using a configuration file. Multiple instances of Pure-FTPd can be loaded using different configuration files.
By default, an instance of Pure-FTPd using /etc/pure-ftpd/pure-ftpd.conf file is loaded at the boot time by init.d script. For loading multiple instances, new configuration files need to be created.
To load a new instance of Pure-FTPd:
-
Create a new configuration file for each instance.
For example: Copy /etc/pure-ftpd/pure-ftpd.conf to a different location. Rename the file to pure-ftpd1.conf and move it to /etc/opt/novell/pure-ftpd1.conf.
-
Modify the following settings in the configuration file to avoid IP address or port conflicts between the instances:
-
PIDFile: Points to the full path of the PID file created by the pure-ftpd instance. PID file is used for unloading a particular instance of pure-ftpd. Hence, ensure that the PID File path is unique for every instance.
For example: /var/run/pure-ftp1.pid, /var/run/pure-ftp2.pid.
-
Bind: By default, pure-ftpd binds to all the IP addresses on the system and listens to requests over port 21. Modify the settings of the bind such that all the pure-ftpd instances bind to different IP addresses or port combinations.
also, modify the settings in the /etc/pure-ftpd/pure-ftpd.conf to avoid any IP address or port conflict from the second instance.
For example: If a system has two interfaces with two IP addresses 10.1.1.1 and 10.1.1.2, then the bind setting for two pure-ftpd instances can be Bind 10.1.1.1,21 and Bind 10.1.1.2,21.
-
-
Load the new instance using /usr/sbin/pure-config.pl <Full path of the config file>
For example: /usr/sbin/pure-config.pl /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf loads an instance using the config file /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf.
Verifying the Load of a New Instance
Use the following methods to verify that the new instance of pure-ftpd is successfully loaded:
-
The ps –eaf | grep pure-ftpd command lists all the instances of pure-ftpd loaded on the system.
-
The PID file as specified using the PIDFile in the configuration file must be created.
-
An FTP connection from the client to the server over the IP address being used by the pure-ftpd instance must be created.
Unloading Specific Instances
A new script pure-ftp-stop.pl is added to unload an instance of pure-ftpd and all its child processes. Full path of the configuration file used to load the instance of pure-ftpd must be passed to the pure-ftp-stop.pl script.
For example: /usr/sbin/pure-ftp-stop.pl /etc/opt/novell/pureftpd-confs/pure-ftpd1.conf unloads the instance of pure-ftpd loaded using /etc/opt/novell/pureftpd-confs/pure-ftp1.conf.
The PIDFile of the pure-ftpd instance is also used for unloading the pure-ftpd instance.
Verifying the Unload of a New Instance
-
The PID file specified using the PIDFile in the configuration file must be deleted.
-
The number of instances displayed by ps –eaf | grep pure-ftpd must reduce.
-
An FTP connection request to the server must error out.
Pure-FTPd Remote Access Implementation
After logging in to the eDirectory tree, users can access files and directories on a remote Linux server whether or not the server is running Linux FTP Server software. The remote server can be another Linux OES server or an IBM server if they are in the same tree.
The NCP protocol lets you transfer files and navigate to and from remote eDirectory servers.
To navigate to remote servers, use the following command:
cd //remote server name/volume/directory pathname
File operations such as get, put, and delete can be used on the remote server, even without changing the directory path to that server.
For example:
get //remote_server_name/volume/directory path/filename
The double slash (//) indicates that the user wants to access a remote server. After the double slash, the first entry must be the name of the remote server.
Configuring Pure-FTPd
Configuration file: /etc/pure-ftpd/pure-ftpd.conf
The configuration parameters for remote server navigation are as follows:
|
Entry |
Value |
Function |
|---|---|---|
|
remote_server |
yes |
Enables remote server navigation for the Pure-FTPd server. |
|
disallow_list_oes_server |
yes |
Disables SITE SLIST command for listing OES machines. |
|
edir_ldap_port |
389 |
eDirectory LDAP port |
The following configuration parameters needs to be set for remote server navigation:
|
Entry |
Value |
Reason Why |
|---|---|---|
|
ChrootEveryone |
no |
Option yes restricts users to login only to his home directory and cannot navigate to other directories including remote OES servers. |
|
ChrootEveryone |
no |
Option yes restricts users to login only to his home directory and cannot navigate to other directories including remote OES servers. |
|
AnonymousOnly |
no |
Option yes allows only anonymous logins. |
Path Formats
Table 18-11 Linux FTP Server path formats
|
Task |
Command Format |
|---|---|
|
Specifying the volume and directory path name |
//server_name/volume_name/directory_path |
|
Navigating to different volumes |
cd //server_name/volume_name |
|
Switching back to the home directory |
cd ~ |
|
Switching to home directory of any user |
cd ~user_name |
|
Switching to the root of the server |
cd / |
NOTE:The Linux FTP Server does not support wildcards at the root of the server.
SITE Command
The SITE command enables FTP clients to access features specific to the Linux FTP Server.
NOTE:The SITE command is not case sensitive if entered from an FTP client.
The SITE command has the following syntax:
SITE [SLIST]
NOTE:The settings done through SITE commands are valid only for the current session.
This command is unique to the Linux FTP service and are not standard FTP commands.
Table 18-12 provides the SITE command along with the description:
Table 18-12 Linux FTP SITE command
|
Command |
Description |
|---|---|
|
SLIST |
Lists all the OES servers within the eDirectory tree. |
NOTE:All the FTP users needs to be LUM-enabled on the FTP server.
18.5.4 Cluster Enabling Pure-FTPd in an OES 2 Environment
You can configure Pure-FTPd server in active/active mode of Novell Cluster Services.
Prerequisites
-
Novell Cluster Services is installed and setup.
For step-by-step information on setting up Novell Cluster Services, refer to
Installing and Configuring Novell Cluster Services on OES 2 Linux
in theOES 2 SP3: Novell Cluster Services 1.8.8 Administration Guide for Linux.
Active/Active Mode
In active/active cluster mode, multiple instances of FTP server runs on a single node cluster.
Pure-FTPd must be associated with a shared NSS volume and the DefaultHomeDirectory of users must be on the shared NSS volume.
Configuring Active/Active Mode
-
Install pure-ftpd on all the cluster nodes by selecting in the OES install. Upgrade pure-ftpd on all the nodes with the test RPM.
-
Enable hard links on the shared NSS volumes.
-
Create a unique configuration file for every FTP server to be associated with a shared NSS volume. Ensure that:
-
The Bind setting in the configuration file is same as the IP Address of the virtual server created for the NSS pool.
-
The PID file must be unique for each FTP instance running on the cluster.
-
-
Copy the configuration file to the shared volume to /etc/opt/novell on the shared volume. Copying the configuration file to the shared volume, the file is automatically moved across the nodes with the volume and is always available to the FTP Server.
For exmaple: If the shared volume is FTPVol1, the path to copy the configuration file is /media/nss/FTPVol1/etc/opt/novell/pure-ftpd.
-
Configure all the FTP servers for DefaultHomeDirectory support. As NSS volume is shared, the DefaultHomeDirectory in the configuration file must be on the shared volume.
For example: If FTPVol1 is the shared volume attached to an FTP Server, DefaultHomeDirectory in the configuration file is /media/nss/FTPVol1/FTPShare.
-
Update the load and unload scripts of the cluster resource.
-
Load script: Add the following command to load the FTP server with the shared volume:
/usr/sbin/pure-config.pls <Full Path to configuration file>
For example: If the shared volume is FTPVol1 and the Pure-FTP configuration file is /etc/opt/novell/pure-ftpd/ftpvol1.conf on FTPVol1, the pure-ftpd load command in the load script is exit_on_error /usr/sbin/pure-config.pl /media/nss/FTPVol1/etc/opt/novell/pure-ftpd/ftpvol1.conf.
-
Unload script: Add the following command to unload the FTP server:
/usr/sbin/pure-ftp-stop.pl <Full Path to configuration file>
Configuration file path must be same as the one passed to pure-config.pl in the load script.
-
NOTE:In iManager, load and unload the cluster resources. Pure-ftpd instances must be loaded along with the shared NSS volumes. Migrate the pure-ftpd instances when the associated shared volumes are moved across the cluster nodes.
18.5.5 Troubleshooting PureFTPd
Home Directory Not Found
Error: Home directory not available
Cause: Either the user’s home directory is missing or the configured default home directory is not available.
Action: Edit the FTP configuration file to point to the available home directory or create the default directory in the file system.