Linux Step By Steps
From: Joel Hammer <>

Subject: Setting up ftp server 

Someone asked how to set up a ftp server. Its not hard. In fact, the person asking the question may already have one set up and not know it!

First, make sure you have the directory /home/ftp/. You should have subdirectories bin,etc,lib and pub

irwin <>

To set the local timezone into your xferlog or syslog, you need to copy the zoneinfo file to the ~ftp tree.

In general, /etc/localtime is a link to /usr/share/lib/zoneinfo/... But you cannot use soft-link with ftp daemons because when
the ftp daemon runs, it might not be able to access /etc.

The solution is to duplicate the zone file in ~ftp/etc.

Taking wu-ftpd and Caldera Openlinux as an example:

cp /usr/share/zoneinfo/America/Los_Angeles  /home/ftp/etc/localtime

Change "Los_Angeles" to your own time zone reference.

Now syslog would record the right time.

In a simple world, the ftp daemon would to be running all the time in the background, listening for requests on port 21. When the other computer logs in, "ftp" will serve as a password and a user name, and the client can look only into the files in the pub directory.  Oi, the times we live in. 

To make your computer faster and more secure, tcp  wrappers are used to start the ftp daemon. Make sure the following command is  in your /etc/inetd.conf file. 

   ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a 

Then, start up or restart the inet daemon, inetd, by executing the following commands:

/etc/rc.d/init.d/inet stop
/etc/rc.d/init.d/inet start 

You should see inetd running, not in.ftpd

I think that's all there is to it (unless I have left something out) EXCEPT security.

If all the above worked, anyone in the world could (and many strangers will try), to log onto your ftp server. I don't know much about security but I  believe this service is very insecure. That explains why I get lots of  strangers trying to log onto my ftp server.  They don't succeed because I have at least two layers of security, ipchains and hosts.allow and hosts.deny. The latter two files are used to control who may  start services controlled by inetd

I like ipchains the most but hosts.allow/deny will work. I would greatly advise learning ipchains before  getting too friendly with the net, however. Here are excerpts from my  hosts.allow and hosts.deny. These only affect services controlled by inetd.  Other important services, sendmail for example, are not affected by these  files. 

File /etc/hosts.deny > ALL : ALL 

This is simple. Any host not allowed is denied. 

File /etc/hosts.allow > # hosts.allow

This file describes the names of the hosts which are  # allowed to use the local INET services, as decided  # by the '/usr/sbin/tcpd' server. 

in.ftpd :
in.identd : ALL

This allows only host(s) to use my telnet and ftp services.   Notice, I allow all my private network to use all my inetd supplied services.   (I suppose you could allow named clients like in these files   but I am not sure about the name lookup procedure here so I always used ip   addresses.)

Read the man pages on these two files. Don't forget, you have to stop/start inetd after you changes these files. There are diagnostic programs noted in the man pages.

 Good luck. > Post questions. > Joel