These instructions apply to version 2.1.2 of NcFTPd. Grab the latest version from the FTP site if your copy is outdated.
If there is not already an ftp user, add one. The password is not important because no one can really login as a normal user as ftp. If you can, set it so the encrypted password is just a star, because it is impossible for an encrypted password to generate a string containing a star. Here's an ftp entry to illustrate:
ftp:*:14:50:FTP User:/home/ftp:/bin/false
Otherwise, make up some impossible-to-guess password for it. The shell should also be set to something other than a real shell, such as /bin/false.
Note: You need the ftp user, and its home directory even if you don't plan to offer anonymous FTP service.
Create the anonymous FTP hierarchy. Most of the time you will just use the home directory for the ftp user, but you do not have to use that directory. No matter what directory you choose, we will denote the anonymous FTP hierarchy as ~ftp.
The ~ftp directory should not be owned by ftp, but by root and have mode 755 (drwxr-xr-x). Any subdirectories you don't want people removing should not be owned by the ftp user.
That is usually all that NcFTPd requires of the ~ftp hierarchy. Other FTP servers require a ~ftp/bin/ls and a ~ftp/etc/passwd, libraries, etctera, but NcFTPd does not need those.
Copy files and directories you want accessible to the outside world into
the anonymous FTP hierarchy. Avoid using symbolic links because the server
does a chroot to the ~ftp directory, and if a link
points outside of the anonymous tree the link will be invalid.
Create the /etc/ftpusers file, if it is not already present. This file contains a list of usernames, one username per line, which should never be allowed to login via FTP. Typically, it contains all of the system users. At a minimum, it should contain root.
Here's what my /etc/ftpusers file looks like:
root bin daemon adm lp sync shutdown halt mail news uucp operator games nobody
Make sure the /etc/shells file exists. This file contains a list of interactive shell programs. The purpose of it is to disallow logins from any user who doesn't have an interactive shell.
Here's what my /etc/shells file looks like:
/bin/sh /bin/ksh /bin/csh /bin/bash /bin/tcsh
Unpack the archive. The package comes as a gzipped TAR file, which means to extract the archive you need to first un-gzip it, and then un-tar it.
The file will be named "xxxx.tar.gz". First, convert the .tar.gz file into a .tar file, like this: gzip -d xxxx.tar.gz
Gzip will decompress the file, and rename it into a .tar file. Now un-tar the .tar file, like this: tar xf xxxx.tar
That will extract the files from the package.
You now need to create a configuration files for NcFTPd. The package comes with sample files, named general.cf-dist and domain.cf-dist Make copies of the sample files and move it to a permanent location. I suggest you name them /usr/local/etc/ncftpd/general.cf and /usr/local/etc/ncftpd/domain.cf.
Then edit the files you copied. Directions on how to configure the server are contained in the files, so read through them and make changes. You can also view the configuration reference documentation.
The general.cf file contains settings that apply globally to the server and all of your domains, while the domain.cf file contain the domain-specific settings for one or more virtual domains. Most systems will only have one domain, so you will only have one set of settings in the domain.cf file, but multi-homed hosts or machines with virtual domains will have multiple configuration sets, one for each IP address.
Move the ncftpd executable file to a permanent location. I suggest you name it one of the following:
Disable the existing FTP service from the /etc/inetd. To do that, edit the /etc/inetd.conf file and comment out the line that starts with "ftp" by inserting a # character at the first position.
Force the /etc/inetd to reload its config file. The so-called standard way to do this is to find the process ID for the inetd and send it a SIGHUP by doing a kill -1 pid. Personally, I prefer to just kill it and restart it, since some systems don't support the standard, like AIX. What I do is: kill pid ; sleep 2 ; /etc/inetd.
Test the server as root from your shell command line. Run it just as you normally would, except add the verbose flag, -v, like this:
/usr/local/etc/ncftpd/ncftpd -v /usr/local/etc/ncftpd/general.cf /usr/local/etc/ncftpd/domain.cf
If the server does not encounter a fatal error, it will stay running, so now go to another shell, preferably on another system altogether, and try to FTP to your FTP server. Try a sample FTP session and ensure everything is working to your satisfaction.
While you run it with the verbose logging flag turned on it prints a bunch of debugging information which will also appear in the logs. (When you run it in production, you don't use verbose logging, so it doesn't print or log most of that information.) To stop running the server, just hit your interrupt key.
Add an entry for NcFTPd in your /etc/inittab, if you have one. That will ensure if for some reason the server dies, the init process will start a new instance of it. It also ensures that the server gets started up when you reboot the system.
On my system, I have:
nc:2345:respawn:/usr/local/etc/ncftpd/ncftpd -q /usr/local/etc/ncftpd/general.cf /usr/local/etc/ncftpd/domain.cf
Note that I have do not use the -v flag, but I do use the -q flag. The -q flag tells ncftpd not to echo output to stdout, which could be attached to the console. Since I get that in the logs anyway, I don't want extraneous output to the screen. If I wanted verbose logs, I would use both -v and -q, but that is not recommended in a production environment since it eats diskspace and performance.
Then type init q to have init refresh its configuration. That will start up NcFTPd in the background, and after that, you're all finished!
If your system doesn't have an /etc/inittab (such as BSD/OS,
FreeBSD, etc), you can use the respawn utility that comes with the
distribution (in the extra directory).
The respawn daemon duplicates the functionality of
the /etc/inittab by the same name. You use respawn to launch
NcFTPd and if NcFTPd ever dies, respawn will launch a
new one. Here's a sample line you could put in a /etc/rc.local file:
/usr/local/bin/respawn 60 /var/log/ncftpd.errs /usr/local/etc/ncftpd/ncftpd -q /usr/local/etc/ncftpd/general.cf /usr/local/etc/ncftpd/domain.cf
If you want to use the NcFTPd Reports package, you can install that now. See its documentation for details on how to do that.
Q: I have made some modifications to the configuration files. How do I get NcFTPd to re-read them?
A: You need to restart the server. To do that, you need to kill the main process. That process will then terminate all of its child processes, and cleanup after itself so you can run it again.
To find out which process is the main process, simply look at the file you set to use as the PID file. Or, you can always use the ps utility. Look at all the child processes, and the parent PID is the PID of the main process.
Note that restarting the server will abruptly close all current FTP sessions.
Q: Is there any way I can tell how many remote users are actually logged in or what they're doing?
A: Yes, if your system supports shared memory. The distribution may include ncftpd_spy which lets you monitor what is going on. Try running it as root without any arguments to get the usage message on how to use it.
Q: What do "bind failed: Address in use" errors mean when I start the server?
A: There is already a process that is waiting for FTP connections. Most likely that is /etc/inetd, and you can fix that by commenting out the ftp service line in /etc/inetd.conf and restarting /etc/inetd. It could also mean that there is another instance of NcFTPd running already. Kill that one off first.
Q: What is being logged in the log files the server creates?
A: Please see the log file layouts for the xfer and session and logs.
