FTP Development of a file exchange system based on the FTP service using temporary accounts Takashi YAMAMOTO Computer and Information Network Center, National Institute for Fusion Science Abstract A file exchange system based on FTP service named cftp (Computer Center s FTP service) was developed for exchanging the files which is too large to send by e-mail on July, 2003. The user can privately exchange the files with this system which strictly separates the user s directories. This separation is made by the guest user function added by wu-ftpd, the famous FTP server software. The account on cftp system is rapidly issued when the user sends a request e-mail to the system. The account is valid only for seven days for avoiding the security problems. This system comprises the UNIX account system, wu-ftpd, and Perl script. This service has been offered to the community of National Institute for Fusion Science for three years and six months. On this report, the outlines of the script program for the system are explained. The usability and the next generation system are also discussed on the basis of the answers to a questionnaire. keywords: private communication, Except module, network administration, automation
Computer Center s FTP service, cftp 2003 6 FTP FTP wu-ftpd 7 UNIX OS wu-ftpd Perl 3 6 1 1.1 *1 1 10 MB USB FTP *2 cftp 2 3 *1 *2 File Transfer Protocol. RFC959. 1
1.2 1 FTP 1 10GB 1 DVD-R, USB MB 10MB 100MB Web Anonymous FTP 100MB FTP Web USB, CD-R, DVD-R Web Anonymous FTP FTP FTP FTP FTP Web Anonymous FTP ftp anonymous FTP *3 Anonymous FTP Anonymous FTP *3 Anonymous FTP 2
Web FTP 1.3 cftp 1 ftp 7 1. cftp 2 2.1 cftp FTP Sun SCSI 1.6GB FTP wu-ftpd 460 Perl [1] cftp FTP UNIX Expect.pm FTP 7 UNIX From 3
nifs.ac.jp *4 2.2 cftp sendmail UNIX sendmail UNIX SUID SUID C wrapper *5 /var/cftp/bin -rwxr-xr-x 1 yama staff 14016 Feb 1 23:20 cftp.pl* -rwsr-xr-x 1 root other 23672 Jun 9 2003 wrapper* /* p. 414, Programming Perl Second Edition, Japanese Edition */ #define REAL_FILE "/var/cftp/bin/cftp.pl" wrapper.c #include <stdio.h> #include <unistd.h> main(int argc, char *argv[]) { execv(real_file, argv); } 2.3 2.3.1 ; Expect UNIX UNIX useradd /etc/shadow UNIX passwd passwd *4 From nifs.ac.jp *5 Perl SUID UNIX [1] 6.3.1.3 [2] 4
Expect.pm [3] cftp sub init_passwd { # Expect module # cf. Managing Multiplatform Enviroments with Perl, Japanese Edition. # D. N. Blank-Edelman, O Reilly Japan, 2002, page 95 my ($account, $passwd) = @_; } # $passwd_cmd $account my $command = Expect->spawn($passwd_cmd, $account) or die "Can t start program... $!\n"; # $command->log_stdout(0); # "New password:" 10 $command->expect(10, "New password:"); # $passwd print $command "$passwd\n"; # "Re-enter new password:" $command->expect(10, "Re-enter new password:"); # $passwd print $command "$passwd\n"; # $command->soft_close(); Except.pm 2.3.2 UNIX *6 account.tab # 2006/12/07 23:59:59 foo091 foo@nifs.ac.jp expired 2006/12/08 23:59:59 bar092 bar@nifs.ac.jp expired 2006/12/09 23:59:59 baz093 baz@nifs.ac.jp *7 *6 UNIX *7 foo, bar, baz 5
2.3.3 wu-ftpd wu-ftpd Anonymous FTP ftp UNIX chroot wu-ftpd FTP ls wu-ftpd inetd /etc/inetd.conf ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a -a /etc/ftpaccess *8 ftpaccess guestuser foo091 bar092 baz093 /etc/ftpaccess guestgroup cftp /etc/ftpaccess UNIX cftp /etc/passwd foo091:x:20091:20000:ftp user:/public/foo091/./pub:/bin/false /etc/passwd : 6.. foo091 ftp /public/foo091/pub /public/foo091 2.3.4 cftp *8 wu-ftpd 6 tcpwapper TCP/IP inetd -l ftpd OS syslog 6
Your request is accepted. hostname:.nifs.ac.jp username: foo091 password: xxxxxxxx.yyyyy expiration: 2006/12/07 23:59:59 JST (+0900) Your account is valid for 7 days. All uploaded files will be automatically removed after the valid period. 2.4 UNIX cron 1 # cftp expiration 0 1 * * * /var/cftp/bin/cftp.pl --expire mail foo@nifs.ac.jp 2>&1 crontab account.tab 5 expired UNIX usrdel usrdel -r Expire Username E-mail Status Rest ----------------------------------------------------------------------------- 2006/12/07 23:59:59 foo091 foo@nifs.ac.jp expired 2006/12/08 23:59:59 bar092 bar@nifs.ac.jp expire -0.04 2006/12/09 23:59:59 baz093 baz@nifs.ac.jp alive 0.96 2006/12/10 23:59:59 qux094 qux@nifs.ac.jp notice 1.96 * The notice is sent 2 days before. 3 3.1 cftp 2003 6 2 2003 6 2006 12 55 / 4 5 / 2006 3 7
2 cftp 2003 6 2006 12 2003 2004 2005 2006 24 59 58 57 198 55.3 / 3.2 cftp 3 *9 PC FTP Web Web * 10 MySQL PostgreSQL SQL 4 OS * 11 Unicode Unicode Web SSL Secure Socket Layer FAX, S/MIME, PGP USB *9 Fujitsu S-4/5H model 170, CPU TurboSPARC 170MHz, 64MB cftp 1.8GB, 10BaseTPC *10 Web Asynchronous JavaScript + XML (Ajax) *11 Windows Shift-JIS, UNIX EUC 8
4 UNIX wu-ftpd cftp cftp 3 cftp [1] Larry Wall, Tom Christiansen, and Randal L. Schwartz Perl,, 1997 [2] Simson Garfinkel, and Gene Spafford, Practical UNIX and Internet Security, Second Edition, O Reilly, 1996. SUID UNIX [3] David N. Blank-Edelman Perl, 2002 Expect tcl Perl Expect.pm 9
A A.1 cftp from *1 foo@nifs.ac.jp foo001, foobar.baz@nifs.ac.jp foobar002 UNIX *2 5 7 9 1 10 1 5 7 9 5 A.2 ProFTPD wu-ftpd FTP ProFTPD *3 ProFTPD chroot ls DefaultRoot ~/pub proftpd.conf pub wu-ftpd ProFTPD cftp Solaris 2.5.1 chroot ls wu-ftpd wu-ftpd *1 *2 /usr/dict/words /usr/share/dict/words. *3 http://www.proftpd.org/ 10
B 2006 3 37 8 22% B.1 cftp: FTP Q1. Q2. Q3. Q4. Q5. Q6. B.2 Q1. 3. Q1 3 3 3 6 0 0 0 5 1 0 0 6 0 0 0 Q4. FTP 4 Q5. 11
2 3 *4 ftp *5 Q6. Macintosh FTP Fetch : Web ftp *6...... *4 Anonymous FTP FTP *5 *6 FTP URL ftp://username:passwd@server/ : MS04-004 http(s) FTP 12