Making FTP Work in Red Hat

I apologize for the overly technical cast of this note, but in restoring my Linux systems yesterday, I found two FTP problems that were easy to fix, hard to find.

When you enable FTP on a new Red Hat 7.2 installation, by default, FTP is disabled. This is great! The default install of Red Hat 7.2 is very secure compared to earlier systems. Coupled with their up2date system (subscription fee simple software updates by package, or free for a limited time when you purchase full copies of server and workstation software), it's probably the best general Unix distribution ever for an install-and-walk-away solution.

To enable FTP, you have to change two settings which, if they're not changed, you don't get reasonable error messages to fix the problems. This is a typical Unix/Linux issue: software fails to do something and it fails to note that it failed to do it.

The xinetd services manager, which replaces the harder-to-configure inetd ubiquitous in Unixdom, has a folder /etc/xinetd.d/. Inside that directory, a file called wu-ftpd has the default socket-based communication information for FTP connections. I disallow anonymous FTP (using the ftpaccess and other configuration files), but to let users with accounts in, you have to edit the wu-ftpd file for xinetd. One of the lines is disabled[tab]on. Comment this line out (with a pound sign at the head), delete it, or change it to off. Then you restart xinetd: service xinetd restart.

The next problem is for users who you don't want to have login permissions to an account but who have FTP access. A file called /etc/shells lists legal login shells. A binary called /bin/false is a fake shell that doesn't allow someone to login. If /bin/false isn't in the /etc/shells list, FTP always fails without a good error message to the user or the system.

This information (and this page) should be invaluable to a number of people someday. I can't tell you the number of hours I've spent over the last four years remembering those two facts when I install a new box.