Configuration of FTP Server
Configuration of FTP Server
Configuration of FTP Server
To configure VSFTPD to start at boot you can use the chkconfig command.
[root@bigboy tmp]# chkconfig vsftpd on
Note: In RedHat Linux version 8.0 and earlier, VSFTPD operation is controlled by the xinetd process, which
is covered in Chapter 16, "TELNET, TFTP, and XINETD." You can find a full description of how to configure
these versions of Linux for VSFTPD in Appendix III, "Fedora Version Differences."
The configuration file is fairly straight forward as you can see in the snippet below.
# Allow anonymous FTP?
anonymous_enable=YES
...
# Uncomment this to allow local users to log in.
local_enable=YES
...
# Uncomment this to enable any form of FTP write command.
# (Needed even if you want local users to be able to upload files)
write_enable=YES
...
# Uncomment to allow the anonymous FTP user to upload files. This only
# has an effect if global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
...
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
...
# Activate logging of uploads/downloads.
xferlog_enable=YES
...
# You may override where the log file goes if you like.
# The default is shown# below.
#xferlog_file=/var/log/vsftpd.log
...
# The directory which vsftpd will try to change
# into after an anonymous login. (Default = /var/ftp)
#anon_root=/data/directory
To activate or deactivate a feature, remove or add the # at the beginning of the appropriate line.
Other vsftpd.conf Options
There are many other options you can add to this file:
o Limiting the maximum number of client connections (max_clients)
o Limiting the number of connections by source IP address (max_per_ip)
o The maximum rate of data transfer per anonymous login. (anon_max_rate)
o The maximum rate of data transfer per non-anonymous login. (local_max_rate)
Descriptions on this and more can be found in the vsftpd.conf man pages.
Anonymous Upload
If you want remote users to write data to your FTP server, then you should create a write-only directory
within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users.
The commands you need are:
Tutorial:
FTP has many uses, one of which is allowing numerous unknown users to download files. You have to be
careful, because you run the risk of accidentally allowing unknown persons to upload files to your server. This
sort of unintended activity can quickly fill up your hard drive with illegal software, images, and music for the
world to download, which in turn can clog your server's Internet access and drive up your bandwidth charges.
FTP Users with Only Read Access to a Shared Directory
In this example, anonymous FTP is not desired, but a group of trusted users need to have read only access
to a directory for downloading files. Here are the steps:
1. Disable anonymous FTP. Comment out the anonymous_enable line in the vsftpd.conf file like this:
4. Create a user group and shared directory. In this case, use /home/ftp-users and a user group name of
ftp-users for the remote users
8. Change the permissions of the files in the /home/ftp-docs directory for read only access by the group
Users should now be able to log in via FTP to the server using their new usernames and passwords. If
you absolutely don't want any FTP users to be able to write to any directory, then you should set the
write_enable line in your vsftpd.conf file to no:
write_enable = NO
Remember, you must restart VSFTPD for the configuration file changes to take effect.
/etc/ftphosts : Individual user host access to allow / deny a given username from an address.
# Example host access file
# Everything after a '#' is treated as comment,
# empty lines are ignored
To download files
ftp> get remote-file-name local-file-name
ftp> mget remote-file-name1 remote-file-name2………………….
To upload files
ftp> put local-file-name remote-file-name
ftp> ascii