The File Transfer Protocol (FTP) is used as one of the most
common means of copying files between servers over the Internet. Most web based
download sites use the built in FTP capabilities of most web browsers and
therefore server oriented operating systems usually include an FTP server
application as part of the software suite. Linux is no exception.
Here we will show you how to convert
your Linux Machine into an FTP server using the default Very Secure FTP Daemon (VSFTPD) package.
FTP Overview
FTP relies on a pair of TCP ports to
get the job done. It operates in two connection channels as I'll explain:
FTP Control Channel, TCP Port 21: All commands you send and the ftp server's responses to
those commands will go over the control connection, but any data sent back
(such as "ls" directory lists or actual file data in either
direction) will go over the data connection.
FTP Data Channel, TCP Port 20: This port is used for all subsequent data transfers between
the client and server.
In
addition to these channels, there are several varieties of FTP.
FTP frequently fails when the data has to pass through a firewall, because
firewalls are designed to limit data flows to predictable TCP ports and FTP
uses a wide range of unpredictable TCP ports. You have a choice of methods to
overcome this.
Managing the FTP daemon is easy to do, but the procedure differs between Linux
distributions. Here are some things to keep in mind.
·
Firstly, different Linux distributions
use different daemon management systems. Each system has its own set of
commands to do similar operations. The most commonly used daemon management
systems are SysV and Systemd.
·
Secondly, the daemon name needs to be
known. In this case the name of the daemon is vsftpd.
Armed with this information you can know how to:
·
Start your daemons automatically on
booting
·
Stop, start and restart them later on
during troubleshooting or when a configuration file change needs to be applied.
Note: If you modify your daemon configuration
file remember that the changes won't take effect till you restart the daemon.
VSFTPD only reads the contents of its vsftpd.conf configuration file
only when it starts, so you'll have to restart VSFTPD each time you edit the
file in order for the changes to take effect. The file may be located in either
the /etc or the /etc/vsftpd directories depending on your
Linux distribution.
This file uses a number of default
settings you need to know about.
§ VSFTPD runs as an anonymous
FTP server. Unless you want any remote user to log into to your default FTP
directory using a username of anonymous and a password that's the same as their
email address, I would suggest turning this off. The configuration file's
anonymous_enable directive can be set to no to disable this feature. You'll
also need to simultaneously enable local users to be able to log in by removing
the comment symbol (#) before the local_enable instruction.
§ If you enable
anonymous FTP with VSFTPD, remember to define the root directory that visitors
will visit. This is done with the anon_root directive.
anon_root=/data/directory
§ VSFTPD allows only
anonymous FTP downloads to remote users, not uploads from them. This can be
changed by modifying the anon_upload_enable directive shown later.
§ VSFTPD doesn't allow
anonymous users to create directories on your FTP server. You can change this
by modifying the anon_mkdir_write_enable directive.
§ VSFTPD logs FTP
access to the /var/log/vsftpd.log log file. You can change this by modifying
the xferlog_file directive.
§ By default VSFTPD
expects files for anonymous FTP to be placed in the /var/ftp directory. You can
change this by modifying the anon_root directive. There is always the risk with
anonymous FTP that users will discover a way to write files to your anonymous
FTP directory. You run the risk of filling up your /var partition if you use
the default setting. It is best to make the anonymous FTP directory reside in
its own dedicated partition.
The configuration file is fairly straight
forward as you can see in the snippet below where we enable anonymous FTP and
individual accounts simultaneously.
# Allow anonymous FTP?
anonymous_enable=YES
...
# The directory which vsftpd
will try to change
# into after an anonymous
login. (Default = /var/ftp)
anon_root=/data/directory
...
# Uncomment this to allow local
users to log in.
local_enable=YES
...
# Uncomment this to enable any
form of FTP write command.
# (Needed even if you want
local users to be able to upload files)
write_enable=YES
...
# Uncomment to allow the
anonymous FTP user to upload files. This only
# has an effect if global write
enable is activated. Also, you will
# obviously need to create a
directory writable by the FTP user.
#anon_upload_enable=YES
...
# Uncomment this if you want
the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
...
# Activate logging of
uploads/downloads.
xferlog_enable=YES
...
# You may override where the
log file goes if you like.
# The default is shown below.
xferlog_file=/var/log/vsftpd.log
...
To activate or deactivate a feature,
remove or add the # at the beginning of the appropriate line.
There are many other options you can add to this file:
- Limiting the maximum number
of client connections (max_clients)
- Limiting the number of
connections by source IP address (max_per_ip)
- The maximum rate of data
transfer per anonymous login. (anon_max_rate)
- The maximum rate of data
transfer per non-anonymous login. (local_max_rate)
Descriptions on this and more can be
found in the vsftpd.conf man pages.
No comments:
Post a Comment