Note:
-
check IPTABLES
-
start VSFTPD service
File Transfer Protocol (FTP) is a TCP protocol for uploading and downloading files between computers. FTP works on a client/server model. The server component is called an FTP daemon. It continuously listens for FTP requests from remote clients. When a request is received, it manages the login and sets up the connection. For the duration of the session it executes any of commands sent by the FTP client.
Access to an FTP server can be managed in two ways:
-
Anonymous
-
Authenticated
In the Anonymous mode, remote clients can access the FTP server by using the default user account called “anonymous” or “ftp” and sending an email address as the password. In the Authenticated mode a user must have an account and a password. User access to the FTP server directories and files is dependent on the permissions defined for the account used at login. As a general rule, the FTP daemon will hide the root directory of the FTP server and change it to the FTP Home directory. This hides the rest of the file system from remote sessions.
vsftpd – FTP Server Installation
vsftpd is an FTP daemon available in Ubuntu. It is easy to install, set up, and maintain. To install vsftpd you can run the following command:
sudo apt-get install vsftpd
Anonymous FTP Configuration
By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /srv//ftp. This is the default FTP directory.
Alter anonymous access. Enter “anonymous_enable=YES” (without quotation marks) to allow anonymous FTP access. The hash (#) at the beginning of each line indicates that this line is commented out and will be ignored. To enable this line, you must remove the hash (#). The parameter “write_enable=YES” (without quotation marks) will allow changes to the filesystem, such as uploading.
After making the change restart vsftpd:
sudo /etc/init.d/vsftpd restart
Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/ftp.
by default, the anonymous users are not allowed to upload files to FTP server. To change this setting, you should uncomment the following line, and restart vsftpd:
anon_upload_enable=YES
User Authenticated FTP Configuration
To configure vsftpd to authenticate system users and allow them to upload files edit /etc/vsftpd.conf:
local_enable=YES
write_enable=YES
write_enable=YES
Now restart vsftpd:
sudo /etc/init.d/vsftpd restart
Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc.
Securing FTP
There are options in /etc/vsftpd.conf to help make vsftpd more secure. For example users can be limited to their home directories by uncommenting:
chroot_local_user=YES
You can also limit a specific list of users to just their home directories:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
chroot_list_file=/etc/vsftpd.chroot_list
After uncommenting the above options, create a /etc/vsftpd.chroot_list containing a list of users one per line. Then restartvsftpd:
sudo /etc/init.d/vsftpd restart
Also, the /etc/ftpusers file is a list of users that are disallowed FTP access. The default list includes root, daemon, nobody, etc. To disable FTP access for additional users simply add them to the list.
Access the FTP server through browser
You can reach an FTP server in the browser by typing the domain name into the address bar and logging in with the appropriate ID. Keep in mind, you will only be able to access the user’s home directory.before that, the biggest change you need to make is to switch the Anonymous_enable from YES to NO:
anonymous_enable=NO
if we fail to make this changes, then ftp can reach public directory alone. i.e.,can login as anonymous user only.
ftp://example.com or ftp:// 192.168.3.195
Leave a Comment