How to setup vsFTP
System: Fedora Core 5, with all updates.
vsFTP version: 2.0.4, but at the time of writing this, the latest version is 2.0.5
Scenario: Config to allow BOTH real account and anonymous account come in.
Concept: My through is: if we allow both real and anonymous account come in, first anonymouse_enable=YES and local_enable=YES, write_enable=YES also.
For security reason, chroot_list shoule be YES and add a chroot_list file also.
For the same reason, user_list should be YES and add a user_list file also.
Here comes to the hard part:
- Assume that the default ftp folder is /var/ftp, inside this folder there is a folder call pub
- Assume also that there is another folder called /home/myFTP, which is a home folder for user: myFTP.
BY DEFAULT, /home/myFTP can only be accessed by myFTP only. i.e. file user and group are both: myFTP
If I want to access /home/myFTP through FTP, first mount the folder:
mount --bind /home/myFTP /var/ftp/pub
The above command means: when I accessd /var/ftp/pub, I will get file content of /home/myFTP
After establishing the 'bridge' between 2 folders, we have to set file permission.
When myFTP login to this FTP server, this user can access, modify, create new and delete old folder. No problem here.
When anonymous login to this FTP server, he may or may not see the pub folder inside /var/ftp as /var/ftp did not assign rights for 'other' to enter this folder.
Recall from the basic of Linux, if we want a user to access certain folder, he/she should own the 'x' permission. In other words, /var/ftp/pub must have 'x' rights for others. The command to do it is:
chmod o+rx /var/ftp/pub
The above command will make pub folder to be accessed by EVERYBODY. However, they can only read files, but no create new, modify and delete is allowed.
By the way, if you did the above but after you download a file and you cannot see it, and if you are 100% sure that it can be read in FTP server, the reason is that the file permission of THIS FILE is still not see. You can either chmod it, or assign read 'r' permission to this file for 'other'.
Hope it helps. And below is my config file for vsftpd:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
vsFTP version: 2.0.4, but at the time of writing this, the latest version is 2.0.5
Scenario: Config to allow BOTH real account and anonymous account come in.
Concept: My through is: if we allow both real and anonymous account come in, first anonymouse_enable=YES and local_enable=YES, write_enable=YES also.
For security reason, chroot_list shoule be YES and add a chroot_list file also.
For the same reason, user_list should be YES and add a user_list file also.
Here comes to the hard part:
- Assume that the default ftp folder is /var/ftp, inside this folder there is a folder call pub
- Assume also that there is another folder called /home/myFTP, which is a home folder for user: myFTP.
BY DEFAULT, /home/myFTP can only be accessed by myFTP only. i.e. file user and group are both: myFTP
If I want to access /home/myFTP through FTP, first mount the folder:
mount --bind /home/myFTP /var/ftp/pub
The above command means: when I accessd /var/ftp/pub, I will get file content of /home/myFTP
After establishing the 'bridge' between 2 folders, we have to set file permission.
When myFTP login to this FTP server, this user can access, modify, create new and delete old folder. No problem here.
When anonymous login to this FTP server, he may or may not see the pub folder inside /var/ftp as /var/ftp did not assign rights for 'other' to enter this folder.
Recall from the basic of Linux, if we want a user to access certain folder, he/she should own the 'x' permission. In other words, /var/ftp/pub must have 'x' rights for others. The command to do it is:
chmod o+rx /var/ftp/pub
The above command will make pub folder to be accessed by EVERYBODY. However, they can only read files, but no create new, modify and delete is allowed.
By the way, if you did the above but after you download a file and you cannot see it, and if you are 100% sure that it can be read in FTP server, the reason is that the file permission of THIS FILE is still not see. You can either chmod it, or assign read 'r' permission to this file for 'other'.
Hope it helps. And below is my config file for vsftpd:
anonymous_enable=YES
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
Comments