FTP servers are commonly known to facilitate file transfers between clients and servers. Typically, ftp servers offer two types of access levels: Authenticated and Anonymous. The first method (Authenticated) requires a valid username and password in order to access the files and directories. The second method ( Anonymous) being anonymous, we can download files without restrictions. You can download files directly by using the default user "FTP" or "anonymous";
Linux has many FTP packages, but only a few have a good design and provide even the most basic level of security, and vsftpd is among the most secure. This guide will teach you how to configure the VSFTPD server to allow anonymous FTP downloads without any restrictions. As part of this exercise, we'll install an FTP server on Rocky Linux 8.4. However, these instructions can be adapted for RHEL, CentOS, Fedora, Ubuntu, and Debian with a few changes.
Prerequisites:
Operating System : Rocky Linux / RHEL /CentOS /Fedora package : vsftpd.x86_64 User account : root user or user account with sudo privileges Recommended to run all the administrative commands as with sudo privilege instead of root
Difficulties in setting up sudo users? Click here to find the steps.
My Lab Setup:
My lab setup consists of two machines. The server runs on Rocky Linux 8.4, while the client runs on Ubuntu 18.04 LTS.
FTP Server:
Operating System : Rocky Linux release 8.4 (Green Obsidian)
Hostname : ftp01.linuxteck
IP Address : 192.168.1.100
FTP Client: Operating System : Ubuntu 18.04.5 LTS Hostname : john-H81M-WW IP Address : 192.168.1.200 SSH client : An active ftp client like " Terminal for Linux/Mac and Filezilla for Gui"
To set up an FTP server, you need a command-line/Terminal console. This tutorial assumes you have SSH access to the remote server where the FTP server will be installed. If you're having trouble connecting to a remote server through SSH, here's a guide to connecting to a remote server using "10 basic and useful ssh client commands in Linux."
Step1: Install FTP (vsftpd) package
Note:
The command to install a Linux package differs depending on your Linux distribution. To install VSFTPD in Rocky Linux/RHEL/CentOS/Fedora, run the following commands:
All RedHat-based Linux systems are compatible with YUM, DNF, and RPM for managing software packages. Here we go with DNF. In case you face any difficulties using YUM or DNF, follow the links provided below for help.
For Yum - YUM Guide for Beginners with 15 Examples
For DNF - DNF Guide for Beginners with 20 Examples
Note:
Before installing the FTP server, you should update your operating system. Then run the following command to install vsftpd.
$ sudo dnf update
Note:
You will be asked to confirm the installation by choosing "y" or "n." Press "y" to proceed. Installing the package without prompting confirmation can even be done by adding '-y' to the end of the above command. Once it is updated, run the following command to install vsftpd.
$ sudo dnf install vsftpd
Note:
Press 'y' to proceed; after completing the installation, you can verify the package by running the RedHat command "rpm -q packagename>" which will tell you if the package has been properly installed or not. You can also use the "-i" flag to get more details from the package.
Tip:
For Ubuntu/Debian, you need to run the following command:
$ sudo apt-get install vsftpd -y
Note:
Use the following command to 'start' the FTP daemon and 'enable' it to start the service automatically after every reboot of the server and finally check the 'status of the services.
$ sudo systemctl start vsftpd
$ sudo systemctl enable vsftpd
$ sudo systemctl status vsftpd
Step 2: Configuring VSFTPD for Anonymous access
Note:
Our next step will be to configure the FTP server for anonymous downloads. The main configuration file for the FTP service can be located at "/etc/vsftpd/vsftpd.conf". This file can be, customized by editing it correctly. As a general rule, you should keep a copy of your original (default) configuration. When something goes wrong with the new configuration, you can easily return to the default.
Using "cp" you can copy the default configuration file:
$ sudo cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.bak
Note:
The configuration file can be, opened in any text editor. I am using the "vi" editor. You can find several instructions in the config file. Several lines have been commented on, while others have not. Each line contains a hash (#) that identifies it as a comment. By default, the demon ignores those lines (instructions). To enable those instructions in the config file, you need to remove the hash (#) sign.
To set up a working anonymous FTP server (vsftpd), we need to modify and add the following lines in the vsftpd configuration file.
Note:
There are several instructions/parameters in the configuration file. We will begin by applying only the changes we have mentioned in the above screenshot to create an anonymous FTP server. Once you've made the changes to vsftpd.conf, you can save the file. If needed, you can include additional instructions in the file according to your requirements.
$ sudo vi /etc/vsftpd/vsftpd.conf
# Allow anonymous FTP? (Beware - allowed by default if you comment this out). anonymous_enable=YES # # Uncomment this to allow local users to log in. local_enable=NO # # Uncomment this to enable any form of FTP write command. write_enable=NO # Disable anonymous uploads anon_upload_enable=NO #Establish a root folder for anonymous login anon_root=/var/ftp #Turn off password prompts on the command line for Anonymous Users. no_anon_password=YES #Directory listings should only display "ftp" instead of FTP server user IDs hide_ids=YES #Passive FTP ports can be allocated a minimum and maximum range for data connections. pasv_min_port=40000 pasv_max_port=40001
Save and restart the vsftpd service
$ sudo systemctl restart vsftpd
Step 3 : Set up (create) a directory to host files
Note:
In the following section, you will see how to set up a directory and add the necessary permissions on the FTP server to host our files. Follow the steps below to complete this process: Run the following command to create a directory.
$ sudo mkdir -p /var/ftp/pub
Note:
With the '-p' flag, we can create subdirectories within the parent directory. By default, the '-p' flag creates a parent directory if it does not already exist, and then it creates all the sub-directories in a specified directory structure. Use the following command to set permissions in the /var/ftp/pub directory.
$ sudo chown nobody: /var/ftp/pub
Note:
Now that directory ownership has been changed to 'nobody' to fit within minimal privileges. We can now create a file in the directory that will be available for testing by the client.
$ echo "ftp_test_File" | sudo tee -a /var/ftp/pub/ftptest.txt
Step 4: Enable firewall services
Note:
You need to add rules to the firewall to allow ports 20-21 for FTP data and ports 40000-40001 for vsftpd passive communication by using the following firewalld command. If you have difficulties configuring firewalls, click here to learn the steps for how to configure firewall-cmd commands in Linux.
$ sudo firewall-cmd --permanent --add-port=20-21/tcp
$ sudo firewall-cmd --permanent --add-port=40000-40001/tcp
$ sudo firewall-cmd --reload
Note:
Finally, we must restart the vsftpd service and check its status before performing tests.
$ sudo systemctl restart vsftpd
$ sudo systemctl status vsftpd
Step 5: Test Anonymous Access with FTP client (FileZilla) & Command-Line
Note:
The following methods will be used for testing: a third-party FTP tool and a command-line interface. Depending on your Linux distribution, you can use the appropriate command to install FileZilla. For our testing environment, I will install FileZilla on Ubuntu with the following command:
$ sudo apt-get install filezilla
Note:
After you have successfully installed FileZilla, you should open it, enter the IP address of the FTP server and the username as 'ftp/anonymous' and then click on quick connect to the FTP server. You can now see the "pub" directory on the FTP server, as shown in the following screenshot.
Note:
We can now open the pub directory and check out our ftptest.txt file. To download the file, right-click on the file and choose to download it to your local drive.
Note:
Now try to upload and test.
Note:
In the above screenshot, you can see that the FTP server declined the anonymous upload. The server is only set up to deliver downloads to anonymous users, not uploads.
We'll now look at the traditional way of accessing the server with a command-line interface and downloading/uploading files. To see the FTP daemon response, let's connect to our FTP host. Sometimes when you execute the ftp command for the first time, an error may occur like "bash: /usr/bin/ftp: No such file or directory"; This means that the FTP client package is not installed by default. Using the following command, you can install it easily. Depending on your Linux distribution, you may have to modify the command. We are testing on Ubuntu 18.4.
$ sudo apt install ftp
Note:
The following command will connect you to the server. When prompted for a user name, type either "ftp" or "anonymous" and hit the enter key from the keyboard.
$ ftp 192.168.1.100
Output:
Note:
To test passive mode, we must be sure that all client commands are being sent to the server correctly, such as "ls" and "get."
ftp> ls
Output:
Note:
We will also try to download the dummy file "ftptest.txt" locally. Start by navigating to the pub directory with the "cd" command and then use the "get" command to download the file.
ftp> cd pub
Output: 250 Directory successfully changed.
ftp> ls
Output: 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. -rw-r--r-- 1 ftp ftp 14 Nov 02 19:32 ftptest.txt 226 Directory send OK.
ftp> get ftptest.txt
Output: local: ftptest.txt remote: ftptest.txt 200 PORT command successful. Consider using PASV. 150 Opening BINARY mode data connection for ftptest.txt (14 bytes). 226 Transfer complete. 14 bytes received in 0.02 secs (0.6092 kB/s)
Note:
As you can see from the output, the download was successful, and the file was downloaded to your computer. Similarly, we will use the "put" command to upload a file from your local system to the FTP server.
Ensure you should only use the pub directory.
ftp> put sampletest.txt
Output: local: sampletest.txt remote: sampletest.txt 200 PORT command successful. Consider using PASV. 550 Permission denied.
Note:
The test results have been excellent. It has been verified that this Anonymous FTP server is configured solely for downloading files and not for uploading. Now you can leave FTP mode by typing the "bye" or "exit" command.
ftp> bye
Output: 221 Goodbye.
Note:
As a final step, we will attempt to connect to the anonymous FTP server with a local user and see if we can log in or not and what error the server reports back. The username I intend to use is "linuxteck";
$ ftp 192.168.1.100
Output: Connected to 192.168.1.100. 220 Welcome to LinuxTeck FTP service. Name (192.168.1.100:john): linuxteck 530 This FTP server is anonymous only. Login failed. ftp>
There is no doubt that the FTP server is configured only for anonymous users to download the files.
Note:
The following table shows the default parameters in vsftpd.conf by default. You can either leave them as they are or customize them according to your needs. In our example, nothing has changed.
Default parameters in vsftpd.conf : local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES listen=NO listen_ipv6=YES userlist_enable=YES
Conclusion:
We have successfully configured an anonymous FTP server (vsftpd) to download files in Rocky Linux 8.4. Thank you for taking the time to read! We hope this article has helped you understand how it works. Drop me your feedback/comments. Feel free to share this article with others if you like it.
Also, click here to learn how to configure an FTP server for local users with authentication and permission-based access.
Thank you!