VSFTPD – FTP anonymous access – old

  • install vstpd server

apt-get install vsftpd

  • go to /etc/vsftpd.conf file and edit it(keep old default settings besides these below!!!)

 

– set logging file

xferlog_file=/var/log/vsftpd/vsftpd.log

  • enable logging transfers stats

xferlog_enable=YES

  •  set iddle session timout to 300 secs

idle_session_timeout=300

  •  set banner

ftpd_banner=Welcome to danpol.net FTP Server

  • enable anonymous ftp

anonymous_enable=YES

 

  • set max clients(total) and per ip

max_clients=30

max_per_ip=6

 

  • restart vsftpd server

/etc/init.d/vsftpd restart

————- now you have working ftp anonymous server(Read-only) —————–

———– working dir is /srv/ftp ————-

 

Anonymous FTP with write access

  • create dir “pub”  under /srv/ftp(default location) or dir specified by option “anon_root” with 755 permission and ftp:ftp chown

set umask for anon dirs

 anon_umask=0022

226 Transfer done (but failed to open directory) – typical mistake when vsftpd creates 700 directory

  • enable(uncomment) write access

write_enable=YES

it is necessary to allow write data on ftp server. Ftp user has to have write permission on parent directory.

  • allow to upload files

anon_upload_enable=YES

  • allow to create dirs by anonymous users

anon_mkdir_write_enable=YES

  • allow anon users different operation than create dir or upload date,e.g. delete or rename

 anon_other_write_enable=YES

  • change anonymously uploaded files owner to “chown_username”

chown_uploads=YES

chown_username=ftp

User "ftp" can be different but has to exist in system.DO NOT USE "root" or any powerfull account.!!!Set shell to false

 

  •  delete failed uploaded files

delete_failed_uploads=YES

  • disable password for anonymous user(user will no be asked for password)

 no_anon_password=YES

 

  • set dir for anon data  to different dir,e.g. /home/ftp

 anon_root=/home/ftp

  • set max transfer rate for anonymous clients in b/s (bytes/secs)

anon_max_rate=500000

 500 KB/s (kilobytes per secs)

 

  • hide ftp server user ID,always ftp will be used

hide_ids=YES

 

Helpfull command:

  • for firewall configuration where FTP inspection is not working.It will limit range of ports for passive mode

  pasv_min_port=59000  and pasv_max_port=60000

 

  • allow old ftp client to cancel in-progress transfers

async_abor_enable=YES

 

 

 dzbanek 2012-11-21