Linux

Linux FTP Server Setup

In this page we will discuss about how to setup FTP server. The File Transfer Protocol (FTP) is used as one of the most common means of copying files between servers over the Internet. FTP server using the default Very Secure FTP Daemon (VSFTPD)

FTP ports

FTP uses port TCP port 20 for data channel, by using port 20 FTP server transfers data between the client and server.
FTP server uses TCP port 21 for Control Channel, FTP server uses port 21 to send the responses to those command sent by you.

Installing vsftpd

If rpms of FTP server have been installed at time of installation of linux then no need to install. Use command:
[root@localhost~]# rpm -ivh --aid vsftpd-*
To know what RPM installed in my system use command as shown in figure
LINUX FTP rpm
LINUX FTP rpm

Starting or stopping vsftpd service

[root@ server ~]# service vsftpd start
[root@ server ~]# service vsftpd stop
[root@ server ~]# service vsftpd restart
or
[root@ server ~]# /etc/init.d/vsftpd start
[root@ server ~]# /etc/init.d/vsftpd stop
[root@ server ~]# /etc/init.d/vsftpd restart
If you want service remain in effect after rebooting,
use commad
[root@ server ~]# chkconfig vsftpd on
[root@localhost~]# chkconfig vsftpd on

chkconfig command ensure that vsftpd starts automatically on your next reboot. By enabling the vsFTPd service, you can almost instantly have an FTP service running with the default values (set in the /etc/vsftpd/vsftpd.conf file).
Testing the Status of VSFTPD
In order to test vsFTPD is running or not, you can check with the netstat command.
# netstat -a | grep ftp
Start another computer connect to this computer, give the ip address of class C of host id 192.168.0.X e.g. I give ip to my another pc is 192.168.0.6 This is pc become client computer. Now open the web browser of client computer.
Type
ftp://192.168.0.3

What happen? Nothing
Ok stop your firewall And ftp server Type again Definitely you would see like this
LINUX FTP Server running
LINUX FTP running

Properties of file /etc/vsftpd/vsftpd.conf

Now we modify some configuration.
Open the file
/etc/vsftpd/vsftpd.conf file
First field
LINUX FTP anonymous user
LINUX FTP anonymous user

If anonymous_enable =yes
The anonymous_enable line lets users log in anonymously using either the anonymous or ftp user name.
Anonymous access is on by default, so you must set
anonymous_enable=NO to disable it.
Now see what happen
LINUX FTP user login
LINUX FTP user login

Make an user raj
Login in the prompt as shown in above figure
After giving the name raj and password
You may got this screen
LINUX FTP user directory access
LINUX FTP user directory access

By ftp server you can access /var/ftp/pub directory So here we have to change the directory. So open the file /etc/passwd Change the path of home directory As shown in figure below.
LINUX FTP changing user directory
LINUX FTP changing user directory

Now login again
Every time you make the changes in related server, have to restart the service of corresponding server.
Hope you can access the directory of as define in the /etc/passwd
If any user misuse their account you can denied their access
Open the file
/etc/vsftpd/user_list
Make an entry at the last E.g.
I want to deny user raj
LINUX FTP denied permissions list
LINUX FTP denied permissions list

Now check login again You would see
LINUX FTP denied permissions
LINUX FTP denied permissions


Jailing of FTP server

The root directory (chroot) for anonymous users is /var/ftp. The root directory for regular users is the (/), although their current directory after connecting to FTP is /home/user, where user is the user name. So an anonymous user is restricted to downloads from the /var/ftp directory structure, while a regular user potentially has access to the whole file system. You can use the chroot_local_user option to change the root directory for regular users so that they are restricted to their home directory. To restrict all regular users to their home Directory when using vsFTPd, uncomment the line in the vsftpd.conf file:
LINUX FTP chroot list
LINUX FTP chroot list

What can be done with jailing or chroot Consider chroot options are disabled When you access your directory you can go higher directory in this way you can see the all directory structure of server.
LINUX FTP jailing
LINUX FTP jailing

Client can read any file. And this is very vulnerable for server. That’s why we use jailing just enabling jailing or chroot. We can restrict the access of /.

Logging vsFTPd activities

Logging is enabled in vsFTPd by default, and the activities of your vsFTPd site are written to the /var/log/xferlog file. The following options enable logging and change the log file to /var/log/vsftpd.log:
LINUX  Logging vsFTPd activities
LINUX Logging vsFTPd activities

Just uncomment these lines Highlighted in red rectangle You can turn off logging if you like by changing YES to NO. (Note, however, that logging enables you to watch for potential break-ins, so turning it off is not recommended.) Or you can change the location of the log file by changing the value of the xferlog_file option.
Take a look of
/var/log/vsftpd.log
LINUX  FTP /var/log/vsftpd.log
LINUX FTP /var/log/vsftpd.log

It shows client raj's login time, date, client ip address ,access directory and file


Some more options you can try for Linux FTP

Setting timeouts
The following timeouts are set by default in vsFTPd.
idle_session_timeout=600
data_connection_timeout=120
The idle_session_timeout=600 option causes the FTP session to be dropped if the user has been inactive for more than 10 minutes (600 seconds). The data_connection_timeout value sets the amount of time, during which no progress occurs, that the server will wait before dropping the connection (the default here is 120 seconds).

You may decide to limit the amount of users that connect to your server at any time, and how many simultaneous connections can be maintained from each IP address.
max_clients=500
max_per_ip=4
There are lot of things you can try for FTP server.






admin