Using FTP

FTP is one of the quickest ways to move files between computers, some of you might have already used it to transfer files with your browser. I will point out that if you are the only person moving files around ask yourself "Do I really need FTP?". This is because FTP is not a secure method of transfer and your user/pass is sent to the server in "plain text" (i.e. it is not encrypted). A better method for transfering files is to use sftp or scp, both of which are a part of SSH.

However, if you are managing serveral users, or if you wish to provide an anonymous download for your userbase, then FTP is by far the best method.

There is a lot of choice for FTP servers out there, as with most things, each has their own positives and negatives. I am going to choose vsftpd for two reasons: it is an very secure (in the sense of someone breaking the server) ftpd, it is a very easy server to setup and run.

Here is an example vsftpd.conf, you can uncomment one of the three sections below to set the server up in distinct manners:

##### Only allow LOCAL users, no ANONymous.
## !!! RECONSIDER SFTP/SCP FAR BETTER !!!
#local_enable=YES
#write_enable=YES
#anonymous_enable=NO
#nopriv_user=ftp
#chroot_local_user=YES

##### Only ANONymous.
local_enable=NO
write_enable=NO
anonymous_enable=YES
anon_upload_enable=NO
anon_mkdir_write_enable=NO
chown_uploads=NO

##### ANONymous downloads - LOCAL uploads
## !!! ONCE MORE RECONSIDER SFTP/SCP !!!
#local_enable=YES
#write_enable=YES
#anon_upload_enable=NO
#anon_mkdir_write_enable=NO
#chown_uploads=NO
#chroot_local_user=YES
#nopriv_user=ftp

##### Don't comment these out, you can fiddle with the options though
data_connection_timeout=120
idle_session_timeout=600
dirmessage_enable=YES
ascii_upload_enable=NO
ascii_download_enable=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd/vsftpd.log
chroot_list_enable=NO
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
ftpd_banner=---[[[ ZNXifed vsftpd ]]]---
background=YES
listen=YES
ls_recurse_enable=NO

Now you need to prepare a user for the ftpd to run as.

# adduser ftp

Now this user is only for running a service, it is not meant as a login. Therefore we should ensure that is it cannot be used as such.

# passwd -l ftp
# chsh -s /bin/nologin

If you don't have /bin/nologin then use /bin/false in its place. The first line "locks" the password out, meaning that the password could never be guessed, the second edits the shell so that the nologin binary will refuse entry. This will be enough to secure the user.

That's it, we now have a server that can allow anonymous downloads. Obviously if you wish to enable uploads (as user or as anonymous) you will be leaving a large security issue please think long about this. SFTP and SCP are better replacements, check out FileZilla or WinSCP.