FTP Server HOWTO

From openSUSE

Selecting an FTP Server from openSUSE

OpenSUSE comes with following FTP servers. Users can install any one based on their needs:

• pure-ftpd
• vsftpd
• ftpd (from krb5-apps-servers package)

pure-ftpd

Attributes

• prepared for usage as standalone ftp server
• prepared for usage with xinetd
• many features like PAM support, IPv6, chroot()ed home directories, virtual domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded ports for passive downloads, upload and download ratios, Apache log files, and more

Configuration Files

• /etc/pam.d/pure-ftpd
• /etc/pure-ftpd/pure-ftpd.conf
• /etc/xinetd.d/pure-ftpd

vsftpd

Quick Setup

• Install vsftpd using YaST software management
• Enable vsftpd in xinetd. This can be done manually by editing /etc/xinetd.d/ and changing disabled = yes to disabled = no, or by using the following command

chkconfig vsftpd on

• Start xinetd if its not running already.

/etc/init.d/xinetd start

• Make sure that xinetd is started automatically at boot time

chkconfig xinetd on

• Check that FTP server is working fine. By default only anonymous login is allowed. Data in /srv/ftp/ is made publicly available.
• If neccessary, adapt firewall settings. With SuSEfirewall2 add ftp to FW_SERVICES_EXT_TCP, e. g. (with SSH reachable from the internet, too)

FW_SERVICES_EXT_TCP="ftp ssh"

• and if you need passive ftp or nat, change also resp.

FW_LOAD_MODULES="ip_conntrack_ftp ip_nat_ftp"

• If the above is not allowing passive FTP, you may want to change (Note, the explanation in the file states that this variable is deprecated and to be removed; but for the time being it does the trick).

 FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes"

Quick Configuration

To configure vsftpd edit /etc/vsftpd.conf.

• To enable writing of file on server, uncomment

write_enable=YES

• To allow local system users to log in, uncomment

local_enable=YES

• By default, a user can not look outside his/her home directory. To disable this, uncomment

chroot_local_user=NO

• To disable anonymous login

anonymous_enable=NO

Attributes

• prepared for usage with xinetd
• codebase was written with security in mind
• small and lightweight

Configuration Files

• /etc/logrotate.d/vsftpd
• /etc/pam.d/vsftpd
• /etc/vsftpd.conf
• /etc/vsftpd.chroot_list

This file describes the names of the users that have access to the whole system tree. To all other users their home directory will be showed as root directory (chroot).

• /etc/shells

Before admitting a local user to login, the system defaults to check if it has a valid user shell. In case PAM authentication is not available.

• /etc/ftpusers

This file describes the names of the users that may _*NOT*_ log into the system via the FTP server. This usually includes "root", "uucp", "news" and the like, because those users have too much power to be allowed to do "just" FTP.

See also

• Pure-FTP with MySQL Auth