FTP or File Transfer Protocol is a mechanism that allows file transfer between a client and a server in a TCP/IP network. It's one of the well known transfer protocols that exists in today's networks so most applications and websites use FTP. When a client connects to a server, it will use port 21 (FTP control command). For each transfer request, a new connection will be created on port 20 (FTP data transfer). The communication can be made in two ways:
- Active - the client opens the port and sends the connection parameters. The Server will then try to connect to the client using the specified config.
- Passive - the server opens up the port and sends the communication configuration to the client. The client will then establish a connection with the server.
The file transfer is made between two entities:
- FTP Server - an application which implements FTP and allows controlled access to its file system. The authentication can be done either anonymous or by using a combination of username and password. We will see that there are multiple ways of authenticating to a FTP server.
- FTP Clients - an application which connects to the FTP Server and executes commands. With a FTP client you can download/upload files and assign/modify permissions on the files. Note that you will need access to a resource before you can interact with it.
In today's article we'll install and configure Pureftpd, one of the well known FTP servers available on Linux distributions. This application offers several features that can be implemented on your FTP server:
- supports both SSL and TLS
- authentication can be done using several back-end technologies - LDAP, MYSQL, local files, etc.
- supports virtual servers and chroot (place users in their own directory)
- limit the number of bandwidth for download/upload and limit the number of connections
There may be other features but these came to my mind at this point.
Execute rpm -ivh pure-ftpd-1.0.30-1.el6.x86_64 within the packet's location to install the FTP server:
Change the working location to your FTP server directory by typing cd /etc/pure-ftpd. Open pure-ftpd.conf using vim (the configuration file for the FTP server) because we'll need to add several options to the configuration file.:
DontResolve yes - will consume less bandwidth by not resolving host names
VerboseLog yes - detailed logging
Daemonize yes - starts the FTP server in background
CreateHomeDir yes - automatically creates home directories for users if there aren't any
UnixAuthentication yes - allows authentication using local System user accounts
LimitRecursion 5000 10 - maximum files to be displayed and maximum subdirectories depth
ProhibitDotFilesWrite yes - clients are not allowed to write dot files
ProhibitDotFilesRead yes - clients are not allowed to read dot files
DisplayDotFiles no - does not display dot files
Umask 133:022 - permission mask for new created files
MaxIdleTime 15 - idle time before a connection is closed
MaxClientsNumber 50 - maximum clients that can access files at the same time
MaxClientsPerIP 8 - maximum clients that can connect from one IP address
MaxDiskUsage 70 - maximum Disk usage of the FTP server
ChrootEveryone - cages users in their home directory
AnonymousOnly no - does not allow authenticated users
NoAnonymous yes - disable anonymous authentication
AnonumousCanCreateDirs no - does not allow folder creation by anonymous users
AnonumousCantUpload yes - anonymous users cannot upload files
Save the configuration file and try adding a local user account using useradd command and then set a custom password for this account using passwd:
Start the service by typing /etc/init.d/pure-ftpd start
Now you should be able to connect using a browser to your ftp server with the newly created username. The home directory of the user will be created automatically. I've also added a sample folder just to see if the settings were correctly configured:
That's it for this article folks, we'll discuss more about FTP server in a future article. Hope you've enjoyed it, wish you a great day!