An Ultimate Guide to Setting Up FTP Server to Allow Anonymous Logins

Read Time: 7 minsCategories LFCS, Linux Certifications 14 Comments

Configuring the FTP Server in Linux

At any point, you can refer to man vsftpd.conf for further configuration options. We will set the most common options and mention their purpose in this guide.

As with any other configuration file, it is important to make a backup copy of the original before making changes:

# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.orig

Then open /etc/vsftpd/vsftpd.conf (the main configuration file) and edit the following options as indicated:

1. Make sure you allow anonymous access to the server (we will use the /storage/ftp directory for this example – that’s where we will store documents for anonymous users to access) without password:

anonymous_enable=YES
no_anon_password=YES
anon_root=/storage/ftp/

If you omit the last setting, the ftp directory will default to /var/ftp (the home directory of the dedicated ftp user that was created during installation).

2. To enable read-only access (thus disabling file uploads to the server), set the following variable to NO:

write_enable=NO

Important: Only use steps #3 and #4 if you choose to disable the anonymous logins.

3. Likewise, you may want to also allow local users to login with their system credentials to the FTP server. Later on this article we will show you how to restrict them to their respective home directories to store and retrieve files using FTP:

local_enable=YES

If SELinux is in enforcing mode, you will also need to set the ftp_home_dir flag to on so that FTP is allowed to write and read files to and from their home directories:

# getsebool ftp_home_dir

If not, you can enable it permanently with:

# setsebool -P ftp_home_dir 1

The expected output is shown below:

SELinux - Enable FTP on Home Directories
SELinux – Enable FTP on Home Directories

4. In order to restrict authenticated system users to their home directories, we will use:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

With the above chroot settings and an empty /etc/vsftpd/chroot_list file (which YOU need to create), you will restrict ALL system users to their home directories.

Important: Please note this still requires that you ensure that none of them has write permissions to the top directory.

If you want to allow a specific user (or more) outside their home directories, insert the usernames in /etc/vsftpd/chroot_list, one per line.

Pages: 1 2 3 4

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Previous article:

How to Change Default Apache ‘DocumentRoot’ Directory in Linux

Next article:

Deal: Leap Into Python Mastery With This $39 Training Course
Photo of author
Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

Related Posts

14 Comments

Leave a Reply

  1. Hi, is FTP still part of the LFCS in 2020? Can’t see it in the Service Configuration exam topics.

    Anyway, great article.

    Reply

  2. Hello, Just concerned a little if configuring NFS, FTP and DNS servers are going to be a part of the exam. Please confirm so that I would start re-doing or practicing the methods thoroughly.

    Reply

  3. Hi Gabriel,

    first of all thank you for such a comprehensive manuals – they are just great.

    I think I found a little typo:
    pasv_max_port=15000
    pasv_min_port=15500

    It should be in reversed order – max 15500 and min 15000.

    Reply

    • @Jalal,
      The pound sign, as used here, is a write-up convention to indicate that’s a command that should be typed in the terminal.
      If you mean this specific command does not need to be run as root, you’re right.
      @Ravi
      Please confirm.

      Reply

      • @Jalal,

        Like @Gabriel, said the signs are used for command indication only and you’re absolutely right, the pound sign is not necessary to have when using with ftp commands.

        Reply

      • What I understand from Jalal’s comment, is that the get command is written inside the ftp console, so the pound sign cannot be there. Instead it should be “ftp> get vsftpd.conf.pdf”.

        Correct me if I’m mistaken.

        Reply

        • I believe you’re right. Having the pound sign there may lead to confusion, as it is not actually a Linux command but a FTP one. Perhaps a clarification at the proper place in this article should do the trick.

          Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.