40.6. Setting Up Anonymous FTP
In its default configuration, ProFTPD will generally allow all UNIX users to log in with their normal passwords and access all files on the system with the same permissions that they would have if logged in via telnet or SSH. Some packages also have anonymous FTP enabled for the default server as well, so that anyone can connect as the anonymous user and view files in a specific directory. To set up anonymous FTP for a new virtual server, configure what clients can do, and determine which directories they can access, follow these steps:
1. | On the module's main page, click on the icon for the default or virtual server for which you want to configure anonymous FTP. |
2. | On the virtual server options page, click on the Anonymous FTP icon. If this is the first time that it has been setup for this server, a small form will appear for entering anonymous FTP settings. |
3. | |
4. | In the Access files as user option, select the second radio button and enter the name of an unprivileged UNIX user such as ftp or nobody. Clients will not only be restricted to the chosen directory, but will also be only able to access files with the permissions of that UNIX user. Naturally, you should make sure that it can actually read and list the directory and files that it contains. This user must not be in ProFTPD's denied list, or have an invalid shell. See Section 40.8 “Limiting Who Can Log In” for more information on editing this list and allowing users with any shell. |
5. | If you are happy for clients to use the group permissions of the user set in the previous field, leave the Access files as group field set to Default. Otherwise, select the second radio button and enter a group name into its field. |
6. | Hit the Create button to set up the initial anonymous FTP configuration. Assuming it is successful, the browser will be redirected to the anonymous FTP options page on which are icons for the various categories of configurable options that relate to anonymous FTP connections. |
7. | Click the Save button to return to the anonymous FTP options page. Click on Authentication and in the Username aliases table enter anonymous under Login username, and the name of the user that you chose in Step 4 under Real username. This tells ProFTPD that clients logging in as anonymous should be given the permissions of that user. |
8. | In the FTP commands field, enter WRITE and hit the Create button to start the process of defining options that apply to FTP commands that modify data on the server. You will be taken to the per command-options page. |
9. | Click on the Access Control icon, and select Deny all clients in the Access control policy field. This tells ProFTPD to block attempts by anonymous clients to upload, delete, or rename files. |
10. | Click the Save button. |
11. | Return to the module's main page, and hit Apply Changes. To make sure that everything is working, try logging into the virtual server as the anonymous user and downloading some files. |
If you are using your system to host multiple web and FTP sites for different customers, each can be given his own virtual anonymous server to make files available to people via FTP. Browsers assume that ftp:// URLs require an anonymous login and most don't deal well with FTP servers that require authentication.