How to setup Vsftpd for anonymous downloads in Ubuntu
To setup Vsftpd for anonymous downloads in Ubuntu
File Transfer Protocol is a network protocol for transferring files between clients and server. To move files more securely we can use Vsftpd. In this article we will learn how to set up Vsftpd for anonymous downloads in Ubuntu.
To install vsftpd
Run the following command to update the system.
root@linuxhelp1:~# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB]
Ign:2 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 InRelease
Hit:3 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 Release
Get:4 http://download.opensuse.org/repositories/home:/Horst3180/xUbuntu_16.04 Release.gpg [481 B]
Hit:5 http://in.archive.ubuntu.com/ubuntu xenial InRelease
Hit:6 http://in.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:7 http://in.archive.ubuntu.com/ubuntu xenial-backports InRelease
Fetched 94.9 kB in 2s (33.2 kB/s)
Reading package lists... Done
Run the following command to install the vsftpd package.
root@linuxhelp1:~# apt-get install vsftpd -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
vsftpd
0 upgraded, 1 newly installed, 0 to remove and 85 not upgraded.
.
.
.
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up vsftpd (3.0.3-3ubuntu2) ...
Processing triggers for systemd (229-4ubuntu7) ...
Processing triggers for ureadahead (0.100.0-19) ...
Open the firewall for the vsftpd access and check the status of the firewall.
root@linuxhelp1:~# ufw enable
Firewall is active and enabled on system startup
root@linuxhelp1:~# ufw status
Status: active
Run the following command to allow the ftp, ftp-data on the firewall and check the status.
root@linuxhelp1:~# ufw allow ftp-data Rule added Rule added (v6) root@linuxhelp1:~# ufw allow ftp Rule added Rule added (v6) root@linuxhelp1:~# ufw status Status: active To Action From -- ------ ---- 20/tcp ALLOW Anywhere 21/tcp ALLOW Anywhere 20/tcp (v6) ALLOW Anywhere (v6) 21/tcp (v6) ALLOW Anywhere (v6)
Create a directory by running the following command.
root@linuxhelp1:~# mkdir -p /var/ftp/pub
Set the owner and group permission by running the following command.
root@linuxhelp1:~# chown nobody:nogroup /var/ftp/pub
Now Create a test file inside the directory.
root@linuxhelp1:~# echo " Welcome To Vsftpd Test File" | sudo tee /var/ftp/pub/test.txt
Welcome To Vsftpd Test File
To configure the Anonymous access
Run the following command to configuring the anonymous access. Open vsftpd configuration file and make the changes as shown below.
root@linuxhelp1:~# vim /etc/vsftpd.conf
#
# Allow anonymous FTP? (Disabled by default).
anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=NO
#
Then navigate to the bottom of the file and add the following lines into it.
# # Point users at the directory we created earlier. anon_root=/var/ftp/ # # Stop prompting for a password on the command line. no_anon_password=YES # # Show the user and group as ftp:ftp, regardless of the owner. hide_ids=YES # # Limit the range of ports that can be used for passive FTP pasv_min_port=40000 pasv_max_port=50000
Finally restart the vsftpd service by running the following command.
root@linuxhelp1:~# systemctl restart vsftpd
root@linuxhelp1:~# systemctl status vsftpd
? vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service enabled vendor preset: enabled)
Active: active (running) since Tue 2016-09-20 14:50:43 IST 29s ago
Process: 48544 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty (code=exited, status=0/SUCCESS)
Main PID: 48548 (vsftpd)
CGroup: /system.slice/vsftpd.service
??48548 /usr/sbin/vsftpd /etc/vsftpd.conf
Sep 20 14:50:42 linuxhelp1 systemd[1]: Starting vsftpd FTP server...
Sep 20 14:50:43 linuxhelp1 systemd[1]: Started vsftpd FTP server.
Open the browser and navigate to http://< IP_address> /
Click on pub, open test.txt . Then right-click to save the file.
Passive mode allows users to avoid changing local firewall configurations to permit the server and client to connect.
root@linuxhelp1:~# ftp -p 192.168.5.151 When prompted for a username, you can enter either " ftp" or " anonymous" . They’ re equivalent, so we’ ll use the shorter " ftp" : Connected to 192.168.5.151. 220 (vsFTPd 3.0.3) Name (192.168.5.151:root): ftp After pressing enter, you should receive the following: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> Ensure that passive mode is working as expected: ftp> ls 227 Entering Passive Mode (192,168,5,151,175,245). 150 Here comes the directory listing. drwxr-xr-x 2 ftp ftp 4096 Sep 20 14:43 pub 226 Directory send OK.
As the anonymous user, you should be able to transfer the file to your local machine with the get command as shown below.
ftp> cd pub 250 Directory successfully changed. ftp> get test.txt local: test.txt remote: test.txt 227 Entering Passive Mode (192,168,5,151,158,62). 150 Opening BINARY mode data connection for test.txt (28 bytes). 226 Transfer complete. 28 bytes received in 0.01 secs (2.9564 kB/s)
This output shows that the file is downloaded successfully. Now lets check the same file with the anonymous user access by adding the file back on the server, with a new name.
ftp> put test.txt upload.txt
local: test.txt remote: upload.txt
227 Entering Passive Mode (192,168,5,151,187,129).
550 Permission denied.
You might also want to be sure that you cannot connect as a user with a local account, Instead of entering " ftp" or " anonymous" when you' re prompted to log in, try using your sudo user.
root@linuxhelp1:~# ftp -p 192.168.5.151
Connected to 192.168.5.151.
220 (vsFTPd 3.0.3)
Name (192.168.5.151:root): user1
530 This FTP server is anonymous only.
Login failed.
look into hard links, or if you have a modern Linux, see the powerful
"mount --bind".
manual page.