Setting up Secure Anonymous FTP

Setting up Secure Anonymous FTP

Anonymous FTP refers to the use of the user name anonymous, which anyone can use with FTP to transfer files from a system. Anonymous FTP is a common way to share files on the Internet.

If you have used anonymous FTP to download files from Internet sites, you already know the convenience of that service. Anonymous FTP makes information available to anyone on the Internet. If you have a new Linux application that you want to share with the world, set up anonymous FTP on your Linux PC, and place the software in an appropriate directory. After that, all you need to do is announce to the world (probably through a posting in the comp.os.linux.announce newsgroup) that you have a new program available. Now, anyone can get the software from your system at his or her convenience.

Even if you run a for-profit business, you can use anonymous FTP to support your customers. If you sell a hardware or software product, you may want to provide technical information or software 'fixes' through anonymous FTP.

Unfortunately, the convenience of anonymous FTP comes at a price. If you do not configure the anonymous FTP service properly, intruders and pranksters may gain access to your system. Some intruders may simply use your system's disk as a temporary holding place for various files; others may fill your disk with junk files, effectively making your system inoperable (this sort of attack is called a denial-of-service-DoS-attack). At the other extreme, an intruder may gain user-level (or, worse, root-level) access to your system and do much more damage.


If you have installed Red Hat Linux from this book's companion CD-ROMs, you already have anonymous FTP on your system. The default setup also employs the necessary security precautions.

Trying Anonymous FTP

To see anonymous FTP in action, try accessing your system by using an FTP client. For example, in the following sample session, I have accessed my system from another PC on the LAN (my input appears in boldface):

ftp localhost
Connected to localhost (
220 (vsFTPd 1.1.3)
Name (localhost:naba): anonymous
331 Please specify the password.
Password:       <-- I can type anything as password.
230 Login successful. Have fun.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls -l
227 Entering Passive Mode (127,0,0,1,87,69)
150 Here comes the directory listing.
d--x--x--x    2 0        0            4096 Jan 19 19:31 bin
d--x--x--x    2 0        0            4096 Jan 19 19:31 etc
drwxr-xr-x    2 0        0            4096 Jan 19 19:31 lib
drwxr-sr-x    2 0        50           4096 Dec 13 16:13 pub
226 Directory send OK.
ftp> bye
221 Goodbye.

When you successfully log in for anonymous FTP, you access the home directory of the user named ftp (the default directory is /var/ftp). Place the publicly accessible files-the ones you want to enable others to download from your system-in the /var/ftp/pub directory.