12.1 Running an FTP Server

An FTP server lets you transfer files from one system to another via a network. When two computers are connected to the Internet, you can use FTP to transfer files from one to the other even though the computers are not directly connected.

An FTP server attempts to authenticate users that ask to use it. You can configure your FTP server to accept requests only from users who have an account on the system running the FTP server, or you can configure it to accept requests from anyone, via a facility known as anonymous FTP.

FTP carries significant risk. FTP sends login passwords over the network as clear text. Anyone using a packet sniffer can discover passwords entered during an FTP session and use them to breach security. A more secure alternative is the Secure Shell (SSH) scp utility, described later in this chapter. However, servers providing public access to downloadable files must use FTP rather than SSH.

12.1.1 Installing and Starting the FTP Server

To install the FTP Server package group, use the Package Management Tool. After installing the package group, you must tell xinetd to respond to FTP clients. To do so, use the Service Settings Tool to associate the xinetd and vsftpd services with the current runlevel. Also, restart xinetd so that it's aware that it knows to respond to requests for the vsftpd service.

12.1.2 Testing the FTP Server

To test your FTP server, start an FTP client by issuing the following command:

ftp localhost

The FTP server should prompt you for a login user account name and password. To log in anonymously, specify the username anonymous and use an email address, such as user@example.com, as the password. If you correctly supply the username and password, you should see the FTP prompt that lets you know the FTP server is ready to execute FTP subsystem commands. Type quit and press Enter to exit the FTP client.

By default, FTP does not allow the root user to log in. You could modify this behavior, but doing so could compromise system security because FTP sends passwords across the network in an insecure manner.

Once your FTP server is working, try contacting it from a remote system. If you have a Windows machine, you can contact your server by using the built-in Windows FTP client that works similarly to the Linux FTP client, interpreting the same FTP subsystem commands. Open an MS-DOS Prompt window and type the command:

ftp  server 

where server specifies the hostname or IP address of your Linux server. Generally, once the FTP subsystem prompt is available, you should immediately issue the binary (or bin) command. This command specifies that files will be transferred verbatim; without it, executable files, documents, and other files that contain binary data will be scrambled when transferred. Generally, transferring text files and other non-binary files in binary mode will not damage them.

If your FTP server fails to respond, check your host firewall configuration. The firewall may be blocking FTP traffic. See Section 12.5.

When you're ready to actually transfer some files, use the FTP commands described in Table 12-1. Here's a typical FTP session that you can use as a model:

# ftp localhost
Connected to
220 ready, dude (vsFTPd 1.1.0: beat me, break me)
Name (localhost:root): billmccarty
331 Please specify the password.
230 Login successful. Have fun.
ftp> bin
200 Binary it is, then.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r--    1 500      500            33 Jan 04 17:06 file-for-download.txt
226 Directory send OK.
ftp: 79 bytes received in 0.00Seconds 79000.00Kbytes/sec.
ftp> get 3c90x-1.0.0e.tar.gz
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for file-for-download.txt (33 bytes).
226 File send OK.
ftp: 33 bytes received in 0.00Seconds 33000.00Kbytes/sec.
ftp> quit
221 Goodbye.

Table 12-1. Important FTP commands




Invokes a shell on the local system. For example, to obtain a listing of the current directory on the local system, issue the !ls command for a Unix system, or !dir for a Microsoft system.


Specifies that files will be transferred in ASCII mode.



Specifies that files will be transferred in binary mode, which performs no translation.

cd directory

Changes to the specified directory of the remote system.

delete file

Deletes the specified file from the remote system.


Displays the contents of the current directory of the remote system.

get file

Retrieves the specified file from the remote system.


Prints a series of hash marks (#) during file transfer (upload or download).


Displays command help information.

lcd directory

Changes to the specified directory of the local system.

mkdir directory

Creates the specified directory on the remote system.

put file

Stores the specified local file on the remote system.


Displays the current working directory on the remote system.


Exits the FTP session and returns you to the shell prompt.

rmdir directory

Removes the specified directory from the remote system.


Shows the status of the FTP session.

12.1.3 Securing Your FTP Server

If your computer is connected to the Internet or another potentially hostile network, you should revise the FTP configuration to improve security. Two measures are generally recommended.

First, if you don't need to provide FTP to anonymous users, disable anonymous FTP. To do so, edit the file /etc/vsftpd.conf, replacing the line:


with the line:


Second, if your users only download files, never upload them, you should disable FTP writes. To do so, edit the file /etc/vsftpd.conf, replacing the line:


with the line:


The vsftpd FTP server does not allow anonymous users to upload files. If you require this capability, you can remove vsftpd and replace it with the Washington University FTP server, contained in the package wu-ftpd. However, permitting anonymous users to upload files may make you site more vulnerable to attack.