The File Transfer Protocol (FTP) provides users with a simple way to transfer files to
and from an FTP server.
FreeBSD includes FTP
server software, ftpd, in the base system. This makes setting
up and administering an FTP server on FreeBSD very straightforward.
The most important configuration step is deciding which accounts will be allowed
access to the FTP server. A normal FreeBSD system has a number of system accounts used
for various daemons, but unknown users should not be allowed to log in with these
accounts. The /etc/ftpusers file is a list of users disallowed
any FTP access. By default, it includes the aforementioned system accounts, but it is
possible to add specific users here that should not be allowed access to FTP.
You may want to restrict the access of some users without preventing them completely
from using FTP. This can be accomplished with the /etc/ftpchroot file. This file lists users and groups subject to
FTP access restrictions. The ftpchroot(5) manual
page has all of the details so it will not be described in detail here.
If you would like to enable anonymous FTP access to your server, then you must create
a user named ftp on your FreeBSD system. Users will then be
able to log on to your FTP server with a username of ftp or anonymous and with any password (by convention an email address for
the user should be used as the password). The FTP server will call chroot(2) when an
anonymous user logs in, to restrict access to only the home directory of the ftp user.
There are two text files that specify welcome messages to be displayed to FTP clients.
The contents of the file /etc/ftpwelcome will be displayed to
users before they reach the login prompt. After a successful login, the contents of the
file /etc/ftpmotd will be displayed. Note that the path to this
file is relative to the login environment, so the file ~ftp/etc/ftpmotd would be displayed for anonymous users.
Once the FTP server has been configured properly, it must be enabled in /etc/inetd.conf. All that is required here is to remove the comment
symbol “#” from in front of the existing ftpd line
:
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
As explained in Example 27-1,
the inetd configuration must be reloaded after this
configuration file is changed.
You can now log on to your FTP server by typing:
% ftp localhost
The ftpd daemon uses syslog(3) to log
messages. By default, the system log daemon will put messages related to FTP in the /var/log/xferlog file. The location of the FTP log can be modified
by changing the following line in /etc/syslog.conf:
ftp.info /var/log/xferlog
Be aware of the potential problems involved with running an anonymous FTP server. In
particular, you should think twice about allowing anonymous users to upload files. You
may find that your FTP site becomes a forum for the trade of unlicensed commercial
software or worse. If you do need to allow anonymous FTP uploads, then you should set up
the permissions so that these files can not be read by other anonymous users until they
have been reviewed.