The File Transfer Protocol (FTP) provides users with a simple way to transfer files to and from an FTP server. FreeBSD includes FTP server software, ftpd, in the base system.
FreeBSD provides several configuration files for controlling access to the FTP server. This section summarizes these files. Refer to ftpd(8) for more details about the built-in FTP server.
The most important configuration step is deciding which
accounts will be allowed access to the FTP
server. A FreeBSD system has a number of system accounts which
should not be allowed FTP access. The list
of users disallowed any FTP access can be
found in /etc/ftpusers
. By default, it
includes system accounts. Additional users that should not be
allowed access to FTP can be added.
In some cases it may be desirable to restrict the access
of some users without preventing them completely from using
FTP. This can be accomplished be creating
/etc/ftpchroot
as described in
ftpchroot(5). This file lists users and groups subject
to FTP access restrictions.
To enable anonymous FTP access to the
server, create a user named ftp
on the FreeBSD system. Users
will then be able to log on to the
FTP server with a username of
ftp
or anonymous
. When prompted for
the password, any input will be accepted, but by convention,
an email address should be used as the password. The
FTP server will call chroot(2) when an
anonymous user logs in, to restrict access to only the home
directory of the ftp
user.
There are two text files that can be created to specify
welcome messages to be displayed to FTP
clients. The contents of
/etc/ftpwelcome
will be displayed to
users before they reach the login prompt. After a successful
login, the contents of
/etc/ftpmotd
will be displayed. Note
that the path to this file is relative to the login
environment, so the contents of
~ftp/etc/ftpmotd
would be displayed for
anonymous users.
Once the FTP server has been
configured, set the appropriate variable in
/etc/rc.conf
to start the service during
boot:
ftpd_enable="YES"
To start the service now:
#
service ftpd start
Test the connection to the FTP server by typing:
%
ftp localhost
The ftpd daemon uses
syslog(3) to log messages. By default, the system log
daemon will write messages related to FTP
in /var/log/xferlog
. The location of
the FTP log can be modified by changing the
following line in
/etc/syslog.conf
:
ftp.info /var/log/xferlog
Be aware of the potential problems involved with running an anonymous FTP server. In particular, think twice about allowing anonymous users to upload files. It may turn out that the FTP site becomes a forum for the trade of unlicensed commercial software or worse. If anonymous FTP uploads are required, then verify the permissions so that these files can not be read by other anonymous users until they have been reviewed by an administrator.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <[email protected]>.
Send questions about this document to <[email protected]>.