> For the complete documentation index, see [llms.txt](https://taqiyeddine.gitbook.io/exploring-it/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://taqiyeddine.gitbook.io/exploring-it/lpic-2-linux-engineer-202-450/lpic-2-linux-professional/ftp.md).
# FTP
## FTP
### With VSFTPD
* Very Secure File Transfer Protocol Daemon (vsftpd)
* Written by a security researcher (Chris Evans)
* Ubiquitous across the web
Install it:
`sudo apt install vsftpd`
Start it and enable it :
`sudo systemctl enable --now vsftpd`
Allow it through the firewall:
`sudo ufw allow ftp`
It will add port 21 but not 20 because passive mode will take in place
With passive mode : `sudo ufw allow 10000:20000/tcp`
Or if you want to use Active mode than you should allow port 20
`sudo ufw allow 20/tcp`
Default config works, but it is not very secure, and i need to tell it the ports range
`sudo vim /etc/vsftpd.conf`
#### *VSFTPD Configuration*
Restrict listening addresses
Allow anonymous FTP users if you are planning for a public FTP server
```bash
listen_address=192.168.1.5
anonymous_enable=YES
```
By default VSFTPD read only, so users can download but no upload (but only for users ofcourse)
```bash
# Uncomment this to enable any form of FTP write command.
write_enable=YES
```
Enable passive mode :
```bash
pasv_enable=YES
pasv_min_port=10000
pasv_max_port=20000
```
Now, restart the service:
`sudo systemctl restart vsftpd`
Now Users, like linux users can see their datalike their home directory
But if an anonymous user will see the content of `/srv/ftp`
And sure enough, now i can see my files:
FILEZILLA GUI
And f i connect as an anonymous user :thumbsup:
Logging is enabled by default :
```bash
# Activate logging of uploads/downloads.
xferlog_enable=YES
```
`sudo tail /var/log/vsftpd.log`
```bash
Sun Sep 3 12:46:11 2023 [pid 33142] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep 3 12:46:11 2023 [pid 33141] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep 3 12:47:28 2023 [pid 33596] CONNECT: Client "::ffff:192.168.1.100"
Sun Sep 3 12:47:28 2023 [pid 33595] [ftp] OK LOGIN: Client "::ffff:192.168.1.100", anon password "anonymous@example.com"
Sun Sep 3 12:47:28 2023 [pid 33597] [ftp] OK DOWNLOAD: Client "::ffff:192.168.1.100", "/anon_content", 0.00Kbyte/sec
```
#### ***Authenticated users***
Default to their home folder
```bash
chroot_local_user=YES
```
Let’s understand one thing before we jump to something else:
FTPS is on top SSL
SFTP is on top of SSH
***ENABLE TLS***
I have my own certs from Let’s Encrypt i will use it :
This is the default configuration, you should enable SSL from NO to YES
```
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
```
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://taqiyeddine.gitbook.io/exploring-it/lpic-2-linux-engineer-202-450/lpic-2-linux-professional/ftp.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.