How to Install and Configure vsftpd for Anonymous and Local User FTP Access on Linux

FTP Overview

File Transfer Protocol (FTP) is a standard application‑layer protocol that uses a client‑server model to transfer files between a server and a client over TCP. It supports two transfer modes—active and passive—each determining how data connections are established.

Active Mode

The client opens a random high‑numbered port N (>1024) and connects to the server’s command port 21. It then tells the server to connect back to the client’s port N+1 for data transfer.

Passive Mode

The client connects to the server’s command port 21 and requests passive mode (PASV). The server opens a random high‑numbered port P (>1024) and tells the client to connect to that port for data transfer.

Installing vsftpd

# yum install vsftpd

# ls /etc/vsftpd/vsftpd.conf   # default main config file

# ls /var/ftp/                # default data directory

vsftpd supports three authentication methods: anonymous login, local system user login, and virtual users (the latter is not covered here).

Configuring Anonymous Access and File Operations

# cat /etc/vsftpd/vsftpd.conf

anonymous_enable=YES               # allow anonymous login

anon_root=/var/ftp/pub             # directory for anonymous users

anon_upload_enable=YES             # enable upload for anonymous

anon_mkdir_write_enable=YES       # allow directory creation

anon_other_write_enable=YES        # allow delete/rename

anon_umask=022                     # file permission mask (e.g., 666‑022=644)

local_enable=YES                   # keep existing local settings

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_std_format=YES

listen=NO

listen_ipv6=YES

pam_service_name=vsftpd

userlist_enable=YES

tcp_wrappers=YES

For anonymous uploads, set the directory /var/ftp/pub/upload (or any subfolder) to permission 777 or adjust ownership so the “other” class can write. This enables anonymous users to upload, create, and delete files within that folder.

Configuring Local‑User Authentication

# cat /etc/vsftpd/vsftpd.conf

anonymous_enable=NO                # disable anonymous login

local_enable=YES                  # enable local system accounts

#local_root=/var/ftp/pub/upload   # optional: force all users into a specific directory

write_enable=YES                  # allow upload/download

local_umask=022                  # permission mask for created files/dirs

dirmessage_enable=YES

xferlog_enable=YES

xferlog_std_format=YES

chroot_local_user=YES            # lock users to their home directories

listen=YES

pam_service_name=vsftpd

userlist_enable=YES

userlist_deny=NO                  # treat /etc/vsftpd/user_list as a whitelist

tcp_wrappers=YES

use_localtime=YES

dual_log_enable=YES

allow_writeable_chroot=YES

Typical steps to add a test user:

# useradd -s /sbin/nologin ta

# echo '123456' | passwd --stdin ta

Optional Parameters

chroot_list_enable=YES|NO   # when chroot_local_user=YES, this enables a whitelist; when NO, it acts as a blacklist

#chroot_list_file=/etc/vsftpd/chroot_list   # list of exception users, one per line

These settings complete a functional vsftpd deployment supporting both anonymous and authenticated FTP access.