Master FTP: Configure, Secure, and Manage File Transfers on Linux
This guide explains the FTP protocol, its ports, active and passive modes, user authentication types, and step‑by‑step Linux server configuration—including local, anonymous, and virtual user setups, permission handling, chroot restrictions, and file upload/download commands.
FTP File Transfer Protocol
FTP (File Transfer Protocol) is a client‑server protocol that supports file upload and download.
FTP uses two TCP ports: 20 for data transfer and 21 for command exchange.Working Modes
Active mode: Client contacts server on port 21, then server opens a data connection to the client on port 20.
Passive mode: Client requests a data port; the server opens a random port and the client connects to it.
Authentication modes supported by FTP:
- Anonymous: no verification required.
- Local users: use Linux system accounts.
- Virtual users: created solely for FTP access.Downloading Files with wget
wget ftp://user1:[email protected]/1.txtLocal Mode Setup
# Restart vsftpd service
systemctl restart vsftpd.service
# Create a user
useradd user1
# Set password for the user (example)
passwd user1
# Client login using lftp
lftp 192.168.5.101
user user1
Password: ******
ls
pwd
# Upload a file
put /etc/passwd
# Download a file
get passwdAnonymous Login
# Enable anonymous login in vsftpd.conf
anonymous_enable=YES
# Connect from client
ftp 192.168.5.101
Name (192.168.5.101:root): anonymous
Password:
Login successful.Anonymous Upload
# Allow anonymous upload in vsftpd.conf
anon_upload_enable=YES
# Change directory permissions (avoid 777 on root)
chmod 777 /var/ftp/pub
# Upload a file
lftp 192.168.5.101:/pub
put passwdAnonymous Delete
# Enable delete permissions in vsftpd.conf
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
# Delete a file
rm passwdChanging Local and Anonymous User Roots
# Add to vsftpd.conf
anon_root=/mnt
local_root=/mnt
# Adjust directory permissions
chmod 777 /mnt/data/Downloading Files from FTP
# Set umask for anonymous uploads
anon_umask=022
# Download a file
lftp 192.168.5.101
cd data/
get passwdRestricting Login to a Specific User
# Enable user list and set deny to NO
userlist_enable=YES
userlist_deny=NO
# Add allowed users to /etc/vsftpd/user_list (e.g., user1)Chroot Restrictions (Prevent/Allow Escaping Root Directory)
# Prevent all users from leaving their FTP root
chroot_local_user=YES
# Allow specific users to escape the chroot
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
# Add user1 to chroot_list to allow escapeConfiguring Virtual Users in vsftpd
# Example virtual user setup
guest_enable=YES
guest_username=vuser666
allow_writeable_chroot=YES
anon_upload_enable=YES
# Create virtual user database
vim /etc/vsftpd/logins.txt # list of usernames and passwords
db_load -T -t hash -f /etc/vsftpd/logins.txt /etc/vsftpd/user.db
# Minimal PAM config for vsftpd
auth required pam_userdb.so db=/etc/vsftpd/user
account required pam_userdb.so db=/etc/vsftpd/user
# Test login
lftp 192.168.6.4
user zhangsan
cd redhat/
put /etc/profileSigned-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.