Enable Anonymous Account for Proftpd Server in RHEL/CentOS 7
Following the last tutorial concerning Proftpd Server in CentOS/RHEL 7, this tutorial will try to extend Proftpd functionality by allowing you to enable Anonymous account logins. Anonymous logins are used to allow users with no accounts on server to access specific directory in system hierarchy, which by default in CentOS/RHEL 7 is /var/ftp directory, without the need for the anonymous user to enter a password.
Once anonymous users are authenticated and logged in to server they are chroot to default directory and they can’t access higher directories on system path. While the anonymous block directive usually is stored in the main Proftpd configuration file.
On this topic I will use a different approach of storing Anonymous account configurations, with the help of two directories, enabled_mod and disabled_mod, which will store all future server modules extended functionality, without messing the main Proftpd configuration file.
Step 1: Enable Anonymous Module for Proftpd Server
1. After Proftpd Server was installed on your system with the default configuration file stop the daemon process, backup proftpd main default configuration file and then open proftpd.conf file for editing with your favourite text editor.
# systemctl stop proftpd # cp /etc/proftpd.conf /etc/proftpd.conf.bak # nano /etc/proftpd.conf
2. Now that you have Proftpd main file opened for editing, go to the bottom of this file and on the last line add the following statement, which will case the
server to parse and use all of the configuration found in files ended with .conf extension from enabled_mod directory.
3. After you finish adding the above statement save and close the file and create enabled_mod and disabled_mod directories. All of the future configuration from now on will be stored in disabled_mod directory and will be activated on Proftpd server by creating symbolic links accordingly to enabled_mod directory.
# mkdir -p /etc/proftpd/enabled_mod # mkdir -p /etc/proftpd/disabled_mod
4. Now it’s time to add a simple Anonymous configuration file module for Proftpd. Using your favourite text editor create a file named anonymous.conf on disabled_mod path.
# nano /etc/proftpd/disabled_mod/anonymous.conf
Add the following statements in the file.
<Anonymous ~ftp> User ftp Group ftp UserAlias anonymous ftp DirFakeUser on ftp DirFakeGroup on ftp MaxClients 10 <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> </Anonymous>
If you need more advanced futures concerning Anonymous account feel free to use Proftpd docs at the following links.
5. Even though the Anonymous module has been created it’s still not enabled so far. To activate this module make sure you create a symbolic link to enabled_mod directory, using the below command, and then start the FTP daemon to apply changes.
# ln -s /etc/proftpd/disabled_mod/anonymous.conf /etc/proftpd/enabled_mod/ # ll /etc/proftpd/enabled_mod/ # systemctl start proftpd # systemctl status proftpd
6. To access the files provided anonymously by Proftpd server, open a browser and type your server IP Address or domain name using FTP protocol and you should automatically be logged in as anonymous and retrieve directory structure.
7. If you use FileZilla just select Anonymous on Logon Type and you will be automatically authenticated to server. If you use other FTP clients than browsers or FileZilla, which will request you to enter a username, just type anonymous on username filed and leave the password
filed blank to authenticate.
8. The default served FTP Anonymous directory is /var/ftp/ system path, which contains two directories with different permissions.
- pub directory – The public FTP directory which can be read and listed by all anonymously authenticated users. Here you can put files for clients to access and download.
- uploads directory – It has restrictive permissions and can’t be listed by anonymous users.
9. To disable Anonymous configuration on Proftpd Server, just delete anonymous.conf file from enabled_mod directory and restart the FTP daemon
to apply changes.
# rm /etc/proftpd/enabled_mod/anonymous.conf # systemctl restart proftpd.service
That’s it! On next tutorial concerning ProFTPD Server on RHEL/CentOS 7, I will discuss how you can use SSL/TLS encrypted file transfers to secure data transfers between clients and server.