6.3. Setting up an FTP Server

FTP remains the most widely used file transfer protocol, and the method most often used to upload content to websites, despite its use of unencrypted logins and other insecurities. EnGarde offers the most secure FTP server available, vsftpd, and simplifies its use through WebTool. Because of the risks of unrestricted FTP access, EnGarde requires you to first choose the addresses or networks you wish to grant FTP access, by selecting Access Control from the System menu as described in Section 5.2. Once this is done you may now select File Transfer Protocol from the Services menu, and then select General Configuration from the Modules menu to begin configuring your FTP server using the screen below.

Figure 6-6. FTP Server Configuration

In order to use your FTP server to upload files to your EnGarde Web server, you must change the settings above to Enabled for Local User Logins and Local User Uploads, and, optionally, to allow users to create World Readable permissions.

The FTP Server Configuration module allows you to further restrict FTP access to machines on your private network by restricting the Interface to Listen On to your server's internal interface, if applicable.

By default, the FTP Server Configuration module disables anonymous FTP logins, an inherently insecure activity. Should you wish to operate a public FTP server, anonymous FTP access can be carefully controlled through a variety of settings as shown in Anonymous User Settings above.

EnGarde also permits you to restrict FTP users' system access to only their home directories by setting up chroot access. A complicated process on many systems, this can be accomplished easily in EnGarde by changing the Local User Chroot setting, shown above, to Enabled.

You have now set up and configured a vsftpd FTP server and learned how to configure it to minimize the FTP protocol's insecurities. To verify that your FTP server is working correctly, try to FTP into it using an FTP client such as WS_FTP.