There is a wider variety of FTP server implementations than most like to think about. This LPI Objective is tailored for WU-FTPD, which just a few years ago was the standard ftpd. However, it is no longer included in any Red Hat or Debian distribution due to it's rather poor security record. In upcoming versions of the Level 2 LPI Exams, the only FTP daemon likely to be covered is vsftpd (Very Secure FTP Daemon), which is both popular and the only one included in both Debian and Red Hat.

vsftpd comes with a very good default configuration, which allows only anonymous FTP. It chroots to the ftp user account (which must already exist on the system) and everything just works. Unlike other software that uses chroot, vsftpd does not need a chroot environment to be painstakingly set up.

vsftpd reads its configuration from /etc/vsftpd.conf. Here are some highlights:

# Allow anonymous FTP?
anonymous_enable=YES

# Uncomment this to allow local users to log in.
#local_enable=YES

These lines indicate what users to allow. The choice here is anonymous only by default. The last line can be commented out to allow regular users. For a regular user to be allowed access, his shell must be listed in /etc/shells. However, the ftp user account can have a "nologin" shell and anonymous FTP; that user will still be allowed in.

# Uncomment this to enable any form of FTP write command. #write_enable=YES # Uncomment this to allow the anonymous FTP user to upload files. This ...