Force ftp prompt from browser or windows explorer

Maximal · 06-04-2020, 12:16 PM

Hi

I have install vsftpd server vsftpd: version 3.0.2 on a redhat 7.7

Basic configuration
anonymous login is disable, I guess since it is commented in vsftpd.conf
#anonymous_enable=YES

should it be uncommented and adn change to NO like this ?
anonymous_enable=NO

Right now if I put
ftp://1.1.1.1/pub

anyone can access the files wihtout prompt

I have created a btbftp ftp user and create a btbftp group and give him the ownership

drwxr-xr-x 4 btbftp btbftp 61 Jun 2 10:50 pub
-rwxr-xr-x 1 btbftp btbftp 27 May 28 16:32 ftptestfile.txt
drwxr-xr-x 2 btbftp btbftp 55 Jun 3 14:33 incoming
drwxr-xr-x 2 btbftp btbftp 55 Jun 3 14:33 outgoing

I do not want anybody to be able to access whit this ftp://1.1.1.1/pub

I read for days to have a simple configuration or really complete clear step by step to block this access but I am still confuse, I do not have my DNS yet

I saw a solution saying use ftp://user@1.1.1.1/pub, yes it is asking for password but that does not block anybody to get access wit the simple ftp://1.1.1.1/

I need to setup that secure access on the server this will be use by public later

Thanks

JJJCR · 06-04-2020, 11:35 PM

Quote:

should it be uncommented and adn change to NO like this ?
anonymous_enable=NO

Yes it should be NO and uncomment it.

Config below from this link: https://gist.github.com/yuikns/d4967...23c89ddd3d155d

Code:

# Example config file /etc/vsftpd/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES

# White List Pattern
userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd/user_list

#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# The target log file can be vsftpd_log_file or xferlog_file.
# This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#

scasey · 06-05-2020, 12:36 PM

Sometimes the commented values in a config file reflect the defaults. Don't know if that's the case with vsftp, as I don't use ftp anymore, but the documentation (man page, etc) should tell you if that's the case.

That said, ftp is a very insecure way to connect/transfer files. You should use sftp, which is (should be) included in your sshd configuration. See man sshd and man sftp.

Maximal · 06-05-2020, 03:46 PM

Thanks JJJCR it is working

I have modify the vsftpd.conf to
anonymous_enable=NO

Nobody is able from browser or windows explorer to see anything whitout login in

Cheers

Maximal · 06-05-2020, 03:53 PM

Thanks scasey I will look into sftp

My goal is to have 2 user one for the client that can put files and retrieve files

and one admin to manage the request

I will try to achieve this maybe with sftp if I can