As user ‘ root‘ issue the following command: We want the contents of the DVD to be accessible through the FTP server, so we need to bind-mount the DVD contents to a directory inside anon_root. It is assumed that the installation medium has been inserted into the drive and either the system or you have mounted it, for example, to the directory /media/CentOS/. In our scenario, the installation tree of a Linux distribution is shared through the FTP service. It’s like a symlink, but at a lower level of the filesystem and that’s why you can reach locations outside the chroot jail.
When bind-mounting, you mount a directory ( A) to another directory ( B) on the same or different filesystem, so that the contents of directory A appear as contents of directory B. This happens because anonymous users are restricted ( chrooted) to anon_root and, therefore, no location outside this directory is accessible using symlinks.īind mounts are the solution to this problem. Even if you created those symlinks and connected to the service using an FTP client, you would notice that you are not permitted to reach the linked location. You may wonder why you cannot just create some symbolic links inside anon_root pointing to the directories you want to share.
Set the interface and port the service will listen on. The log file is located at /var/log/vsftpd.log. Limit the rate at which anonymous users can retrieve files.Įnable logging information about user logins an file transfers. The following configuration directives are optional and can be safely omitted. Sets the root directory for anonymous connections. This is a global switch, so noone will be able to upload or modify any files on your ftp site. The following directive disables write access to the ftp server’s filesystem. The following directives prevent local users from logging in and enables anonymous access respectively. This would not be a bad idea, but for the sake of this example, it would be a waste of time. The alternative method (listen=NO) would require you to set up a xinetd service.
This means that vsftpd will run into the background and handle the incoming requests on its own. Set the server to run in standalone mode. Create a new configuration file named /etc/vsftpd/nf and open it in your favourite text editor and write down the directives that follow: