43 Setting up an FTP server with YaST #
Using the YaST
module, you can configure your machine to function as an FTP (File Transfer Protocol) server. Anonymous and/or authenticated users can connect to your machine and download files using the FTP protocol. Depending on the configuration, they can also upload files to the FTP server. YaST uses vsftpd (Very Secure FTP Daemon).
If the YaST FTP Server module is not available in your system, install the
yast2-ftp-server
package. (For
managing the FTP server from the command line, see
Section 4.4.3.7, “yast ftp-server”.)
To configure the FTP server using YaST, follow these steps:
Open the YaST control center and choose
› or run theyast2 ftp-server
command asroot
.If there is not any FTP server installed in your system, you are asked which server to install when the YaST FTP Server module starts. Choose the vsftpd server and confirm the dialog.
In the Section 43.1, “Starting the FTP server”.
dialog, configure the options for starting of the FTP server. For more information, seeIn the Section 43.2, “FTP general settings”.
dialog, configure FTP directories, welcome message, file creation masks and other parameters. For more information, seeIn the Section 43.3, “FTP performance settings”.
dialog, set the parameters that affect the load on the FTP server. For more information, seeIn the Section 43.4, “Authentication”.
dialog, set whether the FTP server should be available for anonymous and/or authenticated users. For more information, seeIn the Section 43.5, “Expert settings”.
dialog, configure the operation mode of the FTP server, SSL connections and firewall settings. For more information, seeClick
to save the configurations.
43.1 Starting the FTP server #
In the
frame of the dialog set the way the FTP server is started up. You can choose between starting the server automatically during the system boot and starting it manually. If the FTP server should be started only after an FTP connection request, choose .The current status of the FTP server is shown in the
frame of the dialog. Start the FTP server by clicking . To stop the server, click . After having changed the settings of the server click . Your configurations will be saved by leaving the configuration module with .43.2 FTP general settings #
In the
frame of the dialog you can set the which is shown after connecting to the FTP server.If you check the
option, all local users are placed in a chroot jail in their home directory after login. This option has security implications, especially if the users have upload permission or shell access, so be careful enabling this option.If you check the
option, all FTP requests and responses are logged.
You can limit permissions of files created by anonymous and/or authenticated
users with umask. Set the file creation mask for anonymous users in
man 1p umask
).
In the /srv/ftp
. vsftpd does
not allow this directory to be writable for all users. The subdirectory
upload
with write permissions for anonymous users is
created instead.
43.3 FTP performance settings #
In the
dialog set the parameters which affect the load on the FTP server. is the maximum time (in minutes) the remote client may spend between FTP commands. In case of longer inactivity, the remote client is disconnected. determines the maximum number of clients that can be connected from a single IP address. determines the maximum number of clients that may be connected. Any additional clients are refused.
The maximum data transfer rate (in KB/s) is set in 0
, which means unlimited data transfer
rate.
43.4 Authentication #
In the
frame of the dialog, you can set which users are allowed to access your FTP server. You can choose between the following options: granting access to anonymous users only, to authenticated users only (with accounts on the system) or to both types of users.To allow users to upload files to the FTP server, check
in the frame of the dialog. Here you can allow uploading or creating directories even for anonymous users by checking the respective box.If a vsftpd server is used and you want anonymous users to be able to upload files or create directories, a subdirectory with writing permissions for all users needs to be created in the anonymous FTP directory.
43.5 Expert settings #
An FTP server can run in active or in passive mode. By default the server runs in passive mode. To switch into active mode, deselect the
option in the dialog. You can also change the range of ports on the server used for the data stream by tweaking the and options.If you want encrypted communication between clients and the server, you can
and, additionally, . Specify the RSA certificate to be used for SSL encrypted connections.
By default, new versions of the vsftpd
daemon have the TLS protocol older than version 1.2 disabled.
If you use an FTP client that requires an older version of the TLS protocol,
you need to add the following configuration to the
/etc/vsftpd.conf
file:
ssl_tlsv1 = YES ssl_tlsv1_1 = YES
Then restart the vsftpd
daemon to
reread the configuration:
>
sudo
systemctl restart vsftpd.service
If your system is protected by a firewall, check
to enable a connection to the FTP server.43.6 More information #
For more information about the FTP server read the manual pages of
vsftpd
and vsftpd.conf
.