BSD Guides :: Doing Stuff With FreeBSD, NetBSD, OpenBSD, & Mac OS X

Enable and Disable Anonymous FTP
Created: 02/19/2007


General Information

This guide describes the steps for both enabling and disabling anonymous FTP.

Requirements

  1. root access.

Configuration

All needed features are installed by default - only configuration is needed.

Enabling Anonymous FTP

Enabling anonymous FTP can be done during installation.  If it must be done after the installation, do the following:
# sysinstall
Select Index

Select Anon FTP and when prompted, select yes.

The user id is 14 by default.  The group is 5 (operators) by default.  The home directory is /var/ftp by default.  I like to put it in /usr/ftp.  The Upload Subdirectory field is incoming by default.  Leave the defaults or make any configuration changes if desired.

Note:  For read-only mode, make sure the Upload Subdirectory field is blank.

Sysinstall creates the user and the home directory but does not configure and enable inetd or set it to launch at startup.  To configure inetd, edit the /etc/inetd.conf.
# ee /etc/inetd.conf
Find the following line
#ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
Remove the "#" character.
ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l

Note:  If you want the daemon to start in read-only mode, add a -r.
ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l -r

Start inetd
# inetd

Note:  If inetd is already started send it a hang-up (HUP) signal to restart it.
# killall -HUP inetd

Edit /etc/rc.conf to start inetd.conf at startup.
# echo 'inetd_enable="YES"' >> /etc/rc.conf
Verify that inetd is running an open on port 21 with the following command.
# sockstat -4
Test the configuration by connecting via ftp.

Disabling Anomymous FTP

While sysinstall is easily used to enable anonymous ftp, it does not disable it.  This must be done manually.

Remove the ftp user.
# rmuser ftp

Note:  This command prompts to confirm the username and to ask whether the home directory should be deleted.  Use -y to automatically answer yes to these prompts.
# rmuser -y ftp

Disable ftp in inetd.conf
# ee /etc/inetd.conf
Find the following line
ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
Add the "#" character to the front of the line.
#ftp     stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
Restart inetd.
# killall -HUP inetd

Note:  If inetd is only running ftp, inetd may be stopped altogether and it can be removed from /etc/rc.conf.

Verify that inetd is no longer open on port 21 with the following command.
# sockstat -4
Anonymous ftp is now disabled.

Author: Jared Barneck
jared at bsdcertification dot com

Find this guide useful?
Support the author: