Set up anonymous FTP upload on Oracle Linux
[ Note that I am in the process of migrating these blog posts from Wordpress, and as such it may contain incorrect formatting, missing links, etc. My old site is available at http://www-old.perkin.org.uk/ so if you find something obviously broken please let me know. Thanks! ]
Just because this took a little longer than I expected, here’s a quick howto for setting up an anonymous FTP drop-off on Oracle Linux, which I use as a simple way to transfer files out of my Virtual Machines.
Install vsftpd
$ sudo yum -y install vsftpd
Configure iptables
As FTP is a more complicated protocol than most, there is a special netfilter module required in order to correctly keep track of connections.
# You will perhaps want to change the insert number here.
$ sudo iptables -I INPUT 4 -m state --state NEW -p tcp --dport 21 -j ACCEPT
$ sudo /etc/init.d/iptables save
Add nf_conntrack_ftp to IPTABLES_MODULES
$ sudo vi /etc/sysconfig/iptables-config
Then load the module rather than reboot
$ sudo modprobe nf_conntrack_ftp
Create /incoming
Create /incoming area and ensure it has the correct file permissions and SELinux context. This is the bit which had me stumped for a little while, as I didn’t know about allow_ftpd_anon_write, and while I normally just disable SELinux, I do also like to know how things should work (and be able to write about them!):
$ sudo mkdir /var/ftp/incoming
$ sudo chown ftp:ftp /var/ftp/incoming
# This allows anonymous users to upload, but not see what''s in the directory
$ sudo chmod 750 /var/ftp/incoming
$ sudo chcon -u system_u -t public_content_rw_t /var/ftp/incoming
$ sudo setsebool allow_ftpd_anon_write=1
Configure vsftpd
$ sudo vi /etc/vsftpd/vsftpd.conf
anon_upload_enable=YES
Startup
Finally, enable and start vsftpd:
$ sudo chkconfig vsftpd on
$ sudo /etc/init.d/vsftpd start
And that’s it, you should now be able to FTP as anonymous and upload files into /incoming.