LFCS – File Transfer Protocol (FTP)

Jarret B

Well-Known Member
Staff member
Joined
May 22, 2017
Messages
360
Reaction score
403
Credits
13,016
Everyone probably uses FTP at one point or another. In this article, we will set up an FTP server and configure it for anonymous connections. We will also set it up to be used as a repository and then actually use it as a repository from another server.

So, Server 1, that is currently a DNS server, will also be an FTP Server. Then, once the repository is up and running, we will use Server 2 to install files from Server 1.

Installing and Configuring Very Secure FTP Daemon (VSFTPD)

There are very many FTP services you can use, but this is the one that we are going to use since it is simple to configure for anonymous use.

There is a difference between CentOS and Ubuntu, so let's cover CentOS first.

With the FTP service, we will need the UFW service to set up the Firewall for the VSFTPD service.

To install the VSFTPD service, you need to run the command:

sudo yum install vsftpd ufw -y

On Ubuntu, the command is:

sudo apt install vsftpd ufw -y

The service has not automatically started yet on either OS and needs enabled to auto-start and then start it initially. Use the commands:

sudo systemctl enable vsftpd
sudo systemctl start vsftpd


Now, there is a major problem trying to view to FTP server. None of the current browsers support FTP anymore. We will use FileZilla. It already installed Filezilla on CentOS 7, so wee need to add to those using Ubuntu. Use the command 'sudo apt install filezilla -y'.

We need to configure the options we need for VSFTPD for both Operating Systems. On CentOS, the file is at '/etc/vsftpd/vsftpd.conf' and on Ubuntu it is at '/etc/vsftpd.conf'. Once you have the file opened for editing, make the following changes:

anonymous_enable=yes
local_enable=no
write-enable=no
listen=yes
listen_ipv6=no


Add the line at the end of the configuration file and save it:

anon_world_readable_only=yes

Now, on CentOS, it makes a 'pub' folder in '/var/ftp'. On Ubuntu, the folder is '/srv/ftp', and you'll need to create a folder named 'pub'. The 'pub' folder will need to be owned by the 'ftp' user, so use the command 'sudo chown -R ftp:ftp /srv/ftp/pub'. You may need to set permissions to Read and Write on all files and folders as well.

Set the following firewall settings with the commands:

sudo systemctl enable ufw
sudo systemctl start uwf
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 990/tcp
sudo ufw allow 40000:50000/tcp


After you save the file and you exit the editor, you'll need to restart the service:

sudo systemctl restart vsftpd

You should be able to start FileZilla on Server 1 and enter the IP Address for Server 1 in the Host Box and connect to the FTP server.

CentOS Repository

In a business, you may not want the client systems to get too updated without testing company apps on later system updates. You may have tested the apps on a specific version of the system OS and its packages. So disable all updates from the Internet and make any package additions the same as those that came on the initial installation software.

Let's say you downloaded CentOS from CentOS.org and have an ISO file. You'll just need to create a folder on the FTP Server and extract the ISO files into it.

For example, '/var/ftp/CentOS' would be a good place to place the extracted files. Once done, you need to move to Server 2.

On Server 2, go into the folder '/etc/yum.repos.d' in a terminal. Listing the files in the folder should be something like:

CentOS-Base.repo
CentOS-Media.repo
epel.repo
CentOS-CR.repo
CentOS-Sources.repo
epel-testing.repo
CentOS-Debuginfo.repo
CentOS-Vault.repo
CentOS-fasttrack.repo
CentOS-x86_64-kernel.repo


If you have more or less than these, do not worry. These are the current repositories used by Server 2, but we'll get rid of these and replacing them with the repository we made.

You can delete these files or make a backup of them in your HOME Folder or elsewhere.

Create a new file and place the following in it and name the file ‘Server1.repo’ (anything with .repo will work):

[Server1]
name=FTP CentOS on Server1
baseurl=ftp://server1.example.com/CentOS
enabled=1
gpgcheck=0


My folder’s name was 'CentOS' and make sure not to use a trailing backslash.

Once you save the file in the folder '/etc/yum/repos.d/' you should be able to issue the command 'sudo yum update' and get a proper response.

Any errors you have will either be from an incorrect path in the above file, or permissions on the files on Server 1 for the VSFTPD service.

NOTE: The files should be owned by the 'ftp' user and group. You can place full permissions for access to folders and files. Since we limited the FTP Server to read-only, users cannot write folders or files.

Ubuntu Repository

The process is a lot different on an Ubuntu system, but the reasons to do this are still the same.

NOTE: The process has worked for me once, but not twice. If someone can figure anything out, please let me know.

We have VSFTPD running on Server1 just fine. We now need to get the repository for our local system. Run the command 'sudo apt install apt-mirror' to get the package we need.

Next, we need to specify which repositories we are going to mirror. When you installed 'apt-mirror', it also installed a file that we need to edit. Open the file '/etc/apt.mirror.list' in your editor.

At the top is a line for the 'base_path' which needs to e set to '/srv/ftp'. This will cause the mirror to be placed in our FTP path.

At the bottom are two sections. The lower section is for the source (deb_src) files. If you do not want these files included, then comment out all the lower sections.

The section before this specifies the regular packages. Make sure you change the distro to 'bionic' on all five lines. If you want the whole repository, it can be just under 300 GB.

NOTE: If there is a different location to copy the files from, other than 'archive.ubuntu.com', then change the lines accordingly.

We need to copy a file to the 'base_path/var', but we need to make the folder first. Perform the next two commands to get this done:

sudo mkdir -p /srv/ftp/var
sudo cp /var/spool/apt-mirror/var/postmirror.sh /srv/ftp/var


To mirror the Repository locally, just run 'sudo apt-mirror'. The process can take a very long time depending on your Internet speed, system speed and drive speed. I found an SSD improves the time significantly.

Once the process has completed, you only need to set permissions on the files before you set the other systems on the network to point to the FTP server to get any updates and not from the Internet Repositories.

Switch to the folder '/srv/ftp' in a terminal. Run the commands:

sudo chmod -R 777 *
sudo chown -R ftp:ftp *


Now you may wonder why set the permissions to full? The FTP Server will limit remote systems to read-only.

On Sever 2, edit the file '/etc/apt/sources.list' and comment all the existing lines and add the lines:

deb [arch=amd64 trusted=yes] ftp://server1.example.com/srv/ftp/mirror/us.archive.ubuntu.com/ubuntu bionic main restricted universe multiverse
deb [arch=amd64 trusted=yes] ftp://server1.example.com/srv/ftp/mirror/us.archive.ubuntu.com/ubuntu bionic-updates main restricted universe multiverse
deb [arch=amd64 trusted=yes] ftp://server1.example.com/srv/ftp/mirror/security.archive.ubuntu.com/ubuntu bionic-security main restricted universe multiverse


The parts in the brackets, 'arch=amd64' specifies that we are only looking at the 64-bit packages. The server will only 'apt-mirror' the architectures set up on the server when running 'apt-mirror'. If you do not have the 'i386' architecture allowed, then the i386 packages is not downloaded. The 'trusted=yes' lets the local Repository packages to be used without needing them signed.

Once saved, issue the command 'sudo apt clean' to clear the cache. Next, you need to restore the cache from the new local Repository. The command is 'sudo apt update'.

From here, you should be fine to install packages.

Conclusion

Keeping a local Repository can also help if the Internet connection fails. It is also beneficial to keep all the systems in the same package versions.

I have to admit that setting up a CentOS Repository is a very simple task compared to Ubuntu.
 
Last edited:

Members online


Top