SolutionBase: Simplify FTP server setup with Webmin and VSFTP

FTP is a basic service that can come in handy for your network. If you want to set it up, but don't want to go to the hassle of messing with altering configuration files, you're in luck. Jack Wallen shows how to configure FTP on Linux using Webmin.

This article is also available as a TechRepublic download.

An on-going GUI server series based on OpenSuSE 10.2 and YaST2 has been very satisfying. There have been instances, however, when I have had to turn away from YaST2 and look at other means of setting up a service with the aid (and simplification) of a GUI tool. That's where Webmin usually picks up the slack. Webmin is a powerful Web-based administration tool. Setting up an FTP server on OpenSuSE was no different. Without a YaST2 module to help me, I fired up Webmin in Firefox, only to realize I had a bit of installing to do.

Where's FTP?

OpenSuSE does not default with an FTP server installed (even after a full five-disk installation.) The only thing resembling FTP waslftp (a command-line FTP program that does not have a server daemon.) Since lftp will not serve up files, I had to turn to something different.

The recommended FTP server for OpenSuSE is vsftp (Very Secure FTP) which claims to be "the most secure and fastest FTP server for UNIX-like systems." This sounded like a good choice, so it’s the one we’re using here.

Installing vsftp

To get vsftp up and running, you need to install two components: vsftpd and the vsftpd Webmin module. We're going to install vsftpd via YaST2 and then fire up Webmin to install the vsftpd module. Fortunately, for vsftp itself, you don’t have to download anything or visit any Web sites. You can get it directly from YaST’s Software Management utility.

Navigate to Computer | More Applications. Once the window shown in Figure A appears, press the Utilities button in the left navigation bar.

Figure A

You could also just enter "yast" in the search field to find the YaST tool.

Once the utilities have grouped together, seen in Figure B, press the YaST button.

Figure B

Any time you select one of the groups from the left navigation, that group is displayed at the top of the right window.

You'll then see the screen in Figure C. After YaST opens, you should press the Software Management button (right window) listed under the Software group (left window).

Figure C

When YaST opens, it defaults to the Software category.

The Software Management tool will open, and you will need to do a search for vsftp. Enter the search string and the results will display, as shown in Figure D.

Figure D

As you can see, the green check means "keep." A black check means "install."

Getting the Webmin module

After you've made the selection to install vsftp, press the accept button at the bottom right corner and YaST will do its thing. When it finishes, install the Webmin module (otherwise, you'll be configuring vsftp by editing the configuration files by hand).

You'll need to download the module to begin. Once you finish the download, do not unpack the file. Fire up Webmin by opening up your browser and pointing it to http://address_of_server:10000. Log in as the root user with the root users' password. After you log in, expand the Webmin menu -- as shown in Figure E -- and press the Webmin Modules button.

Figure E

There are a ton of configuration options within Webmin.

Under Install Module, make sure From Local File is checked, and press the "..." button. The window shown in Figure F will appear for you to navigate to the location of the vsftpd file you just downloaded.

Figure F

Either point-and-click or type in the complete path to your file.

When you find the file, press OK to return to the Webmin window. Now press the Install Module button and Webmin will do its thing. After the installation is complete, expand the Servers menu. You will now see an entry for vsftp. Click on the vstpd link to reveal the configuration options for your new FTP server, as shown in Figure G.

Figure G

You can start or restart the vsftp daemon from this screen.

Configuring vsftpd

The first configuration option will be the oddly-named Generally Attitudes. Press that button to reveal the five configuration options shown in Figure H.

Figure H

"Attitudes" is a good way to describe a configuration section that keeps users from doing unwanted things with your FTP server.

The first option is the File Unmask. This is actually referring to umask and is basically opposite of chmod. Here's how umask works:

  • chmod 777 is the same asumask=000 (or rwx)
  • chmod 666 is the same asumask=111 (or rw-)
  • chmod 555 is the same as umask=222 (or r-x)
  • chmod 444 is the same asumask=333 (or r--)
  • chmod 333 is the same asumask=444 (or -wx)
  • chmod 222 is the same as umask=555 (or -w-)
  • chmod 111 is the same asumask=666 (or --x)
  • chmod 000 is the same as umask=777 (or ---)

So you have to add the correct umask that you would like to be applied to the files in your FTP server. If you want users to only be able to read files, you would use 333 in the File Unmask field. If you want users to be able to read and write to the files, you would use 111.

Here is a brief description of the rest of the options:

  • Idle Session Timeout: Set the length of time you want to leave an idle session connected.
  • Data Connection Timeout: Set the length of time you allow before a disconnect during a download.
  • Welcome Banner Text: Set the text you want the users to see when they log in.
  • FTP Username: Sets the UNIX user associated with the server. If you press the "..." button, you will see a list of possible names. More than likely, the user will be ftp.

Once you have completed these options, select Save Changes to return to the main vsftpd screen.

The next option is for anonymous FTP usage. If you want to enable this option, press the Anonymous FTP button. There are three options to configure, as shown in Figure I.

Figure I

The defaults are all "yes". Make sure your network is secure before you deploy these options.

The options are fairly self-explanatory. Your choices will depend upon your environment. Once you have made your choices, select Save Changes to return to the main vsftp menu.

The next section, Figure J, applies to local users. Local users are those users that actually have accounts on the server. When a local user logs in, they will default to their home directory. You can change this by disabling the chroot option. The chroot option, when set to yes, locks the user within their home directory. So if you want local users to be able to move outside of their ~/ (home) directory, set the chroot option to No.

Figure J

Remember, this screen only deals with users with an account on the server.

The other two options, Enable Local Users and Local Users Can Write are self explanatory. But just in case you're not sure on the latter, enabling Local Users Can Write will allow users with an account on the server to upload files to the server. Remember, if you have them chroot'ed, the users will be able to upload files to directories other than their home directory (so long as they have permissions to access those directories).

Press Save Changes, and you will be sent back to the main module configuration screen.

The Log section, seen in Figure K, allows you to configure your vsftp server to log in xferlog format, and where to keep this xfer formatted log file.

Figure K

You can either manually enter the log file path or press the "..." button to browse the directory hierarchy.

The xferlogformat (Transfer Log) is a format used to log file transfers. The standard xferlog format is (from the xferlogmanpage):

current-time transfer-time remote-host file- size filename transfer-type special-action- flag direction access-mode username service- name authentication-method authenticated-user-id

A sample log entry will look like this:

Fri Apr 27 10:48:39 2007 1 27180 /logo_phpBB.gif b _ i r maryjane FTP 0 * c

Fri Apr 27 10:48:45 2007 1 5847743 /P. Diddy and Jimmy Paige - come_with_me.mp3.mp3 b _ i r maryjane FTP 0 * c

Unfortunately, you can not make any adjustments to how vsftpd logs transactions within Webmin unless you go the Manual Entriessection (more on that in a bit.)

There is one last issue with the log section. In the Logging Information configuration, you will notice a link called FTP Stats. This is a link to Webalizer on the system. Even though I have not installed the Webalizer module on the system, a page shows up when I click the FTP Stats link. The page shows data from the last 12 months, but is only sample data and is from January 2005 -- a bit out of date. In order to get this working, the Webalizer module would have to be installed on the server.

Other settings

Next we'll take a look at the Miscellaneoussettings, as shown in Figure L.

Figure L

The final touches are added here.

There are five different configuration options available under the Miscellaneous category:

  • Force Dot Files: Shows hidden (files that begin with a ".") files in the FTP directories.
  • Listen Address: The IP address vsftpd will listen on.
  • Hide File(s): Lists all of the files that will be hidden to users. Note: If you have more than one file, place the list of files in braces {}.
  • Anon Max Rate In Bytes/sec: Speed at which anonymous users can upload and/or download files.
  • Local Max Rate In Bytes/sec: Speed at which local users can upload and/or download files.

Finally, let's take a look at the Manual Entries configuration. When you click on this link (from the main vsftpd module), a window with an editable-text area box will appear, as shown in Figure M.

Figure M

No GUI here, just good old-fashioned configuration file editing.

FTP the GUI way

As you can see, this is just a means to hand-edit every possible configuration option known to vsftp. This is a very handy tool. I noticed a few times that my configuration options within the GUI wouldn't "stick". By opening up the manual editing tool, and making the changes by hand, the changes would eventually stick when using the GUI.

Obviously, there are a lot more options here than within the GUI. With vsftp (as with most Linux servers), there are a ton of configuration options. Luckily, setting up a basic FTP server doesn't require you to go outside of the Webmin GUI tool. The manual editing tool is mostly useful to those who have very specific needs for their FTP server.

If you want to learn how to get really down and dirty with your manual editing, open up a console window and type man vsftpd.conf and you'll see every available configuration option. It's a long read.

Once you have finished up your final configurations, go back to the main vsftpd window and press either the Restart Vsftpd Server button or the Start Vsftpd Server button. Either way, your server will start up and your users will be able to log in.