Installing, setting up, and starting an FTP server

From material semantics
Jump to: navigation, search

Due to the variety of issues associated with setting up a working FTP server on an AWS EC2 instance, this topic has been moved to its own article.

Set up port access in the instance security group and install the FTP server

First, ensure that the security group for the given instance allows incoming FTP traffic. This means inbound TCP traffic must be allowed on the port range 20-21 and also on the port range 64000-64321 (for passive mode connections from clients, which is often the kind of connection that UI-based FTP clients will use).

Next, install the FTP server.

yum install vsftpd

At this point, you have the option of setting up anonymous FTP access, or setting up access only for specific user accounts. It may be easier to set up access for anonymous connections temporarily and then disable it if you only need FTP to perform an initial setup (e.g., to install a WordPress instance).

Setting up the FTP server for anonymous FTP access

If anonymous access is desired, it should be enabled in /etc/vsftpd/vsftpd.conf (the second line will most likely be needed if, for example, you want to allow WordPress to modify its own configuration via FTP while being controlled through its web-based user interface):

anonymous_enable=YES
local_enable=YES

The root directory for anonymous connections can be set (if this is being done to upload WordPress themes via FTP, then the directory might be the server's document root directory, such as /var/www/html):

anon_root=/var/www/html

Most likely, it will be necessary to enable passive connections:

pasv_enable=YES
pasv_min_port=64000
pasv_max_port=64321
port_enable=YES
pasv_address=example.com
pasv_addr_resolve=YES

In the above, pasv_address could be an explicit IP address, in which case pasv_addr_resolve should be set to NO.

Allow anonymous FTP connections to support reading:

anon_world_readable_only=NO

Uncomment or add the following to allow anonymous FTP connections to support uploading, writing, and directory creation:

write_enable=YES
anon_upload_enable=YES
anon_mkdir_write_enable=YES
dirmessage_enable=YES

Ensure that files created by the FTP user are owned by another user (for WordPress, this is necessary because otherwise new plugin and theme files will only be readable by the FTP user):

chown_uploads=YES
chown_username=root

You may want to allow anonymous FTP connections to also support file and directory deletion and overwriting (this is necessary for WordPress self-management via FTP):

anon_other_write_enable=YES

Restart the server.

/etc/init.d/vsftpd restart

Set the directory permissions appropriately. For example, if anon_root is /var/www/html and you want to support WordPress installation and self-management of themes via FTP, then /var/www/html/wp-content and /var/www/html/wp-content/themes should be writable by the FTP user.

After you are finished using the FTP service to make updates or upload files, it may be a good idea to stop the server completely.

/etc/init.d/vsftpd stop

Setting up the FTP server to allow connections only from specific user accounts

You will want to disable anonymous connections in /etc/vsftpd/vsftpd.conf:

anonymous_enable=NO

To be written.