Sometimes you just need a simple FTP service with no fuzz for like a few minutes and that’s it. So instead of installing a full fledged FTP server you have the option to use FreeBSD’s build in FTP service. Setting this up is quite easy. It’s a simple matter of enabling FTP in the “Inetd Super Server” configuration and then either start inetd everytime you need FTP or make inetd startup whenever the server starts or reboots.. Be advised though this is not as fancy a solution as a real FTP server.
Right let’s get started then shall we. First we need to enable ftp in the file /etc/inetd.conf so find the following line.
# To enable a service, remove the '#' at the beginning of the line. # #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
And then remove the # mark for the line containing ftp like this.
# To enable a service, remove the '#' at the beginning of the line. # ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
And we are actually ready, well not quite there are some precautions we need to take that most people forget when using this method. But let’s try and start it up shall we? Please note that the method for starting up inetd below will not survive a reboot more on that later.
You should now be able to FTP to your machine using your shell login credentials. That is unless your firewall is preventing it.
If you want to always have this enabled (not advised use a real FTP server instead) add the following line to /etc/rc.conf
Warning Here is where the precautions comes in I talked about earlier. By default users are not chrooted and all existing users on the system can in theory FTP in to the server and even browse all files and folders if you use this method, unless you chroot them to their homedir. This can be done like this.
And then you would add users to be chrooted to their homedir like this.
echo "johndoe" >> /etc/ftpchroot
But wait you say. What about the fact that all who has an account in theory can log in? Glad you asked I’m getting to this. This FTP method uses a how shall I describe it? A list of users who are “Not” allowed to ftp the server. The term “reverse control file” springs to mind. Here is how it’s done. Create the control file first.
Now this file should contain the list of users who are “Not” allowed to FTP into the system using the above method. That list should for starters as a minimum have the following accounts listed.
root toor daemon operator bin tty kmem games news man sshd smmsp mailnull bind unbound proxy _pflogd _dhcp uucp pop auditdistd www hast nobody
Once these are added to /etc/ftpusers you can feel a bit more safe. Remember though this is a poor mans FTP solution, and I would recommend using a real FTP server if this is something you need in the long run.
And we are done here.