Anonymous FTP Server #
OpenBSD ftpd is a lightweight and secure FTP (File Transfer Protocol) server included in the OpenBSD base installation. It’s installed but disabled by default.
For a temporary FTP server, start the daemon with the -f flag
doas rcctl -f start ftpd
For a permanent FTP server, first enable the service so that it will be started automatically after a reboot.
doas rcctl enable ftpd
Then start the daemon.
doas rcctl start ftpd
Add a user with username ‘ftp’ with home directory ‘/var/ftp’ and without shell access.
doas useradd -k '' -c "FTP User" -d /var/ftp -s /sbin/nologin -m ftp
Create a test file.
doas -u ftp touch /var/ftp/test123
Login as an anonymous user and list the directory.
ftp -a localhost
ftp -a localhost
Trying 127.0.0.1...
Connected to localhost..
220 OpenBSD.my.domain FTP server ready.
331 Guest login ok, send your email address as password.
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ls
ftp> ls
150 Opening ASCII mode data connection for '.'.
total 0
-rw-r--r-- 1 1001 1001 0 Jun 6 15:17 test123
226 Transfer complete.
Public Anonymous FTP Server #
Before making the server publicly available, it’s recommended to make the following changes to the directories.
~ftp (/var/ftp)
Make the home directory owned by “root” and unwritable by anyone (mode 555).
doas chown root /var/ftp
doas chmod 555 /var/ftp
~ftp/pub (/var/ftp/pub)
Make this directory mode 555 and owned by “root”. This is traditionally where publicly accessible files are stored for download.
doas mkdir /var/ftp/pub
doas chown root /var/ftp/pub
doas chmod 555 /var/ftp/pub
(Optional)~ftp/etc (/var/ftp/etc)
Make this directory owned by “root” and unwritable by anyone (mode 511). The files pwd.db (see pwd_mkdb(8)) and group(5) must be present for the ls(1) command to be able to produce owner names rather than numbers. The password field in pwd.db is not used, and should not contain real passwords. The file motd, if present, will be printed after a successful login. These files should be mode 444.
doas mkdir /var/ftp/etc
doas chown root /var/ftp/etc
doas chmod 511 /var/ftp/etc