0

I want an FTP server on a wireguard network that is accessible to everyone anonymously and does not require further encryption (eg. TLS or SSH). Restricting the access is very simple using firewall rules, and pure-ftpd and I'd guess most others allow you to run them on a single interface/IP as well. I'd prefer to rely on the redundancy implicit in that.

However, I can't seem to find any documentation about how to set what user the anon log-ins should use. There is no "ftp" user on the system and I do not want to create one; I have created a "pure-ftpd" user and I'd prefer that, but with the server running root.1 That user's home directory is set to /var/local/pure-ftpd which exists with appropriate ownership, but when I try to connect to the server it just times out and I get

[ERROR] Unable to set up secure anonymous FTP

Which makes sense because there doesn't seem to be an explicit way to associate the anon logins with an existing user. The "secure" there worries me a bit too -- does this mean it won't do unencrypted anon logins (I don't notice that otherwise stated anywhere)?

I'm guessing based on some searching around that pure-ftpd has a bunch of stuff hardcoded in this sense. The reason I do not want to be restricted to an unconfigurable anon user and root directory is that this then creates collision problems with the application -- eg., if down the road I want to run an FTP server on the public interface/IP, I'd like to run it as a separate instance, but this will be impossible if they can't be configured differently, and I do not want to bother running two or three different flavours of FTP server because I chose one that can't do something this basic in a simple, straightforward way.

So if it is not possible with pure-ftpd, any suggestions about what could be used to do this? To summarize the requirements:

  • Should be limitable to a single interface/IP.
  • Should allow unencrypted anonymous logins.
  • Should be configurable with regard to root directory and/or the user it downgrades as or chroots into.
  • Should respect permissions in accord with the anon user so I can easily set-up and bind in read-only as well as writable subdirectories.
  1. Mostly because this simplifies using the privileged port and accessing the wireguard interface, which I'd like to keep restricted to root.
Improve this question
2
  • don't run the server as root just to get access to the privileged port. Commented Aug 20 at 15:56
  • Looks like vsftp ticks all the boxes here, will write that up once I'm sure it meets all my needs and have a few minutes. Commented Aug 20 at 18:17

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.